Class TokenTransformationFilter
- All Implemented Interfaces:
Filter
TokenTransformationFilter
is responsible for transforming a token issued by Access Management
into a token of another type.
Currently only the OpenID Connect id_token to SAML 2.0 Token (Assertions) is supported, BEARER mode.
{
"type": "TokenTransformationFilter",
"config": {
"amService" : AmService [REQUIRED]
"idToken" : String [REQUIRED]
"instance" : String [REQUIRED]
}
}
The idToken attribute is an Expression
specifying where to get the JWT id_token.
Note that the referenced value has to be a String
(the JWT encoded value).
The instance attribute is the name of an STS instance: a pre-configured transformation available under a specific REST endpoint.
After transformation, the returned issued_token (at the moment it is a String
that contains
the XML of the generated SAML assertions), is made available in the StsContext
for downstream handlers.
If errors are happening during the token transformation, the error response is returned as-is to the caller, and informative messages are being logged for the administrator.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Creates and initializes a token transformation filter in a heap environment. -
Constructor Summary
ConstructorDescriptionTokenTransformationFilter
(Handler handler, URI endpoint, Expression<String> idToken) Constructs a new TokenTransformationFilter transforming the OpenID Connect id_token fromidToken
into a SAML 2.0 Assertions structure (intoStsContext
). -
Method Summary
-
Constructor Details
-
TokenTransformationFilter
Constructs a new TokenTransformationFilter transforming the OpenID Connect id_token fromidToken
into a SAML 2.0 Assertions structure (intoStsContext
).- Parameters:
handler
- pipeline used to send the STS transformation requestendpoint
- Fully qualified URI of the STS instance (including the _action=translate query string)idToken
- Expression for reading OpenID Connect id_token (expects aString
)
-
-
Method Details
-
filter
public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next) Description copied from interface:Filter
Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter callsnext.handle(context, request)
.This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to
next.handle(context, request)
and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.
-