001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: IDPAccountMapper.java,v 1.5 2008/06/25 05:47:51 qcheng Exp $ 026 * 027 * Portions Copyrighted 2015-2016 ForgeRock AS. 028 */ 029package com.sun.identity.saml2.plugins; 030 031import com.sun.identity.saml2.assertion.NameID; 032import com.sun.identity.saml2.common.SAML2Exception; 033import com.sun.identity.saml2.protocol.ManageNameIDRequest; 034 035/** 036 * The interface <code>IDPAccountMapper</code> is used to map the local identities to the <code>SAML</code> protocol 037 * objects and also the vice versa for some of the protocols for e.g. <code>ManageNameIDRequest</code>. 038 * <p/> 039 * This mapper interface is used to map the identities only at the <code>SAML Identity Provider</code>. The 040 * implementation of this interface will be used by the <code>SAML</code> framework to retrieve the user's account 041 * federation information for constructing SAML protocol objects such as <code>Assertion</code> and also to find out 042 * the corresponding user account for the given SAML requests. 043 * 044 * @see com.sun.identity.saml2.plugins.SPAccountMapper 045 * @supported.all.api 046 */ 047public interface IDPAccountMapper { 048 049 /** 050 * Returns the user's <code>NameID</code>information that contains account federation with the corresponding remote 051 * and local entities. 052 * 053 * @param session Single Sign On session of the user. 054 * @param hostEntityID <code>EntityID</code> of the hosted provider. 055 * @param remoteEntityID <code>EntityID</code> of the remote provider. 056 * @param realm Realm or the organization name that may be used to find the user information. 057 * @param nameIDFormat <code>NameID</code> format. 058 * @return The <code>NameID</code> corresponding to the authenticated user. 059 * @throws SAML2Exception If there was any failure. 060 */ 061 public NameID getNameID(Object session, String hostEntityID, String remoteEntityID, String realm, 062 String nameIDFormat) throws SAML2Exception; 063 064 065 /** 066 * Returns the user's distinguished name or the universal ID for the corresponding 067 * <code>SAML ManageNameIDRequest</code>. 068 * This method returns the universal ID or the DN based on the deployment of 069 * the SAMLv2 plugin base platform. 070 * 071 * @param manageNameIDRequest <code>SAML ManageNameIDRequest</code> that needs to be mapped to the user. 072 * @param hostEntityID <code>EntityID</code> of the hosted provider. 073 * @param realm Realm or the organization name that may be used to find the user information. 074 * @return User's distinguished name or the universal ID. 075 * @throws SAML2Exception If there was any failure. 076 */ 077 public String getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm) 078 throws SAML2Exception; 079 080 /** 081 * Returns the user's distinguished name or the universal ID for the corresponding <code>SAML NameID</code>. 082 * This method returns the universal ID or the DN based on the deployment of the SAMLv2 plugin base platform. 083 * 084 * @param nameID <code>SAML NameID</code> that needs to be mapped to the user. 085 * @param hostEntityID <code>EntityID</code> of the hosted provider. 086 * @param remoteEntityID <code>EntityID</code> of the remote provider. 087 * @param realm Realm or the organization name that may be used to find the user information. 088 * @return User's distinguished name or the universal ID. 089 * @throws SAML2Exception If there was any failure. 090 */ 091 public String getIdentity(NameID nameID, String hostEntityID, String remoteEntityID, String realm) 092 throws SAML2Exception; 093 094 /** 095 * Tells whether the provided NameID-Format should be persisted in the user data store or not. 096 * 097 * @param realm The hosted IdP's realm. 098 * @param hostEntityID The hosted IdP's entityID. 099 * @param remoteEntityID The remote SP's entityID. 100 * @param nameIDFormat The non-transient NameID-Format in question. 101 * @return <code>true</code> if the provided NameID-Format should be persisted in the user data store, 102 * <code>false</code> otherwise. 103 */ 104 public boolean shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID, 105 String nameIDFormat); 106}