The OpenIAM authentication service returns a security token as part of the Subject during the authentication process. The authentication service supports the following token format:
- OPENIAM_TOKEN : Light weight, proprietary format that uses encryption to protect its contents. This format is suitable for use with in an application or between internal application
- SAML1_TOKEN : Complies with the SAML 1 Federation format
- SAML2_TOKEN : Complies with the SAML 2 Federation format. In addition to federation, this format should be used by organizations that leverage a SOA architecture and need to pass a SAML assertion to other services.
Obtaining a Security Token
We can obtain a security token by calling one of the authentication operations on the AuthenticationService. For simple password based authentication, you can use the passwordAuth() operation. This will return a subject which contains the following section:
You can extract this information from the subject using the following code snippet
Validating a Token
Tokens have a life. The default value is 15 minutes, but its configurable through policy. Its important that you validate them before using them. The validateToken will carry out a number of checks to ensure that the token is valid.
Renewing a token
To keep a token a alive, we can renew it. The renewToken() operation the authentication service accepts a valid token and will return an updated one. Since tokens have a time period during which they are valid, this operation updates that time window.