Package com.sun.identity.saml2.plugins

Class DefaultLibraryIDPAttributeMapper

  • All Implemented Interfaces:
    IDPAttributeMapper
    Direct Known Subclasses:
    DefaultAttributeMapper, DefaultIDPAttributeMapper
    public class DefaultLibraryIDPAttributeMapper
extends DefaultAttributeMapper
implements IDPAttributeMapper
    This class DefaultLibraryIDPAttributeMapper implements the IDPAttributeMapper to return the SAML Attribute objects that may be inserted in the SAML Assertion. This IDP attribute mapper reads the attribute map configuration defined in the hosted IDP configuration and construct the SAML Attribute objects. If the mapped values are not present in the data store, this will try to read from the Single sign-on token.

    Supports attribute mappings defined as: [NameFormatURI|]SAML ATTRIBUTE NAME=["]LOCAL NAME["][;binary] where [] elements are optional. Using "" (double quotes) around the LOCAL NAME will turn it into a static value. Adding ;binary at the end of the LOCAL NAME will indicate that this attribute should be treated as binary and Base64 encoded.

    Examples:

    email=mail will map the local attribute called mail onto a SAML attribute called email.

    urn:oasis:names:tc:SAML:2.0:attrname-format:uri|urn:mace:dir:attribute-def:cn=cn will map the local attribute called cn onto a SAML attribute called urn:mace:dir:attribute-def:cn with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri

    partnerID="staticPartnerIDValue" will add a static SAML attribute called partnerID with a value of staticPartnerIDValue

    urn:oasis:names:tc:SAML:2.0:attrname-format:uri|nameID="staticNameIDValue" will add a static SAML attribute called nameID with a value of staticNameIDValue with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri

    objectGUID=objectGUID;binary will map the local binary attribute called objectGUID onto a SAML attribute called objectGUID Base64 encoded.

    urn:oasis:names:tc:SAML:2.0:attrname-format:uri|objectGUID=objectGUID;binary will map the local binary attribute called objectGUID onto a SAML attribute called objectGUID Base64 encoded with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri.

    • Constructor Detail

      • DefaultLibraryIDPAttributeMapper

        public DefaultLibraryIDPAttributeMapper()
        Constructor

    • Method Detail

      • getAttributes

        public List getAttributes​(Object session,
                          String hostEntityID,
                          String remoteEntityID,
                          String realm)
                   throws SAML2Exception
        Returns list of SAML Attribute objects for the IDP framework to insert into the generated Assertion.
        Specified by:
        getAttributes in interface IDPAttributeMapper
        Parameters:
        session - Single sign-on session.
        hostEntityID - EntityID of the hosted entity.
        remoteEntityID - EntityID of the remote entity.
        realm - name of the realm.
        Returns:
        list of Attributess of an authenticated user.
        Throws:
        SAML2Exception - if any failure.

      • needToEscapeXMLSpecialCharacters

        protected boolean needToEscapeXMLSpecialCharacters​(String hostEntityID,
                                                   String remoteEntityID,
                                                   String realm)
        Decides whether it needs to escape XML special characters for attribute values or not.
        Parameters:
        hostEntityID - Entity ID for hosted provider.
        remoteEntityID - Entity ID for remote provider.
        realm - the providers are in.
        Returns:
        true if it should escape special characters for attribute values; false otherwise.

      • getSAMLAttribute

        protected Attribute getSAMLAttribute​(String name,
                                     String nameFormat,
                                     Set<String> values,
                                     String hostEntityID,
                                     String remoteEntityID,
                                     String realm)
                              throws SAML2Exception
        Returns the SAML Attribute object.
        Parameters:
        name - attribute name.
        nameFormat - Name format of the attribute
        values - attribute values.
        hostEntityID - Entity ID for hosted provider.
        remoteEntityID - Entity ID for remote provider.
        realm - the providers are in.
        Returns:
        SAML Attribute element.
        Throws:
        SAML2Exception - if any failure.

      • isIgnoredProfile

        protected boolean isIgnoredProfile​(Object session,
                                   String realm)
        Return true if ignore profile is enabled for this realm.
        Parameters:
        session - SSOToken to check the profile creation attributes.
        realm - realm to check the profile creation attributes.
        Returns:
        true in all cases in this implementation.