001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: FederationSPAdapter.java,v 1.4 2008/06/25 05:46:50 qcheng Exp $
026 * Portions Copyrighted 2014 ForgeRock AS
027 */
028
029package com.sun.identity.federation.plugins;
030
031import com.sun.identity.federation.common.FederationException;
032import com.sun.identity.federation.message.FSAuthnRequest;
033import com.sun.identity.federation.message.FSAuthnResponse;
034import com.sun.identity.federation.message.FSFederationTerminationNotification;
035import com.sun.identity.federation.message.FSLogoutNotification;
036import com.sun.identity.federation.message.FSLogoutResponse;
037import com.sun.identity.federation.message.FSNameRegistrationRequest;
038import com.sun.identity.federation.message.FSNameRegistrationResponse;
039import com.sun.identity.federation.message.FSResponse;
040import java.util.Set;
041import javax.servlet.http.HttpServletRequest;
042import javax.servlet.http.HttpServletResponse;
043
044/**
045 * The interface <code>FederationSPAdapter</code> could be implemented to 
046 * perform user specific processing during federation process on the
047 * Liberty Service Provider side.   
048 * <p>
049 * A singleton instance of this <code>FederationSPAdapter</code> will be used 
050 * during runtime, so make sure implementation of the federation 
051 * processing methods (except initialize() method) are thread safe. 
052 * @supported.all.api
053 * @deprecated since 12.0.0
054 */
055@Deprecated
056public interface FederationSPAdapter {
057
058    /**
059     * Federation or Single Sign on process succeed at <code>SP</code> side.
060     */
061    public static final int SUCCESS = 0;
062
063    /**
064     * Response from <code>IDP</code> with Browser POST or LECP profile contains     * non-Success status code.
065     */
066    public static final int INVALID_AUTHN_RESPONSE = 1;
067
068    /**
069     * Response from <code>IDP</code> with Browser Artifact profile contains
070     * non-Success status code.
071     */
072    public static final int INVALID_RESPONSE = 2;
073
074    /**
075     * Account federation failed.
076     */
077    public static final int FEDERATION_FAILED = 3;
078
079    /**
080     * Account federation failed because it failed to generate user token.
081     */
082    public static final int FEDERATION_FAILED_SSO_TOKEN_GENERATION = 4;
083
084    /**
085     * Account federation failed because it failed to generate anonymous
086     * token.
087     */
088    public static final int FEDERATION_FAILED_ANON_TOKEN_GENERATION = 5;
089
090    /**
091     * Account federation failed because anonymous user account is inactive.
092     */
093    public static final int FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE = 6;
094
095    /**
096     * Account federation failed because anonymous user account is locked.
097     */
098    public static final int FEDERATION_FAILED_ANON_AUTH_USER_LOCKED = 7;
099
100    /**
101     * Account federation failed because anonymous user account is expired.
102     */
103    public static final int FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED = 8;
104
105    /**
106     * Account federation failed because it failed to write account federation
107     * info.
108     */
109    public static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO = 9;
110
111    /**
112     * Single Sign On failed.
113     */
114    public static final int SSO_FAILED = 10;
115
116    /**
117     * Single Sign On failed because federation info does not exist at
118     * <code>SP</code> side.
119     */
120    public static final int SSO_FAILED_FEDERATION_DOESNOT_EXIST = 11;
121
122    /**
123     * Single Sign On failed because it failed to find auto federation user.
124     */
125    public static final int SSO_FAILED_AUTO_FED = 12;
126
127    /**
128     * Single Sign On failed because the user account is inactive.
129     */
130    public static final int SSO_FAILED_AUTH_USER_INACTIVE = 13;
131
132    /**
133     * Single Sign On failed because the user account is locked.
134     */
135    public static final int SSO_FAILED_AUTH_USER_LOCKED = 14;
136
137    /**
138     * Single Sign On failed because the user account is expired.
139     */
140    public static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED = 15;
141
142    /**
143     * Single Sign On failed because it failed to generate user token.
144     */
145    public static final int SSO_FAILED_TOKEN_GENERATION = 16;
146
147    /**
148     * Adapter's initialization parameter name for realm.
