Package com.sun.identity.saml2.plugins

Interface SPAccountMapper

All Known Implementing Classes:

DefaultLibrarySPAccountMapper, DefaultSPAccountMapper

public interface SPAccountMapper

The interface SPAccountMapper is used to identify the local identities that maps the SAML protocol objects such as Assertion, ManageNameIDRequest etc. This mapper interface is used to map the identities only at the SAML Service Provider. The implementation of this interface will be used by the SAML framework to retrieve the user identity information for the consumption of generating a user session, or manage the user account information while handling the SAML protocols and it is pluggable through local configuration in the SAML2 plugin.

See Also:

IDPAccountMapper

Method Summary

Modifier and Type	Method	Description
String	getIdentity(Assertion assertion, String hostEntityID, String realm)	Returns the user's distinguished name or the universal ID for the corresponding SAML Assertion.
String	getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm)	Returns the user's distinguished name or the universal ID for the corresponding SAML ManageNameIDRequest.
boolean	shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID, String nameIDFormat)	Tells whether the provided NameID-Format should be persisted in the user data store or not.

Method Detail

getIdentity

String getIdentity(Assertion assertion,
                   String hostEntityID,
                   String realm)
            throws SAML2Exception

Returns the user's distinguished name or the universal ID for the corresponding SAML Assertion. This method will be invoked by the SAML framework while processing the Assertion and retrieves the identity information.

Parameters:

assertion - SAML Assertion that needs to be mapped to the user.

hostEntityID - EntityID of the hosted provider.

realm - Realm or the organization name that may be used to find the user information.

Returns:

User's distinguished name or the universal ID.

Throws:

SAML2Exception - If there was any failure.

getIdentity

String getIdentity(ManageNameIDRequest manageNameIDRequest,
                   String hostEntityID,
                   String realm)
            throws SAML2Exception

Returns the user's distinguished name or the universal ID for the corresponding SAML ManageNameIDRequest. This method will be invoked by the SAML framework for retrieving the user identity while processing the ManageIDRequest.

Parameters:

manageNameIDRequest - SAML ManageNameIDRequest that needs to be mapped to the user.

hostEntityID - EntityID of the hosted provider.

realm - Realm or the organization name that may be used to find the user information.

Returns:

User's distinguished name or the universal ID.

Throws:

SAML2Exception - If there was any failure.

shouldPersistNameIDFormat

boolean shouldPersistNameIDFormat(String realm,
                                  String hostEntityID,
                                  String remoteEntityID,
                                  String nameIDFormat)

Tells whether the provided NameID-Format should be persisted in the user data store or not.

Parameters:

realm - The hosted SP's realm.

hostEntityID - The hosted SP's entityID.

remoteEntityID - The remote IdP's entityID.

nameIDFormat - The non-transient NameID-Format in question.

Returns:

true if the provided NameID-Format should be persisted in the user data store, false otherwise.