com.bea.security.saml2.providers.registry
Class WebSSOIdPPartnerImpl

java.lang.Object
  com.bea.security.saml2.providers.registry.WebSSOIdPPartnerImpl

All Implemented Interfaces:

BindingClientPartner, IdPPartner, MetadataPartner, Partner, WebSSOIdPPartner, WebSSOPartner, Serializable

public class WebSSOIdPPartnerImpl
extends Object
implements WebSSOIdPPartner, Serializable

See Also:

Serialized Form

Field Summary

Fields inherited from interface com.bea.security.saml2.providers.registry.Partner

ASSERTION_TYPE_BEARER, ASSERTION_TYPE_HOLDER_OF_KEY, ASSERTION_TYPE_SENDER_VOUCHES

Fields inherited from interface com.bea.security.saml2.providers.registry.Partner

ASSERTION_TYPE_BEARER, ASSERTION_TYPE_HOLDER_OF_KEY, ASSERTION_TYPE_SENDER_VOUCHES

Constructor Summary

WebSSOIdPPartnerImpl()

Method Summary

String	getArtifactBindingPostForm() Gets the POST form for the HTTP/Artifact binding.
IndexedEndpoint[]	getArtifactResolutionService()
String[]	getAudienceURIs() Returns an array of <Audience> URI values for the <AudienceRestriction> condition of SAML assertions.
String	getClientPassword()
String	getClientPasswordEncrypted() Returns encrypted client binding password, if available
String	getClientUsername() Get the binding client username.
String	getContactPersonCompany()
String	getContactPersonEmailAddress()
String	getContactPersonGivenName()
String	getContactPersonSurName()
String	getContactPersonTelephoneNumber()
String	getContactPersonType()
String	getDescription() Returns the description for this partner.
String	getEntityID() Returns this partner's entity ID, which must be a URI.
String	getErrorURL() This error url is part of saml 2.0 metadata, is not actually used by any implementation in CSS.
String	getIdentityProviderNameMapperClassname() Returns classname of IdP Provider name mapper for the conversion from JAAS Subject principals to SAML2 attributes
String	getIssuerURI() Get this partner's Issuer URI.
String	getName() Returns this partner's name.
String	getOrganizationName()
String	getOrganizationURL()
String	getPostBindingPostForm() Gets the POST form for the HTTP/POST binding.
String[]	getRedirectURIs() Get the Redirect URIs.
Endpoint[]	getSingleSignOnService() Get the single sign on service end points of the specified IdP.
X509Certificate	getSSOSigningCert() Get the SSON Signing Certificate.
X509Certificate	getTransportLayerClientCert() Get the transport level security (TLS/SSL) client certificate.
boolean	isArtifactBindingUsePOSTMethod() Gets the artifact binding use POST HTTP method flag.
boolean	isClientPasswordSet() Check whether the ClientPassword is set
boolean	isEnabled() Returns the enabled flag for this partner.
boolean	isNameModified() Returns the nameModified flag for this partner.
boolean	isPlainPasswordChanged()
boolean	isProcessAttributes() Process attribute flag.
boolean	isVirtualUserEnabled() Get the Virtual User Enabled value.
boolean	isWantArtifactRequestSigned() Gets the flag that determines if the <ArtifactRequest> documents will be signed
boolean	isWantAssertionsSigned()
boolean	isWantAuthnRequestsSigned() The flag of if the idp want the AuthnRequest document to be signed.
void	setArtifactBindingPostForm(String postForm) Sets the POST form for the HTTP/Artifact binding.
void	setArtifactBindingUsePOSTMethod(boolean isArtifactUsePost)
void	setArtifactResolutionService(IndexedEndpoint[] artifactResolutionService)
void	setAudienceURIs(String[] audienceURIs) Sets the <Audience> URI values for this partner.
void	setClientPassword(String clientPassword) Set the password that must be used by this partner when access bindings of the local site, e.g.
void	setClientPasswordEncrypted(String clientPasswordEncrypted)
void	setClientUsername(String clientUsername) Set the binding client username.
void	setContactPersonCompany(String contactPersonCompany)
void	setContactPersonEmailAddress(String contactPersonEmailAddress)
void	setContactPersonGivenName(String contactPersonGivenName)
void	setContactPersonSurName(String contactPersonSurName)
void	setContactPersonTelephoneNumber(String contactPersonTelephoneNumber)
void	setContactPersonType(String contactPersonType)
void	setDescription(String description) Set the description for this partner.
void	setEnabled(boolean enabled) Set the enabled flag for this partner.
void	setEntityID(String entityID) Set the entity ID for this partner
void	setErrorURL(String errorURL)
void	setIdentityProviderNameMapperClassname(String identityProviderNameMapperClassname) Sets IdP Provider name mapper classname
void	setIssuerURI(String issuerURI) Set the Issuer URI value for this partner.
void	setName(String name) Set the partner's name.
void	setOrganizationName(String organizationName)
void	setOrganizationURL(String organizationURL)
void	setPostBindingPostForm(String postForm) Sets the POST form for the HTTP/POST binding.
void	setProcessAttributes(boolean processAttributes) Set the process attribute flag.
void	setRedirectURIs(String[] redirectURIs) Set the Redirect URIs.
void	setSingleSignOnService(Endpoint[] singleSignOnService) Set the endpoints for this idp partner.
void	setSSOSigningCert(X509Certificate ssoSigningCert) Set the SSO Signing Certificate.
void	setTransportLayerClientCert(X509Certificate transportLayerClientCert) Set the transport layer security (TLS/SSL) client certificate.
void	setVirtualUserEnabled(boolean virtualUserEnabled) Set the Virtual User Enabled value.
void	setWantArtifactRequestSigned(boolean wantSigned) Sets the flag that determines if the <ArtifactRequest> documents will be signed
void	setWantAssertionsSigned(boolean wantAssertionsSigned)
void	setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned) set the wantAuthnRequest flag.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WebSSOIdPPartnerImpl

