a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SecurityTokenManager.java,v 1.4 2008/08/06 17:28:11 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.configuration.SystemPropertiesManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.EncryptedResourceID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>SecurityTokenManager</code> is a final class that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provides interfaces to manage Web Service Security (WSS) Tokens.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO : make those public methods remotable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.sun.identity.liberty.ws.security.TokenProviderImpl";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String providerClass = SystemPropertiesManager.get(TOKEN_PROVIDER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static ResourceBundle bundle = Locale.getInstallResourceBundle(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "libLibertySecurity");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static Debug debug = Debug.getInstance("libIDWSF");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the security token manager instance, the default
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>XMLSignatureManager</code> instance will be used for signing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and accessing the data store.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param credential The credential of the caller used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to see if access to this security token manager is allowed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if unable to access the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the security token manager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityTokenManager(java.lang.Object credential)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // no null checking for credential since provider may allow it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check for null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerClass == null || providerClass.trim().length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("Con: Security Token Provider class is not defined");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SecurityTokenException(bundle.getString("noProvider"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get provider class instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("Con: Unable to get instance of Token Provider", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get default XML signature manager class instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // unerline provider implementation might not need this, return null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // leave the check to the implementor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("Con: Unable to get instance of XMLSigManager", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // initialize security token provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the security token manager instance, this constructor is only
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * applicable when the client is running in the same JVM as server.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param credential The credential of the caller used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to see if access to this security token manager is allowed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param signatureManager instance of XML digital
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * signature manager class, used for accessing the certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * datastore and digital signing of the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if unable to access the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the security token manager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityTokenManager(java.lang.Object credential,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // no null checking for credential since provider may allow it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // no null checking for signatureManager since provider may allow it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check for null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerClass == null || providerClass.trim().length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("Con2: Security Token Provider class is not defined");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SecurityTokenException(bundle.getString("noProvider"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get provider class instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("Con2: Unable to get instance of Token Provider", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // initialize security token provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster provider.initialize(credential, signatureManager);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the alias of the certificate used for issuing <code>WSS</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * token, i.e. <code>WSS</code> <code>X509</code> Token, <code>WSS</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAML Token. If the <code>certAlias</code> is never set, a default
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * certificate will be used for issuing <code>WSS</code> tokens.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias String alias name for the certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if certificate for the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>certAlias</code> could not be found in key store.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setCertAlias(java.lang.String certAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the certificate used for issuing <code>WSS</code> token, i.e.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>WSS</code> <code>X509</code> Token, <code>WSS</code> SAML Token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If the certificate is never set, a default certificate will
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be used for issuing <code>WSS</code> tokens
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert <code>X509</code> certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if could not set Certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setCertificate(X509Certificate cert)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>X509</code> certificate Token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>X509</code> certificate Token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if the binary security token could
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not be obtained.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public BinarySecurityToken getX509CertificateToken()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a SAML Assertion for message authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param senderIdentity name identifier of the sender.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Assertion which contains an AuthenticationStatement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if the assertion could not be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion getSAMLAuthenticationToken(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return provider.getSAMLAuthenticationToken(senderIdentity);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a SAML Assertion for message authorization, the assertion could
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * optionally contain an AuthenticationStatement which will be used for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * message authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param senderIdentity name identifier of the sender.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param invocatorSession SessionContext of the invocation identity, it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is normally obtained by the credential reference in the SAML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AttributeDesignator for discovery resource offering which is part
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the liberty ID-FF AuthenResponse.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID id for the resource to be accessed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeAuthN if true include an AutheticationStatement in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the Assertion which will be used for message authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeResourceAccessStatement if true, a ResourceAccessStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be included in the Assertion (for AuthorizeRequester
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * directive). If false, a SessionContextStatement will be included
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the Assertion (for AuthenticationSessionContext directive).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * In the case when both AuthorizeRequester and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthenticationSessionContext directive need to be handled, use
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "true" as parameter here since the SessionContext will always be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * included in the ResourceAccessStatement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientProviderID recipient's provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>SecurityAssertion</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if the assertion could not be obtained.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion getSAMLAuthorizationToken(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return provider.getSAMLAuthorizationToken(senderIdentity,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a SAML Assertion for message authorization, the assertion could
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * optionally contain an AuthenticationStatement which will be used for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * message authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param senderIdentity name identifier of the sender.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param invocatorSession SessionContext of the invocation identity, it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is normally obtained by the credential reference in the SAML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AttributeDesignator for discovery resource offering which is part
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the liberty ID-FF AuthenResponse.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encResourceID Encrypted ID for the resource to be accessed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeAuthN if true, include an AutheticationStatement in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion which will be used for message authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeResourceAccessStatement if true, a ResourceAccessStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be included in the Assertion (for AuthorizeRequester
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * directive). If false, a SessionContextStatement will be included
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the Assertion (for AuthenticationSessionContext directive).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * In the case when both AuthorizeRequester and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthenticationSessionContext directive need to be handled, use
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "true" as parameter here since the SessionContext will always be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * included in the ResourceAccessStatement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientProviderID recipient's provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>SecurityAssertion</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if the assertion could not be obtained.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion getSAMLAuthorizationToken(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return provider.getSAMLAuthorizationToken(senderIdentity,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a SAML assertion. The confirmationMethod will be set to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "urn:oasis:names:tc:SAML:1.0:cm:bearer".
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param senderIdentity name identifier of the sender.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param invocatorSession SessionContext of the invocation identity, it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is normally obtained by the credential reference in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAML AttributeDesignator for discovery resource
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * offering which is part of the liberty ID-FF
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthenResponse.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resourceID id for the resource to be accessed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeAuthN if true, include an AutheticationStatement in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion which will be used for message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication. if false, no AuthenticationStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be included.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeResourceAccessStatement if true, a ResourceAccessStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be included in the Assertion (for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthorizeRequester directive). If false, a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SessionContextStatement will be included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion (for AuthenticationSessionContext directive).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * In the case when both AuthorizeRequester and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthenticationSessionContext directive need to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * handled, use "true" as parameter here since the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SessionContext will always be included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * ResourceAccessStatement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientProviderID recipient's provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>SecurityAssertion</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if the assertion could not be obtained
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return provider.getSAMLBearerToken(senderIdentity,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a SAML assertion. The confirmationMethod will be set to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "urn:oasis:names:tc:SAML:1.0:cm:bearer".
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param senderIdentity name identifier of the sender.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param invocatorSession SessionContext of the invocation identity, it
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is normally obtained by the credential reference in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAML AttributeDesignator for discovery resource
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * offering which is part of the liberty ID-FF
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthenResponse.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encResourceID Encrypted ID for the resource to be accessed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeAuthN if true, include an AutheticationStatement in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion which will be used for message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication. if false, no AuthenticationStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be included.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeResourceAccessStatement if true, a ResourceAccessStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be included in the Assertion (for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthorizeRequester directive). If false, a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SessionContextStatement will be included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion (for AuthenticationSessionContext directive).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * In the case when both AuthorizeRequester and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * AuthenticationSessionContext directive need to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * handled, use "true" as parameter here since the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SessionContext will always be included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * ResourceAccessStatement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientProviderID recipient's provider ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>SecurityAssertion</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SecurityTokenException if the assertion could not be obtained
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api