com.sun.identity.saml2.plugins

Class DefaultIDPAccountMapper

java.lang.Object

com.sun.identity.saml2.plugins.DefaultAccountMapper

com.sun.identity.saml2.plugins.DefaultIDPAccountMapper

All Implemented Interfaces:

IDPAccountMapper

public class DefaultIDPAccountMapper
extends DefaultAccountMapper
implements IDPAccountMapper

This class DefaultIDPAccountMapper is the default implementation of the IDPAccountMapper that is used to map the SAML protocol objects to the user accounts at the IdentityProvider side of SAML v2 plugin. Custom implementations may extend from this class to override some of these implementations if they choose to do so.

Field Summary

Fields inherited from class com.sun.identity.saml2.plugins.DefaultAccountMapper

bundle, debug, dsProvider, IDP, keyProvider, metaManager, role, SP

Constructor Summary

Constructors

Constructor and Description
DefaultIDPAccountMapper()

Method Summary

Modifier and Type	Method and Description
String	getIdentity(NameID nameID, String hostEntityID, String remoteEntityID, String realm) Returns the user's distinguished name or the universal ID for the corresponding SAML NameID.
NameID	getNameID(Object session, String hostEntityID, String remoteEntityID, String realm, String nameIDFormat) Returns the user's NameIDinformation that contains account federation with the corresponding remote and local entities.
protected String	getNameIDValueFromUserProfile(String realm, String hostEntityID, String userID, String nameIDFormat)
boolean	shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID, String nameIDFormat) Tells whether the provided NameID-Format should be persisted in the user data store or not.

Methods inherited from class com.sun.identity.saml2.plugins.DefaultAccountMapper

getAttribute, getIdentity, getSSOConfig

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.sun.identity.saml2.plugins.IDPAccountMapper

getIdentity

Constructor Detail

DefaultIDPAccountMapper

public DefaultIDPAccountMapper()

Method Detail

getNameID

public NameID getNameID(Object session,
                        String hostEntityID,
                        String remoteEntityID,
                        String realm,
                        String nameIDFormat)
                 throws SAML2Exception

Description copied from interface: IDPAccountMapper

Returns the user's NameIDinformation that contains account federation with the corresponding remote and local entities.

Specified by:

getNameID in interface IDPAccountMapper

Parameters:

session - Single Sign On session of the user.

hostEntityID - EntityID of the hosted provider.

remoteEntityID - EntityID of the remote provider.

realm - Realm or the organization name that may be used to find the user information.

nameIDFormat - NameID format.

Returns:

The NameID corresponding to the authenticated user.

Throws:

SAML2Exception - If there was any failure.

getIdentity

public String getIdentity(NameID nameID,
                          String hostEntityID,
                          String remoteEntityID,
                          String realm)
                   throws SAML2Exception

Description copied from interface: IDPAccountMapper

Returns the user's distinguished name or the universal ID for the corresponding SAML NameID. This method returns the universal ID or the DN based on the deployment of the SAMLv2 plugin base platform.

Specified by:

getIdentity in interface IDPAccountMapper

Parameters:

nameID - SAML NameID that needs to be mapped to the user.

hostEntityID - EntityID of the hosted provider.

remoteEntityID - EntityID of the remote provider.

realm - Realm or the organization name that may be used to find the user information.

Returns:

User's distinguished name or the universal ID.

Throws:

SAML2Exception - If there was any failure.

shouldPersistNameIDFormat

public boolean shouldPersistNameIDFormat(String realm,
                                         String hostEntityID,
                                         String remoteEntityID,
                                         String nameIDFormat)

Tells whether the provided NameID-Format should be persisted in the user data store or not. This implementation first checks whether NameID persistence has been completely disabled at the IdP level (idpDisableNameIDPersistence setting), and if not, it will look at the SP configuration as well (spDoNotWriteFederationInfo setting).

Specified by:

shouldPersistNameIDFormat in interface IDPAccountMapper

Parameters:

realm - The hosted IdP's realm.

hostEntityID - The hosted IdP's entityID.

remoteEntityID - The remote SP's entityID.

nameIDFormat - The non-transient NameID-Format in question.

Returns:

true if the provided NameID-Format should be persisted in the user data store, false otherwise.

getNameIDValueFromUserProfile

protected String getNameIDValueFromUserProfile(String realm,
                                               String hostEntityID,
                                               String userID,
                                               String nameIDFormat)