149     */
150    public static final String ENV_REALM = "REALM=";
151
152    /**
153     * Initializes the federation adapter, this method will only be executed
154     * once after creation of the adapter instance.
155     * @param hostedEntityID entity ID for the hosted SP
156     * @param initParams  initial set of parameters(such as REALM) configured
157     *  in the service provider for this adapter.
158     */
159    public void initialize(String hostedEntityID, Set initParams);
160 
161    /**
162     * Invokes before federation manager sends the Single-Sing-On and Federation
163     * request to IDP. 
164     * @param hostedEntityID entity ID for the hosted SP
165     * @param idpEntityID entity id for the IDP to which the request will 
166     *          be sent
167     * @param request servlet request
168     * @param response servlet response
169     * @param authnRequest the authentication request to be send to IDP 
170     */
171    public void preSSOFederationRequest(
172        String hostedEntityID, 
173        String idpEntityID,
174        HttpServletRequest request, 
175        HttpServletResponse response, 
176        FSAuthnRequest authnRequest);
177
178
179    /**
180     * Invokes when the FM received the Single-Sign-On and Federation response
181     * from the IDP, this is called before any processing started on SP side.
182     * @param hostedEntityID entity ID for the hosted SP
183     * @param request servlet request
184     * @param response servlet response
185     * @param authnRequest the original authentication request sent from SP 
186     * @param authnResponse response from IDP if Browser POST or LECP profile
187     *          is used for the request, value will be null if Browser Artifact
188     *          profile is used. 
189     * @param samlResponse response from IDP if Browser Artifact profile is used
190     *          for the request, value will be null if Browser POST or LECP 
191     *          profile is used.
192     * @exception FederationException if user want to fail the process.
193     */
194    public void preSSOFederationProcess(
195        String hostedEntityID, 
196        HttpServletRequest request, 
197        HttpServletResponse response, 
198        FSAuthnRequest authnRequest, 
199        FSAuthnResponse authnResponse,
200        FSResponse samlResponse)
201    throws FederationException;
202
203    /**
204     * Invokes after Single-Sign-On and Federation processing is successful.
205     * @param hostedEntityID Entity ID for the hosted SP
206     * @param request servlet request
207     * @param response servlet response
208     * @param ssoToken   user's SSO Token 
209     * @param authnRequest the original authentication request sent from SP 
210     * @param authnResponse response from IDP if Browser POST or LECP profile
211     *          is used for the request, value will be null if Browser Artifact
212     *          profile is used. 
213     * @param samlResponse response from IDP if Browser Artifact profile is used
214     *          for the request, value will be null if Browser POST or LECP 
215     *          profile is used.
216     * @return true if browser redirection happened, false otherwise.
217     * @exception FederationException if user want to fail the process.
218     */
219    public boolean postSSOFederationSuccess(
220        String hostedEntityID, 
221        HttpServletRequest request, 
222        HttpServletResponse response, 
223        Object ssoToken,
224        FSAuthnRequest authnRequest, 
225        FSAuthnResponse authnResponse,
226        FSResponse samlResponse)
227    throws FederationException;
228
229
230    /**
231     * Invokes after Single-Sign-On or Federation processing is failed.
232     * @param hostedEntityID Entity ID for the hosted SP
233     * @param request servlet request
234     * @param response servlet response
235     * @param authnRequest the original authentication request sent from SP
236     * @param authnResponse response from IDP if Browser POST or LECP profile
237     *          is used for the request, value will be null if Browser Artifact
238     *          profile is used.
239     * @param samlResponse response from IDP if Browser Artifact profile is used     *          for the request, value will be null if Browser POST or LECP
240     *          profile is used.
241     * @param failureCode an integer specifies the failure code. Possible
242     *          failure codes are defined in this interface.
243     * @return true if browser redirection happened, false otherwise.
