Package com.sun.identity.saml

Class AssertionManager

  • public final class AssertionManager
extends Object
    The class AssertionManager is a final class that provides interfaces to create, get and destroy Assertions.

    It is a singleton class; an instance of this class can be obtained by calling AssertionManager.getInstance().

    Having obtained an instance of AssertionManager, its methods can be called to create/get Assertion, and AssertionArtifact, and to obtain decision from an Query.

    This class could only be used in the same JVM as OpenAM.

    • Field Detail

      • assStats

        public static Stats assStats

      • artStats

        public static Stats artStats

    • Method Detail

      • getInstance

        public static AssertionManager getInstance()
                                    throws SAMLException
        Gets the singleton instance of AssertionManager.
        Returns:
        The singleton AssertionManager instance
        Throws:
        SAMLException - if unable to get the singleton AssertionManager instance.

      • createAssertion

        public Assertion createAssertion​(Object token)
                          throws SAMLException
        This method creates an Assertion that contains an AuthenticationStatement.
        Parameters:
        token - user's session object that contains authentication information which is needed to create the AuthenticationStatement.
        Returns:
        Assertion The created Assertion.
        Throws:
        SAMLException - If the Assertion cannot be created.

      • createAssertion

        public Assertion createAssertion​(Object token,
                                 List attributes)
                          throws SAMLException
        This method creates an Assertion that contains an AuthenticationStatement and an AttributeStatement.
        Parameters:
        token - User' session object that contains authentication information which is needed to create the AuthenticationStatement for the Assertion.
        attributes - A list of Attribute objects which are used to create the AttributeStatement for the Assertion.
        Returns:
        Assertion The created Assertion.
        Throws:
        SAMLException - If the Assertion cannot be created.

      • createAssertionArtifact

        public AssertionArtifact createAssertionArtifact​(Assertion assertion,
                                                 String destID)
                                          throws SAMLException
        This method creates an AssertionArtifact for the given Assertion.
        Parameters:
        assertion - The Assertion for which an Artifact needs to be created.
        destID - The sourceID of the site for which the AssertionArtifact is created. It is in raw String format (not Base64 encoded, for example.) This String can be obtained from converting the 20 bytes sequence to char Array, then from the char Array to String.
        Returns:
        AssertionArtifact
        Throws:
        SAMLException - If the AssertionArtifact cannot be created.

      • getAssertions

        public Set getAssertions​(Object token)
                  throws SAMLException
        This method gets all valid Assertions managed by this AssertionManager.
        Parameters:
        token - User's session object which is allowed to get all Assertion.
        Returns:
        A Set of valid Assertion IDs. Each element in the Set is a String representing an Assertion ID.
        Throws:
        SAMLException - If this method can not gets all valid Assertions.

      • getAssertion

        public Assertion getAssertion​(String id)
                       throws SAMLException
        This method gets the Assertion based on the Assertion ID.
        Parameters:
        id - The Assertion ID.
        Returns:
        An Assertion identified by the Assertion ID.
        Throws:
        SAMLException - If this method can not get the Assertion.

      • getAssertionArtifacts

        public Set getAssertionArtifacts​(Object token)
                          throws SAMLException
        This method gets all valid AssertionArtifacts managed by this AssertionManager.
        Parameters:
        token - User's session object which is allowed to get all AssertionArtifacts.
        Returns:
        A Set of valid AssertionArtifacts. Each element in the Set is an AssertionArtifacts object representing an artifact.
        Throws:
        SAMLException - If this method can not gets all valid AssertionArtifacts.

      • createSSOAssertion

        public Assertion createSSOAssertion​(String id,
                                    AssertionArtifact artifact,
                                    String destID,
                                    String targetUrl,
                                    String version)
                             throws SAMLException
        Returns Assertion that contains AuthenticationStatement.
        Parameters:
        id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.
        artifact - the value to be set in the SubjectConfirmation of the AuthenticationStatement. If it's null, SubjectConfirmation is set to bearer.
        destID - A String that is the site the assertion is created for.
        targetUrl - A URL String representing the target site
        version - The relying party preferred Assertion version number.
        Returns:
        Assertion The created Assertion.
        Throws:
        SAMLException - If the Assertion cannot be created.

      • createSSOAssertion

        public Assertion createSSOAssertion​(String id,
                                    AssertionArtifact artifact,
                                    jakarta.servlet.http.HttpServletRequest request,
                                    jakarta.servlet.http.HttpServletResponse response,
                                    String destID,
                                    String targetUrl,
                                    String version)
                             throws SAMLException
        Returns Assertion that contains AuthenticationStatement.
        Parameters:
        id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.
        artifact - the value to be set in the SubjectConfirmation of the AuthenticationStatement. If it's null, SubjectConfirmation is set to bearer.
        request - The HttpServletRerquest object of the request.
        response - The HttpServletResponse object.
        destID - A String that is the site the assertion is created for.
        targetUrl - A URL String representing the target site
        version - The relying party preferred Assertion version number.
        Returns:
        Assertion The created Assertion.
        Throws:
        SAMLException - If the Assertion cannot be created.

