Using the WS-Federation Packages

IDPAccountMapper

IDPAccountMapper is used on the identity provider (SAML v2 provider) side to map the local identities to the SAML v2 protocol objects. It accomplishes the reverse for some of the protocols (for example, ManageNameIDRequest). The default implementation, com.sun.identity.wsfederation.plugins.DefaultIDPAccountMapper, is used by the SAML v2 framework to retrieve the user's account federation information to construct the SAML protocol objects (for example, an Assertion) and to find out the corresponding user account for the given SAML v2 requests.

IDPAttributeMapper

IDPAttributeMapper is used to map an authenticated user's attributes to SAML v2 attributes. The SAML v2 framework may then insert the attribute information as an AttributeStatement in a SAML v2 assertion. The default implementation, com.sun.identity.wsfederation.plugins.DefaultIDPAttributeMapper, reads the configured attributes or attributes that are available through the SSOToken and returns the SAML v2 attributes.

IDPAuthenticationMethodMapper

IDPAuthenticationMethodMapper creates an IDPAuthenticationTypeInfo element based on the RequestAuthnContext information from the AuthnRequest sent by a service provider and the AuthnContext configuration om the identity provider side. The default implementation, com.sun.identity.wsfederation.plugins.DefaultIDPAuthenticationMethodMapper, will be used by the identity provider to find out the authentication mechanism and set the AuthnContext in the assertion.

SPAccountMapper

com.sun.identity.saml.plugins.PartnerAccountMapper is an interface that is implemented to map a partner account to a user account in OpenSSO Enterprise. Different partners would need to have different implementations of the interface. The mappings between the partner source ID and the implementation class are configured in the Partner URLs field of the SAML service. com.sun.identity.wsfederation.plugins.DefaultADFSPartnerAccountMapper is the default implementation.

SPAttributeMapper

SPAttributeMapper maps SAML v2 attributes to local user attributes. This mapper will be used by the service provider to read the configured map for the corresponding SAML v2 attributes and supply them to the SAML framework. The locally mapped attributes returned by the implementation of this interface will be inserted into the SSOToken by the SAML v2 framework. com.sun.identity.wsfederation.plugins.DefaultSPAttributeMapper is the default implementation.