com.sun.identity.saml2.plugins
Class SAML2ServiceProviderAdapter

java.lang.Object
  extended by com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter

public abstract class SAML2ServiceProviderAdapter
extends Object

The SAML2ServiceProviderAdapter abstract class provides methods that could be extended to perform user specific logics during SAMLv2 protocol processing on the Service Provider side. The implementation class could be configured on a per service provider basis in the extended metadata configuration.

A singleton instance of this SAML2ServiceProviderAdapter class will be used per Service Provider during runtime, so make sure implementation of the methods are thread safe.


Field Summary
static int FEDERATION_FAILED_WRITING_ACCOUNT_INFO
          Status code for federation failure due to unable to write account federation info.
static String HOSTED_ENTITY_ID
          Constants for hosted entity id parameter
static int INVALID_RESPONSE
          Status code for invalid response from IDP.
static String REALM
          Constants for the realm of the hosted entity parameter.
static int SSO_FAILED_ATTRIBUTE_MAPPING
          Status code for Single Sign-On failure due attribute mapping error.
static int SSO_FAILED_AUTH_ACCOUNT_EXPIRED
          Status code for Single Sign-On failure due to expired user account.
static int SSO_FAILED_AUTH_USER_INACTIVE
          Status code for Single Sign-On failure due to inactive user account.
static int SSO_FAILED_AUTH_USER_LOCKED
          Status code for Single Sign-On failure due to locked user account.
static int SSO_FAILED_META_DATA_ERROR
          Status code for Single Sign-On failure due to unable to retrieve meta data.
static int SSO_FAILED_NO_USER_MAPPING
          Status code for Single Sign-On failure due to no user mapping.
static int SSO_FAILED_SESSION_ERROR
          Status code for Single Sign-On failure due to internal session error.
static int SSO_FAILED_SESSION_GENERATION
          Status code for Single Sign-On failure due to unable to generate user session.
static int SUCCESS
          Status code for Single Sign-on success.
 
Constructor Summary
SAML2ServiceProviderAdapter()
           
 
Method Summary
abstract  void initialize(Map initParams)
          Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.
 void postNewNameIDSuccess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, String userID, ManageNameIDRequest idRequest, ManageNameIDResponse idResponse, String binding)
          Invokes after new Name Identifier processing succeeded.
 void postSingleLogoutSuccess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, String userID, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String binding)
          Invokes after single logout process succeeded, i.e.
 boolean postSingleSignOnFailure(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, AuthnRequest authnRequest, Response ssoResponse, String profile, int failureCode)
          Invokes after Single Sign-On processing failed.
 boolean postSingleSignOnSuccess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, Object session, AuthnRequest authnRequest, Response ssoResponse, String profile, boolean isFederation)
          Invokes after Single-Sign-On processing succeeded.
 void postTerminateNameIDSuccess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, String userID, ManageNameIDRequest idRequest, ManageNameIDResponse idResponse, String binding)
          Invokes after Terminate Name Identifier processing succeeded.
 void preSingleLogoutProcess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, String userID, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String binding)
          Invokes before single logout process started on SP side.
 void preSingleSignOnProcess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, AuthnRequest authnRequest, Response ssoResponse, String profile)
          Invokes when the FAM received the Single-Sign-On response from the IDP, this is called before any processing started on SP side.
 void preSingleSignOnRequest(String hostedEntityID, String idpEntityID, String realm, HttpServletRequest request, HttpServletResponse response, AuthnRequest authnRequest)
          Invokes before OpenSSO sends the Single-Sing-On request to IDP.
 

Field Detail

SUCCESS

public static final int SUCCESS
Status code for Single Sign-on success.

See Also:
Constant Field Values

INVALID_RESPONSE

public static final int INVALID_RESPONSE
Status code for invalid response from IDP.

See Also:
Constant Field Values

FEDERATION_FAILED_WRITING_ACCOUNT_INFO

public static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO
Status code for federation failure due to unable to write account federation info.

See Also:
Constant Field Values

SSO_FAILED_SESSION_ERROR

public static final int SSO_FAILED_SESSION_ERROR
Status code for Single Sign-On failure due to internal session error.

