PicketLink Federation Common Server Bindings for JBoss AS 2.1.6.Final-redhat-2

org.picketlink.identity.federation.bindings.jboss.auth
Class SAML20CommonTokenRoleAttributeProvider

java.lang.Object
  extended by org.picketlink.identity.federation.bindings.jboss.auth.SAML20CommonTokenRoleAttributeProvider
All Implemented Interfaces:
SAML20TokenAttributeProvider
Direct Known Subclasses:
SAML20TokenRoleAttributeProvider

public abstract class SAML20CommonTokenRoleAttributeProvider
extends Object
implements SAML20TokenAttributeProvider

An implementation of the SAML20TokenAttributeProvider for JBoss which looks at the authenticated Subject and creates an Attribute containing the user's roles.

Configuration

 <TokenProviders>
    <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
        TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
        TokenElement="Assertion"
        TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion">
      <Property Key="AttributeProvider" Value="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider"/>
      <Property Key="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider.tokenRoleAttributeName" Value="role"/>
    </TokenProvider>
  </TokenProviders>
 
 
When configured, this attribute provider will be called by the SAML20TokenProvider to return an AttributeStatement from the STS token and supply them for insertion into the JAAS Subject. This returns a multi-valued Attribute to be included in the Assertion, where each value of the attribute is a JBoss user role. The name of this attribute defaults to DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME but may be set to any value through an optional property as shown above.

Author:
Babak Mozaffari

Field Summary
static String DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
          The default attribute name in the SAML Token that will carry the user's roles, if not configured otherwise
static String JBOSS_ROLE_PRINCIPAL_NAME
          The name of the principal in JBoss that is expected to include user roles
 
Constructor Summary
SAML20CommonTokenRoleAttributeProvider()
           
 
Method Summary
 AttributeStatementType getAttributeStatement()
           
 void setProperties(Map<String,String> properties)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

JBOSS_ROLE_PRINCIPAL_NAME

public static final String JBOSS_ROLE_PRINCIPAL_NAME
The name of the principal in JBoss that is expected to include user roles

See Also:
Constant Field Values

DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME

public static final String DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME
The default attribute name in the SAML Token that will carry the user's roles, if not configured otherwise

See Also:
Constant Field Values
Constructor Detail

SAML20CommonTokenRoleAttributeProvider

public SAML20CommonTokenRoleAttributeProvider()
Method Detail

setProperties

public void setProperties(Map<String,String> properties)
Specified by:
setProperties in interface SAML20TokenAttributeProvider

getAttributeStatement

public AttributeStatementType getAttributeStatement()
Specified by:
getAttributeStatement in interface SAML20TokenAttributeProvider

PicketLink Federation Common Server Bindings for JBoss AS 2.1.6.Final-redhat-2

Copyright © 2013 JBoss by Red Hat. All Rights Reserved.