public WebSSOIdPPartnerImpl()

Method Detail

getArtifactResolutionService

public IndexedEndpoint[] getArtifactResolutionService()

Specified by:

getArtifactResolutionService in interface WebSSOPartner

setArtifactResolutionService

public void setArtifactResolutionService(IndexedEndpoint[] artifactResolutionService)

Specified by:

setArtifactResolutionService in interface WebSSOPartner

getSSOSigningCert

public X509Certificate getSSOSigningCert()

Description copied from interface: WebSSOPartner

Get the SSON Signing Certificate. The certificate is used to verify signatures on all signed documents for the Web SSO profile.

Specified by:

getSSOSigningCert in interface WebSSOPartner

Returns:

The SSO Signing Certificate.

setSSOSigningCert

public void setSSOSigningCert(X509Certificate ssoSigningCert)

Description copied from interface: WebSSOPartner

Set the SSO Signing Certificate.

Specified by:

setSSOSigningCert in interface WebSSOPartner

Parameters:

ssoSigningCert - The SSO Signing Certificate to set.

See Also:

WebSSOPartner.getSSOSigningCert()

getAudienceURIs

public String[] getAudienceURIs()

Description copied from interface: Partner

Returns an array of <Audience> URI values for the <AudienceRestriction> condition of SAML assertions. In General cases, for IdP partners, this configuration specifies a list of audiences of the local site, one of which must be in each assertion from the IdP. For SP partners, this configuration specifies the audience list to include in generated assertions.

Note that for Web SSO cases, this value is not honored. The only Audience URI for Web SSO is the IdP's Entity ID.

Specified by:

getAudienceURIs in interface Partner

Returns:

<Audience> URI values

See Also:

MetadataPartner.getEntityID()

setAudienceURIs

public void setAudienceURIs(String[] audienceURIs)

Description copied from interface: Partner

Sets the <Audience> URI values for this partner.