See Also:
Constant Field Values

SSO_FAILED_ATTRIBUTE_MAPPING

public static final int SSO_FAILED_ATTRIBUTE_MAPPING
Status code for Single Sign-On failure due attribute mapping error.

See Also:
Constant Field Values

SSO_FAILED_NO_USER_MAPPING

public static final int SSO_FAILED_NO_USER_MAPPING
Status code for Single Sign-On failure due to no user mapping.

See Also:
Constant Field Values

SSO_FAILED_AUTH_USER_INACTIVE

public static final int SSO_FAILED_AUTH_USER_INACTIVE
Status code for Single Sign-On failure due to inactive user account.

See Also:
Constant Field Values

SSO_FAILED_AUTH_USER_LOCKED

public static final int SSO_FAILED_AUTH_USER_LOCKED
Status code for Single Sign-On failure due to locked user account.

See Also:
Constant Field Values

SSO_FAILED_AUTH_ACCOUNT_EXPIRED

public static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED
Status code for Single Sign-On failure due to expired user account.

See Also:
Constant Field Values

SSO_FAILED_SESSION_GENERATION

public static final int SSO_FAILED_SESSION_GENERATION
Status code for Single Sign-On failure due to unable to generate user session.

See Also:
Constant Field Values

SSO_FAILED_META_DATA_ERROR

public static final int SSO_FAILED_META_DATA_ERROR
Status code for Single Sign-On failure due to unable to retrieve meta data.

See Also:
Constant Field Values

HOSTED_ENTITY_ID

public static final String HOSTED_ENTITY_ID
Constants for hosted entity id parameter

See Also:
Constant Field Values

REALM

public static final String REALM
Constants for the realm of the hosted entity parameter.

See Also:
Constant Field Values
Constructor Detail

SAML2ServiceProviderAdapter

public SAML2ServiceProviderAdapter()
Method Detail

initialize

public abstract void initialize(Map initParams)
Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.

Parameters:
initParams - initial set of parameters configured in the service provider for this adapter. One of the parameters named HOSTED_ENTITY_ID refers to the ID of this hosted service provider entity, one of the parameters named REALM refers to the realm of the hosted entity.

preSingleSignOnRequest

public void preSingleSignOnRequest(String hostedEntityID,
                                   String idpEntityID,
                                   String realm,
                                   HttpServletRequest request,
                                   HttpServletResponse response,
                                   AuthnRequest authnRequest)
                            throws SAML2Exception
Invokes before OpenSSO sends the Single-Sing-On request to IDP.

Parameters:
hostedEntityID - entity ID for the hosted SP
idpEntityID - entity id for the IDP to which the request will be sent. This will be null in ECP case.
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
authnRequest - the authentication request to be send to IDP
Throws:
SAML2Exception - if user want to fail the process.

preSingleSignOnProcess

public void preSingleSignOnProcess(String hostedEntityID,
                                   String realm,
                                   HttpServletRequest request,
                                   HttpServletResponse response,
                                   AuthnRequest authnRequest,
                                   Response ssoResponse,
                                   String profile)
                            throws SAML2Exception
Invokes when the FAM received the Single-Sign-On response from the IDP, this is called before any processing started on SP side.

Parameters:
hostedEntityID - entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
authnRequest - the original authentication request sent from SP, null if this is IDP initiated SSO.
ssoResponse - response from IDP
profile - protocol profile used, one of the following values: SAML2Constants.HTTP_POST, SAML2Constants.HTTP_ARTIFACT, SAML2Constants.PAOS
Throws:
SAML2Exception - if user want to fail the process.

postSingleSignOnSuccess

public boolean postSingleSignOnSuccess(String hostedEntityID,
                                       String realm,
                                       HttpServletRequest request,
                                       HttpServletResponse response,
                                       Object session,
                                       AuthnRequest authnRequest,
                                       Response ssoResponse,
                                       String profile,
                                       boolean isFederation)
                                throws SAML2Exception
Invokes after Single-Sign-On processing succeeded.

