001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: SAML2ServiceProviderAdapter.java,v 1.5 2008/08/19 19:11:15 veiming Exp $
026 *
027 * Portions Copyrighted 2013 ForgeRock AS
028 */
029package com.sun.identity.saml2.plugins;
030
031import com.sun.identity.saml2.common.SAML2Exception;
032import com.sun.identity.saml2.protocol.AuthnRequest;
033import com.sun.identity.saml2.protocol.LogoutRequest;
034import com.sun.identity.saml2.protocol.LogoutResponse;
035import com.sun.identity.saml2.protocol.ManageNameIDRequest;
036import com.sun.identity.saml2.protocol.ManageNameIDResponse;
037import com.sun.identity.saml2.protocol.Response;
038import javax.servlet.http.HttpServletRequest;
039import javax.servlet.http.HttpServletResponse;
040import java.io.PrintWriter;
041import java.util.Map;
042
043/**
044 * The <code>SAML2ServiceProviderAdapter</code> abstract class provides methods
045 * that could be extended to perform user specific logics during SAMLv2 
046 * protocol processing on the Service Provider side. The implementation class
047 * could be configured on a per service provider basis in the extended
048 * metadata configuration.   
049 * <p>
050 * A singleton instance of this <code>SAML2ServiceProviderAdapter</code>
051 * class will be used per Service Provider during runtime, so make sure 
052 * implementation of the methods are thread safe. 
053 * @supported.all.api
054 */
055
056public abstract class SAML2ServiceProviderAdapter {
057
058    /**
059     * Status code for Single Sign-on success.
060     */
061    public static final int SUCCESS = 0;
062
063    /**
064     * Status code for invalid response from <code>IDP</code>.
065     */
066    public static final int INVALID_RESPONSE = 1;
067
068    /**
069     * Status code for federation failure due to unable to write account 
070     * federation info.
071     */
072    public static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO = 3;
073
074    /**
075     * Status code for Single Sign-On failure due to internal session error.
076     */
077    public static final int SSO_FAILED_SESSION_ERROR = 4;
078
079    /**
080     * Status code for Single Sign-On failure due attribute mapping error.
081     */
082    public static final int SSO_FAILED_ATTRIBUTE_MAPPING = 5;
083
084    /**
085     * Status code for Single Sign-On failure due to no user mapping.
086     */
087    public static final int SSO_FAILED_NO_USER_MAPPING = 6;
088
089    /**
090     * Status code for Single Sign-On failure due to inactive user account.
091     */
092    public static final int SSO_FAILED_AUTH_USER_INACTIVE = 7;
093
094    /**
095     * Status code for Single Sign-On failure due to locked user account.
096     */
097    public static final int SSO_FAILED_AUTH_USER_LOCKED = 8;
098
099    /**
100     * Status code for Single Sign-On failure due to expired user account.
101     */
102    public static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED = 9;
103
104    /**
105     * Status code for Single Sign-On failure due to unable to generate 
106     * user session. 
107     */
108    public static final int SSO_FAILED_SESSION_GENERATION = 10;
109
110    /**
111     * Status code for Single Sign-On failure due to unable to retrieve 
112     * meta data. 
113     */
114    public static final int SSO_FAILED_META_DATA_ERROR = 11;
115
116    /**
117     * Constants for hosted entity id parameter
118     */
119    public static final String HOSTED_ENTITY_ID = "HOSTED_ENTITY_ID";
120    
121    /**
122     * Constants for the realm of the hosted entity parameter.
123     */
124    public static final String REALM = "REALM";
125
126    /**
127     * Initializes the federation adapter, this method will only be executed
128     * once after creation of the adapter instance.
129     * @param initParams  initial set of parameters configured in the service
130     *          provider for this adapter. One of the parameters named
131     *          <code>HOSTED_ENTITY_ID</code> refers to the ID of this 
132     *          hosted service provider entity, one of the parameters named
133     *          <code>REALM</code> refers to the realm of the hosted entity.
134     */
135    public abstract void initialize(Map initParams);
136 
137    /**
138     * Invokes before OpenSSO sends the 
139     * Single-Sing-On request to IDP. 
