Interface SPAccountMapper


  • @SupportedAll
    public interface SPAccountMapper
    The interface SPAccountMapper is used to identify the local identities that maps the SAML protocol objects such as Assertion, ManageNameIDRequest etc. This mapper interface is used to map the identities only at the SAML Service Provider. The implementation of this interface will be used by the SAML framework to retrieve the user identity information for the consumption of generating a user session, or manage the user account information while handling the SAML protocols and it is pluggable through local configuration in the SAML2 plugin.
    See Also:
    IDPAccountMapper
    • Method Detail

      • getIdentity

        String getIdentity​(Assertion assertion,
                           String hostEntityID,
                           String realm)
                    throws SAML2Exception
        Returns the user's distinguished name or the universal ID for the corresponding SAML Assertion. This method will be invoked by the SAML framework while processing the Assertion and retrieves the identity information.
        Parameters:
        assertion - SAML Assertion that needs to be mapped to the user.
        hostEntityID - EntityID of the hosted provider.
        realm - Realm or the organization name that may be used to find the user information.
        Returns:
        User's distinguished name or the universal ID.
        Throws:
        SAML2Exception - If there was any failure.
      • getIdentity

        String getIdentity​(ManageNameIDRequest manageNameIDRequest,
                           String hostEntityID,
                           String realm)
                    throws SAML2Exception
        Returns the user's distinguished name or the universal ID for the corresponding SAML ManageNameIDRequest. This method will be invoked by the SAML framework for retrieving the user identity while processing the ManageIDRequest.
        Parameters:
        manageNameIDRequest - SAML ManageNameIDRequest that needs to be mapped to the user.
        hostEntityID - EntityID of the hosted provider.
        realm - Realm or the organization name that may be used to find the user information.
        Returns:
        User's distinguished name or the universal ID.
        Throws:
        SAML2Exception - If there was any failure.
      • shouldPersistNameIDFormat

        boolean shouldPersistNameIDFormat​(String realm,
                                          String hostEntityID,
                                          String remoteEntityID,
                                          String nameIDFormat)
        Tells whether the provided NameID-Format should be persisted in the user data store or not.
        Parameters:
        realm - The hosted SP's realm.
        hostEntityID - The hosted SP's entityID.
        remoteEntityID - The remote IdP's entityID.
        nameIDFormat - The non-transient NameID-Format in question.
        Returns:
        true if the provided NameID-Format should be persisted in the user data store, false otherwise.