001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyrighted [year] [name of copyright owner]".
013 *
014 * Copyright 2015-2016 ForgeRock AS.
015 */
016
017package org.forgerock.openam.sts.tokengeneration.oidc;
018
019import com.iplanet.sso.SSOToken;
020import org.forgerock.openam.sts.TokenCreationException;
021
022import java.util.Map;
023
024/**
025 * An instance of this interface will be used to insert any custom claims into issued OpenIdConnect tokens.
026 * STS instances will be published with state which will allow users to specify their own implementation of this
027 * interface, and if so, an instance of the user-specified class will be consulted to perform the attribute mapping.
028 *
029 * @supported.all.api
030 */
031public interface OpenIdConnectTokenClaimMapper {
032    /**
033     *
034     * @param token The SSOToken corresponding to the subject of the to-be-issued OpenIdConnect token
035     * @param claimMap the claim mapping, as defined by the OpenIdConnectTokenConfig state associated with the published
036     *                 sts instance. The map keys will be the claim names, and the LDAP datastore lookup of the attributes
037     *                 provided by the map values will provide the value of the claim. Multiple attributes will be separated
038     *                 by a space. If the LDAP lookup of the subject corresponding to the SSOToken of the attribute specified
039     *                 in the map value does not return a result, the claim will not be inserted in the issued token.
040     * @return the mapping of custom claim names to claim values to be inserted in the issued token. If one of the custom
041     * claims conflicts with a standard claim name already in the jwt, then an warning will be logged but the custom claim
042     * will be inserted. All entries should be non-null.
043     * @throws TokenCreationException if the attribute lookup fails
044     */
045    Map<String, String> getCustomClaims(SSOToken token, Map<String, String> claimMap) throws TokenCreationException;
046}