001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SAML2ServiceProviderAdapter.java,v 1.5 2008/08/19 19:11:15 veiming Exp $ 026 * 027 * Portions Copyrighted 2013 ForgeRock AS 028 */ 029package com.sun.identity.saml2.plugins; 030 031import com.sun.identity.saml2.common.SAML2Exception; 032import com.sun.identity.saml2.protocol.AuthnRequest; 033import com.sun.identity.saml2.protocol.LogoutRequest; 034import com.sun.identity.saml2.protocol.LogoutResponse; 035import com.sun.identity.saml2.protocol.ManageNameIDRequest; 036import com.sun.identity.saml2.protocol.ManageNameIDResponse; 037import com.sun.identity.saml2.protocol.Response; 038import javax.servlet.http.HttpServletRequest; 039import javax.servlet.http.HttpServletResponse; 040import java.io.PrintWriter; 041import java.util.Map; 042 043/** 044 * The <code>SAML2ServiceProviderAdapter</code> abstract class provides methods 045 * that could be extended to perform user specific logics during SAMLv2 046 * protocol processing on the Service Provider side. The implementation class 047 * could be configured on a per service provider basis in the extended 048 * metadata configuration. 049 * <p> 050 * A singleton instance of this <code>SAML2ServiceProviderAdapter</code> 051 * class will be used per Service Provider during runtime, so make sure 052 * implementation of the methods are thread safe. 053 * @supported.all.api 054 */ 055 056public abstract class SAML2ServiceProviderAdapter { 057 058 /** 059 * Status code for Single Sign-on success. 060 */ 061 public static final int SUCCESS = 0; 062 063 /** 064 * Status code for invalid response from <code>IDP</code>. 065 */ 066 public static final int INVALID_RESPONSE = 1; 067 068 /** 069 * Status code for federation failure due to unable to write account 070 * federation info. 071 */ 072 public static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO = 3; 073 074 /** 075 * Status code for Single Sign-On failure due to internal session error. 076 */ 077 public static final int SSO_FAILED_SESSION_ERROR = 4; 078 079 /** 080 * Status code for Single Sign-On failure due attribute mapping error. 081 */ 082 public static final int SSO_FAILED_ATTRIBUTE_MAPPING = 5; 083 084 /** 085 * Status code for Single Sign-On failure due to no user mapping. 086 */ 087 public static final int SSO_FAILED_NO_USER_MAPPING = 6; 088 089 /** 090 * Status code for Single Sign-On failure due to inactive user account. 091 */ 092 public static final int SSO_FAILED_AUTH_USER_INACTIVE = 7; 093 094 /** 095 * Status code for Single Sign-On failure due to locked user account. 096 */ 097 public static final int SSO_FAILED_AUTH_USER_LOCKED = 8; 098 099 /** 100 * Status code for Single Sign-On failure due to expired user account. 101 */ 102 public static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED = 9; 103 104 /** 105 * Status code for Single Sign-On failure due to unable to generate 106 * user session. 107 */ 108 public static final int SSO_FAILED_SESSION_GENERATION = 10; 109 110 /** 111 * Status code for Single Sign-On failure due to unable to retrieve 112 * meta data. 113 */ 114 public static final int SSO_FAILED_META_DATA_ERROR = 11; 115 116 /** 117 * Constants for hosted entity id parameter 118 */ 119 public static final String HOSTED_ENTITY_ID = "HOSTED_ENTITY_ID"; 120 121 /** 122 * Constants for the realm of the hosted entity parameter. 123 */ 124 public static final String REALM = "REALM"; 125 126 /** 127 * Initializes the federation adapter, this method will only be executed 128 * once after creation of the adapter instance. 129 * @param initParams initial set of parameters configured in the service 130 * provider for this adapter. One of the parameters named 131 * <code>HOSTED_ENTITY_ID</code> refers to the ID of this 132 * hosted service provider entity, one of the parameters named 133 * <code>REALM</code> refers to the realm of the hosted entity. 