org.n52.security.authentication
Class SAMLTicket

java.lang.Object
  extended by org.n52.security.authentication.SAMLTicket

public class SAMLTicket
extends java.lang.Object

The SAMLTicket class basically provides a SAMLResponse <-> javax.security.auth.Subject mapping.


Field Summary
protected  org.opensaml.SAMLResponse m_samlResponse
           
 
Constructor Summary
SAMLTicket(org.w3c.dom.Document pSAMLResponse)
           
SAMLTicket(org.opensaml.SAMLResponse pSAMLResponse)
           
SAMLTicket(java.lang.String samlResponse)
           
 
Method Summary
 java.lang.String asBase64String()
           
 java.lang.String asString()
           
 javax.security.auth.Subject asSubject()
           
static java.lang.String createSAMLResponseFromPrincipals(AuthenticationContext authContext, java.lang.String pRoleAttributeName, java.lang.String pIssuer, java.lang.String pTarget, int pTimeout, java.lang.String pAuthentMethod, java.security.Key pPrivKey, java.security.cert.Certificate pCert, boolean pBase64)
          Creates a SAML ticket, i.e. a SAMLResponse, based on a set of Principal instances that are part of a Subject stored in an AuthenticationContext instance.
 boolean isExpired()
          check if any assertion is expired, without any respect to clock differences.
 boolean isExpired(long allowedDelta)
          check if any assertion is expired, in relation to an allowed delta.
 void updateSubject(javax.security.auth.Subject pSubject)
           
 void verify()
          Verifies the signature of this SAML document.
 void verify(java.security.cert.Certificate pWASCert)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

m_samlResponse

protected org.opensaml.SAMLResponse m_samlResponse
Constructor Detail

SAMLTicket

public SAMLTicket(java.lang.String samlResponse)
           throws org.opensaml.SAMLException
Parameters:
samlResponse - String representation of an "UTF-8" coded SAMLTicket.
Throws:
org.opensaml.SAMLException

SAMLTicket

public SAMLTicket(org.w3c.dom.Document pSAMLResponse)
           throws org.opensaml.SAMLException
Parameters:
pSAMLResponse -
Throws:
org.opensaml.SAMLException

SAMLTicket

public SAMLTicket(org.opensaml.SAMLResponse pSAMLResponse)
           throws org.opensaml.SAMLException
Parameters:
pSAMLResponse -
Throws:
org.opensaml.SAMLException
Method Detail

verify

public void verify()
            throws org.opensaml.SAMLException
Verifies the signature of this SAML document.

Throws:
org.opensaml.SAMLException - if the signature could not be verified

verify

public void verify(java.security.cert.Certificate pWASCert)
            throws org.opensaml.SAMLException
Throws:
org.opensaml.SAMLException

isExpired

public boolean isExpired()
check if any assertion is expired, without any respect to clock differences.

Returns:
if ticket is expired.

isExpired

public boolean isExpired(long allowedDelta)
check if any assertion is expired, in relation to an allowed delta.

Parameters:
allowedDelta - a delta in msec.
Returns:
if ticket is expired.

asSubject

public javax.security.auth.Subject asSubject()
Returns:

asString

public java.lang.String asString()
Returns:

asBase64String

public java.lang.String asBase64String()
Returns:

updateSubject

public void updateSubject(javax.security.auth.Subject pSubject)
Parameters:
pSubject -

createSAMLResponseFromPrincipals

public static java.lang.String createSAMLResponseFromPrincipals(AuthenticationContext authContext,
                                                                java.lang.String pRoleAttributeName,
                                                                java.lang.String pIssuer,
                                                                java.lang.String pTarget,
                                                                int pTimeout,
                                                                java.lang.String pAuthentMethod,
                                                                java.security.Key pPrivKey,
                                                                java.security.cert.Certificate pCert,
                                                                boolean pBase64)
                                                         throws org.opensaml.SAMLException,
                                                                java.io.IOException
Creates a SAML ticket, i.e. a SAMLResponse, based on a set of Principal instances that are part of a Subject stored in an AuthenticationContext instance.

Parameters:
authContext - context of an authentication process that took place in the past. The Subject provided by AuthenticationContext.getSubject() must contain exactly one UsernameIDPrincipal. Every AttributePrincipal of the Subject is mapped to a SAMLAttributeSatement. Every RolePrincipal is mapped to a special SAMLAttributeStatement that will be interpreted as roles during authorization.
pRoleAttributeName - Specifies the name of the AttributeStatements used to store role information, e.g. urn:conterra:names:sdi-suite:policy:attribute:role
pIssuer - The name that will appear as issuer of the SAMLAssertion.
pTarget - The name of the consumer of the SAMLAssertion.
pTimeout - The period of validity of the SAMLAssertion in seconds.
pAuthentMethod - The authentication method that was used to identify the subject, e.g. #password. Go to the SAML specification part called Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 to find a list of authentication method IDs
pPrivKey - The private key that will be used to sign the SAML Response.
pCert - The certificate that belongs to the private key. It will be embedded into the SAMLResponse as part of the signature. If this is null, the ticket is not signed.
pBase64 - If true the SAML ticket will be Base64-encoded, it won't be encoded otherwise.
Returns:
The ticket XML as a String.
Throws:
org.opensaml.SAMLException
java.io.IOException


Copyright © 2004-2009 52north.org. All Rights Reserved.