com.sun.identity.saml

Class AssertionManager

java.lang.Object

com.sun.identity.saml.AssertionManager

public final class AssertionManager
extends Object

The class AssertionManager is a final class that provides interfaces to create, get and destroy Assertions.

It is a singleton class; an instance of this class can be obtained by calling AssertionManager.getInstance().

Having obtained an instance of AssertionManager, its methods can be called to create/get Assertion, and AssertionArtifact, and to obtain decision from an Query.

This class could only be used in the same JVM as OpenAM.

Field Summary

Fields

Modifier and Type	Field and Description
static Stats	artStats
static Stats	assStats

Method Summary

Modifier and Type	Method and Description
Assertion	createAssertion(Object token) This method creates an Assertion that contains an AuthenticationStatement.
Assertion	createAssertion(Object token, List attributes) This method creates an Assertion that contains an AuthenticationStatement and an AttributeStatement.
AssertionArtifact	createAssertionArtifact(Assertion assertion, String destID) This method creates an AssertionArtifact for the given Assertion.
AssertionArtifact	createAssertionArtifact(String id, String destID) Creates an AssertionArtifact.
AssertionArtifact	createAssertionArtifact(String id, String destID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String targetUrl, String version) Creates an AssertionArtifact.
AssertionArtifact	createAssertionArtifact(String id, String destID, String targetUrl, String version) Creates an AssertionArtifact.
Assertion	createSSOAssertion(String id, AssertionArtifact artifact, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String destID, String targetUrl, String version) Returns Assertion that contains AuthenticationStatement.
Assertion	createSSOAssertion(String id, AssertionArtifact artifact, String destID, String targetUrl, String version) Returns Assertion that contains AuthenticationStatement.
protected Assertion	getAssertion(AssertionArtifact artifact) Gets assertion associated with the AssertionArtifact.
Assertion	getAssertion(AssertionArtifact artifact, Set destID) Gets assertion associated with the AssertionArtifact.
Assertion	getAssertion(AssertionArtifact artifact, String destID) Gets assertion associated with the AssertionArtifact.
Assertion	getAssertion(AssertionIDReference idRef) Gets the Assertion referenced by an AssertionIDReference.
Assertion	getAssertion(AssertionIDReference idRef, Object token) Gets the Assertion referenced by an AssertionIDReference.
Assertion	getAssertion(AssertionIDReference idRef, Set destID) Gets the Assertion referenced by an AssertionIDReference.
Assertion	getAssertion(AssertionIDReference idRef, String destID) Gets the Assertion referenced by an AssertionIDReference.
Assertion	getAssertion(Query query, String destID) Gets assertion created from the query.
Assertion	getAssertion(String id) This method gets the Assertion based on the Assertion ID.
Set	getAssertionArtifacts(Object token) This method gets all valid AssertionArtifacts managed by this AssertionManager.
Set	getAssertions(Object token) This method gets all valid Assertions managed by this AssertionManager.
static AssertionManager	getInstance() Gets the singleton instance of AssertionManager.
int	isAllowed(AuthorizationDecisionQuery authZQuery, String destID) This method returns the decision of an AuthorizationQuery.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

assStats

public static Stats assStats

artStats

public static Stats artStats

Method Detail

getInstance

public static AssertionManager getInstance()
                                    throws SAMLException

Gets the singleton instance of AssertionManager.

Returns:

The singleton AssertionManager instance

Throws:

SAMLException - if unable to get the singleton AssertionManager instance.

createAssertion

public Assertion createAssertion(Object token)
                          throws SAMLException

This method creates an Assertion that contains an AuthenticationStatement.

Parameters:

token - user's session object that contains authentication information which is needed to create the AuthenticationStatement.

Returns:

Assertion The created Assertion.

Throws:

SAMLException - If the Assertion cannot be created.

createAssertion

public Assertion createAssertion(Object token,
                                 List attributes)
                          throws SAMLException

This method creates an Assertion that contains an AuthenticationStatement and an AttributeStatement.

Parameters:

token - User' session object that contains authentication information which is needed to create the AuthenticationStatement for the Assertion.

attributes - A list of Attribute objects which are used to create the AttributeStatement for the Assertion.

Returns:

Assertion The created Assertion.

Throws:

SAMLException - If the Assertion cannot be created.

createAssertionArtifact

public AssertionArtifact createAssertionArtifact(Assertion assertion,
                                                 String destID)
                                          throws SAMLException

This method creates an AssertionArtifact for the given Assertion.

