Package com.sun.identity.saml2.plugins

Interface IDPAccountMapper

  • All Known Implementing Classes:
    DefaultIDPAccountMapper
    public interface IDPAccountMapper
    The interface IDPAccountMapper is used to map the local identities to the SAML protocol objects and also the vice versa for some of the protocols for e.g. ManageNameIDRequest.

    This mapper interface is used to map the identities only at the SAML Identity Provider. The implementation of this interface will be used by the SAML framework to retrieve the user's account federation information for constructing SAML protocol objects such as Assertion and also to find out the corresponding user account for the given SAML requests.

    See Also:
    SPAccountMapper

    • Method Detail

      • getNameID

        NameID getNameID​(Object session,
                 String hostEntityID,
                 String remoteEntityID,
                 String realm,
                 String nameIDFormat)
          throws SAML2Exception
        Returns the user's NameIDinformation that contains account federation with the corresponding remote and local entities.
        Parameters:
        session - Single Sign On session of the user.
        hostEntityID - EntityID of the hosted provider.
        remoteEntityID - EntityID of the remote provider.
        realm - Realm or the organization name that may be used to find the user information.
        nameIDFormat - NameID format.
        Returns:
        The NameID corresponding to the authenticated user.
        Throws:
        SAML2Exception - If there was any failure.

      • getIdentity

        String getIdentity​(ManageNameIDRequest manageNameIDRequest,
                   String hostEntityID,
                   String realm)
            throws SAML2Exception
        Returns the user's distinguished name or the universal ID for the corresponding SAML ManageNameIDRequest. This method returns the universal ID or the DN based on the deployment of the SAMLv2 plugin base platform.
        Parameters:
        manageNameIDRequest - SAML ManageNameIDRequest that needs to be mapped to the user.
        hostEntityID - EntityID of the hosted provider.
        realm - Realm or the organization name that may be used to find the user information.
        Returns:
        User's distinguished name or the universal ID.
        Throws:
        SAML2Exception - If there was any failure.

      • getIdentity

        String getIdentity​(NameID nameID,
                   String hostEntityID,
                   String remoteEntityID,
                   String realm)
            throws SAML2Exception
        Returns the user's distinguished name or the universal ID for the corresponding SAML NameID. This method returns the universal ID or the DN based on the deployment of the SAMLv2 plugin base platform.
        Parameters:
        nameID - SAML NameID that needs to be mapped to the user.
        hostEntityID - EntityID of the hosted provider.
        remoteEntityID - EntityID of the remote provider.
        realm - Realm or the organization name that may be used to find the user information.
        Returns:
        User's distinguished name or the universal ID.
        Throws:
        SAML2Exception - If there was any failure.

      • shouldPersistNameIDFormat

        boolean shouldPersistNameIDFormat​(String realm,
                                  String hostEntityID,
                                  String remoteEntityID,
                                  String nameIDFormat)
        Tells whether the provided NameID-Format should be persisted in the user data store or not.
        Parameters:
        realm - The hosted IdP's realm.
        hostEntityID - The hosted IdP's entityID.
        remoteEntityID - The remote SP's entityID.
        nameIDFormat - The non-transient NameID-Format in question.
        Returns:
        true if the provided NameID-Format should be persisted in the user data store, false otherwise.