FederationSPAdapter (OpenSSO Public API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.identity.federation.plugins
Interface FederationSPAdapter

public interface FederationSPAdapter

The interface FederationSPAdapter could be implemented to perform user specific processing during federation process on the Liberty Service Provider side.

A singleton instance of this FederationSPAdapter will be used during runtime, so make sure implementation of the federation processing methods (except initialize() method) are thread safe.

Field Summary
`static String`	`ENV_REALM` Adapter's initialization parameter name for realm.
`static int`	`FEDERATION_FAILED` Account federation failed.
`static int`	`FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED` Account federation failed because anonymous user account is expired.
`static int`	`FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE` Account federation failed because anonymous user account is inactive.
`static int`	`FEDERATION_FAILED_ANON_AUTH_USER_LOCKED` Account federation failed because anonymous user account is locked.
`static int`	`FEDERATION_FAILED_ANON_TOKEN_GENERATION` Account federation failed because it failed to generate anonymous token.
`static int`	`FEDERATION_FAILED_SSO_TOKEN_GENERATION` Account federation failed because it failed to generate user token.
`static int`	`FEDERATION_FAILED_WRITING_ACCOUNT_INFO` Account federation failed because it failed to write account federation info.
`static int`	`INVALID_AUTHN_RESPONSE` Response from `IDP` with Browser POST or LECP profile contains * non-Success status code.
`static int`	`INVALID_RESPONSE` Response from `IDP` with Browser Artifact profile contains non-Success status code.
`static int`	`SSO_FAILED` Single Sign On failed.
`static int`	`SSO_FAILED_AUTH_ACCOUNT_EXPIRED` Single Sign On failed because the user account is expired.
`static int`	`SSO_FAILED_AUTH_USER_INACTIVE` Single Sign On failed because the user account is inactive.
`static int`	`SSO_FAILED_AUTH_USER_LOCKED` Single Sign On failed because the user account is locked.
`static int`	`SSO_FAILED_AUTO_FED` Single Sign On failed because it failed to find auto federation user.
`static int`	`SSO_FAILED_FEDERATION_DOESNOT_EXIST` Single Sign On failed because federation info does not exist at `SP` side.
`static int`	`SSO_FAILED_TOKEN_GENERATION` Single Sign On failed because it failed to generate user token.
`static int`	`SUCCESS` Federation or Single Sign on process succeed at `SP` side.

Method Summary
`void`	`initialize(String hostedEntityID, Set initParams)` Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.
`void`	`postRegisterNameIdentifierSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSNameRegistrationRequest regRequest, FSNameRegistrationResponse regResponse, String regProfile)` Invokes after Register Name Identifier processing is successful
`void`	`postSingleLogoutSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSLogoutNotification logoutRequest, FSLogoutResponse logoutResponse, String sloProfile)` Invokes after single logout is successful completed, i.e.
`boolean`	`postSSOFederationFailure(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse, int failureCode)` Invokes after Single-Sign-On or Federation processing is failed.
`boolean`	`postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse)` Invokes after Single-Sign-On and Federation processing is successful.
`void`	`postTerminationNotificationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSFederationTerminationNotification notification, String termProfile)` Invokes after the service provider successfully terminates federation with IDP.
`void`	`preSingleLogoutProcess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSLogoutNotification logoutRequest, FSLogoutResponse logoutResponse, String sloProfile)` Invokes before single logout process started on FM side.
`void`	`preSSOFederationProcess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse)` Invokes when the FM received the Single-Sign-On and Federation response from the IDP, this is called before any processing started on SP side.
`void`	`preSSOFederationRequest(String hostedEntityID, String idpEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest)` Invokes before federation manager sends the Single-Sing-On and Federation request to IDP.

Field Detail

SUCCESS

static final int SUCCESS

Federation or Single Sign on process succeed at SP side.

See Also:: Constant Field Values

INVALID_AUTHN_RESPONSE

static final int INVALID_AUTHN_RESPONSE

Response from IDP with Browser POST or LECP profile contains * non-Success status code.

See Also:: Constant Field Values

INVALID_RESPONSE

static final int INVALID_RESPONSE

Response from IDP with Browser Artifact profile contains non-Success status code.

See Also:: Constant Field Values

FEDERATION_FAILED

static final int FEDERATION_FAILED

Account federation failed.

See Also:: Constant Field Values

FEDERATION_FAILED_SSO_TOKEN_GENERATION

static final int FEDERATION_FAILED_SSO_TOKEN_GENERATION

Account federation failed because it failed to generate user token.