140     * @param hostedEntityID entity ID for the hosted SP
141     * @param idpEntityID entity id for the IDP to which the request will 
142     *          be sent. This will be null in ECP case.
143     * @param realm Realm of the hosted SP.
144     * @param request servlet request
145     * @param response servlet response
146     * @param authnRequest the authentication request to be send to IDP 
147     * @exception SAML2Exception if user want to fail the process.
148     */
149    public void preSingleSignOnRequest(
150        String hostedEntityID, 
151        String idpEntityID,
152        String realm,
153        HttpServletRequest request, 
154        HttpServletResponse response, 
155        AuthnRequest authnRequest)
156    throws SAML2Exception {
157        return;
158    }
159
160
161    /**
162     * Invokes when the <code>FAM</code> received the Single-Sign-On response
163     * from the IDP, this is called before any processing started on SP side.
164     * @param hostedEntityID entity ID for the hosted SP
165     * @param realm Realm of the hosted SP.
166     * @param request servlet request
167     * @param response servlet response
168     * @param authnRequest the original authentication request sent from SP, 
169     *       null if this is IDP initiated SSO.
170     * @param ssoResponse response from IDP 
171     * @param profile protocol profile used, one of the following values: 
172     *     <code>SAML2Constants.HTTP_POST</code>, 
173     *     <code>SAML2Constants.HTTP_ARTIFACT</code>,
174     *     <code>SAML2Constants.PAOS</code>
175     * @exception SAML2Exception if user want to fail the process.
176     */
177    public void preSingleSignOnProcess(
178        String hostedEntityID, 
179        String realm,
180        HttpServletRequest request, 
181        HttpServletResponse response, 
182        AuthnRequest authnRequest, 
183        Response ssoResponse,
184        String profile)
185    throws SAML2Exception {
186        return;
187    }
188
189    /**
190     * Invokes after Single-Sign-On processing succeeded.
191     * @param hostedEntityID Entity ID for the hosted SP
192     * @param realm Realm of the hosted SP.
193     * @param request servlet request
194     * @param response servlet response
195     * @param out the print writer for writing out presentation
196     * @param session user's session
197     * @param authnRequest the original authentication request sent from SP, 
198     *       null if this is IDP initiated SSO.
199     * @param ssoResponse response from IDP 
200     * @param profile protocol profile used, one of the following values: 
201     *     <code>SAML2Constants.HTTP_POST</code>, 
202     *     <code>SAML2Constants.HTTP_ARTIFACT</code>,
203     *     <code>SAML2Constants.PAOS</code>
204     * @param isFederation true if this is federation case, false otherwise.
205     * @return true if browser redirection happened after processing, 
206     *     false otherwise. Default to false. 
207     * @exception SAML2Exception if user want to fail the process.
208     */
209    public boolean postSingleSignOnSuccess(
210        String hostedEntityID, 
211        String realm,
212        HttpServletRequest request, 
213        HttpServletResponse response,
214        PrintWriter out,
215        Object session,
216        AuthnRequest authnRequest, 
217        Response ssoResponse,
218        String profile, 
219        boolean isFederation)
220    throws SAML2Exception {
221        return false;
222    }
223
224
225    /**
226     * Invokes after Single Sign-On processing failed.
227     * @param hostedEntityID Entity ID for the hosted SP
228     * @param realm Realm of the hosted SP.
229     * @param request servlet request
230     * @param response servlet response
231     * @param authnRequest the original authentication request sent from SP,
232     *       null if this is IDP initiated SSO.
233     * @param ssoResponse response from IDP 
234     * @param profile protocol profile used, one of the following values: 
235     *     <code>SAML2Constants.HTTP_POST</code>, 
236     *     <code>SAML2Constants.HTTP_ARTIFACT</code>,
237     *     <code>SAML2Constants.PAOS</code>
238     * @param failureCode an integer specifies the failure code. Possible
239     *          failure codes are defined in this interface.
240     * @return true if browser redirection happened, false otherwise. Default to
241     *         false.
242     */
243    public boolean postSingleSignOnFailure(
244        String hostedEntityID,
245        String realm,
246        HttpServletRequest request,
247        HttpServletResponse response,
248        AuthnRequest authnRequest,
249        Response ssoResponse,
250        String profile, 
251        int failureCode) {
252        return false;
253    }
254
255
256    /**
257     * Invokes after new Name Identifier processing succeeded. 
