Package org.forgerock.openam.saml2.plugins

Interface IDPAdapter

All Superinterfaces:
InitializablePlugin, SAMLPlugin
All Known Subinterfaces:
SAML2IdentityProviderAdapter
@EvolvingAll public interface IDPAdapter extends InitializablePlugin
This interface IDPAdapter is used to perform specific tasks in the IdP.

  • Method Details

    • preSingleSignOn

      boolean preSingleSignOn(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, String reqID) throws com.sun.identity.saml2.common.SAML2Exception
      Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side. If the authentication request is subsequently cached and retrieved, this method will not be called again. This method is not triggered in the case of IDP initiated SSO or a proxied request.
      Parameters:
      hostedEntityID - entity ID for the hosted IDP
      realm - realm of the hosted IDP
      request - servlet request
      response - servlet response
      authnRequest - the original authentication request sent from SP
      reqID - the id to use for continuation of processing if the adapter redirects
      Returns:
      true if browser redirection is happening after processing, false otherwise. Default to false
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - for any exceptions occurring in the adapter. The federation process will continue

    • preAuthentication

      boolean preAuthentication(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Object session, String reqID, String relayState) throws com.sun.identity.saml2.common.SAML2Exception
      Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication. This occurs when redirecting to authentication where there is no session, or during session upgrade. This method is not triggered in the case of IDP initiated SSO or a proxied request.
      Parameters:
      hostedEntityID - entity ID for the hosted IDP
      realm - realm of the hosted IDP
      request - servlet request
      response - servlet response
      authnRequest - the original authentication request sent from SP
      session - the user session or null if the user has no session
      reqID - the id to use for continuation of processing if the adapter redirects
      relayState - the relayState that will be used in the redirect
      Returns:
      true if browser redirection is happening after processing, false otherwise. Default to false
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - for any exceptions occurring in the adapter. The federation process will continue

    • preSendResponse

      boolean preSendResponse(AuthnRequest authnRequest, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object session, String reqID, String relayState) throws com.sun.identity.saml2.common.SAML2Exception
      This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed. Called after successful authentication (including session upgrade) or if a valid session already exists.
      Parameters:
      authnRequest - original authnRequest
      hostProviderID - hosted providerID
      realm - realm of the hosted IDP
      request - HttpServletRequest
      response - HttpServletResponse
      session - the user session or null if the user has no session
      reqID - the id to use for continuation of processing if the adapter redirects
      relayState - the relayState that will be used in the redirect
      Returns:
      true if browser redirection happened after processing, false otherwise. Default to false
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - if error occurs. The federation process will continue

    • preSignResponse

      void preSignResponse(AuthnRequest authnRequest, Response res, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, Object session, String relayState) throws com.sun.identity.saml2.common.SAML2Exception
      Called after the SAML Response object is created, but before the Response is signed/encrypted. When artifact binding is being used, this method is invoked when the response object is created, and not when the artifact is actually resolved. This extension point's purpose is to make it possible to adjust the content of the SAML response (for example by adding custom SAML extensions), hence this method does not provide a way to abort the SAML flow.
      Parameters:
      authnRequest - The original SAML Authentication Request (may be null if this was an IdP initiated SSO)
      res - The SAML Response
      hostProviderID - The entity ID of the IdP
      realm - The realm the IdP belongs to
      request - The HttpServletRequest object
      session - The user session or null if the user has no session
      relayState - The relayState that will be used in the redirect
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - If an error occurs. The federation process will continue

    • preSendFailureResponse

      @Deprecated(forRemoval=true, since="7.2.0") void preSendFailureResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) throws com.sun.identity.saml2.common.SAML2Exception
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 7.2.0 use preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String).
      This was previously called before a SAML error message was returned - now superceded by preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String). This method is not triggered during IDP initiated SSO.
      Parameters:
      request - HttpServletRequest
      response - HttpServletResponse
      faultCode - the fault code that will be returned in the SAML response
      faultDetail - the fault detail that will be returned in the SAML response
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - if error occurs. The federation process will continue

    • preSendFailureResponse

      default void preSendFailureResponse(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) throws com.sun.identity.saml2.common.SAML2Exception
      Called before a SAML error message is returned. This method is not triggered during IDP initiated SSO.
      Parameters:
      hostedEntityID - The entity ID of the IdP
      realm - The realm the IdP belongs to
      request - HttpServletRequest
      response - HttpServletResponse
      faultCode - the fault code that will be returned in the SAML response
      faultDetail - the fault detail that will be returned in the SAML response
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - if error occurs. The federation process will continue