AccountMapper and PartnerAccountMapper Interfaces

AccountMapper and PartnerAccountMapper are interfaces that need to be implemented by each partner site. The implemented class maps the partner site's user accounts to user accounts configured in Access Manager for purposes of single sign-on. For example, if single sign-on is configured from site A to site B, a site-specific account mapper can be developed and defined in the Trusted Partners subattribute of site B's Trusted Partners profile. When site B processes the assertion received, it locates the corresponding account mapper by retrieving the source ID of the originating site. Either SPI can be implemented although PartnerAccountMapper has one benefit over AccountMapper: it takes the whole assertion as a parameter, enabling the partner to define user account mapping based on attributes inside the assertion. The AccountMapper interface uses only the subject of the assertion as a parameter. The default implementation is com.sun.identity.saml.plugin.DefaultAccountMapper. If a site-specific account mapper is not configured, this default mapper is used.

Turning on the Debug Service in the AMConfig.properties file logs additional information about the account mapper, for example, the user name and organization to which the mapper has been mapped. For more information about the AMConfig.properties file, see the Sun Java System Access Manager 7 2005Q4 Developer’s Guide.