134 */ 135 public abstract void initialize(Map initParams); 136 137 /** 138 * Invokes before OpenSSO sends the 139 * Single-Sing-On request to IDP. 140 * @param hostedEntityID entity ID for the hosted SP 141 * @param idpEntityID entity id for the IDP to which the request will 142 * be sent. This will be null in ECP case. 143 * @param realm Realm of the hosted SP. 144 * @param request servlet request 145 * @param response servlet response 146 * @param authnRequest the authentication request to be send to IDP 147 * @exception SAML2Exception if user want to fail the process. 148 */ 149 public void preSingleSignOnRequest( 150 String hostedEntityID, 151 String idpEntityID, 152 String realm, 153 HttpServletRequest request, 154 HttpServletResponse response, 155 AuthnRequest authnRequest) 156 throws SAML2Exception { 157 return; 158 } 159 160 161 /** 162 * Invokes when the <code>FAM</code> received the Single-Sign-On response 163 * from the IDP, this is called before any processing started on SP side. 164 * @param hostedEntityID entity ID for the hosted SP 165 * @param realm Realm of the hosted SP. 166 * @param request servlet request 167 * @param response servlet response 168 * @param authnRequest the original authentication request sent from SP, 169 * null if this is IDP initiated SSO. 170 * @param ssoResponse response from IDP 171 * @param profile protocol profile used, one of the following values: 172 * <code>SAML2Constants.HTTP_POST</code>, 173 * <code>SAML2Constants.HTTP_ARTIFACT</code>, 174 * <code>SAML2Constants.PAOS</code> 175 * @exception SAML2Exception if user want to fail the process. 176 */ 177 public void preSingleSignOnProcess( 178 String hostedEntityID, 179 String realm, 180 HttpServletRequest request, 181 HttpServletResponse response, 182 AuthnRequest authnRequest, 183 Response ssoResponse, 184 String profile) 185 throws SAML2Exception { 186 return; 187 } 188 189 /** 190 * Invokes after Single-Sign-On processing succeeded. 191 * @param hostedEntityID Entity ID for the hosted SP 192 * @param realm Realm of the hosted SP. 193 * @param request servlet request 194 * @param response servlet response 195 * @param out the print writer for writing out presentation 196 * @param session user's session 197 * @param authnRequest the original authentication request sent from SP, 198 * null if this is IDP initiated SSO. 199 * @param ssoResponse response from IDP 200 * @param profile protocol profile used, one of the following values: 201 * <code>SAML2Constants.HTTP_POST</code>, 202 * <code>SAML2Constants.HTTP_ARTIFACT</code>, 203 * <code>SAML2Constants.PAOS</code> 204 * @param isFederation true if this is federation case, false otherwise. 205 * @return true if browser redirection happened after processing, 206 * false otherwise. Default to false. 207 * @exception SAML2Exception if user want to fail the process. 208 */ 209 public boolean postSingleSignOnSuccess( 210 String hostedEntityID, 211 String realm, 212 HttpServletRequest request, 213 HttpServletResponse response, 214 PrintWriter out, 215 Object session, 216 AuthnRequest authnRequest, 217 Response ssoResponse, 218 String profile, 219 boolean isFederation) 220 throws SAML2Exception { 221 return false; 222 } 223 224 225 /** 226 * Invokes after Single Sign-On processing failed. 227 * @param hostedEntityID Entity ID for the hosted SP 228 * @param realm Realm of the hosted SP. 229 * @param request servlet request 230 * @param response servlet response 231 * @param authnRequest the original authentication request sent from SP, 232 * null if this is IDP initiated SSO. 233 * @param ssoResponse response from IDP 234 * @param profile protocol profile used, one of the following values: 235 * <code>SAML2Constants.HTTP_POST</code>, 236 * <code>SAML2Constants.HTTP_ARTIFACT</code>, 237 * <code>SAML2Constants.PAOS</code> 238 * @param failureCode an integer specifies the failure code. Possible 239 * failure codes are defined in this interface. 240 * @return true if browser redirection happened, false otherwise. Default to 241 * false. 242 */ 243 public boolean postSingleSignOnFailure( 244 String hostedEntityID, 245 String realm, 246 HttpServletRequest request, 247 HttpServletResponse response, 248 AuthnRequest authnRequest, 249 Response ssoResponse, 250 String profile, 251 int failureCode) { 252 return false; 253 } 254 255 256 /** 257 * Invokes after new Name Identifier processing succeeded. 