com.sun.identity.federation.plugins

Class FSDefaultSPAdapter

java.lang.Object

com.sun.identity.federation.plugins.FSDefaultSPAdapter

All Implemented Interfaces:

FederationSPAdapter

public class FSDefaultSPAdapter
extends Object
implements FederationSPAdapter

Field Summary

Fields inherited from interface com.sun.identity.federation.plugins.FederationSPAdapter

ENV_REALM, FEDERATION_FAILED, FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED, FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE, FEDERATION_FAILED_ANON_AUTH_USER_LOCKED, FEDERATION_FAILED_ANON_TOKEN_GENERATION, FEDERATION_FAILED_SSO_TOKEN_GENERATION, FEDERATION_FAILED_WRITING_ACCOUNT_INFO, INVALID_AUTHN_RESPONSE, INVALID_RESPONSE, SSO_FAILED, SSO_FAILED_AUTH_ACCOUNT_EXPIRED, SSO_FAILED_AUTH_USER_INACTIVE, SSO_FAILED_AUTH_USER_LOCKED, SSO_FAILED_AUTO_FED, SSO_FAILED_FEDERATION_DOESNOT_EXIST, SSO_FAILED_TOKEN_GENERATION, SUCCESS

Constructor Summary

Constructors

Constructor and Description
FSDefaultSPAdapter()

Method Summary

Modifier and Type	Method and Description
void	initialize(String hostedProviderID, Set initParams) Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.
void	postRegisterNameIdentifierSuccess(String hostedProviderID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userDN, FSNameRegistrationRequest regRequest, FSNameRegistrationResponse regResponse, String regProfile) Invokes after Register Name Identifier processing is successful
void	postSingleLogoutSuccess(String hostedProviderID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userDN, FSLogoutNotification logoutRequest, FSLogoutResponse logoutResponse, String sloProfile) Invokes after single logout is successful completed, i.e. user token has been invalidated.
boolean	postSSOFederationFailure(String hostedEntityID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse, int failureCode) Invokes this method if the Single-Sign-On or Federation fails for some reason.
boolean	postSSOFederationSuccess(String hostedEntityID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) Invokes this method after the successful Single Sign-On or Federation.
void	postTerminationNotificationSuccess(String hostedProviderID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userDN, FSFederationTerminationNotification notification, String termProfile) Invokes after the service provider successfully terminates federation with IDP.
void	preSingleLogoutProcess(String hostedProviderID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userDN, FSLogoutNotification logoutRequest, FSLogoutResponse logoutResponse, String sloProfile) Invokes before single logout process started on FM side.
void	preSSOFederationProcess(String hostedProviderID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) Invokes when the FM received the Single-Sign-On and Federation response from the IDP, this is called before any processing started on SP side.
void	preSSOFederationRequest(String hostedProviderID, String idpProviderID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, FSAuthnRequest authnRequest) Invokes before federation manager sends the Single-Sing-On and Federation * request to IDP.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FSDefaultSPAdapter

public FSDefaultSPAdapter()

Method Detail

initialize

public void initialize(String hostedProviderID,
                       Set initParams)

Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.

Specified by:

initialize in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

initParams - initial set of parameters configured in the service provider for this adapter

preSSOFederationRequest

public void preSSOFederationRequest(String hostedProviderID,
                                    String idpProviderID,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    FSAuthnRequest authnRequest)

Invokes before federation manager sends the Single-Sing-On and Federation * request to IDP.

Specified by:

preSSOFederationRequest in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

idpProviderID - provider id for the IDP to which the request will be sent

request - servlet request

response - servlet response

authnRequest - the authentication request to be send to IDP

preSSOFederationProcess

public void preSSOFederationProcess(String hostedProviderID,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    FSAuthnRequest authnRequest,
                                    FSAuthnResponse authnResponse,
                                    FSResponse samlResponse)
                             throws FederationException

Invokes when the FM received the Single-Sign-On and Federation response from the IDP, this is called before any processing started on SP side.

Specified by:

preSSOFederationProcess in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

request - servlet request

response - servlet response

authnRequest - the original authentication request sent from SP

authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.

samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.

Throws:

FederationException - if user want to fail the process.

postSSOFederationSuccess

public boolean postSSOFederationSuccess(String hostedEntityID,
                                        javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        Object ssoToken,
                                        FSAuthnRequest authnRequest,
                                        FSAuthnResponse authnResponse,
                                        FSResponse samlResponse)
                                 throws FederationException

Invokes this method after the successful Single Sign-On or Federation.

