com.ibm.wsspi.wssecurity.saml.config

Interface ConsumerConfig

  • All Superinterfaces:
    Configuration, ConsumerConfiguration


    public interface ConsumerConfig
    extends ConsumerConfiguration

    This interface encapsulates getter and setter methods for the configuration attributes of the SAML token consumer.

    User should never implement this interface directly, and is required to use SAMLTokenFactory to get an instance of ConsumerConfig.
    • Method Detail

      • getAlgorithmSuite

        java.lang.String getAlgorithmSuite()
        Returns the Encryption Algorithm for encrypted token or key.
        Returns:
        a string representing the Encryption Algorithm for encrypted SAML token or keys.
      • getKeyInformationConfig

        KeyInformationConfig getKeyInformationConfig()
        Returns the KeyInformationConfig object to be be used to decrypt an encrypted SAML token or key.
        Returns:
        KeyInformationConfig for the decryption of encrypted SAML token or keys.
        See Also:
        KeyInformationConfig
      • getKeyStoreConfig

        KeyStoreConfig getKeyStoreConfig()
        Returns the KeyStoreConfig object used for the decryption of a SAML token or keys.
        Returns:
        KeyStoreConfig for the decryption of encrypted SAML token or Keys.
        See Also:
        KeyStoreConfig
      • getTrustStoreConfig

        KeyStoreConfig getTrustStoreConfig()
        Returns the KeyStoreConfig object used in the validation of the SAML Enveloped-Signature.
        Returns:
        KeyStoreConfig object to be used for the SAML Enveloped-Signature validation.
        See Also:
        KeyStoreConfig
      • getAliasForTokenProvider

        java.lang.String getAliasForTokenProvider()
        Returns a string representing the key alias corresponding to the token provider.
        Returns:
        alias name for the token provider's key.
      • isAssertionSignatureRequired

        boolean isAssertionSignatureRequired()
        Returns an indication as to whether this token consumer requires signed SAML assertions.
        Returns:
        boolean true or false indicating if the consumer of the SAML token requires signed assertions.
      • trustAnySTS

        boolean trustAnySTS()
        Returns an indication as to whether this token consumer trusts all token providers.
        Returns:
        boolean true or false indicating if the consumer of the SAML token trusts all token providers.
      • setAlgorithmSuite

        void setAlgorithmSuite(java.lang.String alg)
        Sets the encryption algorithm for the encrypted token or key.
        Parameters:
        alg - a string representing the algorithm.
      • setTrustStoreConfig

        void setTrustStoreConfig(KeyStoreConfig tsc)
        Sets the TrustStore configuration attribute.
        Parameters:
        tsc - of KeyStoreConfig type.
        See Also:
        KeyStoreConfig
      • setAliasForTokenProvider

        void setAliasForTokenProvider(java.lang.String alias)
        Sets alias for Token provider's key.
        Parameters:
        alias - name for the provider's key.
      • setAssertionSignatureRequired

        void setAssertionSignatureRequired(boolean option)
        Indicates if signature on the assertion is required by this consumer.
        Parameters:
        option - boolean true or false.
      • setTrustAnySTS

        void setTrustAnySTS(boolean option)
        Indicates if this consumer trusts all token providers.
        Parameters:
        option - boolean true or false.
      • getClockSkew

        long getClockSkew()
        Return the allowable clock skew.
        Returns:
        the maximum allowable clock skew
      • setClockSkew

        void setClockSkew(long time)
        Set clock skew
        Parameters:
        clock - kew in milliseconds
      • getX509Paths

        java.util.List<java.lang.String> getX509Paths()
        Get the list of intermediate certificate files.
        Returns:
        the list of intermediate certificate files
      • getCRLPaths

        java.util.List<java.lang.String> getCRLPaths()
        Get the list of revoked certificate list files.
        Returns:
        the list of CRL files
      • addX509Path

        void addX509Path(java.lang.String value)
        Adds Intermediate certificate file.
        Parameters:
        CRL - file
      • addCRLPath

        void addCRLPath(java.lang.String value)
        Adds revoked certificate list.
        Parameters:
        revoked - certificate list
      • setX509Path

        void setX509Path(java.util.List value)
        Sets intermediate certificate file lists.
        Parameters:
        intermediate - certificate file list
      • setCRLPath

        void setCRLPath(java.util.List value)
        Sets revoked certificate list.
        Parameters:
        revoked - certificate list
      • setRevocationEnabled

        void setRevocationEnabled(boolean value)
        Enables certificate revocation. This sets the revocationEnabled flag, for use in the PKIXBuilderParameters. This revocationEnabled is used in conjunction with certificate revocation lists
        Parameters:
        boolean - true or false indicating if certificate revocation should be turned on
      • getRevocationEnabled

        boolean getRevocationEnabled()
        Gets the setting of the revocationEnabled flag
        Returns:
        boolean true or false indicating if certificate revocation is enabled
      • setCertStores

        void setCertStores(java.util.List<java.security.cert.CertStore> certStores)
        Sets the cert store list
        Parameters:
        cert - store list
      • getCertStores

        java.util.List<java.security.cert.CertStore> getCertStores()
        Gets the cert store list
        Returns:
        cert store list
      • addCertStore

        void addCertStore(java.security.cert.CertStore certStore)
        Adds a cert store to the current cert store list
        Parameters:
        cert - store
      • setAllowUnencKey

        void setAllowUnencKey(boolean value)
        Sets setting for allowing an Unencrypted key in a Holder of Key token.
        Parameters:
        value - boolean flag whether to allow an Unencrypted key in a Holder of Key token
      • getAllowUnencKey

        boolean getAllowUnencKey()
        Gets setting for allowing an Unencrypted key in a Holder of Key token. Default behavior is to allow an unencrypted key.
IBM WebSphere Application ServerTM
Release 8.5