SAMLBearerTokenUtil (Overlord Commons: Auth 2.0.11.Final API)

java.lang.Object
- org.overlord.commons.auth.util.SAMLBearerTokenUtil

```
public class SAMLBearerTokenUtil
extends Object
```
Class used to create SAML bearer tokens used when calling REST service endpoints protected by SAML.

Author:

eric.wittmann@redhat.com

Constructor Summary

Constructors
Constructor and Description

SAMLBearerTokenUtil()

Constructors
Constructor and Description
`SAMLBearerTokenUtil()`

Method Summary

Methods
Modifier and Type	Method and Description
`static String`	`createSAMLAssertion(Principal principal, Set<String> roles, String issuerName, String forService)` Creates a SAML Assertion that can be used as a bearer token when invoking REST services.
`static String`	`createSAMLAssertion(Principal principal, Set<String> roles, String issuerName, String forService, int timeValidInMillis)` Creates a SAML Assertion that can be used as a bearer token when invoking REST services.
`static KeyPair`	`getKeyPair(KeyStore keystore, String keyAlias, String keyPassword)` Gets the key pair to use to either sign an assertion or validate an assertion's signature.
`static boolean`	`isSAMLAssertionSignatureValid(Document samlAssertion, KeyPair keyPair)` Validates the SAML assertion's signature is valid.
`static KeyStore`	`loadKeystore(String keystorePath, String keystorePassword)` Loads the keystore.
`static String`	`signSAMLAssertion(String assertion, KeyPair keypair)` Signs a SAML assertion using the given security `KeyPair`.
`static void`	`validateAssertion(org.picketlink.identity.federation.saml.v2.assertion.AssertionType assertion, javax.servlet.http.HttpServletRequest request, Set<String> allowedIssuers)` Validates that the assertion is acceptable based on configurable criteria.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SAMLBearerTokenUtil
```
public SAMLBearerTokenUtil()
```
- Method Detail
  - createSAMLAssertion
```
public static String createSAMLAssertion(Principal principal,
                         Set<String> roles,
                         String issuerName,
                         String forService)
```
    Creates a SAML Assertion that can be used as a bearer token when invoking REST services. The REST service must be configured to accept SAML Assertion bearer tokens. In JBoss this means protecting the REST services with org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule. In Tomcat7 this means protecting the REST services with org.overlord.commons.auth.tomcat7.SAMLBearerTokenAuthenticator.
    
    Parameters:
    principal - the authenticated principal
    roles - the authenticated principal's roles
    issuerName - the issuer name (typically the context of the calling web app)
    forService - the web context of the REST service being invoked
  - createSAMLAssertion
```
public static String createSAMLAssertion(Principal principal,
                         Set<String> roles,
                         String issuerName,
                         String forService,
                         int timeValidInMillis)
```
    Creates a SAML Assertion that can be used as a bearer token when invoking REST services. The REST service must be configured to accept SAML Assertion bearer tokens. In JBoss this means protecting the REST services with org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule. In Tomcat7 this means protecting the REST services with org.overlord.commons.auth.tomcat7.SAMLBearerTokenAuthenticator.
    
    Parameters:
    principal -
    roles -
    issuerName -
    forService -
    timeValidInMillis -
  - signSAMLAssertion
```
public static String signSAMLAssertion(String assertion,
                       KeyPair keypair)
```
    Signs a SAML assertion using the given security KeyPair.
    
    Parameters:
    assertion -
    keypair -
  - isSAMLAssertionSignatureValid
```
public static boolean isSAMLAssertionSignatureValid(Document samlAssertion,
                                    KeyPair keyPair)
```
    Validates the SAML assertion's signature is valid.
  - getKeyPair
```
public static KeyPair getKeyPair(KeyStore keystore,
                 String keyAlias,
                 String keyPassword)
                          throws Exception
```
    Gets the key pair to use to either sign an assertion or validate an assertion's signature. The key pair is retrieved from the keystore.
    
    Throws:
    
    Exception
  - loadKeystore
```
public static KeyStore loadKeystore(String keystorePath,
                    String keystorePassword)
                             throws Exception
```
    Loads the keystore.
    
    Parameters:
    keystorePath -
    keystorePassword -
    
    Throws:
    
    Exception
  - validateAssertion
```
public static void validateAssertion(org.picketlink.identity.federation.saml.v2.assertion.AssertionType assertion,
                     javax.servlet.http.HttpServletRequest request,
                     Set<String> allowedIssuers)
                              throws LoginException
```
    Validates that the assertion is acceptable based on configurable criteria.
    
    Parameters:
    assertion -
    request -
    allowedIssuers -
    
    Throws:
    
    LoginException

Class SAMLBearerTokenUtil

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SAMLBearerTokenUtil

Method Detail

createSAMLAssertion

createSAMLAssertion

signSAMLAssertion

isSAMLAssertionSignatureValid

getKeyPair

loadKeystore

validateAssertion