001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: PartnerAccountMapper.java,v 1.4 2008/08/19 19:11:14 veiming Exp $
026 *
027 */
028
029
030package com.sun.identity.saml.plugins;
031
032import com.sun.identity.saml.protocol.SubjectQuery;
033
034import java.util.List;
035import java.util.Map;
036
037/**
038 * The class <code>PartnerAccountMapper</code> is an interface
039 * that is implemented to map partner account to user account
040 * in OpenSSO.  
041 * <p>
042 * Different partner would need to have a different implementation
043 * of the interface. The mappings between the partner source ID and 
044 * the implementation class are configured at the <code>Partner URLs</code> 
045 * field in SAML service.
046 *
047 * @supported.all.api
048 */
049
050public interface PartnerAccountMapper {
051
052    /** 
053     * Key to hold user DN in returned map
054     */
055    public static final String NAME = "name";
056
057    /** 
058     * Key to hold organization DN in returned map
059     */
060    public static final String ORG = "org";
061
062    /**
063     * Key to hold attributes to be set as session properties.
064     */
065    public static final String ATTRIBUTE = "attribute";
066
067
068    /**
069     * Returns user account in OpenSSO to which the
070     * subject in the assertion is mapped. This method will be called in POST
071     * profile, <code>ARTIFACT</code> profile, <code>AttributeQuery</code> and
072     * <code>AuthorizationDecisionQuery</code>.
073     *
074     * @param assertions a list of authentication assertions returned from
075     *        partner side, this will contains user's identity in
076     *        the partner side. The object in the list will be
077     *        <code>com.sun.identity.saml.assertion.Assertion</code>
078     * @param sourceID source ID for the site from which the subject
079     *        originated.
080     * @param targetURL value for <code>TARGET</code> query parameter when the
081     *        user accessing the SAML aware servlet or post profile servlet.
082     * @return Map which contains <code>NAME</code>, <code>ORG</code> and
083     *         <code>ATTRIBUTE</code> keys, value of the <code>NAME</code>
084     *         key is the user DN, value of the <code>ORG</code> is the user
085     *         organization  DN, value of the <code>ATTRIBUTE</code> is a Map
086     *         containing key/value pairs which will be set as properties
087     *         on the OpenSSO SSO token, the key is the SSO
088     *         property name, the value is a String value of the property.
089     *         Returns empty map if the mapped user could not be obtained
090     *         from the subject.
091     */
092    public Map getUser(List assertions,String sourceID,String targetURL);
093
094    /**
095     * Returns user account in OpenSSO to which the
096     * subject in the query is mapped. This method will be called in
097     * <code>AttributeQuery</code>.
098     *
099     * @param subjectQuery subject query returned from partner side,
100     *        this will contains user's identity in the partner side.
101     * @param sourceID source ID for the site from which the subject
102     *        originated.
103     * @return Map which contains <code>NAME</code> and <code>ORG</code> keys,
104     *         value of the <code>NAME<code> key is the user DN, value of the
105     *         <code>ORG</code> is the user organization  DN. Returns empty map
106     *         if the mapped user could not be obtained from the subject.
107     */
108    public Map getUser(SubjectQuery subjectQuery,String sourceID);
109}