Specified by:

postSSOFederationSuccess in interface FederationSPAdapter

Parameters:

hostedEntityID - provider ID for the hosted SP

request - servlet request

response - servlet response

ssoToken - user's SSO token

authnRequest - the original authentication request sent from SP

authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.

samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.

Returns:

true if browser redirection happened, false otherwise.

Throws:

FederationException - if user want to fail the process.

postSSOFederationFailure

public boolean postSSOFederationFailure(String hostedEntityID,
                                        javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        FSAuthnRequest authnRequest,
                                        FSAuthnResponse authnResponse,
                                        FSResponse samlResponse,
                                        int failureCode)

Invokes this method if the Single-Sign-On or Federation fails for some reason.

Specified by:

postSSOFederationFailure in interface FederationSPAdapter

Parameters:

request - servlet request

response - servlet response

authnRequest - the original authentication request sent from SP

authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.

samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.

failureCode - an integer specifies the failure code.

hostedEntityID - Entity ID for the hosted SP

Returns:

true if browser redirection happened, false otherwise.

postRegisterNameIdentifierSuccess

public void postRegisterNameIdentifierSuccess(String hostedProviderID,
                                              javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response,
                                              String userDN,
                                              FSNameRegistrationRequest regRequest,
                                              FSNameRegistrationResponse regResponse,
                                              String regProfile)

Invokes after Register Name Identifier processing is successful

Specified by:

postRegisterNameIdentifierSuccess in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

request - servlet request

response - servlet response

userDN - DN of the user with whom name identifier registration performed

regRequest - register name identifier request, value will be null if the request object is not available

regResponse - register name identifier response, value will be null if the response object is not available

regProfile - register name identifier profile used, one of following IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE

postTerminationNotificationSuccess

public void postTerminationNotificationSuccess(String hostedProviderID,
                                               javax.servlet.http.HttpServletRequest request,
                                               javax.servlet.http.HttpServletResponse response,
                                               String userDN,
                                               FSFederationTerminationNotification notification,
                                               String termProfile)

Invokes after the service provider successfully terminates federation with IDP.

Specified by:

postTerminationNotificationSuccess in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

request - servlet request

response - servlet response

userDN - DN of the user with whom name identifier registration performed

notification - federation termination notification message

termProfile - federation termination profile used, one of following IFSConstants.TERMINATION_SP_HTTP_PROFILE IFSConstants.TERMINATION_SP_SOAP_PROFILE IFSConstants.TERMINATION_IDP_HTTP_PROFILE IFSConstants.TERMINATION_IDP_SOAP_PROFILE

preSingleLogoutProcess

public void preSingleLogoutProcess(String hostedProviderID,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response,
                                   String userDN,
                                   FSLogoutNotification logoutRequest,
                                   FSLogoutResponse logoutResponse,
                                   String sloProfile)

Invokes before single logout process started on FM side. This method is called before the user token is invalidated on the service provider side.

Specified by:

preSingleLogoutProcess in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

request - servlet request

response - servlet response

userDN - user DN

logoutRequest - single logout request object

logoutResponse - single logout response, value will be null if the response object is not available

sloProfile - single logout profile used, one of following IFSConstants.LOGOUT_SP_REDIRECT_PROFILE IFSConstants.LOGOUT_SP_SOAP_PROFILE IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE IFSConstants.LOGOUT_IDP_SOAP_PROFILE

postSingleLogoutSuccess

public void postSingleLogoutSuccess(String hostedProviderID,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    String userDN,
                                    FSLogoutNotification logoutRequest,
                                    FSLogoutResponse logoutResponse,
                                    String sloProfile)

Invokes after single logout is successful completed, i.e. user token has been invalidated.

Specified by:

postSingleLogoutSuccess in interface FederationSPAdapter

Parameters:

hostedProviderID - provider ID for the hosted SP

request - servlet request

response - servlet response

userDN - user DN

logoutRequest - single logout request, value will be null if the request object is not available

logoutResponse - single logout response, value will be null if the response object is not available

sloProfile - single logout profile used, one of following IFSConstants.LOGOUT_SP_HTTP_PROFILE IFSConstants.LOGOUT_SP_SOAP_PROFILE IFSConstants.LOGOUT_IDP_HTTP_PROFILE IFSConstants.LOGOUT_IDP_SOAP_PROFILE