Specified by:

setAudienceURIs in interface Partner

Parameters:

audienceURIs - <Audience> URI values

See Also:

Partner.getAudienceURIs()

getClientPassword

public String getClientPassword()

setClientPassword

public void setClientPassword(String clientPassword)

Description copied from interface: BindingClientPartner

Set the password that must be used by this partner when access bindings of the local site, e.g. SOAP/HTTS binding

Specified by:

setClientPassword in interface BindingClientPartner

Parameters:

clientPassword - The client binding password to set.

getClientUsername

public String getClientUsername()

Description copied from interface: BindingClientPartner

Get the binding client username. This is the username that must be used by this partner when connecting to bindings of the local site, e.g. SOAP/HTTPS binding.

Specified by:

getClientUsername in interface BindingClientPartner

Returns:

The binding client username.

setClientUsername

public void setClientUsername(String clientUsername)

Description copied from interface: BindingClientPartner

Set the binding client username.

Specified by:

setClientUsername in interface BindingClientPartner

Parameters:

clientUsername - The binding client username

See Also:

BindingClientPartner.getClientUsername()

getContactPersonCompany

public String getContactPersonCompany()

Specified by:

getContactPersonCompany in interface MetadataPartner

setContactPersonCompany

public void setContactPersonCompany(String contactPersonCompany)

Specified by:

setContactPersonCompany in interface MetadataPartner

getContactPersonEmailAddress

public String getContactPersonEmailAddress()

Specified by:

getContactPersonEmailAddress in interface MetadataPartner

setContactPersonEmailAddress

public void setContactPersonEmailAddress(String contactPersonEmailAddress)

Specified by:

setContactPersonEmailAddress in interface MetadataPartner

getContactPersonGivenName

public String getContactPersonGivenName()

Specified by:

getContactPersonGivenName in interface MetadataPartner

setContactPersonGivenName

public void setContactPersonGivenName(String contactPersonGivenName)

Specified by:

setContactPersonGivenName in interface MetadataPartner

getContactPersonSurName

public String getContactPersonSurName()

Specified by:

getContactPersonSurName in interface MetadataPartner

setContactPersonSurName

public void setContactPersonSurName(String contactPersonSurName)

Specified by:

setContactPersonSurName in interface MetadataPartner

getContactPersonTelephoneNumber

public String getContactPersonTelephoneNumber()

Specified by:

getContactPersonTelephoneNumber in interface MetadataPartner

setContactPersonTelephoneNumber

public void setContactPersonTelephoneNumber(String contactPersonTelephoneNumber)

Specified by:

setContactPersonTelephoneNumber in interface MetadataPartner

getContactPersonType

public String getContactPersonType()

Specified by:

getContactPersonType in interface MetadataPartner

setContactPersonType

public void setContactPersonType(String contactPersonType)

Specified by:

setContactPersonType in interface MetadataPartner

getDescription

public String getDescription()

Description copied from interface: Partner

Returns the description for this partner.

Specified by:

getDescription in interface Partner

Returns:

description.

setDescription

public void setDescription(String description)

Description copied from interface: Partner

Set the description for this partner.

Specified by:

setDescription in interface Partner

Parameters:

description - The description value to set.

isEnabled

public boolean isEnabled()

Description copied from interface: Partner

Returns the enabled flag for this partner. This value indicates whether or not the partner is enabled.

Specified by:

isEnabled in interface Partner

Returns:

enabled flag.

setEnabled

public void setEnabled(boolean enabled)

Description copied from interface: Partner

Set the enabled flag for this partner.

Specified by:

setEnabled in interface Partner

Parameters:

enabled - The enabled flag to set.

getEntityID

public String getEntityID()

Description copied from interface: MetadataPartner

Returns this partner's entity ID, which must be a URI. This value is the expected <Issuer> value for documents from this partner and the default value for <Audience> for documents sent to this partner.

