|
PicketLink Federation Common Server Bindings for JBoss AS 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.jboss.security.auth.spi.AbstractServerLoginModule
org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule
org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenCertValidatingCommonLoginModule
public abstract class SAMLTokenCertValidatingCommonLoginModule
This LoginModule authenticates clients by validating their SAML assertions locally. If the supplied assertion contains roles, these roles are extracted and included in the Group returned by the getRoleSets method. The LoginModule is designed to validate SAML token using X509 certificate stored in XML signature within SAML assertion token. It validates:
Field Summary | |
---|---|
protected AssertionType |
assertion
|
protected SamlCredential |
credential
|
protected boolean |
enableCacheInvalidation
|
static String |
ENDPOINT_ADDRESS
Key to specify the end point address |
protected boolean |
localTestingOnly
|
protected String |
localValidationSecurityDomain
|
protected Map<String,Object> |
options
Options that are computed by this login module. |
static String |
PASSWORD_KEY
Key to specify the password |
static String |
PORT_NAME
Key to specify the port name |
protected Principal |
principal
|
protected Map<String,Object> |
rawOptions
Original Options that are sent by the JDK JAAS Framework |
protected String |
roleKey
|
protected String |
securityDomain
|
static String |
SERVICE_NAME
Key to specify the service name |
static String |
STS_CONFIG_FILE
This is an option that should identify the configuration file for WSTrustClient. |
static String |
USERNAME_KEY
Key to specify the username |
Fields inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule |
---|
BASE64_TOKEN_ENCODING, GZIP_TOKEN_ENCODING, logger, NONE_TOKEN_ENCODING, REG_EX_GROUP_KEY, REG_EX_PATTERN_KEY, SAML_TOKEN_HTTP_HEADER_KEY, TOKEN_ENCODING_TYPE_KEY, tokenEncoding, WEB_REQUEST_KEY |
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule |
---|
callbackHandler, log, loginOk, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass |
Constructor Summary | |
---|---|
SAMLTokenCertValidatingCommonLoginModule()
|
Method Summary | |
---|---|
boolean |
abort()
Called if the overall authentication failed (phase 2). |
boolean |
commit()
|
protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry |
getCacheExpiry()
|
protected Principal |
getIdentity()
|
protected abstract KeyStore |
getKeyStore()
Binding dependent version of getting configured keyStore. |
protected Group[] |
getRoleSets()
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
|
boolean |
login()
|
boolean |
logout()
|
protected void |
validateCertPath(X509Certificate certificate)
Validate certificate path against keystore specified as SecurityDomain in module-option. |
Methods inherited from class org.picketlink.identity.federation.bindings.jboss.auth.SAMLTokenFromHttpRequestAbstractLoginModule |
---|
getCredentialFromHttpRequest, getSamlTokenHttpHeader, getSamlTokenHttpHeaderRegEx, getSamlTokenHttpHeaderRegExGroup, getTokenEncoding |
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule |
---|
addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected Principal principal
protected SamlCredential credential
protected AssertionType assertion
protected boolean enableCacheInvalidation
protected String securityDomain
protected String localValidationSecurityDomain
protected String roleKey
protected Map<String,Object> options
protected Map<String,Object> rawOptions
public static final String STS_CONFIG_FILE
public static final String ENDPOINT_ADDRESS
public static final String PORT_NAME
public static final String SERVICE_NAME
public static final String USERNAME_KEY
public static final String PASSWORD_KEY
protected boolean localTestingOnly
Constructor Detail |
---|
public SAMLTokenCertValidatingCommonLoginModule()
Method Detail |
---|
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
initialize
in interface LoginModule
initialize
in class SAMLTokenFromHttpRequestAbstractLoginModule
public boolean login() throws LoginException
login
in interface LoginModule
login
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
public boolean commit() throws LoginException
commit
in interface LoginModule
commit
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
public boolean abort() throws LoginException
abort
in interface LoginModule
abort
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
public boolean logout() throws LoginException
logout
in interface LoginModule
logout
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
protected Principal getIdentity()
getIdentity
in class org.jboss.security.auth.spi.AbstractServerLoginModule
protected Group[] getRoleSets() throws LoginException
getRoleSets
in class org.jboss.security.auth.spi.AbstractServerLoginModule
LoginException
protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry getCacheExpiry() throws Exception
Exception
protected void validateCertPath(X509Certificate certificate) throws LoginException
cert
-
LoginException
protected abstract KeyStore getKeyStore() throws Exception
Exception
|
PicketLink Federation Common Server Bindings for JBoss AS 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |