SAML2STSLoginModule (Red Hat JBoss Enterprise Application Platform 7.2.0.Beta public API)

java.lang.Object
- org.jboss.security.auth.spi.AbstractServerLoginModule
- - org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule
  - - org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule
    - - org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule

All Implemented Interfaces:

LoginModule
```
public class SAML2STSLoginModule
extends SAML2STSCommonLoginModule
```
This LoginModule implements the local validation of SAML assertions on AS7. The specified localValidationSecurityDomain property must correspond to a AS7 JSSE domain that configures a truststore and a server-alias that identifies the certificate used to validate the assertions.

Author:

Stefan Guilhen

Field Summary

Fields
Modifier and Type Field and Description

protected int clockSkew
- Fields inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule
  assertion, credential, enableCacheInvalidation, ENDPOINT_ADDRESS, INITIAL_CLIENTS_IN_POOL, initialClientsInPool, localTestingOnly, localValidation, localValidationSecurityDomain, options, PASSWORD_KEY, PORT_NAME, principal, rawOptions, roleKey, securityDomain, SERVICE_NAME, STS_CONFIG_FILE, stsConfigurationFile, USERNAME_KEY
- Fields inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule
  BASE64_TOKEN_ENCODING, GZIP_TOKEN_ENCODING, logger, NONE_TOKEN_ENCODING, REG_EX_GROUP_KEY, REG_EX_PATTERN_KEY, SAML_TOKEN_HTTP_HEADER_KEY, TOKEN_ENCODING_TYPE_KEY, tokenEncoding, WEB_REQUEST_KEY
- Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
  callbackHandler, jbossModuleName, log, loginOk, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Fields
Modifier and Type	Field and Description
`protected int`	`clockSkew`

Constructor Summary

Constructors
Constructor and Description

SAML2STSLoginModule()

Constructors
Constructor and Description
`SAML2STSLoginModule()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry`	`getCacheExpiry()`
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Initialize the login module.
`protected boolean`	`localValidation(Element assertionElement)` Locally validate the SAML Assertion element

Methods inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule
abort, commit, getIdentity, getRoleSets, getSTSClient, login, logout

Methods inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule
getCredentialFromHttpRequest, getSamlTokenHttpHeader, getSamlTokenHttpHeaderRegEx, getSamlTokenHttpHeaderRegExGroup, getTokenEncoding

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - clockSkew
```
protected int clockSkew
```
- Constructor Detail
  - SAML2STSLoginModule
```
public SAML2STSLoginModule()
```
- Method Detail
  - initialize
```
public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
```
    Description copied from class: AbstractServerLoginModule
    
    Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.
    
    Specified by:
    
    initialize in interface LoginModule
    
    Overrides:
    
    initialize in class SAML2STSCommonLoginModule
    
    Parameters:
    
    subject - the Subject to update after a successful login.
    
    callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.
    
    sharedState - a Map shared between all configured login module instances
    
    options - the parameters passed to the login module.
  - localValidation
```
protected boolean localValidation(Element assertionElement)
                           throws Exception
```
    Description copied from class: SAML2STSCommonLoginModule
    
    Locally validate the SAML Assertion element
    
    Specified by:
    
    localValidation in class SAML2STSCommonLoginModule
    
    Returns:
    
    Throws:
    
    Exception
  - getCacheExpiry
```
protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry getCacheExpiry()
                                                                    throws Exception
```
    Specified by:
    
    getCacheExpiry in class SAML2STSCommonLoginModule
    
    Throws:
    
    Exception

Class SAML2STSLoginModule

Field Summary

Fields inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule

Fields inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Constructor Summary

Method Summary

Methods inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule

Methods inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Methods inherited from class java.lang.Object

Field Detail

clockSkew

Constructor Detail

SAML2STSLoginModule

Method Detail

initialize

localValidation

getCacheExpiry