org.picketlink.identity.federation.core.saml.v2.providers

Class SAML20AssertionTokenProvider

java.lang.Object

org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider

org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider

All Implemented Interfaces:

SecurityTokenProvider

public class SAML20AssertionTokenProvider
extends AbstractSecurityTokenProvider
implements SecurityTokenProvider

A SecurityTokenProvider implementation for the SAML2 Specification.

This token provider does not handle the SAML20 Token Profile of the Oasis WS-Trust Specification.

Since:

Dec 30, 2010

Author:

Anil.Saldhana@redhat.com

See Also:

SAML20TokenProvider}

Configurable Properties are:

ASSERTION_VALIDITY: specify the validity of the assertion in miliseconds. (Example: 5000 = 5secs)

CLOCK_SKEW: specify the clock skew of the conditions for assertion in miliseconds. (Example: 2000 = 2secs)

Nested Class Summary

Nested classes/interfaces inherited from interface org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider

SecurityTokenProvider.FAMILY_TYPE

Field Summary

Fields

Modifier and Type	Field and Description
static String	NS

Fields inherited from class org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider

ATTRIBUTE_PROVIDER, logger, properties, REVOCATION_REGISTRY, REVOCATION_REGISTRY_FILE, REVOCATION_REGISTRY_JDBC_CONFIG, REVOCATION_REGISTRY_JPA_CONFIG, revocationRegistry, TOKEN_REGISTRY, TOKEN_REGISTRY_FILE, TOKEN_REGISTRY_JDBC, TOKEN_REGISTRY_JPA, tokenRegistry, USE_ABSOLUTE_KEYIDENTIFIER

Constructor Summary

Constructors

Constructor and Description
SAML20AssertionTokenProvider()

Method Summary

Modifier and Type	Method and Description
void	cancelToken(ProtocolContext context) Cancels the token contained in the specified request context.
String	family() The family where this security token provider belongs
QName	getSupportedQName() Provide an optional QName for configuration
void	initialize(Map<String,String> props) Initializes the SecurityTokenProvider using the specified properties map.
void	issueToken(ProtocolContext context) Generates a security token using the information contained in the specified request context and stores the newly-created token in the context itself.
void	renewToken(ProtocolContext context) Renews the security token contained in the specified request context.
boolean	supports(String namespace) Specify whether this token provider supports a particular namespace
String	tokenType() Token Type
void	validateToken(ProtocolContext context) Evaluates the validity of the token contained in the specified request context and sets the result in the context itself.

Methods inherited from class org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider

adjustLifetimeForClockSkew, getClockSkewInMillis

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NS

public static final String NS

Constructor Detail

SAML20AssertionTokenProvider

public SAML20AssertionTokenProvider()

Method Detail

initialize

public void initialize(Map<String,String> props)

Description copied from interface: SecurityTokenProvider

Initializes the SecurityTokenProvider using the specified properties map.

Specified by:

initialize in interface SecurityTokenProvider

Overrides:

initialize in class AbstractSecurityTokenProvider

Parameters:

props - a Map<String, String> that contains the properties that have been configured for this SecurityTokenProvider.

supports

public boolean supports(String namespace)

Description copied from interface: SecurityTokenProvider

Specify whether this token provider supports a particular namespace

Specified by:

supports in interface SecurityTokenProvider

Parameters:

namespace - a string value representing a namespace

Returns:

See Also:

SecurityTokenProvider.supports(java.lang.String)

issueToken

public void issueToken(ProtocolContext context)
                throws ProcessingException

Description copied from interface: SecurityTokenProvider

Generates a security token using the information contained in the specified request context and stores the newly-created token in the context itself.

Specified by:

issueToken in interface SecurityTokenProvider

Parameters:

context - the ProtocolContext to be used when generating the token.

Throws:

ProcessingException

See Also:

SecurityTokenProvider.issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)

renewToken

public void renewToken(ProtocolContext context)
                throws ProcessingException

Description copied from interface: SecurityTokenProvider

Renews the security token contained in the specified request context. This method is used when a previously generated token has expired, generating a new version of the same token with different expiration semantics.

Specified by:

renewToken in interface SecurityTokenProvider

Parameters:

context - the ProtocolContext that contains the token to be renewed.

Throws:

ProcessingException

See Also:

SecurityTokenProvider.renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)

cancelToken

public void cancelToken(ProtocolContext context)
                 throws ProcessingException

Description copied from interface: SecurityTokenProvider

Cancels the token contained in the specified request context. A security token is usually canceled when one wants to make sure that the token will not be used anymore. A security token can't be renewed once it has been canceled.

Specified by:

cancelToken in interface SecurityTokenProvider

Parameters:

context - the ProtocolContext that contains the token to be canceled.

Throws:

ProcessingException

See Also:

SecurityTokenProvider.cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)

validateToken

public void validateToken(ProtocolContext context)
                   throws ProcessingException

Description copied from interface: SecurityTokenProvider

Evaluates the validity of the token contained in the specified request context and sets the result in the context itself. The result can be a status, a new token, or both.

Specified by:

validateToken in interface SecurityTokenProvider

Parameters:

context - the ProtocolContext that contains the token to be validated.

Throws:

ProcessingException

See Also:

SecurityTokenProvider.validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)

tokenType

public String tokenType()

Description copied from interface: SecurityTokenProvider

Token Type

Specified by:

tokenType in interface SecurityTokenProvider

Returns:

See Also:

SecurityTokenProvider.tokenType()

getSupportedQName

public QName getSupportedQName()

Description copied from interface: SecurityTokenProvider

Provide an optional QName for configuration

Specified by:

getSupportedQName in interface SecurityTokenProvider

Returns:

See Also:

SecurityTokenProvider.getSupportedQName()

family

public String family()

Description copied from interface: SecurityTokenProvider

The family where this security token provider belongs

Specified by:

family in interface SecurityTokenProvider

Returns:

See Also:

SecurityTokenProvider.family()