Parameters:
hostedEntityID - Entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
session - user's session
authnRequest - the original authentication request sent from SP, null if this is IDP initiated SSO.
ssoResponse - response from IDP
profile - protocol profile used, one of the following values: SAML2Constants.HTTP_POST, SAML2Constants.HTTP_ARTIFACT, SAML2Constants.PAOS
isFederation - true if this is federation case, false otherwise.
Returns:
true if browser redirection happened after processing, false otherwise. Default to false.
Throws:
SAML2Exception - if user want to fail the process.

postSingleSignOnFailure

public boolean postSingleSignOnFailure(String hostedEntityID,
                                       String realm,
                                       HttpServletRequest request,
                                       HttpServletResponse response,
                                       AuthnRequest authnRequest,
                                       Response ssoResponse,
                                       String profile,
                                       int failureCode)
Invokes after Single Sign-On processing failed.

Parameters:
hostedEntityID - Entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
authnRequest - the original authentication request sent from SP, null if this is IDP initiated SSO.
ssoResponse - response from IDP
profile - protocol profile used, one of the following values: SAML2Constants.HTTP_POST, SAML2Constants.HTTP_ARTIFACT, SAML2Constants.PAOS
failureCode - an integer specifies the failure code. Possible failure codes are defined in this interface.
Returns:
true if browser redirection happened, false otherwise. Default to false.

postNewNameIDSuccess

public void postNewNameIDSuccess(String hostedEntityID,
                                 String realm,
                                 HttpServletRequest request,
                                 HttpServletResponse response,
                                 String userID,
                                 ManageNameIDRequest idRequest,
                                 ManageNameIDResponse idResponse,
                                 String binding)
Invokes after new Name Identifier processing succeeded.

Parameters:
hostedEntityID - Entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
userID - Universal ID of the user with whom the new name identifier request performed
idRequest - New name identifier request, value will be null if the request object is not available
idResponse - New name identifier response, value will be null if the response object is not available
binding - Binding used for new name identifier request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT

postTerminateNameIDSuccess

public void postTerminateNameIDSuccess(String hostedEntityID,
                                       String realm,
                                       HttpServletRequest request,
                                       HttpServletResponse response,
                                       String userID,
                                       ManageNameIDRequest idRequest,
                                       ManageNameIDResponse idResponse,
                                       String binding)
Invokes after Terminate Name Identifier processing succeeded.

Parameters:
hostedEntityID - Entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
userID - Universal ID of the user with whom name id termination performed.
idRequest - Terminate name identifier request.
idResponse - Terminate name identifier response, value will be null if the response object is not available
binding - binding used for Terminate Name Identifier request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT

preSingleLogoutProcess

public void preSingleLogoutProcess(String hostedEntityID,
                                   String realm,
                                   HttpServletRequest request,
                                   HttpServletResponse response,
                                   String userID,
                                   LogoutRequest logoutRequest,
                                   LogoutResponse logoutResponse,
                                   String binding)
                            throws SAML2Exception
Invokes before single logout process started on SP side. This method is called before the user session is invalidated on the service provider side.

Parameters:
hostedEntityID - Entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
userID - universal ID of the user
logoutRequest - single logout request object
logoutResponse - single logout response, value will be null if the response object is not available
binding - binding used for Single Logout request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT
Throws:
SAML2Exception - if user want to fail the process.

postSingleLogoutSuccess

public void postSingleLogoutSuccess(String hostedEntityID,
                                    String realm,
                                    HttpServletRequest request,
                                    HttpServletResponse response,
                                    String userID,
                                    LogoutRequest logoutRequest,
                                    LogoutResponse logoutResponse,
                                    String binding)
Invokes after single logout process succeeded, i.e. user session has been invalidated.

Parameters:
hostedEntityID - Entity ID for the hosted SP
realm - Realm of the hosted SP.
request - servlet request
response - servlet response
userID - universal ID of the user
logoutRequest - single logout request, value will be null if the request object is not available
logoutResponse - single logout response, value will be null if the response object is not available
binding - binding used for Single Logout request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT