Package com.sun.identity.federation.plugins

Interface FederationSPAdapter

  • All Known Implementing Classes:
    FSDefaultSPAdapter
    @Deprecated
public interface FederationSPAdapter
    Deprecated.
    since 12.0.0
    The interface FederationSPAdapter could be implemented to perform user specific processing during federation process on the Liberty Service Provider side.

    A singleton instance of this FederationSPAdapter will be used during runtime, so make sure implementation of the federation processing methods (except initialize() method) are thread safe.

    • Field Detail

      • SUCCESS

        static final int SUCCESS
        Deprecated.
        Federation or Single Sign on process succeed at SP side.
        See Also:
        Constant Field Values

      • INVALID_AUTHN_RESPONSE

        static final int INVALID_AUTHN_RESPONSE
        Deprecated.
        Response from IDP with Browser POST or LECP profile contains * non-Success status code.
        See Also:
        Constant Field Values

      • INVALID_RESPONSE

        static final int INVALID_RESPONSE
        Deprecated.
        Response from IDP with Browser Artifact profile contains non-Success status code.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED

        static final int FEDERATION_FAILED
        Deprecated.
        Account federation failed.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_SSO_TOKEN_GENERATION

        static final int FEDERATION_FAILED_SSO_TOKEN_GENERATION
        Deprecated.
        Account federation failed because it failed to generate user token.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_ANON_TOKEN_GENERATION

        static final int FEDERATION_FAILED_ANON_TOKEN_GENERATION
        Deprecated.
        Account federation failed because it failed to generate anonymous token.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE

        static final int FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE
        Deprecated.
        Account federation failed because anonymous user account is inactive.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_ANON_AUTH_USER_LOCKED

        static final int FEDERATION_FAILED_ANON_AUTH_USER_LOCKED
        Deprecated.
        Account federation failed because anonymous user account is locked.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED

        static final int FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED
        Deprecated.
        Account federation failed because anonymous user account is expired.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_WRITING_ACCOUNT_INFO

        static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO
        Deprecated.
        Account federation failed because it failed to write account federation info.
        See Also:
        Constant Field Values

      • SSO_FAILED

        static final int SSO_FAILED
        Deprecated.
        Single Sign On failed.
        See Also:
        Constant Field Values

      • SSO_FAILED_FEDERATION_DOESNOT_EXIST

        static final int SSO_FAILED_FEDERATION_DOESNOT_EXIST
        Deprecated.
        Single Sign On failed because federation info does not exist at SP side.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTO_FED

        static final int SSO_FAILED_AUTO_FED
        Deprecated.
        Single Sign On failed because it failed to find auto federation user.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTH_USER_INACTIVE

        static final int SSO_FAILED_AUTH_USER_INACTIVE
        Deprecated.
        Single Sign On failed because the user account is inactive.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTH_USER_LOCKED

        static final int SSO_FAILED_AUTH_USER_LOCKED
        Deprecated.
        Single Sign On failed because the user account is locked.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTH_ACCOUNT_EXPIRED

        static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED
        Deprecated.
        Single Sign On failed because the user account is expired.
        See Also:
        Constant Field Values

      • SSO_FAILED_TOKEN_GENERATION

        static final int SSO_FAILED_TOKEN_GENERATION
        Deprecated.
        Single Sign On failed because it failed to generate user token.
        See Also:
        Constant Field Values

      • ENV_REALM

        static final String ENV_REALM
        Deprecated.
        Adapter's initialization parameter name for realm.
        See Also:
        Constant Field Values

    • Method Detail

      • initialize

        void initialize​(String hostedEntityID,
                Set initParams)
        Deprecated.
        Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.
        Parameters:
        hostedEntityID - entity ID for the hosted SP
        initParams - initial set of parameters(such as REALM) configured in the service provider for this adapter.

      • preSSOFederationRequest

        void preSSOFederationRequest​(String hostedEntityID,
                             String idpEntityID,
                             jakarta.servlet.http.HttpServletRequest request,
                             jakarta.servlet.http.HttpServletResponse response,
                             FSAuthnRequest authnRequest)
        Deprecated.
        Invokes before federation manager sends the Single-Sing-On and Federation request to IDP.
        Parameters:
        hostedEntityID - entity ID for the hosted SP
        idpEntityID - entity id for the IDP to which the request will be sent
        request - servlet request
        response - servlet response
        authnRequest - the authentication request to be send to IDP

      • preSSOFederationProcess

        void preSSOFederationProcess​(String hostedEntityID,
                             jakarta.servlet.http.HttpServletRequest request,
                             jakarta.servlet.http.HttpServletResponse response,
                             FSAuthnRequest authnRequest,
                             FSAuthnResponse authnResponse,
                             FSResponse samlResponse)
                      throws FederationException
        Deprecated.
        Invokes when the FM received the Single-Sign-On and Federation response from the IDP, this is called before any processing started on SP side.
        Parameters:
        hostedEntityID - entity ID for the hosted SP
        request - servlet request
        response - servlet response
        authnRequest - the original authentication request sent from SP
        authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.
        samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.
        Throws:
        FederationException - if user want to fail the process.

