com.ibm.wsspi.wssecurity.core.config

Interface IssuedTokenConfigConstants



  • public interface IssuedTokenConfigConstants

    Generic Constants and properties used by the generic issued token login modules and callbacks.

    • Field Summary

      Fields 
      Modifier and Type Field and Description
      static java.lang.String ALWAYS_GENERIC
      This key is used by the GenericIssuedTokenConsumeLoginModule and can be set using any of the built-in callback handlers.
      static java.lang.String APPLIES_TO
      The key is used to specify the AppliesTo for the requested issued Token when using WSSAPI.
      static java.lang.String CONFIRMATION_METHOD
      This is the key used to specify SAML assertion ConfirmationMethod.
      static java.lang.String ENFORCE_CONFIRMATION_METHOD
      This is the key used to specify the option to enforce confirmation method in SAML assertion when doing token exchange The default value for this property is false unless it is set to true.
      static java.lang.String EXCHANGED_TOKEN_TYPE
      This is the key used to specify the token type that should be returned after a successful token validation.
      static java.lang.String KEY_ALIAS
      This is the optional key used to specify the key alias decrypt SAML assertion
      static java.lang.String KEY_NAME
      This is the optional key used to specify the key name decrypt SAML assertion
      static java.lang.String KEY_PASSWORD
      This is the optional key used to specify the key password decrypt SAML assertion
      static java.lang.String KEY_STORE_PASSWORD
      This is the key used to specify keystore password decrypt SAML assertion
      static java.lang.String KEY_STORE_PATH
      This is the key used to specify keystore file path to decrypt SAML assertion
      static java.lang.String KEY_STORE_TYPE
      This is the key used to specify keystore type name decrypt SAML assertion
      static java.lang.String PASS_THROUGH_TOKEN
      This key is valid for use by both GenericIssuedTokenConsumeLoginModule and GenericIssuedTokenGenerateLoginModule.
      static java.lang.String SAML_APPLIES_TO
      The key is used to specify the AppliesTo for the requested SAMLToken when using WSSAPI.
      static java.lang.String SSL_CONFIG_ALIAS
      The key is used to specify the alias to an SSL configuration used by WS-Trust client to request SAMLToken.
      static java.lang.String STS_ADDRESS
      This is the key used to specify the SecurityTokenService address.
      static java.lang.String TRUST_CLIENT_BINDING
      This is the key used to specify WS-trust client's binding name.
      static java.lang.String TRUST_CLIENT_BINDING_SCOPE
      This is the key used to specify binding scope for the policyset attached to WS-Trust client.
      static java.lang.String TRUST_CLIENT_COLLECTION_REQUEST
      This is the key used to specify if RequestSecurityTokenCollection is required in WS-Trust request.
      static java.lang.String TRUST_CLIENT_POLICY
      This is the key used to specify WS-Trust client's policyset name.
      static java.lang.String TRUST_CLIENT_SOAP_VERSION
      This is the key used to specify the SOAP version in WS-Trust request.
      static java.lang.String TRUST_CLIENT_VALIDATE_BINDING
      This is the key used to specify WS-trust client's binding name for Validate.
      static java.lang.String TRUST_CLIENT_VALIDATE_POLICY
      This is the key used to specify WS-Trust client's policyset name for Validate.
      static java.lang.String TRUST_CLIENT_WSTRUST_NAMESPACE
      This is the key used to specify the WS-Trust namespace in WS-Trust request.
      static java.lang.String TRUST_INCLUDE_TOKEN_TYPE
      This is the key used to specify the the returned token type included in trust request message.
      static java.lang.String TRUST_ISSUER
      This is the key used to specify the issuer for the requested token.
      static java.lang.String TRUST_VALIDATE_TARGET_OPTION
      This is the key used to specify the used WS-Trust ValidateTarget, which is one of the following options: token, or base.
      static java.lang.String TRUSTED_ISSUER_
      This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer name whose name is trustedIssuer_n where n is an integer and started from 0.
      static java.lang.String TRUSTED_ISSUER_SUBJECTDN
      This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer X509Certificate's SubjectDN name whose name is trustedSubjectDN_n where n is an integer and started from 0.
      static java.lang.String UNT_PASSWORD_REQUIRED
      This is the optional key used to specify if password is required when using UsernameToken from RunAs subject.
      static java.lang.String USE_RUN_AS_SUBJECT
      This is the key used to specify if the generator should use the token from RunAsSubject for outgoing request.
      static java.lang.String USE_RUN_AS_SUBJECT_ONLY
      This is the key used to specify if the generator should only use the token from RunAsSubject for outgoing request.
      static java.lang.String USE_TOKEN
      This is the key used to specify which token ValueType in RunAsSubject is used to generate token for the SOAP requester.
      static java.lang.String VALIDATE_TOKEN
      This is the key used to specify if generator should use WS-Trust to validate the token from RunAsSubject.
      static java.lang.String WSS_CONSUMING_CONTEXT
      The key is used to specify the WSSConsumingContext object used by WS-Trust client to request SAMLToken.
      static java.lang.String WSS_GENERATION_CONTEXT
      The key is used to specify the WSSGenerationContext object used by WS-Trust client to request SAMLToken.
    • Field Detail

