com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest Maven / Gradle / Ivy
/*
* Copyright 2010-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.securitytoken.model;
import java.io.Serializable;
import com.amazonaws.AmazonWebServiceRequest;
/**
* Container for the parameters to the {@link com.amazonaws.services.securitytoken.AWSSecurityTokenService#assumeRoleWithSAML(AssumeRoleWithSAMLRequest) AssumeRoleWithSAML operation}.
*
* Returns a set of temporary security credentials for users who have
* been authenticated via a SAML authentication response. This operation
* provides a mechanism for tying an enterprise identity store or
* directory to role-based AWS access without user-specific credentials
* or configuration.
*
*
* The temporary security credentials returned by this operation consist
* of an access key ID, a secret access key, and a security token.
* Applications can use these temporary security credentials to sign
* calls to AWS services. The credentials are valid for the duration that
* you specified when calling AssumeRoleWithSAML , which can
* be up to 3600 seconds (1 hour) or until the time specified in the SAML
* authentication response's NotOnOrAfter value, whichever
* is shorter.
*
*
* NOTE:The maximum duration for a session is 1 hour, and the
* minimum duration is 15 minutes, even if values outside this range are
* specified.
*
*
* Optionally, you can pass an IAM access policy to this operation. If
* you choose not to pass a policy, the temporary security credentials
* that are returned by the operation have the permissions that are
* defined in the access policy of the role that is being assumed. If you
* pass a policy to this operation, the temporary security credentials
* that are returned by the operation have the permissions that are
* allowed by both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to further
* restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see
* Permissions for AssumeRoleWithSAML
* in Using Temporary Security Credentials .
*
*
* Before your application can call AssumeRoleWithSAML , you
* must configure your SAML identity provider (IdP) to issue the claims
* required by AWS. Additionally, you must use AWS Identity and Access
* Management (IAM) to create a SAML provider entity in your AWS account
* that represents your identity provider, and create an IAM role that
* specifies this SAML provider in its trust policy.
*
*
* Calling AssumeRoleWithSAML does not require the use of
* AWS security credentials. The identity of the caller is validated by
* using keys in the metadata document that is uploaded for the SAML
* provider entity for your identity provider.
*
*
* For more information, see the following resources:
*
*
*
* -
* Creating Temporary Security Credentials for SAML Federation
* in Using Temporary Security Credentials .
* -
* SAML Providers
* in Using IAM .
* -
* Configuring a Relying Party and Claims
* in Using IAM .
* -
* Creating a Role for SAML-Based Federation
* in Using IAM .
*
*
*
*
*
*
*
*
*
*
*
* @see com.amazonaws.services.securitytoken.AWSSecurityTokenService#assumeRoleWithSAML(AssumeRoleWithSAMLRequest)
*/
public class AssumeRoleWithSAMLRequest extends AmazonWebServiceRequest implements Serializable {
/**
* The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*
* Constraints:
* Length: 20 - 2048
*/
private String roleArn;
/**
* The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*
* Constraints:
* Length: 20 - 2048
*/
private String principalArn;
/**
* The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*
* Constraints:
* Length: 4 - 50000
*/
private String sAMLAssertion;
/**
* An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*
* Constraints:
* Length: 1 - 2048
* Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
*/
private String policy;
/**
* The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*
* Constraints:
* Range: 900 - 129600
*/
private Integer durationSeconds;
/**
* The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*
* Constraints:
* Length: 20 - 2048
*
* @return The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*/
public String getRoleArn() {
return roleArn;
}
/**
* The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*
* Constraints:
* Length: 20 - 2048
*
* @param roleArn The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*/
public void setRoleArn(String roleArn) {
this.roleArn = roleArn;
}
/**
* The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*
* Returns a reference to this object so that method calls can be chained together.
*
* Constraints:
* Length: 20 - 2048
*
* @param roleArn The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*
* @return A reference to this updated object so that method calls can be chained
* together.
*/
public AssumeRoleWithSAMLRequest withRoleArn(String roleArn) {
this.roleArn = roleArn;
return this;
}
/**
* The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*
* Constraints:
* Length: 20 - 2048
*
* @return The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*/
public String getPrincipalArn() {
return principalArn;
}
/**
* The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*
* Constraints:
* Length: 20 - 2048
*
* @param principalArn The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*/
public void setPrincipalArn(String principalArn) {
this.principalArn = principalArn;
}
/**
* The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*
* Returns a reference to this object so that method calls can be chained together.
*
* Constraints:
* Length: 20 - 2048
*
* @param principalArn The Amazon Resource Name (ARN) of the SAML provider in IAM that
* describes the IdP.
*
* @return A reference to this updated object so that method calls can be chained
* together.
*/
public AssumeRoleWithSAMLRequest withPrincipalArn(String principalArn) {
this.principalArn = principalArn;
return this;
}
/**
* The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*
* Constraints:
* Length: 4 - 50000
*
* @return The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*/
public String getSAMLAssertion() {
return sAMLAssertion;
}
/**
* The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*
* Constraints:
* Length: 4 - 50000
*
* @param sAMLAssertion The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*/
public void setSAMLAssertion(String sAMLAssertion) {
this.sAMLAssertion = sAMLAssertion;
}
/**
* The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*
* Returns a reference to this object so that method calls can be chained together.
