Package org.forgerock.openam.sts.tokengeneration.saml2.statements

Class DefaultAttributeMapper

  • All Implemented Interfaces:
    IDPAttributeMapper, AttributeMapper
    public class DefaultAttributeMapper
extends DefaultLibraryIDPAttributeMapper
implements AttributeMapper
    This class implements the default attribute mapping functionality. It does so by extending the SAML2 DefaultLibraryIDPAttributeMapper, as this functionality is relatively involved, and should not be duplicated so that bug updates don't need to be propagated to multiple places. This does mean, however, that a few inelegant elements must be tolerated: the DefaultLibraryIDPAttributeMapper obtains the attributeMap and information about dynamic or ignored profiles from IDP/SP identifiers. These values undergo non-null checks, and thus faux values must be created to satisfy those checks. Hence the FAUX_* values below.
    See Also:
    DefaultLibraryIDPAttributeMapper

    • Constructor Detail

      • DefaultAttributeMapper

        public DefaultAttributeMapper​(Map<String,​String> attributeMap)

    • Method Detail

      • getAttributes

        public List<Attribute> getAttributes​(SSOToken token,
                                     Map<String,​String> attributeMap)
                              throws TokenCreationException
        Description copied from interface: AttributeMapper
        Gets a list of populated SAML2 Attribute instances.
        Specified by:
        getAttributes in interface AttributeMapper
        Parameters:
        token - The token corresponding to the subject whose attributes will be returned
        attributeMap - The mapping of saml attributes (keys) to the local AM LDAP attributes (values) Note that in this implementation, the attributeMap is ignored, as it is provided to the ctor as it needs to be referenced outside of this method, due to the DefaultLibraryIDPAttributeMapper superclass. This implementation detail should not change the specifics of the contract, however, in which the attributeMap is a fundamental constituent.
        Returns:
        The list of SAML2 Attribute instances to be included in the AttributeStatement.
        Throws:
        TokenCreationException

      • isIgnoredProfile

        protected boolean isIgnoredProfile​(Object session,
                                   String realm)
        This method is consulted by the DefaultLibraryIDPAttributeMapper to determine whether to actually look-up keys in the AttributeMap in the id-repo. User accounts in a given realm can be set to by dynamic or ignored, which means that no id-repo state exists corresponding to these accounts. The DefaultLibraryIDPAttributeMapper will only consult id-repo state if this method returns false.
        Overrides:
        isIgnoredProfile in class DefaultLibraryIDPAttributeMapper
        Parameters:
        session - SSOToken to check the profile creation attributes.
        realm - The realm for which profile state should be looked-up - will be the realm for the principal for whom the token is being generated - the realm value corresponds to the realm passed in the super.getAttributes call above.
        Returns:
        whether the ignored profile has been set up for user accounts in this realm

      • getConfigAttributeMap

        public Map<String,​String> getConfigAttributeMap​(String realm,
                                                      String hostEntityID,
                                                      String role)
                                               throws SAML2Exception
        This method is called to obtain the attribute mappings defined for the hosted provider corresponding to the entity id and realm. These parameters will be ignored, as the attributeMap passed to the ctor of this class will always be returned. This attribute map is defined in the SAML2Config state associated with the STSInstanceConfig state associated with the published STS instance which is consuming the TokenGenerationService.
        Overrides:
        getConfigAttributeMap in class DefaultAttributeMapper
        Parameters:
        realm - realm name. Parameter ignored.
        hostEntityID - EntityID of the hosted provider. Parameter ignored.
        role - Parameter ignored.
        Returns:
        the Attribute map passed to this class' ctor.
        Throws:
        SAML2Exception - never thrown.