|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface FederationSPAdapter
The interface FederationSPAdapter
could be implemented to
perform user specific processing during federation process on the
Liberty Service Provider side.
A singleton instance of this FederationSPAdapter
will be used
during runtime, so make sure implementation of the federation
processing methods (except initialize() method) are thread safe.
Field Summary | |
---|---|
static String |
ENV_REALM
Adapter's initialization parameter name for realm. |
static int |
FEDERATION_FAILED
Account federation failed. |
static int |
FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED
Account federation failed because anonymous user account is expired. |
static int |
FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE
Account federation failed because anonymous user account is inactive. |
static int |
FEDERATION_FAILED_ANON_AUTH_USER_LOCKED
Account federation failed because anonymous user account is locked. |
static int |
FEDERATION_FAILED_ANON_TOKEN_GENERATION
Account federation failed because it failed to generate anonymous token. |
static int |
FEDERATION_FAILED_SSO_TOKEN_GENERATION
Account federation failed because it failed to generate user token. |
static int |
FEDERATION_FAILED_WRITING_ACCOUNT_INFO
Account federation failed because it failed to write account federation info. |
static int |
INVALID_AUTHN_RESPONSE
Response from IDP with Browser POST or LECP profile contains * non-Success status code. |
static int |
INVALID_RESPONSE
Response from IDP with Browser Artifact profile contains
non-Success status code. |
static int |
SSO_FAILED
Single Sign On failed. |
static int |
SSO_FAILED_AUTH_ACCOUNT_EXPIRED
Single Sign On failed because the user account is expired. |
static int |
SSO_FAILED_AUTH_USER_INACTIVE
Single Sign On failed because the user account is inactive. |
static int |
SSO_FAILED_AUTH_USER_LOCKED
Single Sign On failed because the user account is locked. |
static int |
SSO_FAILED_AUTO_FED
Single Sign On failed because it failed to find auto federation user. |
static int |
SSO_FAILED_FEDERATION_DOESNOT_EXIST
Single Sign On failed because federation info does not exist at SP side. |
static int |
SSO_FAILED_TOKEN_GENERATION
Single Sign On failed because it failed to generate user token. |
static int |
SUCCESS
Federation or Single Sign on process succeed at SP side. |
Method Summary | |
---|---|
void |
initialize(String hostedEntityID,
Set initParams)
Initializes the federation adapter, this method will only be executed once after creation of the adapter instance. |
void |
postRegisterNameIdentifierSuccess(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
String userDN,
FSNameRegistrationRequest regRequest,
FSNameRegistrationResponse regResponse,
String regProfile)
Invokes after Register Name Identifier processing is successful |
void |
postSingleLogoutSuccess(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
String userDN,
FSLogoutNotification logoutRequest,
FSLogoutResponse logoutResponse,
String sloProfile)
Invokes after single logout is successful completed, i.e. |
boolean |
postSSOFederationFailure(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
FSAuthnRequest authnRequest,
FSAuthnResponse authnResponse,
FSResponse samlResponse,
int failureCode)
Invokes after Single-Sign-On or Federation processing is failed. |
boolean |
postSSOFederationSuccess(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
Object ssoToken,
FSAuthnRequest authnRequest,
FSAuthnResponse authnResponse,
FSResponse samlResponse)
Invokes after Single-Sign-On and Federation processing is successful. |
void |
postTerminationNotificationSuccess(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
String userDN,
FSFederationTerminationNotification notification,
String termProfile)
Invokes after the service provider successfully terminates federation with IDP. |
void |
preSingleLogoutProcess(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
String userDN,
FSLogoutNotification logoutRequest,
FSLogoutResponse logoutResponse,
String sloProfile)
Invokes before single logout process started on FM side. |
void |
preSSOFederationProcess(String hostedEntityID,
HttpServletRequest request,
HttpServletResponse response,
FSAuthnRequest authnRequest,
FSAuthnResponse authnResponse,
FSResponse samlResponse)
Invokes when the FM received the Single-Sign-On and Federation response from the IDP, this is called before any processing started on SP side. |
void |
preSSOFederationRequest(String hostedEntityID,
String idpEntityID,
HttpServletRequest request,
HttpServletResponse response,
FSAuthnRequest authnRequest)
Invokes before federation manager sends the Single-Sing-On and Federation request to IDP. |
Field Detail |
---|
static final int SUCCESS
SP
side.
static final int INVALID_AUTHN_RESPONSE
IDP
with Browser POST or LECP profile contains * non-Success status code.
static final int INVALID_RESPONSE
IDP
with Browser Artifact profile contains
non-Success status code.
