com.sun.identity.saml2.plugins

Class DefaultLibrarySPAccountMapper

java.lang.Object

com.sun.identity.saml2.plugins.DefaultAccountMapper

com.sun.identity.saml2.plugins.DefaultLibrarySPAccountMapper

All Implemented Interfaces:

SPAccountMapper

Direct Known Subclasses:

DefaultSPAccountMapper

public class DefaultLibrarySPAccountMapper
extends DefaultAccountMapper
implements SPAccountMapper

This class DefaultLibrarySPAccountMapper is the default implementation of the SPAccountMapper that is used to map the SAML protocol objects to the user accounts at the ServiceProvider side of SAML v2 plugin. Custom implementations may extend from this class to override some of these implementations if they choose to do so.

Field Summary

Fields inherited from class com.sun.identity.saml2.plugins.DefaultAccountMapper

bundle, debug, dsProvider, IDP, keyProvider, metaManager, role, SP

Constructor Summary

Constructors

Constructor and Description
DefaultLibrarySPAccountMapper() Default constructor

Method Summary

Modifier and Type	Method and Description
protected String	getAutoFedUser(String realm, String entityID, Assertion assertion, String decryptedNameID, Set<PrivateKey> decryptionKeys) Returns user for the auto federate attribute.
String	getIdentity(Assertion assertion, String hostEntityID, String realm) Returns the user's distinguished name or the universal ID for the corresponding SAML Assertion.
protected String	getTransientUser(String realm, String entityID) Returns the transient user configured in the hosted entity configuration.
protected boolean	isDynamicalOrIgnoredProfile(String realm) Checks if dynamical profile creation or ignore profile is enabled.
boolean	shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID, String nameIDFormat) Tells whether the provided NameID-Format should be persisted in the user data store or not.

Methods inherited from class com.sun.identity.saml2.plugins.DefaultAccountMapper

getAttribute, getIdentity, getSSOConfig

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.sun.identity.saml2.plugins.SPAccountMapper

getIdentity

Constructor Detail

DefaultLibrarySPAccountMapper

public DefaultLibrarySPAccountMapper()

Default constructor

Method Detail

getIdentity

public String getIdentity(Assertion assertion,
                          String hostEntityID,
                          String realm)
                   throws SAML2Exception

Returns the user's distinguished name or the universal ID for the corresponding SAML Assertion. This method will be invoked by the SAML framework while processing the Assertion and retrieves the identity information. The implementation of this method first checks if the NameID-Format is transient and returns the transient user. Otherwise it checks for the user for the corresponding name identifier in the assertion. If not found, then it will check if this is an auto federation case.

Specified by:

getIdentity in interface SPAccountMapper

Parameters:

assertion - SAML Assertion that needs to be mapped to the user.

hostEntityID - EntityID of the hosted provider.

realm - Realm or the organization name that may be used to find the user information.

Returns:

User's distinguished name or the universal ID.

Throws:

SAML2Exception - If there was any failure.

shouldPersistNameIDFormat

public boolean shouldPersistNameIDFormat(String realm,
                                         String hostEntityID,
                                         String remoteEntityID,
                                         String nameIDFormat)

Description copied from interface: SPAccountMapper

Tells whether the provided NameID-Format should be persisted in the user data store or not.

Specified by:

shouldPersistNameIDFormat in interface SPAccountMapper

Parameters:

realm - The hosted SP's realm.

hostEntityID - The hosted SP's entityID.

remoteEntityID - The remote IdP's entityID.

nameIDFormat - The non-transient NameID-Format in question.

Returns:

true if the provided NameID-Format should be persisted in the user data store, false otherwise.

getTransientUser

protected String getTransientUser(String realm,
                                  String entityID)

Returns the transient user configured in the hosted entity configuration.

Parameters:

realm - Realm name for the given entity.

entityID - Hosted EntityID.

Returns:

The transient user id configured in entity configuration, or null if not configured or failed for any reason.

getAutoFedUser

protected String getAutoFedUser(String realm,
                                String entityID,
                                Assertion assertion,
                                String decryptedNameID,
                                Set<PrivateKey> decryptionKeys)
                         throws SAML2Exception

Returns user for the auto federate attribute.

Parameters:

realm - Realm name.

entityID - Hosted EntityID.

assertion - Assertion from the identity provider.

Returns:

Auto federation mapped user from the assertion auto federation AttributeStatement. if the statement does not have the auto federation attribute then the NameID value will be used if use NameID as SP user ID is enabled, otherwise null.

Throws:

SAML2Exception

isDynamicalOrIgnoredProfile

protected boolean isDynamicalOrIgnoredProfile(String realm)

Checks if dynamical profile creation or ignore profile is enabled.

Parameters:

realm - Realm to check the dynamical profile creation attributes.

Returns:

true if dynamical profile creation or ignore profile is enabled, false otherwise.