See Also:: Constant Field Values

FEDERATION_FAILED_ANON_TOKEN_GENERATION

static final int FEDERATION_FAILED_ANON_TOKEN_GENERATION

Account federation failed because it failed to generate anonymous token.

See Also:: Constant Field Values

FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE

static final int FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE

Account federation failed because anonymous user account is inactive.

See Also:: Constant Field Values

FEDERATION_FAILED_ANON_AUTH_USER_LOCKED

static final int FEDERATION_FAILED_ANON_AUTH_USER_LOCKED

Account federation failed because anonymous user account is locked.

See Also:: Constant Field Values

FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED

static final int FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED

Account federation failed because anonymous user account is expired.

See Also:: Constant Field Values

FEDERATION_FAILED_WRITING_ACCOUNT_INFO

static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO

Account federation failed because it failed to write account federation info.

See Also:: Constant Field Values

SSO_FAILED

static final int SSO_FAILED

Single Sign On failed.

See Also:: Constant Field Values

SSO_FAILED_FEDERATION_DOESNOT_EXIST

static final int SSO_FAILED_FEDERATION_DOESNOT_EXIST

Single Sign On failed because federation info does not exist at SP side.

See Also:: Constant Field Values

SSO_FAILED_AUTO_FED

static final int SSO_FAILED_AUTO_FED

Single Sign On failed because it failed to find auto federation user.

See Also:: Constant Field Values

SSO_FAILED_AUTH_USER_INACTIVE

static final int SSO_FAILED_AUTH_USER_INACTIVE

Single Sign On failed because the user account is inactive.

See Also:: Constant Field Values

SSO_FAILED_AUTH_USER_LOCKED

static final int SSO_FAILED_AUTH_USER_LOCKED

Single Sign On failed because the user account is locked.

See Also:: Constant Field Values

SSO_FAILED_AUTH_ACCOUNT_EXPIRED

static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED

Single Sign On failed because the user account is expired.

See Also:: Constant Field Values

SSO_FAILED_TOKEN_GENERATION

static final int SSO_FAILED_TOKEN_GENERATION

Single Sign On failed because it failed to generate user token.

See Also:: Constant Field Values

ENV_REALM

static final String ENV_REALM

Adapter's initialization parameter name for realm.

See Also:: Constant Field Values

Method Detail

initialize

void initialize(String hostedEntityID,
                Set initParams)

Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.

Parameters:: hostedEntityID - entity ID for the hosted SP; initParams - initial set of parameters(such as REALM) configured in the service provider for this adapter.

preSSOFederationRequest

void preSSOFederationRequest(String hostedEntityID,
                             String idpEntityID,
                             HttpServletRequest request,
                             HttpServletResponse response,
                             FSAuthnRequest authnRequest)

Invokes before federation manager sends the Single-Sing-On and Federation request to IDP.

Parameters:: hostedEntityID - entity ID for the hosted SP; idpEntityID - entity id for the IDP to which the request will be sent; request - servlet request; response - servlet response; authnRequest - the authentication request to be send to IDP

preSSOFederationProcess

void preSSOFederationProcess(String hostedEntityID,
                             HttpServletRequest request,
                             HttpServletResponse response,
                             FSAuthnRequest authnRequest,
                             FSAuthnResponse authnResponse,
                             FSResponse samlResponse)
                             throws FederationException

Invokes when the FM received the Single-Sign-On and Federation response from the IDP, this is called before any processing started on SP side.

Parameters:: hostedEntityID - entity ID for the hosted SP; request - servlet request; response - servlet response; authnRequest - the original authentication request sent from SP; authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.; samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.
Throws:: FederationException - if user want to fail the process.

postSSOFederationSuccess

boolean postSSOFederationSuccess(String hostedEntityID,
                                 HttpServletRequest request,
                                 HttpServletResponse response,
                                 Object ssoToken,
                                 FSAuthnRequest authnRequest,
                                 FSAuthnResponse authnResponse,
                                 FSResponse samlResponse)
                                 throws FederationException

Invokes after Single-Sign-On and Federation processing is successful.

