org.forgerock.openam.sts.tokengeneration.saml2.statements

Class DefaultAttributeMapper

java.lang.Object

com.sun.identity.saml2.plugins.DefaultAttributeMapper

com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper

org.forgerock.openam.sts.tokengeneration.saml2.statements.DefaultAttributeMapper

All Implemented Interfaces:

IDPAttributeMapper, AttributeMapper

public class DefaultAttributeMapper
extends DefaultLibraryIDPAttributeMapper
implements AttributeMapper

This class implements the default attribute mapping functionality. It does so by extending the SAML2 DefaultLibraryIDPAttributeMapper, as this functionality is relatively involved, and should not be duplicated so that bug updates don't need to be propagated to multiple places. This does mean, however, that a few inelegant elements must be tolerated: the DefaultLibraryIDPAttributeMapper obtains the attributeMap and information about dynamic or ignored profiles from IDP/SP identifiers. These values undergo non-null checks, and thus faux values must be created to satisfy those checks. Hence the FAUX_* values below.

See Also:

DefaultLibraryIDPAttributeMapper

Field Summary

Fields inherited from class com.sun.identity.saml2.plugins.DefaultAttributeMapper

bundle, debug, dsProvider, IDP, SP

Constructor Summary

Constructors

Constructor and Description
DefaultAttributeMapper(Map<String,String> attributeMap)

Method Summary

Modifier and Type	Method and Description
List<Attribute>	getAttributes(SSOToken token, Map<String,String> attributeMap) Gets a list of populated SAML2 Attribute instances.
Map<String,String>	getConfigAttributeMap(String realm, String hostEntityID, String role) This method is called to obtain the attribute mappings defined for the hosted provider corresponding to the entity id and realm.
protected boolean	isIgnoredProfile(Object session, String realm) This method is consulted by the DefaultLibraryIDPAttributeMapper to determine whether to actually look-up keys in the AttributeMap in the id-repo.

Methods inherited from class com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper

getAttributes, getSAMLAttribute, needToEscapeXMLSpecialCharacters

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAttributeMapper

public DefaultAttributeMapper(Map<String,String> attributeMap)

Method Detail

getAttributes

public List<Attribute> getAttributes(SSOToken token,
                                     Map<String,String> attributeMap)
                              throws TokenCreationException

Description copied from interface: AttributeMapper

Gets a list of populated SAML2 Attribute instances.

Specified by:

getAttributes in interface AttributeMapper

Parameters:

token - The token corresponding to the subject whose attributes will be returned

attributeMap - The mapping of saml attributes (keys) to the local AM LDAP attributes (values) Note that in this implementation, the attributeMap is ignored, as it is provided to the ctor as it needs to be referenced outside of this method, due to the DefaultLibraryIDPAttributeMapper superclass. This implementation detail should not change the specifics of the contract, however, in which the attributeMap is a fundamental constituent.

Returns:

The list of SAML2 Attribute instances to be included in the AttributeStatement.

Throws:

TokenCreationException

isIgnoredProfile

protected boolean isIgnoredProfile(Object session,
                                   String realm)

This method is consulted by the DefaultLibraryIDPAttributeMapper to determine whether to actually look-up keys in the AttributeMap in the id-repo. User accounts in a given realm can be set to by dynamic or ignored, which means that no id-repo state exists corresponding to these accounts. The DefaultLibraryIDPAttributeMapper will only consult id-repo state if this method returns false.

Overrides:

isIgnoredProfile in class DefaultLibraryIDPAttributeMapper

Parameters:

session - SSOToken to check the profile creation attributes.

realm - The realm for which profile state should be looked-up - will be the realm for the principal for whom the token is being generated - the realm value corresponds to the realm passed in the super.getAttributes call above.

Returns:

whether the ignored profile has been set up for user accounts in this realm

getConfigAttributeMap

public Map<String,String> getConfigAttributeMap(String realm,
                                                String hostEntityID,
                                                String role)
                                         throws SAML2Exception

This method is called to obtain the attribute mappings defined for the hosted provider corresponding to the entity id and realm. These parameters will be ignored, as the attributeMap passed to the ctor of this class will always be returned. This attribute map is defined in the SAML2Config state associated with the STSInstanceConfig state associated with the published STS instance which is consuming the TokenGenerationService.

Overrides:

getConfigAttributeMap in class DefaultAttributeMapper

Parameters:

realm - realm name. Parameter ignored.

hostEntityID - EntityID of the hosted provider. Parameter ignored.

role - Parameter ignored.

Returns:

the Attribute map passed to this class' ctor.

Throws:

SAML2Exception - never thrown.