Sun OpenSSO Enterprise 8.0 Developer's Guide

Using the Liberty ID-FF Packages

The following packages form the Federation API. For more detailed information, see the Sun OpenSSO Enterprise 8.0 Java API Reference.

`com.sun.identity.federation.accountmgmt`

The com.sun.identity.federation.accountmgmt package contains the FSAccountFedInfo class which retrieves the information from the federated user account. After Liberty ID-FF federation is successfully completed, two attributes are set. The FSAccountFedInfo class contains the value of one of them: the iplanet-am-user-federation-info attribute.

`com.sun.identity.federation.common`

The com.sun.identity.federation.common package contains the IFSConstants interface which represents common constants used by the federation API.

`com.sun.identity.federation.message`

The com.sun.identity.federation.message package contains classes which define the federation protocol messages.

`com.sun.identity.federation.message.common`

The com.sun.identity.federation.message.common package contains classes which can be used by federation protocol messages.

`com.sun.identity.federation.plugins`

The com.sun.identity.federation.plugins package contains the FederationSPAdapter interface which can be implemented to allow applications to customize user specific processing before and after invoking the federation protocols. For example, a service provider may want to choose to redirect to a specific location after successful single sign-on. A singleton instance of this FederationSPAdapter is used during runtime so make sure the implementation of the methods (except initialize()) are thread safe.

`com.sun.identity.federation.services`

The com.sun.identity.federation.services package provides interfaces for writing custom plug-ins that can be used during the federation or single sign-on process. The interfaces are described in the following table.

Table 6–2 com.sun.identity.federation.services Interfaces


Interface	Description
`FSRealmAttributeMapper`	Plug-in for mapping the attributes passed from the identity provider to local attributes on the service provider side during the single sign-on. `com.sun.identity.federation.services.FSDefaultRealmAttributeMapper` is the default implementation.
`FSRealmAttributePlugin`	Plug-in for an identity provider to add `AttributeStatements` into a SAML assertion during the single sign-on process. `com.sun.identity.federation.services.FSDefaultRealmAttributePlugin` is the default implementation.
`FSRealmIDPProxy`	Interface used to find a preferred identity provider to which an authentication request can be proxied. `com.sun.identity.federation.services.FSRealmIDPProxyImpl` is the default implementation.

`com.sun.liberty`

The com.sun.liberty package contains the LibertyManager class which must be instantiated by web applications that want to access the Federation framework. It also contains the methods needed for account federation, session termination, log in, log out and other actions. Some of these methods are described in the following table.

Table 6–3 com.sun.liberty Methods


Method	Description
`getFederatedProviders()`	Returns a specific user's federated providers.
`getIDPFederationStatus()`	Retrieves a user's federation status with a specified identity provider. This method assumes that the user is already federated with the provider.
`getIDPList()`	Returns a list of all trusted identity providers.
`getIDPList()`	Returns a list of all trusted identity providers for the specified hosted provider.
`getProvidersToFederate()`	Returns a list of all trusted identity providers to which the specified user is not already federated.
`getSPList()`	Returns a list of all trusted service providers.
`getSPList()`	Returns a list of all trusted service providers for the specified hosted provider.
`getSPFederationStatus()`	Retrieves a user's federation status with a specified service provider. This method assumes that the user is already federated with the provider.