Package com.yahoo.container.jdisc.athenz
Interface AthenzIdentityProvider
public interface AthenzIdentityProvider
Provides convenience methods to interact with Athenz authenticated services
- Author:
- mortent, bjorncs
-
Method Summary
Modifier and TypeMethodDescriptionvoid
domain()
Get the Athenz domain associated with this identity provider.getAccessToken
(String domain) Get an access token for the specified Athenz domain.getAccessToken
(String domain, List<String> roles) Get an access token for a list of roles in an Athenz domain.Get an access token for the specified Athenz domain.Get the X.509 identity certificate associated with this identity provider.Get the SSLContext used for authenticating with the configured Athenz serviceGet the private key associated with this identity provider.getRoleCertificate
(String domain, String role) Get the X.509 role certificate for a specific Athenz role.getRoleSslContext
(String domain, String role) Get the SSLContext for authenticating with an Athenz rolegetRoleToken
(String domain) Get a role token for the specified Athenz domain.getRoleToken
(String domain, String role) Get a role token for a specific Athenz role.service()
Get the Athenz service name associated with this identity provider.Get the path to the trust store used for SSL verification.
-
Method Details
-
domain
String domain()Get the Athenz domain associated with this identity provider.- Returns:
- The Athenz domain.
-
service
String service()Get the Athenz service name associated with this identity provider.- Returns:
- The Athenz service name.
-
getIdentitySslContext
SSLContext getIdentitySslContext()Get the SSLContext used for authenticating with the configured Athenz service- Returns:
- An SSLContext for identity authentication.
-
getRoleSslContext
Get the SSLContext for authenticating with an Athenz role- Parameters:
domain
- Athenz domain name for the rolerole
- Athenz role name- Returns:
- A SSLContext for role authentication within the specified domain and role.
-
getRoleToken
Get a role token for the specified Athenz domain.- Parameters:
domain
- The Athenz domain for the role token- Returns:
- A role token for the specified domain.
-
getRoleToken
Get a role token for a specific Athenz role.- Parameters:
domain
- The Athenz domain name for the rolerole
- The Athenz role name- Returns:
- A role token for the specified domain and role.
-
getAccessToken
Get an access token for the specified Athenz domain.- Parameters:
domain
- Athenz domain name for the token- Returns:
- An access token for the specified domain.
-
getAccessToken
Get an access token for a list of roles in an Athenz domain.- Parameters:
domain
- Athenz domain name for the rolesroles
- The list of Athenz roles names- Returns:
- An access token for the specified roles.
-
getAccessToken
Get an access token for the specified Athenz domain.- Parameters:
domain
- Athenz domain nameroles
- List of Athenz role names. Empty list or null will fetch a token for all roles in the domain.proxyPrincipal
- List of principals to allow proxying the token. Each principal must be provided as: <domain>:service.<service> Empty list or null will return a token without proxy principals.- Returns:
- An access token for the specified domain.
-
getIdentityCertificate
List<X509Certificate> getIdentityCertificate()Get the X.509 identity certificate associated with this identity provider.- Returns:
- The X.509 identity certificate.
-
getRoleCertificate
Get the X.509 role certificate for a specific Athenz role.- Parameters:
domain
- Athenz domain name for the rolerole
- Athenz role name- Returns:
- An X.509 role certificate for the specified domain and role.
-
getPrivateKey
PrivateKey getPrivateKey()Get the private key associated with this identity provider.- Returns:
- The private key used for authentication.
-
trustStorePath
Path trustStorePath()Get the path to the trust store used for SSL verification.- Returns:
- The path to the trust store.
-
deconstruct
void deconstruct()
-