public abstract class SAML20CommonTokenRoleAttributeProvider extends Object implements SAML20TokenAttributeProvider
An implementation of the SAML20TokenAttributeProvider for JBoss which looks at the authenticated Subject and creates an Attribute containing the user's roles.
<TokenProviders>
<TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
TokenElement="Assertion"
TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion">
<Property Key="AttributeProvider" Value="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider"/>
<Property Key="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider.tokenRoleAttributeName" Value="role"/>
</TokenProvider>
</TokenProviders>
When configured, this attribute provider will be called by the SAML20TokenProvider
to return an
AttributeStatement
from the STS token and supply them for insertion into the JAAS Subject. This returns a
multi-valued Attribute to be included in the Assertion, where each value of the attribute is a JBoss user role. The name of
this attribute defaults to DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
but may be set to any value through an optional property
as shown above.Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
The default attribute name in the SAML Token that will carry the user's roles, if not configured otherwise
|
static String |
JBOSS_ROLE_PRINCIPAL_NAME
The name of the principal in JBoss that is expected to include user roles
|
Constructor and Description |
---|
SAML20CommonTokenRoleAttributeProvider() |
Modifier and Type | Method and Description |
---|---|
AttributeStatementType |
getAttributeStatement()
Given the security context, environment or other static or non-static criteria, returns an attribute statement to
be
included in the SAML v2 Assertion
|
void |
setProperties(Map<String,String> properties)
Sets properties on the Attribute Provider that may affect its behavior
|
public static final String JBOSS_ROLE_PRINCIPAL_NAME
public static final String DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
public SAML20CommonTokenRoleAttributeProvider()
public void setProperties(Map<String,String> properties)
SAML20TokenAttributeProvider
setProperties
in interface SAML20TokenAttributeProvider
properties
- A set of string properties, some or all of which might impact the provider's behaviorpublic AttributeStatementType getAttributeStatement()
SAML20TokenAttributeProvider
getAttributeStatement
in interface SAML20TokenAttributeProvider
Copyright © 2018 JBoss by Red Hat. All rights reserved.