001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: SPAccountMapper.java,v 1.5 2008/08/19 19:11:15 veiming Exp $ 026 * 027 * Portions Copyrighted 2015-2016 ForgeRock AS. 028 */ 029package com.sun.identity.saml2.plugins; 030 031import com.sun.identity.saml2.assertion.Assertion; 032import com.sun.identity.saml2.common.SAML2Exception; 033import com.sun.identity.saml2.protocol.ManageNameIDRequest; 034 035/** 036 * The interface <code>SPAccountMapper</code> is used to identify the local identities that maps the <code>SAML</code> 037 * protocol objects such as <code>Assertion</code>, <code>ManageNameIDRequest</code> etc. 038 * This mapper interface is used to map the identities only at the <code>SAML Service Provider</code>. 039 * The implementation of this interface will be used by the <code>SAML</code> framework to retrieve the user identity 040 * information for the consumption of generating a user session, or manage the user account information while handling 041 * the <code>SAML</code> protocols and it is pluggable through local configuration in the <code>SAML2</code> plugin. 042 * 043 * @see com.sun.identity.saml2.plugins.IDPAccountMapper 044 * 045 * @supported.all.api 046 */ 047public interface SPAccountMapper { 048 049 /** 050 * Returns the user's distinguished name or the universal ID for the corresponding <code>SAML Assertion</code>. This 051 * method will be invoked by the <code>SAML</code> framework while processing the <code>Assertion</code> and 052 * retrieves the identity information. 053 * 054 * @param assertion <code>SAML Assertion</code> that needs to be mapped to the user. 055 * @param hostEntityID <code>EntityID</code> of the hosted provider. 056 * @param realm Realm or the organization name that may be used to find the user information. 057 * @return User's distinguished name or the universal ID. 058 * @throws SAML2Exception If there was any failure. 059 */ 060 public String getIdentity(Assertion assertion, String hostEntityID, String realm) throws SAML2Exception; 061 062 063 /** 064 * Returns the user's distinguished name or the universal ID for the corresponding 065 * <code>SAML ManageNameIDRequest</code>. This method will be invoked by the <code>SAML</code> framework for 066 * retrieving the user identity while processing the <code>ManageIDRequest</code>. 067 * 068 * @param manageNameIDRequest <code>SAML ManageNameIDRequest</code> that needs to be mapped to the user. 069 * @param hostEntityID <code>EntityID</code> of the hosted provider. 070 * @param realm Realm or the organization name that may be used to find the user information. 071 * @return User's distinguished name or the universal ID. 072 * @throws SAML2Exception If there was any failure. 073 */ 074 public String getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm) 075 throws SAML2Exception; 076 077 /** 078 * Tells whether the provided NameID-Format should be persisted in the user data store or not. 079 * 080 * @param realm The hosted SP's realm. 081 * @param hostEntityID The hosted SP's entityID. 082 * @param remoteEntityID The remote IdP's entityID. 083 * @param nameIDFormat The non-transient NameID-Format in question. 084 * @return <code>true</code> if the provided NameID-Format should be persisted in the user data store, 085 * <code>false</code> otherwise. 086 */ 087 public boolean shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID, 088 String nameIDFormat); 089}