com.sun.identity.saml2.plugins

Class DefaultLibraryIDPAttributeMapper

java.lang.Object

com.sun.identity.saml2.plugins.DefaultAttributeMapper

com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper

All Implemented Interfaces:

IDPAttributeMapper

Direct Known Subclasses:

DefaultAttributeMapper, DefaultIDPAttributeMapper

public class DefaultLibraryIDPAttributeMapper
extends DefaultAttributeMapper
implements IDPAttributeMapper

This class DefaultLibraryIDPAttributeMapper implements the IDPAttributeMapper to return the SAML Attribute objects that may be inserted in the SAML Assertion. This IDP attribute mapper reads the attribute map configuration defined in the hosted IDP configuration and construct the SAML Attribute objects. If the mapped values are not present in the data store, this will try to read from the Single sign-on token.

Supports attribute mappings defined as: [NameFormatURI|]SAML ATTRIBUTE NAME=["]LOCAL NAME["][;binary] where [] elements are optional. Using "" (double quotes) around the LOCAL NAME will turn it into a static value. Adding ;binary at the end of the LOCAL NAME will indicate that this attribute should be treated as binary and Base64 encoded.

Examples:

email=mail will map the local attribute called mail onto a SAML attribute called email.

urn:oasis:names:tc:SAML:2.0:attrname-format:uri|urn:mace:dir:attribute-def:cn=cn will map the local attribute called cn onto a SAML attribute called urn:mace:dir:attribute-def:cn with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri

partnerID="staticPartnerIDValue" will add a static SAML attribute called partnerID with a value of staticPartnerIDValue

urn:oasis:names:tc:SAML:2.0:attrname-format:uri|nameID="staticNameIDValue" will add a static SAML attribute called nameID with a value of staticNameIDValue with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri

objectGUID=objectGUID;binary will map the local binary attribute called objectGUID onto a SAML attribute called objectGUID Base64 encoded.

urn:oasis:names:tc:SAML:2.0:attrname-format:uri|objectGUID=objectGUID;binary will map the local binary attribute called objectGUID onto a SAML attribute called objectGUID Base64 encoded with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri.

Field Summary

Fields inherited from class com.sun.identity.saml2.plugins.DefaultAttributeMapper

bundle, debug, dsProvider, IDP, SP

Constructor Summary

Constructors

Constructor and Description
DefaultLibraryIDPAttributeMapper() Constructor

Method Summary

Modifier and Type	Method and Description
List	getAttributes(Object session, String hostEntityID, String remoteEntityID, String realm) Returns list of SAML Attribute objects for the IDP framework to insert into the generated Assertion.
protected Attribute	getSAMLAttribute(String name, String nameFormat, Set<String> values, String hostEntityID, String remoteEntityID, String realm) Returns the SAML Attribute object.
protected boolean	isIgnoredProfile(Object session, String realm) Return true if ignore profile is enabled for this realm.
protected boolean	needToEscapeXMLSpecialCharacters(String hostEntityID, String remoteEntityID, String realm) Decides whether it needs to escape XML special characters for attribute values or not.

Methods inherited from class com.sun.identity.saml2.plugins.DefaultAttributeMapper

getConfigAttributeMap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultLibraryIDPAttributeMapper

public DefaultLibraryIDPAttributeMapper()

Constructor

Method Detail

getAttributes

public List getAttributes(Object session,
                          String hostEntityID,
                          String remoteEntityID,
                          String realm)
                   throws SAML2Exception

Returns list of SAML Attribute objects for the IDP framework to insert into the generated Assertion.

Specified by:

getAttributes in interface IDPAttributeMapper

Parameters:

session - Single sign-on session.

hostEntityID - EntityID of the hosted entity.

remoteEntityID - EntityID of the remote entity.

realm - name of the realm.

Returns:

list of Attributess of an authenticated user.

Throws:

SAML2Exception - if any failure.

needToEscapeXMLSpecialCharacters

protected boolean needToEscapeXMLSpecialCharacters(String hostEntityID,
                                                   String remoteEntityID,
                                                   String realm)

Decides whether it needs to escape XML special characters for attribute values or not.

Parameters:

hostEntityID - Entity ID for hosted provider.

remoteEntityID - Entity ID for remote provider.

realm - the providers are in.

Returns:

true if it should escape special characters for attribute values; false otherwise.

getSAMLAttribute

protected Attribute getSAMLAttribute(String name,
                                     String nameFormat,
                                     Set<String> values,
                                     String hostEntityID,
                                     String remoteEntityID,
                                     String realm)
                              throws SAML2Exception

Returns the SAML Attribute object.

Parameters:

name - attribute name.

nameFormat - Name format of the attribute

values - attribute values.

hostEntityID - Entity ID for hosted provider.

remoteEntityID - Entity ID for remote provider.

realm - the providers are in.

Returns:

SAML Attribute element.

Throws:

SAML2Exception - if any failure.

isIgnoredProfile

protected boolean isIgnoredProfile(Object session,
                                   String realm)

Return true if ignore profile is enabled for this realm.

Parameters:

session - SSOToken to check the profile creation attributes.

realm - realm to check the profile creation attributes.

Returns:

true in all cases in this implementation.