Specified by:

getEntityID in interface MetadataPartner

Returns:

entity ID

setEntityID

public void setEntityID(String entityID)

Description copied from interface: MetadataPartner

Set the entity ID for this partner

Specified by:

setEntityID in interface MetadataPartner

Parameters:

entityID - Partner entity ID

getErrorURL

public String getErrorURL()

Description copied from interface: MetadataPartner

This error url is part of saml 2.0 metadata, is not actually used by any implementation in CSS.

Specified by:

getErrorURL in interface MetadataPartner

Returns:

error url.

setErrorURL

public void setErrorURL(String errorURL)

Specified by:

setErrorURL in interface MetadataPartner

isWantAuthnRequestsSigned

public boolean isWantAuthnRequestsSigned()

Description copied from interface: WebSSOIdPPartner

The flag of if the idp want the AuthnRequest document to be signed.

Specified by:

isWantAuthnRequestsSigned in interface WebSSOIdPPartner

Returns:

the flag of if the AuthnRequest should be signed.

setWantAuthnRequestsSigned

public void setWantAuthnRequestsSigned(boolean wantAuthnRequestsSigned)

Description copied from interface: WebSSOIdPPartner

set the wantAuthnRequest flag.

Specified by:

setWantAuthnRequestsSigned in interface WebSSOIdPPartner

getIdentityProviderNameMapperClassname

public String getIdentityProviderNameMapperClassname()

Description copied from interface: IdPPartner

Returns classname of IdP Provider name mapper for the conversion from JAAS Subject principals to SAML2 attributes

Specified by:

getIdentityProviderNameMapperClassname in interface IdPPartner

Returns:

IdP Provider name mapper classname

setIdentityProviderNameMapperClassname

public void setIdentityProviderNameMapperClassname(String identityProviderNameMapperClassname)

Description copied from interface: IdPPartner

Sets IdP Provider name mapper classname

Specified by:

setIdentityProviderNameMapperClassname in interface IdPPartner

Parameters:

identityProviderNameMapperClassname - Name mapper classname

See Also:

IdPPartner.getIdentityProviderNameMapperClassname()

getIssuerURI

public String getIssuerURI()

Description copied from interface: IdPPartner

Get this partner's Issuer URI. Defaults to entity ID for meta-data partners, e.g. WebSSOIdPPartner

Specified by:

getIssuerURI in interface IdPPartner

Returns:

The Issuer URI.

See Also:

MetadataPartner.getEntityID()

setIssuerURI

public void setIssuerURI(String issuerURI)

Description copied from interface: IdPPartner

Set the Issuer URI value for this partner.

Specified by:

setIssuerURI in interface IdPPartner

Parameters:

issuerURI - The partner's Issuer URI.

See Also:

IdPPartner.getIssuerURI()

getOrganizationName

public String getOrganizationName()

Specified by:

getOrganizationName in interface MetadataPartner

setOrganizationName

public void setOrganizationName(String organizationName)

Specified by:

setOrganizationName in interface MetadataPartner

getOrganizationURL

public String getOrganizationURL()

Specified by:

getOrganizationURL in interface MetadataPartner

setOrganizationURL

public void setOrganizationURL(String organizationURL)

Specified by:

setOrganizationURL in interface MetadataPartner

isProcessAttributes

public boolean isProcessAttributes()

Description copied from interface: IdPPartner

Process attribute flag. If true, the SAML identity asserter will process the <AttributeStatement> in the assertion. The default implementation will process the WLSGroup information in the assertion.

This value works together with the default value in the identity asserter mbean settings. If either is true, the attribute will be processed.

Specified by:

isProcessAttributes in interface IdPPartner

Returns:

The process attribute flag.

setProcessAttributes

public void setProcessAttributes(boolean processAttributes)

Description copied from interface: IdPPartner

Set the process attribute flag.

