Package com.sun.identity.saml

Class AssertionManagerClient

  • public final class AssertionManagerClient
extends Object
    The class AssertionManagerClient is a final class that provides interfaces to create, get and destroy Assertions.

    The class provides mechanisms to manage the Assertions either locally (i.e., within the same JVM process) or remotely on another instance of OpenAM. The default constructor will manage the Assertions locally if it detects SAML web services running locally, else will use one of the configured OpenAM servers. The constructor which accepts an URL will always use the URL to manage the assertions.

    Having obtained an instance of AssertionManagerClient, its methods can be called to create/get Assertion, and AssertionArtifact, and to obtain decision from an Query.

    • Constructor Detail

      • AssertionManagerClient

        public AssertionManagerClient()
                       throws SAMLException
        Default Constructor
        Throws:
        SAMLException - if it cannot be constructed.

      • AssertionManagerClient

        public AssertionManagerClient​(String url)
                       throws SAMLException
        Constructs an instance of AssertionManagerClient that will use the provided URL for the management of assertions.
        Parameters:
        url - AssertionManager service URL that will be used to create, get and delete assertions.
        Throws:
        SAMLException - if it cannot be constructed.

      • AssertionManagerClient

        public AssertionManagerClient​(String[] urls)
                       throws SAMLException
        Constructs an instance of AssertionManagerClient that will use the provided URLs for the management of assertions. In case of server failure, it will fall back to next available server.
        Parameters:
        urls - an array of AssertionManager service URLs that will be used to create, get and delete assertions.
        Throws:
        SAMLException - if it cannot be constructed.

    • Method Detail

      • createAssertion

        public Assertion createAssertion​(Object token)
                          throws SAMLException
        Returns an assertion that contains an authentication statement.
        Parameters:
        token - User session that contains authentication information which is needed to create the authentication statement.
        Returns:
        the created assertion.
        Throws:
        SAMLException - if the assertion cannot be created.

      • createAssertion

        public Assertion createAssertion​(Object token,
                                 List attributes)
                          throws SAMLException
        Returns an assertion that contains an authentication and attribute statement.
        Parameters:
        token - User session that contains authentication information which is needed to create the authentication statement for the assertion.
        attributes - A list of attribute objects which are used to create the attribute statement.
        Returns:
        The created assertion.
        Throws:
        SAMLException - If the Assertion cannot be created.

      • createAssertionArtifact

        public AssertionArtifact createAssertionArtifact​(Assertion assertion,
                                                 String target)
                                          throws SAMLException
        Returns an AssertionArtifact for the given Assertion.
        Parameters:
        assertion - The Assertion for which an Artifact needs to be created.
        target - The sourceID of the site for which the AssertionArtifact is created. It is in raw String format (not Base64 encoded, for example.) This String can be obtained from converting the 20 bytes sequence to char Array, then from the char Array to String.
        Returns:
        AssertionArtifact
        Throws:
        SAMLException - if the AssertionArtifact cannot be created.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef,
                              Set destID)
                       throws SAMLException
        Returns the Assertion based on the AssertionIDReference.
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        destID - A set of String that representing the destination site id. The destination site id requesting the assertion using the assertion id reference. This String is compared with the destID that the assertion is created for originally. This field is not used (could be null) if the assertion was created without a destID originally. This String can be obtained from converting the 20 byte site id sequence to char array, then a new String from the char array.
        Returns:
        the Assertion referenced by the AssertionIDReference.
        Throws:
        SAMLException - if an error occurred during the process; or the assertion could not be found.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef,
                              String destID)
                       throws SAMLException
        Returns the Assertion based on the AssertionIDReference
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        destID - The destination site id requesting the assertion using the assertion id reference. This String is compared with the destID that the assertion is created for originally. This field is not used (could be null) if the assertion was created without a destID originally. This String can be obtained from converting the 20 byte site id sequence to char array, then a new String from the char array.
        Returns:
        the Assertion referenced by the AssertionIDReference.
        Throws:
        SAMLException - If an error occurred during the process; or the assertion could not be found.

      • getAssertion

        public Assertion getAssertion​(AssertionArtifact artifact,
                              Set destID)
                       throws SAMLException
        Returns assertion associated with the AssertionArtifact.
        Parameters:
        artifact - An AssertionArtifact.
        destID - A Set of String that represents the destination id. The destination site requesting the assertion using the artifact. This String is compared with the destID that the artifact is created for originally. This field must not be null or empty set.
        Returns:
        The Assertion referenced to by artifact.
        Throws:
        SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

      • getAssertion

        protected Assertion getAssertion​(AssertionArtifact artifact,
                                 String destID)
                          throws SAMLException
        Returns assertion associated with the AssertionArtifact.
        Parameters:
        artifact - An AssertionArtifact.
        destID - The destination site requesting the assertion using the artifact. This String is compared with the destID that the artifact is created for originally.
        Returns:
        The Assertion referenced to by artifact.
        Throws:
        SAMLException - If an error occurred during the process, or no assertion maps to the input artifact.

      • getAssertion

        public Assertion getAssertion​(AssertionIDReference idRef,
                              Object token)
                       throws SAMLException
        Returns the Assertion based on the AssertionIDReference.
        Parameters:
        idRef - The AssertionIDReference which references to an Assertion.
        token - User session that is allowed to obtain the assertion. This token must have top level administrator role.
        Returns:
        the Assertion referenced by the AssertionIDReference.
        Throws:
        SAMLException - If an error occurred during the process; or the assertion could not be found.

      • getAssertionArtifacts

        public Set getAssertionArtifacts​(Object token)
                          throws SAMLException
        Returns all valid AssertionArtifacts managed by this instance (or the identified remote instance) of OpenAM.
        Parameters:
        token - User session which is allowed to get all AssertionArtifacts
        Returns:
        A Set of valid AssertionArtifacts. Each element in the Set is an AssertionArtifact object representing an artifact.
        Throws:
        SAMLException - If this method can not gets all valid AssertionArtifacts.

      • getAssertions

        public Set getAssertions​(Object token)
                  throws SAMLException
        Returns all valid Assertions managed by this instance (or the identified remote instance) of OpenAM.
        Parameters:
        token - User session which is allowed to get all Assertions.
        Returns:
        A Set of valid Assertion IDs. Each element in the Set is a String representing an Assertion ID.
        Throws:
        SAMLException - if this method can not gets all valid Assertions.