*
* Constraints:
* Length: 4 - 50000
*
* @param sAMLAssertion The base-64 encoded SAML authentication response provided by the IdP.
*
For more information, see Configuring
* a Relying Party and Adding Claims in the Using IAM guide.
*
* @return A reference to this updated object so that method calls can be chained
* together.
*/
public AssumeRoleWithSAMLRequest withSAMLAssertion(String sAMLAssertion) {
this.sAMLAssertion = sAMLAssertion;
return this;
}
/**
* An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*
* Constraints:
* Length: 1 - 2048
* Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
*
* @return An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*/
public String getPolicy() {
return policy;
}
/**
* An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*
* Constraints:
* Length: 1 - 2048
* Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
*
* @param policy An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*/
public void setPolicy(String policy) {
this.policy = policy;
}
/**
* An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*
* Returns a reference to this object so that method calls can be chained together.
*
* Constraints:
* Length: 1 - 2048
* Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+
*
* @param policy An IAM policy in JSON format.
The policy parameter is optional. If
* you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by
* both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to
* further restrict the permissions for the resulting temporary security
* credentials. You cannot use the passed policy to grant permissions
* that are in excess of those allowed by the access policy of the role
* that is being assumed. For more information, see Permissions
* for AssumeRoleWithSAML in Using Temporary Security
* Credentials. The policy must be 2048 bytes or shorter, and
* its packed size must be less than 450 bytes.
*
* @return A reference to this updated object so that method calls can be chained
* together.
*/
public AssumeRoleWithSAMLRequest withPolicy(String policy) {
this.policy = policy;
return this;
}
/**
* The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*
* Constraints:
* Range: 900 - 129600
*
* @return The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*/
public Integer getDurationSeconds() {
return durationSeconds;
}
/**
* The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*
* Constraints:
* Range: 900 - 129600
*
* @param durationSeconds The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*/
public void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
/**
* The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*
* Returns a reference to this object so that method calls can be chained together.
*
* Constraints:
* Range: 900 - 129600
*
* @param durationSeconds The duration, in seconds, of the role session. The value can range
* from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
* the value is set to 3600 seconds. An expiration can also be specified
* in the SAML authentication response's NotOnOrAfter value.
* The actual expiration time is whichever value is shorter. The
* maximum duration for a session is 1 hour, and the minimum duration is
* 15 minutes, even if values outside this range are specified.
*
* @return A reference to this updated object so that method calls can be chained
* together.
*/
public AssumeRoleWithSAMLRequest withDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
/**
* Returns a string representation of this object; useful for testing and
* debugging.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getRoleArn() != null) sb.append("RoleArn: " + getRoleArn() + ",");
if (getPrincipalArn() != null) sb.append("PrincipalArn: " + getPrincipalArn() + ",");
if (getSAMLAssertion() != null) sb.append("SAMLAssertion: " + getSAMLAssertion() + ",");
if (getPolicy() != null) sb.append("Policy: " + getPolicy() + ",");
if (getDurationSeconds() != null) sb.append("DurationSeconds: " + getDurationSeconds() );
sb.append("}");
return sb.toString();
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getRoleArn() == null) ? 0 : getRoleArn().hashCode());
hashCode = prime * hashCode + ((getPrincipalArn() == null) ? 0 : getPrincipalArn().hashCode());
hashCode = prime * hashCode + ((getSAMLAssertion() == null) ? 0 : getSAMLAssertion().hashCode());
hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode());
hashCode = prime * hashCode + ((getDurationSeconds() == null) ? 0 : getDurationSeconds().hashCode());
return hashCode;
}
@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (obj == null) return false;
if (obj instanceof AssumeRoleWithSAMLRequest == false) return false;
AssumeRoleWithSAMLRequest other = (AssumeRoleWithSAMLRequest)obj;
if (other.getRoleArn() == null ^ this.getRoleArn() == null) return false;
if (other.getRoleArn() != null && other.getRoleArn().equals(this.getRoleArn()) == false) return false;
if (other.getPrincipalArn() == null ^ this.getPrincipalArn() == null) return false;
if (other.getPrincipalArn() != null && other.getPrincipalArn().equals(this.getPrincipalArn()) == false) return false;
if (other.getSAMLAssertion() == null ^ this.getSAMLAssertion() == null) return false;
if (other.getSAMLAssertion() != null && other.getSAMLAssertion().equals(this.getSAMLAssertion()) == false) return false;
if (other.getPolicy() == null ^ this.getPolicy() == null) return false;
if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false) return false;
if (other.getDurationSeconds() == null ^ this.getDurationSeconds() == null) return false;
if (other.getDurationSeconds() != null && other.getDurationSeconds().equals(this.getDurationSeconds()) == false) return false;
return true;
}
}