static final int FEDERATION_FAILED
static final int FEDERATION_FAILED_SSO_TOKEN_GENERATION
static final int FEDERATION_FAILED_ANON_TOKEN_GENERATION
static final int FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE
static final int FEDERATION_FAILED_ANON_AUTH_USER_LOCKED
static final int FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED
static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO
static final int SSO_FAILED
static final int SSO_FAILED_FEDERATION_DOESNOT_EXIST
SP
side.
static final int SSO_FAILED_AUTO_FED
static final int SSO_FAILED_AUTH_USER_INACTIVE
static final int SSO_FAILED_AUTH_USER_LOCKED
static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED
static final int SSO_FAILED_TOKEN_GENERATION
static final String ENV_REALM
Method Detail |
---|
void initialize(String hostedEntityID, Set initParams)
hostedEntityID
- entity ID for the hosted SPinitParams
- initial set of parameters(such as REALM) configured
in the service provider for this adapter.void preSSOFederationRequest(String hostedEntityID, String idpEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest)
hostedEntityID
- entity ID for the hosted SPidpEntityID
- entity id for the IDP to which the request will
be sentrequest
- servlet requestresponse
- servlet responseauthnRequest
- the authentication request to be send to IDPvoid preSSOFederationProcess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException
hostedEntityID
- entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SPauthnResponse
- response from IDP if Browser POST or LECP profile
is used for the request, value will be null if Browser Artifact
profile is used.samlResponse
- response from IDP if Browser Artifact profile is used
for the request, value will be null if Browser POST or LECP
profile is used.
FederationException
- if user want to fail the process.boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException
hostedEntityID
- Entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responsessoToken
- user's SSO TokenauthnRequest
- the original authentication request sent from SPauthnResponse
- response from IDP if Browser POST or LECP profile
is used for the request, value will be null if Browser Artifact
profile is used.samlResponse
- response from IDP if Browser Artifact profile is used
for the request, value will be null if Browser POST or LECP
profile is used.
FederationException
- if user want to fail the process.boolean postSSOFederationFailure(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse, int failureCode)
hostedEntityID
- Entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SPauthnResponse
- response from IDP if Browser POST or LECP profile
is used for the request, value will be null if Browser Artifact
profile is used.samlResponse
- response from IDP if Browser Artifact profile is used * for the request, value will be null if Browser POST or LECP
profile is used.failureCode
- an integer specifies the failure code. Possible
failure codes are defined in this interface.
void postRegisterNameIdentifierSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSNameRegistrationRequest regRequest, FSNameRegistrationResponse regResponse, String regProfile)
hostedEntityID
- Entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responseuserDN
- DN of the user with whom name identifier registration
performedregRequest
- register name identifier request, value will be
null if the request object is not availableregResponse
- register name identifier response, value will be
null if the response object is not availableregProfile
- register name identifier profile used, one of following
IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE
IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE
IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE
IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILEvoid postTerminationNotificationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSFederationTerminationNotification notification, String termProfile)
hostedEntityID
- Entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responseuserDN
- DN of the user with whom name identifier registration
performednotification
- federation termination notification messagetermProfile
- federation termination profile used, one of following
IFSConstants.TERMINATION_SP_HTTP_PROFILE
IFSConstants.TERMINATION_SP_SOAP_PROFILE
IFSConstants.TERMINATION_IDP_HTTP_PROFILE
IFSConstants.TERMINATION_IDP_SOAP_PROFILEvoid preSingleLogoutProcess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSLogoutNotification logoutRequest, FSLogoutResponse logoutResponse, String sloProfile)
hostedEntityID
- Entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responseuserDN
- user DNlogoutRequest
- single logout request objectlogoutResponse
- single logout response, value will be
null if the response object is not availablesloProfile
- single logout profile used, one of following
IFSConstants.LOGOUT_SP_REDIRECT_PROFILE
IFSConstants.LOGOUT_SP_SOAP_PROFILE
IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE
IFSConstants.LOGOUT_IDP_SOAP_PROFILEvoid postSingleLogoutSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, String userDN, FSLogoutNotification logoutRequest, FSLogoutResponse logoutResponse, String sloProfile)
hostedEntityID
- Entity ID for the hosted SPrequest
- servlet requestresponse
- servlet responseuserDN
- user DNlogoutRequest
- single logout request, value will be
null if the request object is not availablelogoutResponse
- single logout response, value will be
null if the response object is not availablesloProfile
- single logout profile used, one of following
IFSConstants.LOGOUT_SP_HTTP_PROFILE
IFSConstants.LOGOUT_SP_SOAP_PROFILE
IFSConstants.LOGOUT_IDP_HTTP_PROFILE
IFSConstants.LOGOUT_IDP_SOAP_PROFILE
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |