Package com.sun.identity.saml2.plugins

Class DefaultSPAuthnContextMapper

  • All Implemented Interfaces:
    SPAuthnContextMapper
    public class DefaultSPAuthnContextMapper
extends Object
implements SPAuthnContextMapper
    The DefaultSPAuthnContextMapper.java class determines the authentication context and the authentication requirements for authentication by the authenticaion authority. This implementation only uses Authentication Class Reference. The Authentication Class Reference can be passed as a query parameter or set in the SP Entity Configuration.

    • Constructor Detail

      • DefaultSPAuthnContextMapper

        public DefaultSPAuthnContextMapper()

    • Method Detail

      • getRequestedAuthnContext

        public RequestedAuthnContext getRequestedAuthnContext​(String realm,
                                                      String hostEntityID,
                                                      Map paramsMap)
                                               throws SAML2Exception
        Returns the RequestedAuthnContext object. The RequestedAuthContext is created based on the query parameters AuthnContextClassRef and AuthComparison in the request and authnContext attribute , spAuthncontextClassrefMapping, and authComparison attribute, spAuthncontextComparisonType , set in the Service Provider Extended Configuration. If the AuthnContext Class Reference cannot be determined then the default value urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTranstport will be used. AuthnComparsion defaults to "exact" if no value is specified.
        Specified by:
        getRequestedAuthnContext in interface SPAuthnContextMapper
        Parameters:
        realm - Realm or Organization of the Service Provider.
        hostEntityID - Entity ID of the Service Provider.
        paramsMap - Map containing key/value pairs of parameters. The key/value pairs are those accepted during SP SSO initiation.
        Returns:
        RequestedAuthnContext Object.
        Throws:
        SAML2Exception - if an error occurs.

      • getAuthLevel

        public int getAuthLevel​(RequestedAuthnContext reqCtx,
                        AuthnContext authnContext,
                        String realm,
                        String hostEntityID,
                        String idpEntityID)
                 throws SAML2Exception
        Returns the auth level for the AuthContext
        Specified by:
        getAuthLevel in interface SPAuthnContextMapper
        Parameters:
        reqCtx - the RequestedAuthContext object.
        authnContext - the AuthnContext object.
        realm - the realm or organization to retreive the authncontext.
        hostEntityID - the Service Provider Identity String.
        idpEntityID - the Identity Provider Identity String.
        Returns:
        authlevel an integer value.
        Throws:
        SAML2Exception - if there is an error.

      • isAuthnContextMatching

        public boolean isAuthnContextMatching​(List requestedACClassRefs,
                                      String acClassRef,
                                      String comparison,
                                      String realm,
                                      String hostEntityID)
        Returns true if the specified AuthnContextClassRef matches a list of requested AuthnContextClassRef.
        Specified by:
        isAuthnContextMatching in interface SPAuthnContextMapper
        Parameters:
        requestedACClassRefs - a list of requested AuthnContextClassRef's
        acClassRef - AuthnContextClassRef
        comparison - the type of comparison
        realm - Realm or Organization of the Service Provider.
        hostEntityID - Entity ID of the Service Provider.
        Returns:
        true if the specified AuthnContextClassRef matches a list of requested AuthnContextClassRef