001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: IDPAccountMapper.java,v 1.5 2008/06/25 05:47:51 qcheng Exp $
026 *
027 * Portions Copyrighted 2015-2016 ForgeRock AS.
028 */
029package com.sun.identity.saml2.plugins;
030
031import com.sun.identity.saml2.assertion.NameID;
032import com.sun.identity.saml2.common.SAML2Exception;
033import com.sun.identity.saml2.protocol.ManageNameIDRequest;
034
035/**
036 * The interface <code>IDPAccountMapper</code> is used to map the local identities to the <code>SAML</code> protocol
037 * objects and also the vice versa for some of the protocols for e.g. <code>ManageNameIDRequest</code>.
038 * <p/>
039 * This mapper interface is used to map the identities only at the <code>SAML Identity Provider</code>. The
040 * implementation of this interface will be used by the <code>SAML</code> framework to retrieve the user's account
041 * federation information for constructing SAML protocol objects such as <code>Assertion</code> and also to find out
042 * the corresponding user account for the given SAML requests.
043 *
044 * @see com.sun.identity.saml2.plugins.SPAccountMapper
045 * @supported.all.api
046 */
047public interface IDPAccountMapper {
048
049    /**
050     * Returns the user's <code>NameID</code>information that contains account federation with the corresponding remote
051     * and local entities.
052     *
053     * @param session Single Sign On session of the user.
054     * @param hostEntityID <code>EntityID</code> of the hosted provider.
055     * @param remoteEntityID <code>EntityID</code> of the remote provider.
056     * @param realm Realm or the organization name that may be used to find the user information.
057     * @param nameIDFormat <code>NameID</code> format.
058     * @return The <code>NameID</code> corresponding to the authenticated user.
059     * @throws SAML2Exception If there was any failure.
060     */
061    public NameID getNameID(Object session, String hostEntityID, String remoteEntityID, String realm,
062            String nameIDFormat) throws SAML2Exception;
063
064
065    /**
066     * Returns the user's distinguished name or the universal ID for the corresponding
067     * <code>SAML ManageNameIDRequest</code>.
068     * This method returns the universal ID or the DN based on the deployment of
069     * the SAMLv2 plugin base platform.
070     *
071     * @param manageNameIDRequest <code>SAML ManageNameIDRequest</code> that needs to be mapped to the user.
072     * @param hostEntityID <code>EntityID</code> of the hosted provider.
073     * @param realm Realm or the organization name that may be used to find the user information.
074     * @return User's distinguished name or the universal ID.
075     * @throws SAML2Exception If there was any failure.
076     */
077    public String getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm)
078            throws SAML2Exception;
079
080    /**
081     * Returns the user's distinguished name or the universal ID for the corresponding <code>SAML NameID</code>.
082     * This method returns the universal ID or the DN based on the deployment of the SAMLv2 plugin base platform.
083     *
084     * @param nameID <code>SAML NameID</code> that needs to be mapped to the user.
085     * @param hostEntityID <code>EntityID</code> of the hosted provider.
086     * @param remoteEntityID <code>EntityID</code> of the remote provider.
087     * @param realm Realm or the organization name that may be used to find the user information.
088     * @return User's distinguished name or the universal ID.
089     * @throws SAML2Exception If there was any failure.
090     */
091    public String getIdentity(NameID nameID, String hostEntityID, String remoteEntityID, String realm)
092            throws SAML2Exception;
093
094    /**
095     * Tells whether the provided NameID-Format should be persisted in the user data store or not.
096     *
097     * @param realm The hosted IdP's realm.
098     * @param hostEntityID The hosted IdP's entityID.
099     * @param remoteEntityID The remote SP's entityID.
100     * @param nameIDFormat The non-transient NameID-Format in question.
101     * @return <code>true</code> if the provided NameID-Format should be persisted in the user data store,
102     * <code>false</code> otherwise.
103     */
104    public boolean shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID,
105            String nameIDFormat);
106}