Specified by:

setProcessAttributes in interface IdPPartner

See Also:

IdPPartner.isProcessAttributes()

getRedirectURIs

public String[] getRedirectURIs()

Description copied from interface: WebSSOIdPPartner

Get the Redirect URIs. Unauthenticated users accessing these URIs are logged-in using SSO with this partner

Specified by:

getRedirectURIs in interface WebSSOIdPPartner

Returns:

The Redirect URIs.

setRedirectURIs

public void setRedirectURIs(String[] redirectURIs)

Description copied from interface: WebSSOIdPPartner

Set the Redirect URIs. This is an array of URIs identifying resources on the server. The URIs must be include the resource's application context. Unauthenticated users accessing these URIs will be logged-in using SSO with this partner. The URI supports wildcard pattern, for wildcard rules,

Specified by:

setRedirectURIs in interface WebSSOIdPPartner

Parameters:

redirectURIs - The Redirect URIs to set.

See Also:

com.bea.common.security.utils.URLMatchMap

getSingleSignOnService

public Endpoint[] getSingleSignOnService()

Description copied from interface: WebSSOIdPPartner

Get the single sign on service end points of the specified IdP.

Specified by:

getSingleSignOnService in interface WebSSOIdPPartner

Returns:

the end point array of the Idp. should not be null for a valid partner.

setSingleSignOnService

public void setSingleSignOnService(Endpoint[] singleSignOnService)

Description copied from interface: WebSSOIdPPartner

Set the endpoints for this idp partner.

Specified by:

setSingleSignOnService in interface WebSSOIdPPartner

See Also:

Endpoint

getTransportLayerClientCert

public X509Certificate getTransportLayerClientCert()

Description copied from interface: BindingClientPartner

Get the transport level security (TLS/SSL) client certificate. This is the certificate that must be used by this partner when connecting to bindings of the local site, e.g. SOAP/HTTPS binding, using SSL/TLS.

Specified by:

getTransportLayerClientCert in interface BindingClientPartner

Returns:

The transport level security (SSL/TLS) client certificate.

setTransportLayerClientCert

public void setTransportLayerClientCert(X509Certificate transportLayerClientCert)

Description copied from interface: BindingClientPartner

Set the transport layer security (TLS/SSL) client certificate.

Specified by:

setTransportLayerClientCert in interface BindingClientPartner

Parameters:

transportLayerClientCert - The client certificate

See Also:

BindingClientPartner.getTransportLayerClientCert()

isVirtualUserEnabled

public boolean isVirtualUserEnabled()

Description copied from interface: IdPPartner

Get the Virtual User Enabled value. If true, the SAML Authenticator will authenticate "virtual users" for names (user and group) obtained from this partner's assertions and returned by the SAML Identity Asserter. If false, virtual users are not allowed, and the user names returned by the SAML Identity Asserter must be authenticated by another authenticator, which will (probably) require that the user be registered in a user directory or database and will create user principals based on the user's directory information.

Specified by:

isVirtualUserEnabled in interface IdPPartner

Returns:

The Virtual User Enabled value.

setVirtualUserEnabled

public void setVirtualUserEnabled(boolean virtualUserEnabled)

Description copied from interface: IdPPartner

Set the Virtual User Enabled value.

Specified by:

setVirtualUserEnabled in interface IdPPartner

Parameters:

virtualUserEnabled - The Virtual user Enabled valuee to set.

isWantAssertionsSigned

public boolean isWantAssertionsSigned()

Specified by:

isWantAssertionsSigned in interface IdPPartner

setWantAssertionsSigned

public void setWantAssertionsSigned(boolean wantAssertionsSigned)

Specified by:

setWantAssertionsSigned in interface IdPPartner

isNameModified

public boolean isNameModified()

Description copied from interface: Partner

Returns the nameModified flag for this partner. This value indicates whether or not the partner name is modified.

