Interface IDPAdapter
- All Superinterfaces:
InitializablePlugin
,SAMLPlugin
- All Known Subinterfaces:
SAML2IdentityProviderAdapter
This interface
IDPAdapter
is used to perform specific tasks in the IdP.-
Field Summary
Fields inherited from interface org.forgerock.openam.saml2.plugins.InitializablePlugin
HOSTED_ENTITY_ID, REALM
-
Method Summary
Modifier and TypeMethodDescriptionboolean
preAuthentication
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Object session, String reqID, String relayState) Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication.default void
preSendFailureResponse
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) Called before a SAML error message is returned.void
preSendFailureResponse
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) Deprecated, for removal: This API element is subject to removal in a future version.boolean
preSendResponse
(AuthnRequest authnRequest, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object session, String reqID, String relayState) This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed.void
preSignResponse
(AuthnRequest authnRequest, Response res, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, Object session, String relayState) Called after the SAML Response object is created, but before the Response is signed/encrypted.boolean
preSingleSignOn
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, String reqID) Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side.Methods inherited from interface org.forgerock.openam.saml2.plugins.InitializablePlugin
initialize, initialize
-
Method Details
-
preSingleSignOn
boolean preSingleSignOn(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, String reqID) throws com.sun.identity.saml2.common.SAML2Exception Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side. If the authentication request is subsequently cached and retrieved, this method will not be called again. This method is not triggered in the case of IDP initiated SSO or a proxied request.- Parameters:
hostedEntityID
- entity ID for the hosted IDPrealm
- realm of the hosted IDPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SPreqID
- the id to use for continuation of processing if the adapter redirects- Returns:
- true if browser redirection is happening after processing, false otherwise. Default to false
- Throws:
com.sun.identity.saml2.common.SAML2Exception
- for any exceptions occurring in the adapter. The federation process will continue
-
preAuthentication
boolean preAuthentication(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Object session, String reqID, String relayState) throws com.sun.identity.saml2.common.SAML2Exception Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication. This occurs when redirecting to authentication where there is no session, or during session upgrade. This method is not triggered in the case of IDP initiated SSO or a proxied request.- Parameters:
hostedEntityID
- entity ID for the hosted IDPrealm
- realm of the hosted IDPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SPsession
- the user session or null if the user has no sessionreqID
- the id to use for continuation of processing if the adapter redirectsrelayState
- the relayState that will be used in the redirect- Returns:
- true if browser redirection is happening after processing, false otherwise. Default to false
- Throws:
com.sun.identity.saml2.common.SAML2Exception
- for any exceptions occurring in the adapter. The federation process will continue
-
preSendResponse
boolean preSendResponse(AuthnRequest authnRequest, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object session, String reqID, String relayState) throws com.sun.identity.saml2.common.SAML2Exception This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed. Called after successful authentication (including session upgrade) or if a valid session already exists.- Parameters:
authnRequest
- original authnRequesthostProviderID
- hosted providerIDrealm
- realm of the hosted IDPrequest
- HttpServletRequestresponse
- HttpServletResponsesession
- the user session or null if the user has no sessionreqID
- the id to use for continuation of processing if the adapter redirectsrelayState
- the relayState that will be used in the redirect- Returns:
- true if browser redirection happened after processing, false otherwise. Default to false
- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if error occurs. The federation process will continue
-
preSignResponse
void preSignResponse(AuthnRequest authnRequest, Response res, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, Object session, String relayState) throws com.sun.identity.saml2.common.SAML2Exception Called after the SAML Response object is created, but before the Response is signed/encrypted. When artifact binding is being used, this method is invoked when the response object is created, and not when the artifact is actually resolved. This extension point's purpose is to make it possible to adjust the content of the SAML response (for example by adding custom SAML extensions), hence this method does not provide a way to abort the SAML flow.- Parameters:
authnRequest
- The original SAML Authentication Request (may be null if this was an IdP initiated SSO)res
- The SAML ResponsehostProviderID
- The entity ID of the IdPrealm
- The realm the IdP belongs torequest
- The HttpServletRequest objectsession
- The user session or null if the user has no sessionrelayState
- The relayState that will be used in the redirect- Throws:
com.sun.identity.saml2.common.SAML2Exception
- If an error occurs. The federation process will continue
-
preSendFailureResponse
@Deprecated(forRemoval=true, since="7.2.0") void preSendFailureResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) throws com.sun.identity.saml2.common.SAML2Exception Deprecated, for removal: This API element is subject to removal in a future version.This was previously called before a SAML error message was returned - now superceded bypreSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String)
. This method is not triggered during IDP initiated SSO.- Parameters:
request
- HttpServletRequestresponse
- HttpServletResponsefaultCode
- the fault code that will be returned in the SAML responsefaultDetail
- the fault detail that will be returned in the SAML response- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if error occurs. The federation process will continue
-
preSendFailureResponse
default void preSendFailureResponse(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) throws com.sun.identity.saml2.common.SAML2Exception Called before a SAML error message is returned. This method is not triggered during IDP initiated SSO.- Parameters:
hostedEntityID
- The entity ID of the IdPrealm
- The realm the IdP belongs torequest
- HttpServletRequestresponse
- HttpServletResponsefaultCode
- the fault code that will be returned in the SAML responsefaultDetail
- the fault detail that will be returned in the SAML response- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if error occurs. The federation process will continue
-
preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String)
.