      • getAssertion

        public Assertion getAssertion​(AssertionArtifact artifact,
                              String destID)
                       throws SAMLException
        Gets assertion associated with the AssertionArtifact.
        Parameters:
        artifact - An AssertionArtifact.
        destID - The destination site requesting the assertion using the artifact. This String is compared with the destID that the artifact is created for originally.
        Returns:
        The Assertion referenced to by artifact.
        Throws:
        SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

      • getAssertion

        public Assertion getAssertion​(AssertionArtifact artifact,
                              Set destID)
                       throws SAMLException
        Gets assertion associated with the AssertionArtifact.
        Parameters:
        artifact - An AssertionArtifact.
        destID - A Set of String that represents the destination site id. The destination site requesting the assertion using the artifact. Each string in this set compares with the destID that the artifact is created for originally. If found match, continue the operation. Otherwise, throws error.
        Returns:
        The Assertion referenced to by artifact.
        Throws:
        SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

      • getAssertion

        protected Assertion getAssertion​(AssertionArtifact artifact)
                          throws SAMLException
        Gets assertion associated with the AssertionArtifact.
        Parameters:
        artifact - An AssertionArtifact.
        Returns:
        The Assertion referenced to by artifact.
        Throws:
        SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

      • getAssertion

        public Assertion getAssertion​(Query query,
                              String destID)
                       throws SAMLException
        Gets assertion created from the query.
        Parameters:
        query - An Assertion Query.
        destID - to whom the assertion will be created for.
        Returns:
        The Assertion that is created from the query.
        Throws:
        SAMLException - If the Assertion cannot be created due to an error in the query or in the receiver.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef)
                       throws SAMLException
        Gets the Assertion referenced by an AssertionIDReference.
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        Returns:
        the Assertion referenced by the AsertionIDReference.
        Throws:
        SAMLException - If an error occurred during the process; or the assertion could not be found.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef,
                              Object token)
                       throws SAMLException
        Gets the Assertion referenced by an AssertionIDReference. This method is usually used after the call AssertionManager.getAssertions(SSOToken). The assertion is retrieved from this AssertionManager only.
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        token - Use's session object that is allowed to obtain the assertion. This token must have top level administrator role.
        Returns:
        the Assertion referenced by the AsertionIDReference.
        Throws:
        SAMLException - If an error occurred during the process; the token does not have the privilege; or the assertion could not be found.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef,
                              String destID)
                       throws SAMLException
        Gets the Assertion referenced by an AssertionIDReference.
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        destID - The destination site id requesting the assertion using the assertion id reference. This String is compared with the destID that the assertion is created for originally. This field is not used (could be null) if the assertion was created without a destID originally. This String can be obtained from converting the 20 byte site id sequence to char array, then a new String from the char array.
        Returns:
        the Assertion referenced by the AsertionIDReference.
        Throws:
        SAMLException - If an error occurred during the process; or the assertion could not be found.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef,
                              Set destID)
                       throws SAMLException
        Gets the Assertion referenced by an AssertionIDReference.
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        destID - A Set of destination site id. The destination site id requesting the assertion using the assertion id reference. This String is compared with the destID that the assertion is created for originally. This field is not used (could be null) if the assertion was created without a destID originally. This String can be obtained from converting the 20 byte site id sequence to char array, then a new String from the char array.
        Returns:
        the Assertion referenced by the AsertionIDReference.
        Throws:
        SAMLException - If an error occurred during the process; or the assertion could not be found.

      • createAssertionArtifact

        public AssertionArtifact createAssertionArtifact​(String id,
                                                 String destID)
                                          throws SAMLException
        Creates an AssertionArtifact.
        Parameters:
        id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.
        destID - The destination site that the artifact is created for.
        Returns:
        The AssertionArtifact.
        Throws:
        SAMLException - If the AssertionArtifact cannot be created.

      • createAssertionArtifact

        public AssertionArtifact createAssertionArtifact​(String id,
                                                 String destID,
                                                 String targetUrl,
                                                 String version)
                                          throws SAMLException
        Creates an AssertionArtifact.
        Parameters:
        id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.
        destID - The destination site that the artifact is created for.
        targetUrl - A URL String representing the target site
        version - The relying party preferred Assertion version number.
        Returns:
        The AssertionArtifact.
        Throws:
        SAMLException - If the AssertionArtifact cannot be created.

      • createAssertionArtifact

        public AssertionArtifact createAssertionArtifact​(String id,
                                                 String destID,
                                                 jakarta.servlet.http.HttpServletRequest request,
                                                 jakarta.servlet.http.HttpServletResponse response,
                                                 String targetUrl,
                                                 String version)
                                          throws SAMLException
        Creates an AssertionArtifact.
        Parameters:
        id - The String that contains authentication information which is needed to create the assertion. It could be a string representation of an id, a cookie, etc.
        destID - The destination site that the artifact is created for.
        request - The HttpServletRerquest object of the request.
        response - The HttpServletResponse object.
        targetUrl - A URL String representing the target site
        version - The relying party preferred Assertion version number.
        Returns:
        The AssertionArtifact.
        Throws:
        SAMLException - If the AssertionArtifact cannot be created.

      • isAllowed

        public int isAllowed​(AuthorizationDecisionQuery authZQuery,
                     String destID)
        This method returns the decision of an AuthorizationQuery.
        Parameters:
        authZQuery - An AuthorizationQuery that contains the question: Is this subject authorized to perfrom this action on this resource?
        destID - the SourceID of the site where the query is from.
        Returns:
        an int whose value is defined in AuthorizationDecisionStatement.DecisionType.