Package com.sun.identity.saml2.plugins

Class SAML2ServiceProviderAdapter

  • @SupportedAll
public abstract class SAML2ServiceProviderAdapter
extends Object
    The SAML2ServiceProviderAdapter abstract class provides methods that could be extended to perform user specific logics during SAMLv2 protocol processing on the Service Provider side. The implementation class could be configured on a per service provider basis in the extended metadata configuration.

    A singleton instance of this SAML2ServiceProviderAdapter class will be used per Service Provider during runtime, so make sure implementation of the methods are thread safe.

    • Field Detail

      • SUCCESS

        public static final int SUCCESS
        Status code for Single Sign-on success.
        See Also:
        Constant Field Values

      • INVALID_RESPONSE

        public static final int INVALID_RESPONSE
        Status code for invalid response from IDP.
        See Also:
        Constant Field Values

      • FEDERATION_FAILED_WRITING_ACCOUNT_INFO

        public static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO
        Status code for federation failure due to unable to write account federation info.
        See Also:
        Constant Field Values

      • SSO_FAILED_SESSION_ERROR

        public static final int SSO_FAILED_SESSION_ERROR
        Status code for Single Sign-On failure due to internal session error.
        See Also:
        Constant Field Values

      • SSO_FAILED_ATTRIBUTE_MAPPING

        public static final int SSO_FAILED_ATTRIBUTE_MAPPING
        Status code for Single Sign-On failure due attribute mapping error.
        See Also:
        Constant Field Values

      • SSO_FAILED_NO_USER_MAPPING

        public static final int SSO_FAILED_NO_USER_MAPPING
        Status code for Single Sign-On failure due to no user mapping.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTH_USER_INACTIVE

        public static final int SSO_FAILED_AUTH_USER_INACTIVE
        Status code for Single Sign-On failure due to inactive user account.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTH_USER_LOCKED

        public static final int SSO_FAILED_AUTH_USER_LOCKED
        Status code for Single Sign-On failure due to locked user account.
        See Also:
        Constant Field Values

      • SSO_FAILED_AUTH_ACCOUNT_EXPIRED

        public static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED
        Status code for Single Sign-On failure due to expired user account.
        See Also:
        Constant Field Values

      • SSO_FAILED_SESSION_GENERATION

        public static final int SSO_FAILED_SESSION_GENERATION
        Status code for Single Sign-On failure due to unable to generate user session.
        See Also:
        Constant Field Values

      • SSO_FAILED_META_DATA_ERROR

        public static final int SSO_FAILED_META_DATA_ERROR
        Status code for Single Sign-On failure due to unable to retrieve meta data.
        See Also:
        Constant Field Values

      • HOSTED_ENTITY_ID

        public static final String HOSTED_ENTITY_ID
        Constants for hosted entity id parameter
        See Also:
        Constant Field Values

    • Constructor Detail

      • SAML2ServiceProviderAdapter

        public SAML2ServiceProviderAdapter()

    • Method Detail

      • initialize

        public abstract void initialize​(Map initParams)
        Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.
        Parameters:
        initParams - initial set of parameters configured in the service provider for this adapter. One of the parameters named HOSTED_ENTITY_ID refers to the ID of this hosted service provider entity, one of the parameters named REALM refers to the realm of the hosted entity.

      • preSingleSignOnRequest

        public void preSingleSignOnRequest​(String hostedEntityID,
                                   String idpEntityID,
                                   String realm,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response,
                                   AuthnRequest authnRequest)
                            throws SAML2Exception
        Invokes before OpenAM sends the Single-Sign-On request to IDP.
        Parameters:
        hostedEntityID - entity ID for the hosted SP
        idpEntityID - entity id for the IDP to which the request will be sent. This will be null in ECP case.
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        authnRequest - the authentication request to be send to IDP
        Throws:
        SAML2Exception - if user want to fail the process.

      • preSingleSignOnProcess

        public void preSingleSignOnProcess​(String hostedEntityID,
                                   String realm,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response,
                                   AuthnRequest authnRequest,
                                   Response ssoResponse,
                                   String profile)
                            throws SAML2Exception
        Invokes when the FAM received the Single-Sign-On response from the IDP, this is called before any processing started on SP side.
        Parameters:
        hostedEntityID - entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        authnRequest - the original authentication request sent from SP, null if this is IDP initiated SSO.
        ssoResponse - response from IDP
        profile - protocol profile used, one of the following values: SAML2Constants.HTTP_POST, SAML2Constants.HTTP_ARTIFACT, SAML2Constants.PAOS
        Throws:
        SAML2Exception - if user want to fail the process.