244     */
245    public boolean postSSOFederationFailure(String hostedEntityID,
246                                HttpServletRequest request,
247                                HttpServletResponse response,
248                                FSAuthnRequest authnRequest,
249                                FSAuthnResponse authnResponse,
250                                FSResponse samlResponse,
251                                int failureCode);
252
253
254    /**
255     * Invokes after Register Name Identifier processing is successful 
256     * @param hostedEntityID Entity ID for the hosted SP
257     * @param request servlet request
258     * @param response servlet response
259     * @param userDN DN of the user with whom name identifier registration
260     *        performed
261     * @param regRequest register name identifier request, value will be
262     *                null if the request object is not available
263     * @param regResponse register name identifier response, value will be
264     *          null if the response object is not available
265     * @param regProfile register name identifier profile used, one of following
266     *          IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE
267     *          IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE
268     *          IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE
269     *          IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE
270     */
271    public void postRegisterNameIdentifierSuccess(
272        String hostedEntityID,
273        HttpServletRequest request,
274        HttpServletResponse response,
275        String userDN,
276        FSNameRegistrationRequest regRequest,
277        FSNameRegistrationResponse regResponse,
278        String regProfile);
279
280    /**
281     * Invokes after the service provider successfully terminates federation 
282     * with IDP.
283     * @param hostedEntityID Entity ID for the hosted SP
284     * @param request servlet request
285     * @param response servlet response
286     * @param userDN DN of the user with whom name identifier registration
287     *        performed
288     * @param notification federation termination notification message 
289     * @param termProfile federation termination profile used, one of following
290     *          IFSConstants.TERMINATION_SP_HTTP_PROFILE
291     *          IFSConstants.TERMINATION_SP_SOAP_PROFILE
292     *          IFSConstants.TERMINATION_IDP_HTTP_PROFILE
293     *          IFSConstants.TERMINATION_IDP_SOAP_PROFILE
294     */
295    public void postTerminationNotificationSuccess(
296        String hostedEntityID, 
297        HttpServletRequest request, 
298        HttpServletResponse response,
299        String userDN,
300        FSFederationTerminationNotification notification,
301        String termProfile);
302
303    /**
304     * Invokes before single logout process started on FM side. This method
305     * is called before the user token is invalidated on the service provider
306     * side. 
307     * @param hostedEntityID Entity ID for the hosted SP
308     * @param request servlet request
309     * @param response servlet response
310     * @param userDN user DN
311     * @param logoutRequest single logout request object 
312     * @param logoutResponse single logout response, value will be
313     *          null if the response object is not available
314     * @param sloProfile single logout profile used, one of following
315     *          IFSConstants.LOGOUT_SP_REDIRECT_PROFILE
316     *          IFSConstants.LOGOUT_SP_SOAP_PROFILE
317     *          IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE
318     *          IFSConstants.LOGOUT_IDP_SOAP_PROFILE
319     */
320    public void preSingleLogoutProcess(
321        String hostedEntityID,
322        HttpServletRequest request,
323        HttpServletResponse response,
324        String userDN,
325        FSLogoutNotification logoutRequest,
326        FSLogoutResponse logoutResponse,
327        String sloProfile);
328
329    /**
330     * Invokes after single logout is successful completed, i.e. user token
331     * has been invalidated.
332     * @param hostedEntityID Entity ID for the hosted SP
333     * @param request servlet request
334     * @param response servlet response
335     * @param userDN user DN
336     * @param logoutRequest single logout request, value will be
337     *          null if the request object is not available
338     * @param logoutResponse single logout response, value will be
339     *          null if the response object is not available
340     * @param sloProfile single logout profile used, one of following
341     *          IFSConstants.LOGOUT_SP_HTTP_PROFILE
342     *          IFSConstants.LOGOUT_SP_SOAP_PROFILE
343     *          IFSConstants.LOGOUT_IDP_HTTP_PROFILE
344     *          IFSConstants.LOGOUT_IDP_SOAP_PROFILE
345     */
346    public void postSingleLogoutSuccess(
347        String hostedEntityID, 
348        HttpServletRequest request, 
349        HttpServletResponse response, 
350        String userDN,
351        FSLogoutNotification logoutRequest, 
352        FSLogoutResponse logoutResponse,
353        String sloProfile);
354} 




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.