Interface SPAdapter
- All Superinterfaces:
InitializablePlugin
,SAMLPlugin
- All Known Implementing Classes:
SAML2ServiceProviderAdapter
The
SPAdapterPlugin
provides contracts to perform user specific logics during SAMLv2
protocol processing on the Service Provider side. The implementation class
could be configured on a per-service provider basis in the extended
metadata configuration.
A singleton instance of the class implementing SPAdapterPlugin
contracts will be used per Service Provider during runtime, so make sure
implementation of the methods are thread safe.
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
Status code for federation failure due to unable to write account federation info.static final int
Status code for invalid response fromIDP
.static final int
Status code for Single Sign-On failure due attribute mapping error.static final int
Status code for Single Sign-On failure due to expired user account.static final int
Status code for Single Sign-On failure due to inactive user account.static final int
Status code for Single Sign-On failure due to locked user account.static final int
Status code for Single Sign-On failure due to unable to retrieve meta data.static final int
Status code for Single Sign-On failure due to no user mapping.static final int
Status code for Single Sign-On failure due to internal session error.static final int
Status code for Single Sign-On failure due to unable to generate user session.static final int
Status code for Single Sign-on success.Fields inherited from interface org.forgerock.openam.saml2.plugins.InitializablePlugin
HOSTED_ENTITY_ID, REALM
-
Method Summary
Modifier and TypeMethodDescriptiondefault void
postNewNameIDSuccess
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, ManageNameIDRequest idRequest, ManageNameIDResponse idResponse, String binding) Invokes after new Name Identifier processing succeeded.default void
postSingleLogoutSuccess
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String binding) Invokes after single logout process succeeded, i.e.default boolean
postSingleSignOnFailure
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Response ssoResponse, String profile, int failureCode) Invokes after Single Sign-On processing failed.default boolean
postSingleSignOnSuccess
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, Object session, AuthnRequest authnRequest, Response ssoResponse, String profile, boolean isFederation) Invokes after Single-Sign-On processing succeeded.default void
postTerminateNameIDSuccess
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, ManageNameIDRequest idRequest, ManageNameIDResponse idResponse, String binding) Invokes after Terminate Name Identifier processing succeeded.default void
preSingleLogoutProcess
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String binding) Invokes before single logout process started onSP
side.default void
preSingleSignOnProcess
(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Response ssoResponse, String profile) Invokes when theFAM
received the Single-Sign-On response from the IDP, this is called before any processing started on SP side.default void
preSingleSignOnRequest
(String hostedEntityID, String idpEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest) Invoked before AM sends the Single-Sign-On request to IDP.Methods inherited from interface org.forgerock.openam.saml2.plugins.InitializablePlugin
initialize, initialize
-
Field Details
-
SUCCESS
static final int SUCCESSStatus code for Single Sign-on success.- See Also:
-
INVALID_RESPONSE
static final int INVALID_RESPONSEStatus code for invalid response fromIDP
.- See Also:
-
FEDERATION_FAILED_WRITING_ACCOUNT_INFO
static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFOStatus code for federation failure due to unable to write account federation info.- See Also:
-
SSO_FAILED_SESSION_ERROR
static final int SSO_FAILED_SESSION_ERRORStatus code for Single Sign-On failure due to internal session error.- See Also:
-
SSO_FAILED_ATTRIBUTE_MAPPING
static final int SSO_FAILED_ATTRIBUTE_MAPPINGStatus code for Single Sign-On failure due attribute mapping error.- See Also:
-
SSO_FAILED_NO_USER_MAPPING
static final int SSO_FAILED_NO_USER_MAPPINGStatus code for Single Sign-On failure due to no user mapping.- See Also:
-
SSO_FAILED_AUTH_USER_INACTIVE
static final int SSO_FAILED_AUTH_USER_INACTIVEStatus code for Single Sign-On failure due to inactive user account.- See Also:
-
SSO_FAILED_AUTH_USER_LOCKED
static final int SSO_FAILED_AUTH_USER_LOCKEDStatus code for Single Sign-On failure due to locked user account.- See Also:
-
SSO_FAILED_AUTH_ACCOUNT_EXPIRED
static final int SSO_FAILED_AUTH_ACCOUNT_EXPIREDStatus code for Single Sign-On failure due to expired user account.- See Also:
-
SSO_FAILED_SESSION_GENERATION
static final int SSO_FAILED_SESSION_GENERATIONStatus code for Single Sign-On failure due to unable to generate user session.- See Also:
-
SSO_FAILED_META_DATA_ERROR
static final int SSO_FAILED_META_DATA_ERRORStatus code for Single Sign-On failure due to unable to retrieve meta data.- See Also:
-
-
Method Details
-
preSingleSignOnRequest
default void preSingleSignOnRequest(String hostedEntityID, String idpEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest) throws com.sun.identity.saml2.common.SAML2Exception Invoked before AM sends the Single-Sign-On request to IDP.- Parameters:
hostedEntityID
- entity ID for the hosted SPidpEntityID
- entity id for the IDP to which the request will be sent. This will be null in ECP caserealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the authentication request to be sent to the IDP- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if user want to fail the process.