Parameters:: hostedEntityID - Entity ID for the hosted SP; request - servlet request; response - servlet response; ssoToken - user's SSO Token; authnRequest - the original authentication request sent from SP; authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.; samlResponse - response from IDP if Browser Artifact profile is used for the request, value will be null if Browser POST or LECP profile is used.
Returns:: true if browser redirection happened, false otherwise.
Throws:: FederationException - if user want to fail the process.

postSSOFederationFailure

boolean postSSOFederationFailure(String hostedEntityID,
                                 HttpServletRequest request,
                                 HttpServletResponse response,
                                 FSAuthnRequest authnRequest,
                                 FSAuthnResponse authnResponse,
                                 FSResponse samlResponse,
                                 int failureCode)

Invokes after Single-Sign-On or Federation processing is failed.

Parameters:: hostedEntityID - Entity ID for the hosted SP; request - servlet request; response - servlet response; authnRequest - the original authentication request sent from SP; authnResponse - response from IDP if Browser POST or LECP profile is used for the request, value will be null if Browser Artifact profile is used.; samlResponse - response from IDP if Browser Artifact profile is used * for the request, value will be null if Browser POST or LECP profile is used.; failureCode - an integer specifies the failure code. Possible failure codes are defined in this interface.
Returns:: true if browser redirection happened, false otherwise.

postRegisterNameIdentifierSuccess

void postRegisterNameIdentifierSuccess(String hostedEntityID,
                                       HttpServletRequest request,
                                       HttpServletResponse response,
                                       String userDN,
                                       FSNameRegistrationRequest regRequest,
                                       FSNameRegistrationResponse regResponse,
                                       String regProfile)

Invokes after Register Name Identifier processing is successful

Parameters:: hostedEntityID - Entity ID for the hosted SP; request - servlet request; response - servlet response; userDN - DN of the user with whom name identifier registration performed; regRequest - register name identifier request, value will be null if the request object is not available; regResponse - register name identifier response, value will be null if the response object is not available; regProfile - register name identifier profile used, one of following IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE

postTerminationNotificationSuccess

void postTerminationNotificationSuccess(String hostedEntityID,
                                        HttpServletRequest request,
                                        HttpServletResponse response,
                                        String userDN,
                                        FSFederationTerminationNotification notification,
                                        String termProfile)

Invokes after the service provider successfully terminates federation with IDP.

Parameters:: hostedEntityID - Entity ID for the hosted SP; request - servlet request; response - servlet response; userDN - DN of the user with whom name identifier registration performed; notification - federation termination notification message; termProfile - federation termination profile used, one of following IFSConstants.TERMINATION_SP_HTTP_PROFILE IFSConstants.TERMINATION_SP_SOAP_PROFILE IFSConstants.TERMINATION_IDP_HTTP_PROFILE IFSConstants.TERMINATION_IDP_SOAP_PROFILE

preSingleLogoutProcess

void preSingleLogoutProcess(String hostedEntityID,
                            HttpServletRequest request,
                            HttpServletResponse response,
                            String userDN,
                            FSLogoutNotification logoutRequest,
                            FSLogoutResponse logoutResponse,
                            String sloProfile)

Invokes before single logout process started on FM side. This method is called before the user token is invalidated on the service provider side.

Parameters:: hostedEntityID - Entity ID for the hosted SP; request - servlet request; response - servlet response; userDN - user DN; logoutRequest - single logout request object; logoutResponse - single logout response, value will be null if the response object is not available; sloProfile - single logout profile used, one of following IFSConstants.LOGOUT_SP_REDIRECT_PROFILE IFSConstants.LOGOUT_SP_SOAP_PROFILE IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE IFSConstants.LOGOUT_IDP_SOAP_PROFILE

postSingleLogoutSuccess

void postSingleLogoutSuccess(String hostedEntityID,
                             HttpServletRequest request,
                             HttpServletResponse response,
                             String userDN,
                             FSLogoutNotification logoutRequest,
                             FSLogoutResponse logoutResponse,
                             String sloProfile)

Invokes after single logout is successful completed, i.e. user token has been invalidated.

Parameters:: hostedEntityID - Entity ID for the hosted SP; request - servlet request; response - servlet response; userDN - user DN; logoutRequest - single logout request, value will be null if the request object is not available; logoutResponse - single logout response, value will be null if the response object is not available; sloProfile - single logout profile used, one of following IFSConstants.LOGOUT_SP_HTTP_PROFILE IFSConstants.LOGOUT_SP_SOAP_PROFILE IFSConstants.LOGOUT_IDP_HTTP_PROFILE IFSConstants.LOGOUT_IDP_SOAP_PROFILE