258     * @param hostedEntityID Entity ID for the hosted SP
259     * @param realm Realm of the hosted SP.
260     * @param request servlet request
261     * @param response servlet response
262     * @param userID Universal ID of the user with whom the new name identifier
263     *        request performed
264     * @param idRequest New name identifier request, value will be
265     *                null if the request object is not available
266     * @param idResponse New name identifier response, value will be
267     *          null if the response object is not available
268     * @param binding Binding used for new name identifier request, 
269     *        one of following values:
270     *          <code>SAML2Constants.SOAP</code>,
271     *          <code>SAML2Constants.HTTP_REDIRECT</code>
272     */
273    public void postNewNameIDSuccess(
274        String hostedEntityID,
275        String realm,
276        HttpServletRequest request,
277        HttpServletResponse response,
278        String userID,
279        ManageNameIDRequest idRequest,
280        ManageNameIDResponse idResponse,
281        String binding) {
282        return;
283    }
284
285    /**
286     * Invokes after Terminate Name Identifier processing succeeded. 
287     * @param hostedEntityID Entity ID for the hosted SP
288     * @param realm Realm of the hosted SP.
289     * @param request servlet request
290     * @param response servlet response
291     * @param userID Universal ID of the user with whom name id termination 
292     *        performed.
293     * @param idRequest Terminate name identifier request. 
294     * @param idResponse Terminate name identifier response, value will be
295     *          null if the response object is not available
296     * @param binding binding used for Terminate Name Identifier request, 
297     *      one of following values:
298     *          <code>SAML2Constants.SOAP</code>,
299     *          <code>SAML2Constants.HTTP_REDIRECT</code>
300     */
301    public void postTerminateNameIDSuccess(
302        String hostedEntityID, 
303        String realm,
304        HttpServletRequest request, 
305        HttpServletResponse response,
306        String userID,
307        ManageNameIDRequest idRequest,
308        ManageNameIDResponse idResponse,
309        String binding) {
310        return;
311    }
312
313    /**
314     * Invokes before single logout process started on <code>SP</code> side. 
315     * This method is called before the user session is invalidated on the 
316     * service provider side. 
317     * @param hostedEntityID Entity ID for the hosted SP
318     * @param realm Realm of the hosted SP.
319     * @param request servlet request
320     * @param response servlet response
321     * @param userID universal ID of the user 
322     * @param logoutRequest single logout request object 
323     * @param logoutResponse single logout response, value will be
324     *          null if the response object is not available
325     * @param binding binding used for Single Logout request, 
326     *      one of following values:
327     *          <code>SAML2Constants.SOAP</code>,
328     *          <code>SAML2Constants.HTTP_REDIRECT</code>
329     * @exception SAML2Exception if user want to fail the process.
330     */
331    public void preSingleLogoutProcess(
332        String hostedEntityID,
333        String realm,
334        HttpServletRequest request,
335        HttpServletResponse response,
336        String userID,
337        LogoutRequest logoutRequest,
338        LogoutResponse logoutResponse,
339        String binding) 
340    throws SAML2Exception {
341        return;
342    }
343
344    /**
345     * Invokes after single logout process succeeded, i.e. user session 
346     * has been invalidated.
347     * @param hostedEntityID Entity ID for the hosted SP
348     * @param realm Realm of the hosted SP.
349     * @param request servlet request
350     * @param response servlet response
351     * @param userID universal ID of the user 
352     * @param logoutRequest single logout request, value will be
353     *          null if the request object is not available
354     * @param logoutResponse single logout response, value will be
355     *          null if the response object is not available
356     * @param binding binding used for Single Logout request, 
357     *      one of following values:
358     *          <code>SAML2Constants.SOAP</code>,
359     *          <code>SAML2Constants.HTTP_REDIRECT</code>
360     */
361    public void postSingleLogoutSuccess(
362        String hostedEntityID, 
363        String realm,
364        HttpServletRequest request, 
365        HttpServletResponse response, 
366        String userID,
367        LogoutRequest logoutRequest, 
368        LogoutResponse logoutResponse,
369        String binding) {
370        return;
371    }
372} 




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.