Parameters:

assertion - The Assertion for which an Artifact needs to be created.

destID - The sourceID of the site for which the AssertionArtifact is created. It is in raw String format (not Base64 encoded, for example.) This String can be obtained from converting the 20 bytes sequence to char Array, then from the char Array to String.

Returns:

AssertionArtifact

Throws:

SAMLException - If the AssertionArtifact cannot be created.

getAssertions

public Set getAssertions(Object token)
                  throws SAMLException

This method gets all valid Assertions managed by this AssertionManager.

Parameters:

token - User's session object which is allowed to get all Assertion.

Returns:

A Set of valid Assertion IDs. Each element in the Set is a String representing an Assertion ID.

Throws:

SAMLException - If this method can not gets all valid Assertions.

getAssertion

public Assertion getAssertion(String id)
                       throws SAMLException

This method gets the Assertion based on the Assertion ID.

Parameters:

id - The Assertion ID.

Returns:

An Assertion identified by the Assertion ID.

Throws:

SAMLException - If this method can not get the Assertion.

getAssertionArtifacts

public Set getAssertionArtifacts(Object token)
                          throws SAMLException

This method gets all valid AssertionArtifacts managed by this AssertionManager.

Parameters:

token - User's session object which is allowed to get all AssertionArtifacts.

Returns:

A Set of valid AssertionArtifacts. Each element in the Set is an AssertionArtifacts object representing an artifact.

Throws:

SAMLException - If this method can not gets all valid AssertionArtifacts.

createSSOAssertion

public Assertion createSSOAssertion(String id,
                                    AssertionArtifact artifact,
                                    String destID,
                                    String targetUrl,
                                    String version)
                             throws SAMLException

Returns Assertion that contains AuthenticationStatement.

Parameters:

id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.

artifact - the value to be set in the SubjectConfirmation of the AuthenticationStatement. If it's null, SubjectConfirmation is set to bearer.

destID - A String that is the site the assertion is created for.

targetUrl - A URL String representing the target site

version - The relying party preferred Assertion version number.

Returns:

Assertion The created Assertion.

Throws:

SAMLException - If the Assertion cannot be created.

createSSOAssertion

public Assertion createSSOAssertion(String id,
                                    AssertionArtifact artifact,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    String destID,
                                    String targetUrl,
                                    String version)
                             throws SAMLException

Returns Assertion that contains AuthenticationStatement.

Parameters:

id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.

artifact - the value to be set in the SubjectConfirmation of the AuthenticationStatement. If it's null, SubjectConfirmation is set to bearer.

request - The HttpServletRerquest object of the request.

response - The HttpServletResponse object.

destID - A String that is the site the assertion is created for.

targetUrl - A URL String representing the target site

version - The relying party preferred Assertion version number.

Returns:

Assertion The created Assertion.

Throws:

SAMLException - If the Assertion cannot be created.

getAssertion

public Assertion getAssertion(AssertionArtifact artifact,
                              String destID)
                       throws SAMLException

Gets assertion associated with the AssertionArtifact.

Parameters:

artifact - An AssertionArtifact.

destID - The destination site requesting the assertion using the artifact. This String is compared with the destID that the artifact is created for originally.

Returns:

The Assertion referenced to by artifact.

Throws:

SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

getAssertion

public Assertion getAssertion(AssertionArtifact artifact,
                              Set destID)
                       throws SAMLException

Gets assertion associated with the AssertionArtifact.

Parameters:

artifact - An AssertionArtifact.

destID - A Set of String that represents the destination site id. The destination site requesting the assertion using the artifact. Each string in this set compares with the destID that the artifact is created for originally. If found match, continue the operation. Otherwise, throws error.

Returns:

The Assertion referenced to by artifact.

Throws:

SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

getAssertion

protected Assertion getAssertion(AssertionArtifact artifact)
                          throws SAMLException

Gets assertion associated with the AssertionArtifact.

Parameters:

artifact - An AssertionArtifact.

Returns:

The Assertion referenced to by artifact.

Throws:

SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

getAssertion

public Assertion getAssertion(Query query,
                              String destID)
                       throws SAMLException

Gets assertion created from the query.

Parameters:

query - An Assertion Query.

destID - to whom the assertion will be created for.

