public class SamlCredentialProvider extends Object implements Provider
Follows the Provider CQS contract:
isExpired() / retrieve() are pure reads.refresh() is the only method that mutates state.Intended to be wrapped in a CredentialProvider, which serializes
refresh through a ReadWriteLock and
guarantees the isExpired → refresh → retrieve sequence. Direct use
(without wrapping) is not a supported mode.
| Constructor and Description |
|---|
SamlCredentialProvider(String roleTrn,
String samlProviderTrn,
String samlAssertion,
String rolePolicy,
String stsEndpoint)
Creates a new SamlCredentialProvider.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
isExpired() |
void |
refresh() |
CredentialValue |
retrieve() |
void |
setDurationSeconds(int durationSeconds) |
void |
setExpireBufferSeconds(int expireBufferSeconds) |
void |
setMaxRetries(int maxRetries) |
void |
setRetryIntervalMs(int retryIntervalMs) |
void |
setSchema(String schema) |
public SamlCredentialProvider(String roleTrn, String samlProviderTrn, String samlAssertion, String rolePolicy, String stsEndpoint)
roleTrn - the TRN of the role to assume, e.g. trn:iam::1234567890:role/YourRoleNamesamlProviderTrn - the TRN of the SAML provider, e.g. trn:iam::1234567890:saml-provider/MyIdpsamlAssertion - the base64-encoded SAML Response from your IdProlePolicy - optional inline policy to restrict permissions (may be null)stsEndpoint - optional STS endpoint override (may be null for default)public void refresh()
throws ApiException
refresh in interface ProviderApiExceptionpublic CredentialValue retrieve() throws ApiException
retrieve in interface ProviderApiExceptionpublic void setDurationSeconds(int durationSeconds)
public void setExpireBufferSeconds(int expireBufferSeconds)
public void setSchema(String schema)
public void setMaxRetries(int maxRetries)
public void setRetryIntervalMs(int retryIntervalMs)
Copyright © 2026. All rights reserved.