      • postSSOFederationSuccess

        boolean postSSOFederationSuccess​(String hostedEntityID,
                                 jakarta.servlet.http.HttpServletRequest request,
                                 jakarta.servlet.http.HttpServletResponse response,
                                 Object ssoToken,
                                 FSAuthnRequest authnRequest,
                                 FSAuthnResponse authnResponse,
                                 FSResponse samlResponse)
                          throws FederationException
        Deprecated.
        Invokes after Single-Sign-On and Federation processing is successful.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        request - servlet request
        response - servlet response
        ssoToken - user's SSO Token
        authnRequest - the original authentication request sent from SP
        authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.
        samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.
        Returns:
        true if browser redirection happened, false otherwise.
        Throws:
        FederationException - if user want to fail the process.

      • postSSOFederationFailure

        boolean postSSOFederationFailure​(String hostedEntityID,
                                 jakarta.servlet.http.HttpServletRequest request,
                                 jakarta.servlet.http.HttpServletResponse response,
                                 FSAuthnRequest authnRequest,
                                 FSAuthnResponse authnResponse,
                                 FSResponse samlResponse,
                                 int failureCode)
        Deprecated.
        Invokes after Single-Sign-On or Federation processing is failed.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        request - servlet request
        response - servlet response
        authnRequest - the original authentication request sent from SP
        authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.
        samlResponse - response from IDP if Browser Artifact profile is used * for the request, value will be null if Browser POST or LECP profile is used.
        failureCode - an integer specifies the failure code. Possible failure codes are defined in this interface.
        Returns:
        true if browser redirection happened, false otherwise.

      • postRegisterNameIdentifierSuccess

        void postRegisterNameIdentifierSuccess​(String hostedEntityID,
                                       jakarta.servlet.http.HttpServletRequest request,
                                       jakarta.servlet.http.HttpServletResponse response,
                                       String userDN,
                                       FSNameRegistrationRequest regRequest,
                                       FSNameRegistrationResponse regResponse,
                                       String regProfile)
        Deprecated.
        Invokes after Register Name Identifier processing is successful
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        request - servlet request
        response - servlet response
        userDN - DN of the user with whom name identifier registration performed
        regRequest - register name identifier request, value will be null if the request object is not available
        regResponse - register name identifier response, value will be null if the response object is not available
        regProfile - register name identifier profile used, one of following IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE

      • postTerminationNotificationSuccess

        void postTerminationNotificationSuccess​(String hostedEntityID,
                                        jakarta.servlet.http.HttpServletRequest request,
                                        jakarta.servlet.http.HttpServletResponse response,
                                        String userDN,
                                        FSFederationTerminationNotification notification,
                                        String termProfile)
        Deprecated.
        Invokes after the service provider successfully terminates federation with IDP.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        request - servlet request
        response - servlet response
        userDN - DN of the user with whom name identifier registration performed
        notification - federation termination notification message
        termProfile - federation termination profile used, one of following IFSConstants.TERMINATION_SP_HTTP_PROFILE IFSConstants.TERMINATION_SP_SOAP_PROFILE IFSConstants.TERMINATION_IDP_HTTP_PROFILE IFSConstants.TERMINATION_IDP_SOAP_PROFILE

      • preSingleLogoutProcess

        void preSingleLogoutProcess​(String hostedEntityID,
                            jakarta.servlet.http.HttpServletRequest request,
                            jakarta.servlet.http.HttpServletResponse response,
                            String userDN,
                            FSLogoutNotification logoutRequest,
                            FSLogoutResponse logoutResponse,
                            String sloProfile)
        Deprecated.
        Invokes before single logout process started on FM side. This method is called before the user token is invalidated on the service provider side.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        request - servlet request
        response - servlet response
        userDN - user DN
        logoutRequest - single logout request object
        logoutResponse - single logout response, value will be null if the response object is not available
        sloProfile - single logout profile used, one of following IFSConstants.LOGOUT_SP_REDIRECT_PROFILE IFSConstants.LOGOUT_SP_SOAP_PROFILE IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE IFSConstants.LOGOUT_IDP_SOAP_PROFILE

      • postSingleLogoutSuccess

        void postSingleLogoutSuccess​(String hostedEntityID,
                             jakarta.servlet.http.HttpServletRequest request,
                             jakarta.servlet.http.HttpServletResponse response,
                             String userDN,
                             FSLogoutNotification logoutRequest,
                             FSLogoutResponse logoutResponse,
                             String sloProfile)
        Deprecated.
        Invokes after single logout is successful completed, i.e. user token has been invalidated.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        request - servlet request
        response - servlet response
        userDN - user DN
        logoutRequest - single logout request, value will be null if the request object is not available
        logoutResponse - single logout response, value will be null if the response object is not available
        sloProfile - single logout profile used, one of following IFSConstants.LOGOUT_SP_HTTP_PROFILE IFSConstants.LOGOUT_SP_SOAP_PROFILE IFSConstants.LOGOUT_IDP_HTTP_PROFILE IFSConstants.LOGOUT_IDP_SOAP_PROFILE