258 * @param hostedEntityID Entity ID for the hosted SP 259 * @param realm Realm of the hosted SP. 260 * @param request servlet request 261 * @param response servlet response 262 * @param userID Universal ID of the user with whom the new name identifier 263 * request performed 264 * @param idRequest New name identifier request, value will be 265 * null if the request object is not available 266 * @param idResponse New name identifier response, value will be 267 * null if the response object is not available 268 * @param binding Binding used for new name identifier request, 269 * one of following values: 270 * <code>SAML2Constants.SOAP</code>, 271 * <code>SAML2Constants.HTTP_REDIRECT</code> 272 */ 273 public void postNewNameIDSuccess( 274 String hostedEntityID, 275 String realm, 276 HttpServletRequest request, 277 HttpServletResponse response, 278 String userID, 279 ManageNameIDRequest idRequest, 280 ManageNameIDResponse idResponse, 281 String binding) { 282 return; 283 } 284 285 /** 286 * Invokes after Terminate Name Identifier processing succeeded. 287 * @param hostedEntityID Entity ID for the hosted SP 288 * @param realm Realm of the hosted SP. 289 * @param request servlet request 290 * @param response servlet response 291 * @param userID Universal ID of the user with whom name id termination 292 * performed. 293 * @param idRequest Terminate name identifier request. 294 * @param idResponse Terminate name identifier response, value will be 295 * null if the response object is not available 296 * @param binding binding used for Terminate Name Identifier request, 297 * one of following values: 298 * <code>SAML2Constants.SOAP</code>, 299 * <code>SAML2Constants.HTTP_REDIRECT</code> 300 */ 301 public void postTerminateNameIDSuccess( 302 String hostedEntityID, 303 String realm, 304 HttpServletRequest request, 305 HttpServletResponse response, 306 String userID, 307 ManageNameIDRequest idRequest, 308 ManageNameIDResponse idResponse, 309 String binding) { 310 return; 311 } 312 313 /** 314 * Invokes before single logout process started on <code>SP</code> side. 315 * This method is called before the user session is invalidated on the 316 * service provider side. 317 * @param hostedEntityID Entity ID for the hosted SP 318 * @param realm Realm of the hosted SP. 319 * @param request servlet request 320 * @param response servlet response 321 * @param userID universal ID of the user 322 * @param logoutRequest single logout request object 323 * @param logoutResponse single logout response, value will be 324 * null if the response object is not available 325 * @param binding binding used for Single Logout request, 326 * one of following values: 327 * <code>SAML2Constants.SOAP</code>, 328 * <code>SAML2Constants.HTTP_REDIRECT</code> 329 * @exception SAML2Exception if user want to fail the process. 330 */ 331 public void preSingleLogoutProcess( 332 String hostedEntityID, 333 String realm, 334 HttpServletRequest request, 335 HttpServletResponse response, 336 String userID, 337 LogoutRequest logoutRequest, 338 LogoutResponse logoutResponse, 339 String binding) 340 throws SAML2Exception { 341 return; 342 } 343 344 /** 345 * Invokes after single logout process succeeded, i.e. user session 346 * has been invalidated. 347 * @param hostedEntityID Entity ID for the hosted SP 348 * @param realm Realm of the hosted SP. 349 * @param request servlet request 350 * @param response servlet response 351 * @param userID universal ID of the user 352 * @param logoutRequest single logout request, value will be 353 * null if the request object is not available 354 * @param logoutResponse single logout response, value will be 355 * null if the response object is not available 356 * @param binding binding used for Single Logout request, 357 * one of following values: 358 * <code>SAML2Constants.SOAP</code>, 359 * <code>SAML2Constants.HTTP_REDIRECT</code> 360 */ 361 public void postSingleLogoutSuccess( 362 String hostedEntityID, 363 String realm, 364 HttpServletRequest request, 365 HttpServletResponse response, 366 String userID, 367 LogoutRequest logoutRequest, 368 LogoutResponse logoutResponse, 369 String binding) { 370 return; 371 } 372}
Copyright © 2010-2017, ForgeRock All Rights Reserved.