org.picketlink.identity.federation.core.sts

Interface STSCoreConfig

All Known Subinterfaces:

STSConfiguration

All Known Implementing Classes:

PicketLinkSTSConfiguration

public interface STSCoreConfig

Configuration for the STS Core

Since:

Dec 27, 2010

Author:

Stefan Guilhen, Anil.Saldhana@redhat.com

Method Summary

Modifier and Type	Method and Description
void	addTokenProvider(String key, SecurityTokenProvider provider) Allows you to add a token provider to handle a particular namespace
void	copy(STSCoreConfig thatConfig)
boolean	encryptIssuedToken() Indicates whether the issued token should be encrypted or not.
Certificate	getCertificate(String alias) Obtains the certificate identified by the specified alias.
long	getIssuedTokenTimeout() Obtains the timeout value (in milliseconds) for issued tokens.
SecurityTokenProvider	getProviderForService(String serviceName) Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of that service.
SecurityTokenProvider	getProviderForTokenElementNS(String family, QName qname) Obtains the token provider that can handle tokens that have the specified local name and namespace.
SecurityTokenProvider	getProviderForTokenType(String tokenType) Given a token type, obtains the token provider that should be used to handle token requests of that type.
List<SecurityTokenProvider>	getProvidersByFamily(String familyName) Get a list of SecurityTokenProvider that belong to a family
X509Certificate	getServiceProviderCertificate(String serviceName) Obtains the certificate of the specified service provider.
PublicKey	getServiceProviderPublicKey(String serviceName) Obtains the public key of the specified service provider.
String	getSigningCertificateAlias()
KeyPair	getSTSKeyPair() Obtains a reference to the KeyPair object that contains the STS PrivateKey and PublicKey.
String	getSTSName() Obtains the unique name of the secure token service.
List<SecurityTokenProvider>	getTokenProviders() Get an unmodifiable list of token providers
String	getTokenTypeForService(String serviceName) Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to clients of that service.
void	removeTokenProvider(String key) Remove a token provider with the passed key
boolean	signIssuedToken() Indicates whether the issued token should be digitally signed or not.

Method Detail

getSigningCertificateAlias

String getSigningCertificateAlias()

Returns:

the certificate alias name

Since:

v2.5.0

copy

void copy(STSCoreConfig thatConfig)

getSTSName

String getSTSName()

Obtains the unique name of the secure token service.

Returns:

a String representing the STS name.

encryptIssuedToken

boolean encryptIssuedToken()

Indicates whether the issued token should be encrypted or not.

Returns:

true if the issued token is to be encrypted; false otherwise.

signIssuedToken

boolean signIssuedToken()

Indicates whether the issued token should be digitally signed or not.

Returns:

true if the issued token is to be signed; false otherwise.

getIssuedTokenTimeout

long getIssuedTokenTimeout()

Obtains the timeout value (in milliseconds) for issued tokens.

Returns:

the token timeout value.

getSTSKeyPair

KeyPair getSTSKeyPair()

Obtains a reference to the KeyPair object that contains the STS PrivateKey and PublicKey.

Returns:

a reference to the STS KeyPair.

getTokenTypeForService

String getTokenTypeForService(String serviceName)

Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to clients of that service.

Parameters:

serviceName - the name of the service provider that requires a token from its clients.

Returns:

a String representing the type of the token that suits the specified service.

getProvidersByFamily

List<SecurityTokenProvider> getProvidersByFamily(String familyName)

Get a list of SecurityTokenProvider that belong to a family

Parameters:

familyName -

Returns:

See Also:

SecurityTokenProvider#family()}

getProviderForService

SecurityTokenProvider getProviderForService(String serviceName)

Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of that service. When requesting a token to the STS, a client can specify the service it needs the token for using the AppliesTo element. Based on the service provider name, the STS identifies the type of the token that is to be issued and then selects the appropriate token provider to handle the request.

Parameters:

serviceName - the name of the service provider that requires a token from its clients.

Returns:

a reference to the SecurityTokenProvider that must be used in order to issue tokens to clients of the specified service.

getProviderForTokenType

SecurityTokenProvider getProviderForTokenType(String tokenType)

Given a token type, obtains the token provider that should be used to handle token requests of that type. When a client doesn't specify the service provider name through the AppliesTo element, it must specify the token type through the TokenType element. The STS uses the supplied type to select the appropriate token provider.

Parameters:

tokenType - a String representing the type of the token.

Returns:

a reference to the SecurityTokenProvider that must be used to handle token requests of the specified type.

getProviderForTokenElementNS

SecurityTokenProvider getProviderForTokenElementNS(String family,
                                                   QName qname)

Obtains the token provider that can handle tokens that have the specified local name and namespace. When a validate, renew, or cancel request is made, the token type is not set in the WS-Trust request. In these cases the SecurityTokenProvider must be determined using the security token itself.

Parameters:

family - a String representing the family

qname - a QName representing the token element namespace. (e.g. urn:oasis:names:tc:SAML:2.0:assertion).

Returns:

a reference to the SecurityTokenProvider that must be used to handle the request that contains only the security token.

getServiceProviderPublicKey

PublicKey getServiceProviderPublicKey(String serviceName)

Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens.

Parameters:

serviceName - the name of the service provider (normally the provider URL).

Returns:

a reference to the provider's PublicKey

getServiceProviderCertificate

X509Certificate getServiceProviderCertificate(String serviceName)

Obtains the certificate of the specified service provider. The returned certificate is used to encrypt issued tokens.

Parameters:

serviceName - the name of the service provider (normally the provider URL).

Returns:

a reference to the provider's PublicKey

getCertificate

Certificate getCertificate(String alias)

Obtains the certificate identified by the specified alias.

Parameters:

alias - the alias associated with the certificate in the keystore.

Returns:

the Certificate obtained from the keystore, or null if no certificate was found.

addTokenProvider

void addTokenProvider(String key,
                      SecurityTokenProvider provider)

Allows you to add a token provider to handle a particular namespace

Parameters:

key -

provider -

getTokenProviders

List<SecurityTokenProvider> getTokenProviders()

Get an unmodifiable list of token providers

Returns:

removeTokenProvider

void removeTokenProvider(String key)

Remove a token provider with the passed key

Parameters:

key -