001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyrighted [year] [name of copyright owner]". 013 * 014 * Copyright 2015-2016 ForgeRock AS. 015 */ 016 017package org.forgerock.openam.sts.rest.token.provider.oidc; 018 019import org.forgerock.json.JsonValue; 020import org.forgerock.openam.sts.TokenTypeId; 021 022/** 023 * OpenIdConnect tokens can include an Authentication Context Class Reference (acr) claim which indicates how the subject 024 * asserted by the OIDC token was authenticated. For the rest-sts, this will ultimately be a function of the input token 025 * in the token transformation invocation. A default implementation of this interface will be provided, but if users wish 026 * to customize the default mappings, or support a specific acr value for a custom token implementation, then they 027 * can implement this interface with a classpath-resident class, and specify the name of this class in the OpenIdConnectTokenConfig 028 * state associated with the published sts, and that class will be consulted to provide the value of the acr claim corresponding 029 * to the input token state. 030 * 031 * @supported.all.api 032 */ 033public interface OpenIdConnectTokenAuthnContextMapper { 034 /** 035 * Returns the AuthnContext value corresponding to the TokenType inputToken. 036 * @param inputTokenType The TokenType validated as part of the token transformation 037 * @param inputToken The json representation of the validated token, as presented to the REST STS in the 038 * token transformation invocation. This state can be used by custom implementations of this interface 039 * to make more elaborate decisions regarding the returned AuthnContext class reference. 040 * @return A valid AuthnContext value, as specified in the acr claim here: 041 * http://openid.net/specs/openid-connect-core-1_0.html#IDToken 042 */ 043 String getAuthnContextClassReference(TokenTypeId inputTokenType, JsonValue inputToken); 044 045}