-
preSingleSignOnProcess
default void preSingleSignOnProcess(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Response ssoResponse, String profile) throws com.sun.identity.saml2.common.SAML2Exception Invokes when theFAM
received the Single-Sign-On response from the IDP, this is called before any processing started on SP side.- Parameters:
hostedEntityID
- entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SP, null if this is IDP initiated SSOssoResponse
- response from IDPprofile
- protocol profile used, one of the following values:SAML2Constants.HTTP_POST
,SAML2Constants.HTTP_ARTIFACT
,SAML2Constants.PAOS
- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if user want to fail the process
-
postSingleSignOnSuccess
default boolean postSingleSignOnSuccess(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, Object session, AuthnRequest authnRequest, Response ssoResponse, String profile, boolean isFederation) throws com.sun.identity.saml2.common.SAML2Exception Invokes after Single-Sign-On processing succeeded.- Parameters:
hostedEntityID
- Entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseout
- the print writer for writing out presentationsession
- user's sessionauthnRequest
- the original authentication request sent from SP, null if this is IDP initiated SSOssoResponse
- response from IDPprofile
- protocol profile used, one of the following values:SAML2Constants.HTTP_POST
,SAML2Constants.HTTP_ARTIFACT
,SAML2Constants.PAOS
isFederation
- true if this is federation case, false otherwise- Returns:
- true if browser redirection happened after processing,false otherwise. Default to false
- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if user want to fail the process
-
postSingleSignOnFailure
default boolean postSingleSignOnFailure(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Response ssoResponse, String profile, int failureCode) Invokes after Single Sign-On processing failed.- Parameters:
hostedEntityID
- Entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SP, null if this is IDP initiated SSOssoResponse
- response from IDPprofile
- protocol profile used, one of the following values:SAML2Constants.HTTP_POST
,SAML2Constants.HTTP_ARTIFACT
,SAML2Constants.PAOS
failureCode
- an integer specifies the failure code. Possible failure codes are defined in this interface- Returns:
- true if browser redirection happened, false otherwise. Default to false
-
postNewNameIDSuccess
default void postNewNameIDSuccess(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, ManageNameIDRequest idRequest, ManageNameIDResponse idResponse, String binding) Invokes after new Name Identifier processing succeeded.- Parameters:
hostedEntityID
- Entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseuserID
- Universal ID of the user with whom the new name identifier request performedidRequest
- New name identifier request, value will be null if the request object is not availableidResponse
- New name identifier response, value will be null if the response object is not availablebinding
- Binding used for new name identifier request, one of following values:SAML2Constants.SOAP
,SAML2Constants.HTTP_REDIRECT
-
postTerminateNameIDSuccess
default void postTerminateNameIDSuccess(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, ManageNameIDRequest idRequest, ManageNameIDResponse idResponse, String binding) Invokes after Terminate Name Identifier processing succeeded.- Parameters:
hostedEntityID
- Entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseuserID
- Universal ID of the user with whom name id termination performedidRequest
- Terminate name identifier requestidResponse
- Terminate name identifier response, value will be null if the response object is not availablebinding
- binding used for Terminate Name Identifier request, one of following values:SAML2Constants.SOAP
,SAML2Constants.HTTP_REDIRECT
-
preSingleLogoutProcess
default void preSingleLogoutProcess(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String binding) throws com.sun.identity.saml2.common.SAML2Exception Invokes before single logout process started onSP
side. This method is called before the user session is invalidated on the service provider side.- Parameters:
hostedEntityID
- Entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseuserID
- universal ID of the userlogoutRequest
- single logout request objectlogoutResponse
- single logout response, value will be null if the response object is not availablebinding
- binding used for Single Logout request, one of following values:SAML2Constants.SOAP
,SAML2Constants.HTTP_REDIRECT
- Throws:
com.sun.identity.saml2.common.SAML2Exception
- if user want to fail the process
-
postSingleLogoutSuccess
default void postSingleLogoutSuccess(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String userID, LogoutRequest logoutRequest, LogoutResponse logoutResponse, String binding) Invokes after single logout process succeeded, i.e. user session has been invalidated.- Parameters:
hostedEntityID
- Entity ID for the hosted SPrealm
- Realm of the hosted SPrequest
- servlet requestresponse
- servlet responseuserID
- universal ID of the userlogoutRequest
- single logout request, value will be null if the request object is not availablelogoutResponse
- single logout response, value will be null if the response object is not availablebinding
- binding used for Single Logout request, one of following values:SAML2Constants.SOAP
,SAML2Constants.HTTP_REDIRECT
-