      • STS_ADDRESS

        static final java.lang.String STS_ADDRESS

        This is the key used to specify the SecurityTokenService address. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_POLICY

        static final java.lang.String TRUST_CLIENT_POLICY

        This is the key used to specify WS-Trust client's policyset name. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_BINDING

        static final java.lang.String TRUST_CLIENT_BINDING

        This is the key used to specify WS-trust client's binding name. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_SOAP_VERSION

        static final java.lang.String TRUST_CLIENT_SOAP_VERSION

        This is the key used to specify the SOAP version in WS-Trust request. Valid values are "1.1" or "1.2". The default value is the same SOAP version used by application client. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_WSTRUST_NAMESPACE

        static final java.lang.String TRUST_CLIENT_WSTRUST_NAMESPACE

        This is the key used to specify the WS-Trust namespace in WS-Trust request. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_BINDING_SCOPE

        static final java.lang.String TRUST_CLIENT_BINDING_SCOPE

        This is the key used to specify binding scope for the policyset attached to WS-Trust client. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • EXCHANGED_TOKEN_TYPE

        static final java.lang.String EXCHANGED_TOKEN_TYPE

        This is the key used to specify the token type that should be returned after a successful token validation. The key is used in the CallbackHandler's custom properties in token consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_VALIDATE_TARGET_OPTION

        static final java.lang.String TRUST_VALIDATE_TARGET_OPTION

        This is the key used to specify the used WS-Trust ValidateTarget, which is one of the following options: token, or base. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_ISSUER

        static final java.lang.String TRUST_ISSUER

        This is the key used to specify the issuer for the requested token. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_INCLUDE_TOKEN_TYPE

        static final java.lang.String TRUST_INCLUDE_TOKEN_TYPE

        This is the key used to specify the the returned token type included in trust request message. The default implementation always include the required return token ValueType in WS-Trust request message. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • USE_RUN_AS_SUBJECT

        static final java.lang.String USE_RUN_AS_SUBJECT

        This is the key used to specify if the generator should use the token from RunAsSubject for outgoing request. The default behavior is always to try to use validated tokens in RunAs subject first. The key is used in the CallbackHandler's custom properties in token generator bindings.

        See Also:
        Constant Field Values
      • USE_RUN_AS_SUBJECT_ONLY

        static final java.lang.String USE_RUN_AS_SUBJECT_ONLY

        This is the key used to specify if the generator should only use the token from RunAsSubject for outgoing request. The default behavior is to use WS-Trust Issue to request a token if RunAs subject fails to emit a valid token.

        See Also:
        Constant Field Values
      • USE_TOKEN

        static final java.lang.String USE_TOKEN

        This is the key used to specify which token ValueType in RunAsSubject is used to generate token for the SOAP requester. If the specified token ValueType is different from the ValueType in the requested token, a token exchange is performed by using ws-trust Validate. If the specified token ValueType is the same as the ValueType in the requested token, a token validation is performed by using ws-trust Validate. Optionally, the token validation could be deferred to service provider. The key is used in the CallbackHandler's custom properties in token generator bindings.

        See Also:
        Constant Field Values
      • VALIDATE_TOKEN

        static final java.lang.String VALIDATE_TOKEN

        This is the key used to specify if generator should use WS-Trust to validate the token from RunAsSubject. The default behavior is to always Validate the outgoing token from RunAsSubject before sending token to service. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_VALIDATE_POLICY

        static final java.lang.String TRUST_CLIENT_VALIDATE_POLICY

        This is the key used to specify WS-Trust client's policyset name for Validate. If this key is not specified, the policyset specified by key TRUST_CLIENT_POLICY is applied. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_VALIDATE_BINDING

        static final java.lang.String TRUST_CLIENT_VALIDATE_BINDING

        This is the key used to specify WS-trust client's binding name for Validate. If this key is not specified, the bindings specified by key TRUST_CLIENT_BINDING is applied. The key is used in the CallbackHandler's custom properties in both token generator and consumer bindings.

        See Also:
        Constant Field Values
      • ENFORCE_CONFIRMATION_METHOD

        static final java.lang.String ENFORCE_CONFIRMATION_METHOD

        This is the key used to specify the option to enforce confirmation method in SAML assertion when doing token exchange The default value for this property is false unless it is set to true.

        See Also:
        Constant Field Values
      • CONFIRMATION_METHOD

        static final java.lang.String CONFIRMATION_METHOD

        This is the key used to specify SAML assertion ConfirmationMethod. Valid values include "bearer", and "sender-vouches".