Returns:

The Assertion that is created from the query.

Throws:

SAMLException - If the Assertion cannot be created due to an error in the query or in the receiver.

getAssertion

public Assertion getAssertion(AssertionIDReference idRef)
                       throws SAMLException

Gets the Assertion referenced by an AssertionIDReference.

Parameters:

idRef - The AssertionIDReference which references to an Assertion.

Returns:

the Assertion referenced by the AsertionIDReference.

Throws:

SAMLException - If an error occurred during the process; or the assertion could not be found.

getAssertion

public Assertion getAssertion(AssertionIDReference idRef,
                              Object token)
                       throws SAMLException

Gets the Assertion referenced by an AssertionIDReference. This method is usually used after the call AssertionManager.getAssertions(SSOToken). The assertion is retrieved from this AssertionManager only.

Parameters:

idRef - The AssertionIDReference which references to an Assertion.

token - Use's session object that is allowed to obtain the assertion. This token must have top level administrator role.

Returns:

the Assertion referenced by the AsertionIDReference.

Throws:

SAMLException - If an error occurred during the process; the token does not have the privilege; or the assertion could not be found.

getAssertion

public Assertion getAssertion(AssertionIDReference idRef,
                              String destID)
                       throws SAMLException

Gets the Assertion referenced by an AssertionIDReference.

Parameters:

idRef - The AssertionIDReference which references to an Assertion.

destID - The destination site id requesting the assertion using the assertion id reference. This String is compared with the destID that the assertion is created for originally. This field is not used (could be null) if the assertion was created without a destID originally. This String can be obtained from converting the 20 byte site id sequence to char array, then a new String from the char array.

Returns:

the Assertion referenced by the AsertionIDReference.

Throws:

SAMLException - If an error occurred during the process; or the assertion could not be found.

getAssertion

public Assertion getAssertion(AssertionIDReference idRef,
                              Set destID)
                       throws SAMLException

Gets the Assertion referenced by an AssertionIDReference.

Parameters:

idRef - The AssertionIDReference which references to an Assertion.

destID - A Set of destination site id. The destination site id requesting the assertion using the assertion id reference. This String is compared with the destID that the assertion is created for originally. This field is not used (could be null) if the assertion was created without a destID originally. This String can be obtained from converting the 20 byte site id sequence to char array, then a new String from the char array.

Returns:

the Assertion referenced by the AsertionIDReference.

Throws:

SAMLException - If an error occurred during the process; or the assertion could not be found.

createAssertionArtifact

public AssertionArtifact createAssertionArtifact(String id,
                                                 String destID)
                                          throws SAMLException

Creates an AssertionArtifact.

Parameters:

id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.

destID - The destination site that the artifact is created for.

Returns:

The AssertionArtifact.

Throws:

SAMLException - If the AssertionArtifact cannot be created.

createAssertionArtifact

public AssertionArtifact createAssertionArtifact(String id,
                                                 String destID,
                                                 String targetUrl,
                                                 String version)
                                          throws SAMLException

Creates an AssertionArtifact.

Parameters:

id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.

destID - The destination site that the artifact is created for.

targetUrl - A URL String representing the target site

version - The relying party preferred Assertion version number.

Returns:

The AssertionArtifact.

Throws:

SAMLException - If the AssertionArtifact cannot be created.

createAssertionArtifact

public AssertionArtifact createAssertionArtifact(String id,
                                                 String destID,
                                                 javax.servlet.http.HttpServletRequest request,
                                                 javax.servlet.http.HttpServletResponse response,
                                                 String targetUrl,
                                                 String version)
                                          throws SAMLException

Creates an AssertionArtifact.

Parameters:

id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.

destID - The destination site that the artifact is created for.

request - The HttpServletRerquest object of the request.

response - The HttpServletResponse object.

targetUrl - A URL String representing the target site

version - The relying party preferred Assertion version number.

Returns:

The AssertionArtifact.

Throws:

SAMLException - If the AssertionArtifact cannot be created.

isAllowed

public int isAllowed(AuthorizationDecisionQuery authZQuery,
                     String destID)

This method returns the decision of an AuthorizationQuery.

Parameters:

authZQuery - An AuthorizationQuery that contains the question: Is this subject authorized to perfrom this action on this resource?

destID - the SourceID of the site where the query is from.

Returns:

an int whose value is defined in AuthorizationDecisionStatement.DecisionType.