Security tokens are created in the Security Token Service via the TokenProvider interface. It has three methods:
boolean canHandleToken(String tokenType)- Whether this TokenProvider implementation can provide a token of the given type
boolean canHandleToken(String tokenType, String realm)- Whether this TokenProvider implementation can provide a token of the given type, in the given realm
TokenProviderResponse createToken(TokenProviderParameters tokenParameters)- Create a token using the given parameters
A client can request a security token from the STS by either invoking the
issue operation and supplying a
desired token type, or else calling the "validate" operation and passing a (different) token type (token transformation).
Assuming that the client request is authenticated and well-formed, the STS will iterate through a list of TokenProvider
implementations to see if they can "handle" the received token type. If they can, then the implementation is used to
create a security token, which is returned to the client. The second "canHandleToken" method which also takes a
So to support the issuing of a particular token type in an STS deployment, it is necessary to specify a TokenProvider implementation that can handle that token type. The STS currently ships with two TokenProvider implementations, one for generating SecurityContextTokens, and one for generating SAML Assertions. Before we look at these two implementations, let's take a look at the "createToken" operation in more detail. This method takes a TokenProviderParameters instance.