        See Also:
        Constant Field Values
      • KEY_STORE_PATH

        static final java.lang.String KEY_STORE_PATH

        This is the key used to specify keystore file path to decrypt SAML assertion

        See Also:
        Constant Field Values
      • KEY_STORE_TYPE

        static final java.lang.String KEY_STORE_TYPE

        This is the key used to specify keystore type name decrypt SAML assertion

        See Also:
        Constant Field Values
      • KEY_STORE_PASSWORD

        static final java.lang.String KEY_STORE_PASSWORD

        This is the key used to specify keystore password decrypt SAML assertion

        See Also:
        Constant Field Values
      • KEY_ALIAS

        static final java.lang.String KEY_ALIAS

        This is the optional key used to specify the key alias decrypt SAML assertion

        See Also:
        Constant Field Values
      • KEY_NAME

        static final java.lang.String KEY_NAME

        This is the optional key used to specify the key name decrypt SAML assertion

        See Also:
        Constant Field Values
      • KEY_PASSWORD

        static final java.lang.String KEY_PASSWORD

        This is the optional key used to specify the key password decrypt SAML assertion

        See Also:
        Constant Field Values
      • UNT_PASSWORD_REQUIRED

        static final java.lang.String UNT_PASSWORD_REQUIRED

        This is the optional key used to specify if password is required when using UsernameToken from RunAs subject.

        See Also:
        Constant Field Values
      • WSS_GENERATION_CONTEXT

        static final java.lang.String WSS_GENERATION_CONTEXT

        The key is used to specify the WSSGenerationContext object used by WS-Trust client to request SAMLToken.

        See Also:
        Constant Field Values
      • WSS_CONSUMING_CONTEXT

        static final java.lang.String WSS_CONSUMING_CONTEXT

        The key is used to specify the WSSConsumingContext object used by WS-Trust client to request SAMLToken.

        See Also:
        Constant Field Values
      • SSL_CONFIG_ALIAS

        static final java.lang.String SSL_CONFIG_ALIAS

        The key is used to specify the alias to an SSL configuration used by WS-Trust client to request SAMLToken. This key is optional. If this key is not set, the default SSL alias defined in system's SSL Configuration is used.

        See Also:
        Constant Field Values
      • APPLIES_TO

        static final java.lang.String APPLIES_TO

        The key is used to specify the AppliesTo for the requested issued Token when using WSSAPI.

        See Also:
        Constant Field Values
      • SAML_APPLIES_TO

        static final java.lang.String SAML_APPLIES_TO

        The key is used to specify the AppliesTo for the requested SAMLToken when using WSSAPI.

        See Also:
        Constant Field Values
      • TRUST_CLIENT_COLLECTION_REQUEST

        static final java.lang.String TRUST_CLIENT_COLLECTION_REQUEST

        This is the key used to specify if RequestSecurityTokenCollection is required in WS-Trust request. The default behavior is to use RequestSecurityToken instead of RequestSecurityTokenCollection.

        See Also:
        Constant Field Values
      • TRUSTED_ISSUER_

        static final java.lang.String TRUSTED_ISSUER_

        This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer name whose name is trustedIssuer_n where n is an integer and started from 0.

        See Also:
        Constant Field Values
      • TRUSTED_ISSUER_SUBJECTDN

        static final java.lang.String TRUSTED_ISSUER_SUBJECTDN

        This is the key used in the custom properties in GenericIssuedTokenConsumeCallbackHandler to specify the trusted issuer X509Certificate's SubjectDN name whose name is trustedSubjectDN_n where n is an integer and started from 0.

        See Also:
        Constant Field Values
      • PASS_THROUGH_TOKEN

        static final java.lang.String PASS_THROUGH_TOKEN

        This key is valid for use by both GenericIssuedTokenConsumeLoginModule and GenericIssuedTokenGenerateLoginModule. It can be specified on any of the built-in callback handlers. When this key is used for the consumer, it is used to direct if the inbound token should be sent to the STS or not. The default behavior is to always send the inbound token to the STS for validation and/or exchange (depending on other config settings). When this property is set to true, the inbound token will not be sent to the STS at all, in effect, 'passing through' the consumer. Also, when this property is set to true and a built-in token type is used (UsernameToken, Kerberos Token, SAML token, etc), the token will be parsed and available on the WS-Security context for later processing by a caller configuration JAAS login module. When this key is used for the generator, it is used to direct if the outbound token should be obtained from the STS or not. The default behavior is to always obtain the token from the STS. When this property is set to true, the inbound token will be obtained in this order: 1) From the sharedState from a stacked JAAS login module, 2) From the com.ibm.wsspi.wssecurity.token.tokenHolder list on the message context 3) From the inbound SecurityTokens Refer to the following constants in com.ibm.wsspi.wssecurity.core.Constants for more information: com.ibm.wsspi.wssecurity.token.tokenHolder com.ibm.wsspi.wssecurity.token.enableCaptureTokenContext com.ibm.wsspi.wssecurity.token.enableCaptureTokenInboundMsg

        See Also:
        Constant Field Values
      • ALWAYS_GENERIC

        static final java.lang.String ALWAYS_GENERIC

        This key is used by the GenericIssuedTokenConsumeLoginModule and can be set using any of the built-in callback handlers. When passThroughToken is set to true, if this property is also set to true, the login module will always create a GenericSecurityToken instead of a built-in token type that corresponds to the valueType that is configured for the token. The default value for this property is false.

        See Also:
        Constant Field Values
IBM WebSphere Application ServerTM
Release 8.5