Skip navigation links

oracle.security.jps.service.sso
Interface SsoService

All Superinterfaces:

JpsPersistable, ServiceInstance

public interface SsoService

extends ServiceInstance

This class provides APIs for applications to integrate with underlying SSO providers. It defines a contract for SSO flow that includes dynamic login, auto login and global logout.

Since:

11gR1+

Version:

1.1

Author:

yiwawang

Nested Class Summary

Nested classes/interfaces inherited from interface oracle.security.jps.service.JpsPersistable

JpsPersistable.Mode

Field Summary

static java.lang.String	APP_CONTEXT the property name for the application context root.
static java.lang.String	AUTH_LEVEL the property name for the authentication level.
static java.lang.String	CANCEL_URL the property name for the cancel url.
static java.lang.String	FAILURE_URL the property name for the failure url.
static java.lang.String	IMP_USER_ID the property name for the user being impersonated.
static java.lang.String	SUCCESS_URL the property name for the success url.
static java.lang.String	TARGET_URL the property name for the target url.

Method Summary

void	autoLogin(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Collection<Credential> creds, java.util.Map<java.lang.String,?> props) This method sends a response to initiate the SSO auto login process.
void	beginImpersonation(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Map<java.lang.String,?> props) This method sends a response to start the impersonation session supported by the underlying SSO provider.
void	endImpersonation(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Map<java.lang.String,?> props) This method sends a response to end the impersonation session supported by the underlying SSO provider.
void	login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Map<java.lang.String,?> props) This method sends a response to initiate the SSO authentication process at the specific authentication level.
void	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.util.Map<java.lang.String,?> props) This method sends a response to initiate the global logout process supported by the underlying SSO provider.

Methods inherited from interface oracle.security.jps.service.ServiceInstance

accept, getName, getServiceProvider

Methods inherited from interface oracle.security.jps.service.JpsPersistable

persist, refresh

Field Detail

SUCCESS_URL

static final java.lang.String SUCCESS_URL

the property name for the success url.

See Also:

Constant Field Values

CANCEL_URL

static final java.lang.String CANCEL_URL

the property name for the cancel url.

See Also:

Constant Field Values

AUTH_LEVEL

static final java.lang.String AUTH_LEVEL

the property name for the authentication level.

See Also:

Constant Field Values

TARGET_URL

static final java.lang.String TARGET_URL

the property name for the target url.

See Also:

Constant Field Values

APP_CONTEXT

static final java.lang.String APP_CONTEXT

the property name for the application context root.

See Also:

Constant Field Values

FAILURE_URL

static final java.lang.String FAILURE_URL

the property name for the failure url.

See Also:

Constant Field Values

IMP_USER_ID

static final java.lang.String IMP_USER_ID

the property name for the user being impersonated.

See Also:

Constant Field Values

Method Detail

login

void login(javax.servlet.http.HttpServletRequest request,
           javax.servlet.http.HttpServletResponse response,
           java.util.Map<java.lang.String,?> props)
           throws SsoServiceException

This method sends a response to initiate the SSO authentication process at the specific authentication level.

The supplied success and cancel URL can contain query parameters. If an application needs to pass more context information, it should be encoded as part of the success and cancel URLs.

Parameters:

request - the client request that requires user authentication to be performed

response - the response associated with the request

props - used to convey the following information in the form of name-value that is relevant to the login process:

• SsoService.SUCCESS_URL [type String, required]: the URL that the user agent must be taken to upon successful authentication
• SsoService.CANCEL_URL [type String, optional]: the URL that the user agent must be taken to if the user chooses to cancel the login from the login form
• SsoService.AUTH_LEVEL [type String, optional]: an integer in string that indicates the level of authentication required to access a resource. The default authentication level will be used if no authentication level is supplied
• SsoService.APP_CONTEXT [type String, required if application scoped]: the context root of the application

Throws:

SsoServiceException - thrown if an error occurs that interferes with the service's normal operation

logout

void logout(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response,
            java.util.Map<java.lang.String,?> props)
            throws SsoServiceException

This method sends a response to initiate the global logout process supported by the underlying SSO provider.

Parameters:

request - the client request that requires global logout to be performed

response - the response associated with the request

props - used to convey the following information in the form of name-value that is relevant to the logout process:

• SsoService.TARGET_URL [type String, required]: the URL that the user agent must be taken to upon successful logout. It is expected that any application context will be encoded in this URL
• SsoService.APP_CONTEXT [type String, required if application scoped]: the context root of the application

Throws:

SsoServiceException - thrown if an error occurs that interferes with the service's normal operation

autoLogin

void autoLogin(javax.servlet.http.HttpServletRequest request,
               javax.servlet.http.HttpServletResponse response,
               java.util.Collection<Credential> creds,
               java.util.Map<java.lang.String,?> props)
               throws SsoServiceException

This method sends a response to initiate the SSO auto login process. JpsPermission named CredentialMapping is required to execute this API.

Parameters:

creds - a collection of user credentials

request - the client request that requires user auto login to be performed

response - the response associated with the request

props - used to convey the following information in the form of name-value that is relevant to the auto login process:

• SsoService.TARGET_URL [type String, required]: the landing page URL that the user agent must be taken to upon successful authentication after self-registration
• SsoService.APP_CONTEXT [type String, required if application scoped]: the context root of the application

Throws:

SsoServiceException - thrown if an error occurs that interferes with the service's normal operation

beginImpersonation

void beginImpersonation(javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        java.util.Map<java.lang.String,?> props)
                        throws SsoServiceException

This method sends a response to start the impersonation session supported by the underlying SSO provider.

The supplied success and failure URL can contain query parameters. If an application needs to pass more context information, it should be encoded as part of the success and failure URLs.

The SSO provider is responsible for performing any required security check.

Parameters:

request - the client request that requires the impersonation session to be started

response - the response associated with the request

props - used to convey the following information in the form of name-value that is relevant to starting the impersonation session:

• SsoService.SUCCESS_URL [type String, required]: the URL that the user agent must be taken to after the impersonation session started
• SsoService.FAILURE_URL [type String, optional]: the URL that the user agent must be taken to if failed to start the impersonation session
• SsoService.IMP_USER_ID [type String, required]: the user who is being impersonated
• SsoService.APP_CONTEXT [type String, required if application scoped]: the context root of the application

Throws:

SsoServiceException - thrown if an error occurs that interferes with the service's normal operation

endImpersonation

void endImpersonation(javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response,
                      java.util.Map<java.lang.String,?> props)
                      throws SsoServiceException

This method sends a response to end the impersonation session supported by the underlying SSO provider.

The SSO provider is responsible for performing any required security check.

Parameters:

request - the client request that requires impersonation session to be ended

response - the response associated with the request

props - used to convey the following information in the form of name-value that is relevant to ending impersonation session:

• SsoService.TARGET_URL [type String, required]: the URL that the user agent must be taken to upon the impersonation session ended. It is expected that any application context to be encoded in this URL
• SsoService.APP_CONTEXT [type String, required if application scoped]: the context root of the application

Throws:

SsoServiceException - thrown if an error occurs that interferes with the service's normal operation

Skip navigation links