Specified by:

isNameModified in interface Partner

Returns:

nameModified flag.

setName

public void setName(String name)

Description copied from interface: Partner

Set the partner's name. Name is required for a partner.

Specified by:

setName in interface Partner

getName

public String getName()

Description copied from interface: Partner

Returns this partner's name.

Specified by:

getName in interface Partner

Returns:

partner name

getClientPasswordEncrypted

public String getClientPasswordEncrypted()

Description copied from interface: BindingClientPartner

Returns encrypted client binding password, if available

Specified by:

getClientPasswordEncrypted in interface BindingClientPartner

Returns:

the encrypted ClientPassword if the ClientPassword is set and the encrypted value is available

isClientPasswordSet

public boolean isClientPasswordSet()

Description copied from interface: BindingClientPartner

Check whether the ClientPassword is set

Specified by:

isClientPasswordSet in interface BindingClientPartner

Returns:

true if ClientPassword attribute is set (not 'null' and not empty string)

See Also:

BindingClientPartner.setClientPassword(String)

getArtifactBindingPostForm

public String getArtifactBindingPostForm()

Description copied from interface: WebSSOPartner

Gets the POST form for the HTTP/Artifact binding. This form, if present, is used in place of the default POST form when POSTing to a partner HTTP/Artifact binding

Specified by:

getArtifactBindingPostForm in interface WebSSOPartner

Returns:

The POST form.

setArtifactBindingPostForm

public void setArtifactBindingPostForm(String postForm)

Description copied from interface: WebSSOPartner

Sets the POST form for the HTTP/Artifact binding. Parameter is a URI indicating the location, with full application context, of the form that should be used.

Specified by:

setArtifactBindingPostForm in interface WebSSOPartner

Parameters:

postForm - The URI of the POST form to set.

getPostBindingPostForm

public String getPostBindingPostForm()

Description copied from interface: WebSSOPartner

Gets the POST form for the HTTP/POST binding. This form, if present, is used in place of the default POST form when POSTing to a partner HTTP/POST binding

Specified by:

getPostBindingPostForm in interface WebSSOPartner

Returns:

The POST form.

setPostBindingPostForm

public void setPostBindingPostForm(String postForm)

Description copied from interface: WebSSOPartner

Sets the POST form for the HTTP/POST binding. Parameter is a URI indicating the location, with full application context, of the form that should be used.

Specified by:

setPostBindingPostForm in interface WebSSOPartner

Parameters:

postForm - The URI of the POST form to set.

isWantArtifactRequestSigned

public boolean isWantArtifactRequestSigned()

Description copied from interface: WebSSOPartner

Gets the flag that determines if the <ArtifactRequest> documents will be signed

Specified by:

isWantArtifactRequestSigned in interface WebSSOPartner

Returns:

Want <ArtifactRequest> documents signed flag

setWantArtifactRequestSigned

public void setWantArtifactRequestSigned(boolean wantSigned)

Description copied from interface: WebSSOPartner

Sets the flag that determines if the <ArtifactRequest> documents will be signed

Specified by:

setWantArtifactRequestSigned in interface WebSSOPartner

Parameters:

wantSigned - want signed flag

isArtifactBindingUsePOSTMethod

public boolean isArtifactBindingUsePOSTMethod()

Description copied from interface: WebSSOPartner

Gets the artifact binding use POST HTTP method flag. If true, use POST when sending an artifact to partner artifact bindings; else, if false, use the GET method.

Specified by:

isArtifactBindingUsePOSTMethod in interface WebSSOPartner

Returns:

use POST HTTP method flag

setArtifactBindingUsePOSTMethod

public void setArtifactBindingUsePOSTMethod(boolean isArtifactUsePost)

Specified by:

setArtifactBindingUsePOSTMethod in interface WebSSOPartner

setClientPasswordEncrypted

public void setClientPasswordEncrypted(String clientPasswordEncrypted)

isPlainPasswordChanged

public boolean isPlainPasswordChanged()