Package org.forgerock.openam.saml2.plugins

Interface IDPAdapter

    • Method Detail

      • preSingleSignOn

        boolean preSingleSignOn​(String hostedEntityID,
                        String realm,
                        javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        AuthnRequest authnRequest,
                        String reqID)
                 throws SAML2Exception
        Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side. If the authentication request is subsequently cached and retrieved, this method will not be called again. This method is not triggered in the case of IDP initiated SSO or a proxied request.
        Parameters:
        hostedEntityID - entity ID for the hosted IDP
        realm - realm of the hosted IDP
        request - servlet request
        response - servlet response
        authnRequest - the original authentication request sent from SP
        reqID - the id to use for continuation of processing if the adapter redirects
        Returns:
        true if browser redirection is happening after processing, false otherwise. Default to false
        Throws:
        SAML2Exception - for any exceptions occurring in the adapter. The federation process will continue

      • preAuthentication

        boolean preAuthentication​(String hostedEntityID,
                          String realm,
                          javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response,
                          AuthnRequest authnRequest,
                          Object session,
                          String reqID,
                          String relayState)
                   throws SAML2Exception
        Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication. This occurs when redirecting to authentication where there is no session, or during session upgrade. This method is not triggered in the case of IDP initiated SSO or a proxied request.
        Parameters:
        hostedEntityID - entity ID for the hosted IDP
        realm - realm of the hosted IDP
        request - servlet request
        response - servlet response
        authnRequest - the original authentication request sent from SP
        session - the user session or null if the user has no session
        reqID - the id to use for continuation of processing if the adapter redirects
        relayState - the relayState that will be used in the redirect
        Returns:
        true if browser redirection is happening after processing, false otherwise. Default to false
        Throws:
        SAML2Exception - for any exceptions occurring in the adapter. The federation process will continue

      • preSendResponse

        boolean preSendResponse​(AuthnRequest authnRequest,
                        String hostProviderID,
                        String realm,
                        javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        Object session,
                        String reqID,
                        String relayState)
                 throws SAML2Exception
        This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed. Called after successful authentication (including session upgrade) or if a valid session already exists.
        Parameters:
        authnRequest - original authnRequest
        hostProviderID - hosted providerID
        realm - realm of the hosted IDP
        request - HttpServletRequest
        response - HttpServletResponse
        session - the user session or null if the user has no session
        reqID - the id to use for continuation of processing if the adapter redirects
        relayState - the relayState that will be used in the redirect
        Returns:
        true if browser redirection happened after processing, false otherwise. Default to false
        Throws:
        SAML2Exception - if error occurs. The federation process will continue

      • preSignResponse

        void preSignResponse​(AuthnRequest authnRequest,
                     Response res,
                     String hostProviderID,
                     String realm,
                     javax.servlet.http.HttpServletRequest request,
                     Object session,
                     String relayState)
              throws SAML2Exception
        Called after the SAML Response object is created, but before the Response is signed/encrypted. When artifact binding is being used, this method is invoked when the response object is created, and not when the artifact is actually resolved. This extension point's purpose is to make it possible to adjust the content of the SAML response (for example by adding custom SAML extensions), hence this method does not provide a way to abort the SAML flow.
        Parameters:
        authnRequest - The original SAML Authentication Request (may be null if this was an IdP initiated SSO)
        res - The SAML Response
        hostProviderID - The entity ID of the IdP
        realm - The realm the IdP belongs to
        request - The HttpServletRequest object
        session - The user session or null if the user has no session
        relayState - The relayState that will be used in the redirect
        Throws:
        SAML2Exception - If an error occurs. The federation process will continue

      • preSendFailureResponse

        default void preSendFailureResponse​(String hostedEntityID,
                                    String realm,
                                    javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    String faultCode,
                                    String faultDetail)
                             throws SAML2Exception
        Called before a SAML error message is returned. This method is not triggered during IDP initiated SSO.
        Parameters:
        hostedEntityID - The entity ID of the IdP
        realm - The realm the IdP belongs to
        request - HttpServletRequest
        response - HttpServletResponse
        faultCode - the fault code that will be returned in the SAML response
        faultDetail - the fault detail that will be returned in the SAML response
        Throws:
        SAML2Exception - if error occurs. The federation process will continue