|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.n52.security.authentication.SAMLTicket
public class SAMLTicket
The SAMLTicket class basically provides a SAMLResponse <-> javax.security.auth.Subject mapping.
Field Summary | |
---|---|
protected org.opensaml.SAMLResponse |
m_samlResponse
|
Constructor Summary | |
---|---|
SAMLTicket(org.w3c.dom.Document pSAMLResponse)
|
|
SAMLTicket(org.opensaml.SAMLResponse pSAMLResponse)
|
|
SAMLTicket(java.lang.String samlResponse)
|
Method Summary | |
---|---|
java.lang.String |
asBase64String()
|
java.lang.String |
asString()
|
javax.security.auth.Subject |
asSubject()
|
static java.lang.String |
createSAMLResponseFromPrincipals(AuthenticationContext authContext,
java.lang.String pRoleAttributeName,
java.lang.String pIssuer,
java.lang.String pTarget,
int pTimeout,
java.lang.String pAuthentMethod,
java.security.Key pPrivKey,
java.security.cert.Certificate pCert,
boolean pBase64)
Creates a SAML ticket, i.e. a SAMLResponse, based on a set of Principal instances that are part of a
Subject stored in an AuthenticationContext instance. |
boolean |
isExpired()
check if any assertion is expired, without any respect to clock differences. |
boolean |
isExpired(long allowedDelta)
check if any assertion is expired, in relation to an allowed delta. |
void |
updateSubject(javax.security.auth.Subject pSubject)
|
void |
verify()
Verifies the signature of this SAML document. |
void |
verify(java.security.cert.Certificate pWASCert)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected org.opensaml.SAMLResponse m_samlResponse
Constructor Detail |
---|
public SAMLTicket(java.lang.String samlResponse) throws org.opensaml.SAMLException
samlResponse
- String representation of an "UTF-8" coded SAMLTicket.
org.opensaml.SAMLException
public SAMLTicket(org.w3c.dom.Document pSAMLResponse) throws org.opensaml.SAMLException
pSAMLResponse
-
org.opensaml.SAMLException
public SAMLTicket(org.opensaml.SAMLResponse pSAMLResponse) throws org.opensaml.SAMLException
pSAMLResponse
-
org.opensaml.SAMLException
Method Detail |
---|
public void verify() throws org.opensaml.SAMLException
org.opensaml.SAMLException
- if the signature could not be verifiedpublic void verify(java.security.cert.Certificate pWASCert) throws org.opensaml.SAMLException
org.opensaml.SAMLException
public boolean isExpired()
public boolean isExpired(long allowedDelta)
allowedDelta
- a delta in msec.
public javax.security.auth.Subject asSubject()
public java.lang.String asString()
public java.lang.String asBase64String()
public void updateSubject(javax.security.auth.Subject pSubject)
pSubject
- public static java.lang.String createSAMLResponseFromPrincipals(AuthenticationContext authContext, java.lang.String pRoleAttributeName, java.lang.String pIssuer, java.lang.String pTarget, int pTimeout, java.lang.String pAuthentMethod, java.security.Key pPrivKey, java.security.cert.Certificate pCert, boolean pBase64) throws org.opensaml.SAMLException, java.io.IOException
Principal
instances that are part of a
Subject
stored in an AuthenticationContext
instance.
authContext
- context of an authentication process that took place in the past. The Subject
provided by
AuthenticationContext.getSubject()
must contain exactly one UsernameIDPrincipal
. Every
AttributePrincipal
of the Subject is mapped to a SAMLAttributeSatement. Every
RolePrincipal
is mapped to a special SAMLAttributeStatement that will be interpreted as roles
during authorization.pRoleAttributeName
- Specifies the name of the AttributeStatements used to store role information, e.g.
urn:conterra:names:sdi-suite:policy:attribute:role
pIssuer
- The name that will appear as issuer of the SAMLAssertion.pTarget
- The name of the consumer of the SAMLAssertion.pTimeout
- The period of validity of the SAMLAssertion in seconds.pAuthentMethod
- The authentication method that was used to identify the subject, e.g. #password
. Go to
the SAML specification part called Assertions and Protocol for the OASIS Security Assertion Markup
Language (SAML) V1.1 to find a list of authentication method IDspPrivKey
- The private key that will be used to sign the SAML Response.pCert
- The certificate that belongs to the private key. It will be embedded into the SAMLResponse as part of
the signature. If this is null
, the ticket is not signed.pBase64
- If true
the SAML ticket will be Base64-encoded, it won't be encoded otherwise.
org.opensaml.SAMLException
java.io.IOException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |