Package com.sun.identity.saml2.plugins

Class DefaultIDPAccountMapper

  • All Implemented Interfaces:
    IDPAccountMapper
    public class DefaultIDPAccountMapper
extends DefaultAccountMapper
implements IDPAccountMapper
    This class DefaultIDPAccountMapper is the default implementation of the IDPAccountMapper that is used to map the SAML protocol objects to the user accounts at the IdentityProvider side of SAML v2 plugin. Custom implementations may extend from this class to override some of these implementations if they choose to do so.

    • Constructor Detail

      • DefaultIDPAccountMapper

        public DefaultIDPAccountMapper()

    • Method Detail

      • getNameID

        public NameID getNameID​(Object session,
                        String hostEntityID,
                        String remoteEntityID,
                        String realm,
                        String nameIDFormat)
                 throws SAML2Exception
        Description copied from interface: IDPAccountMapper
        Returns the user's NameIDinformation that contains account federation with the corresponding remote and local entities.
        Specified by:
        getNameID in interface IDPAccountMapper
        Parameters:
        session - Single Sign On session of the user.
        hostEntityID - EntityID of the hosted provider.
        remoteEntityID - EntityID of the remote provider.
        realm - Realm or the organization name that may be used to find the user information.
        nameIDFormat - NameID format.
        Returns:
        The NameID corresponding to the authenticated user.
        Throws:
        SAML2Exception - If there was any failure.

      • getIdentity

        public String getIdentity​(NameID nameID,
                          String hostEntityID,
                          String remoteEntityID,
                          String realm)
                   throws SAML2Exception
        Description copied from interface: IDPAccountMapper
        Returns the user's distinguished name or the universal ID for the corresponding SAML NameID. This method returns the universal ID or the DN based on the deployment of the SAMLv2 plugin base platform.
        Specified by:
        getIdentity in interface IDPAccountMapper
        Parameters:
        nameID - SAML NameID that needs to be mapped to the user.
        hostEntityID - EntityID of the hosted provider.
        remoteEntityID - EntityID of the remote provider.
        realm - Realm or the organization name that may be used to find the user information.
        Returns:
        User's distinguished name or the universal ID.
        Throws:
        SAML2Exception - If there was any failure.

      • shouldPersistNameIDFormat

        public boolean shouldPersistNameIDFormat​(String realm,
                                         String hostEntityID,
                                         String remoteEntityID,
                                         String nameIDFormat)
        Tells whether the provided NameID-Format should be persisted in the user data store or not. This implementation first checks whether NameID persistence has been completely disabled at the IdP level (idpDisableNameIDPersistence setting), and if not, it will look at the SP configuration as well (spDoNotWriteFederationInfo setting).
        Specified by:
        shouldPersistNameIDFormat in interface IDPAccountMapper
        Parameters:
        realm - The hosted IdP's realm.
        hostEntityID - The hosted IdP's entityID.
        remoteEntityID - The remote SP's entityID.
        nameIDFormat - The non-transient NameID-Format in question.
        Returns:
        true if the provided NameID-Format should be persisted in the user data store, false otherwise.

      • getNameIDValueFromUserProfile

        protected String getNameIDValueFromUserProfile​(String realm,
                                               String hostEntityID,
                                               String userID,
                                               String nameIDFormat)