      • postSingleSignOnSuccess

        public boolean postSingleSignOnSuccess​(String hostedEntityID,
                                       String realm,
                                       javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       PrintWriter out,
                                       Object session,
                                       AuthnRequest authnRequest,
                                       Response ssoResponse,
                                       String profile,
                                       boolean isFederation)
                                throws SAML2Exception
        Invokes after Single-Sign-On processing succeeded.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        out - the print writer for writing out presentation
        session - user's session
        authnRequest - the original authentication request sent from SP, null if this is IDP initiated SSO.
        ssoResponse - response from IDP
        profile - protocol profile used, one of the following values: SAML2Constants.HTTP_POST, SAML2Constants.HTTP_ARTIFACT, SAML2Constants.PAOS
        isFederation - true if this is federation case, false otherwise.
        Returns:
        true if browser redirection happened after processing, false otherwise. Default to false.
        Throws:
        SAML2Exception - if user want to fail the process.

      • postSingleSignOnFailure

        public boolean postSingleSignOnFailure​(String hostedEntityID,
                                       String realm,
                                       javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       AuthnRequest authnRequest,
                                       Response ssoResponse,
                                       String profile,
                                       int failureCode)
        Invokes after Single Sign-On processing failed.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        authnRequest - the original authentication request sent from SP, null if this is IDP initiated SSO.
        ssoResponse - response from IDP
        profile - protocol profile used, one of the following values: SAML2Constants.HTTP_POST, SAML2Constants.HTTP_ARTIFACT, SAML2Constants.PAOS
        failureCode - an integer specifies the failure code. Possible failure codes are defined in this interface.
        Returns:
        true if browser redirection happened, false otherwise. Default to false.

      • postNewNameIDSuccess

        public void postNewNameIDSuccess​(String hostedEntityID,
                                 String realm,
                                 javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 String userID,
                                 ManageNameIDRequest idRequest,
                                 ManageNameIDResponse idResponse,
                                 String binding)
        Invokes after new Name Identifier processing succeeded.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        userID - Universal ID of the user with whom the new name identifier request performed
        idRequest - New name identifier request, value will be null if the request object is not available
        idResponse - New name identifier response, value will be null if the response object is not available
        binding - Binding used for new name identifier request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT

      • postTerminateNameIDSuccess

        public void postTerminateNameIDSuccess​(String hostedEntityID,
                                       String realm,
                                       javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       String userID,
                                       ManageNameIDRequest idRequest,
                                       ManageNameIDResponse idResponse,
                                       String binding)
        Invokes after Terminate Name Identifier processing succeeded.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        userID - Universal ID of the user with whom name id termination performed.
        idRequest - Terminate name identifier request.
        idResponse - Terminate name identifier response, value will be null if the response object is not available
        binding - binding used for Terminate Name Identifier request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT

      • preSingleLogoutProcess

        public void preSingleLogoutProcess​(String hostedEntityID,
                                   String realm,
                                   javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response,
                                   String userID,
                                   LogoutRequest logoutRequest,
                                   LogoutResponse logoutResponse,
                                   String binding)
                            throws SAML2Exception
        Invokes before single logout process started on SP side. This method is called before the user session is invalidated on the service provider side.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        userID - universal ID of the user
        logoutRequest - single logout request object
        logoutResponse - single logout response, value will be null if the response object is not available
        binding - binding used for Single Logout request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT
        Throws:
        SAML2Exception - if user want to fail the process.

      • postSingleLogoutSuccess

        public void postSingleLogoutSuccess​(String hostedEntityID,
                                    String realm,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    String userID,
                                    LogoutRequest logoutRequest,
                                    LogoutResponse logoutResponse,
                                    String binding)
        Invokes after single logout process succeeded, i.e. user session has been invalidated.
        Parameters:
        hostedEntityID - Entity ID for the hosted SP
        realm - Realm of the hosted SP.
        request - servlet request
        response - servlet response
        userID - universal ID of the user
        logoutRequest - single logout request, value will be null if the request object is not available
        logoutResponse - single logout response, value will be null if the response object is not available
        binding - binding used for Single Logout request, one of following values: SAML2Constants.SOAP, SAML2Constants.HTTP_REDIRECT