DefaultPartnerAccountMapper provide a default
* implementation of the PartnerAccountMapper interface.
*
* The implementation assumes two sites have exactly the same DIT structure,
* and it maps remote user to the anonymous user by default if the DIT
* structure could not be determined.
*/
public class DefaultPartnerAccountMapper implements PartnerAccountMapper {
static String ANONYMOUS_USER = "anonymous";
/**
* Default Constructor
*/
public DefaultPartnerAccountMapper() {}
/**
* Returns user account in OpenAM to which the
* subject in the assertion is mapped. This method will be called in POST
* profile, ARTIFACT profile, AttributeQuery and AuthorizationDecisionQuery.
*
* @param assertions a list of authentication assertions returned from
* partner side, this will contains user's identity in
* the partner side. The object in the list will be
* com.sun.identity.saml.assertion.Assertion
* @param sourceID source ID for the site from which the subject
* originated.
* @param targetURL value for TARGET query parameter when the user
* accessing the SAML aware servlet or post profile
* servlet
* @return Map which contains NAME, ORG and ATTRIBUTE keys, value of the
* NAME key is the user DN, value of the ORG is the user
* organization DN, value of the ATTRIBUTE is a Map
* containing key/value pairs which will be set as properties
* on the OpenAM SSO token, the key is the SSO
* property name, the value is a String value of the property.
* Returns empty map if the mapped user could not be obtained
* from the subject.
*/
public Map getUser(List assertions, String sourceID, String targetURL) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultPartnerAccountMapper:getUser(" +
"List) targetURL = " + targetURL);
}
Map map = new HashMap();
Subject subject = null;
Assertion assertion = (Assertion)assertions.get(0);
Iterator iter = assertion.getStatement().iterator();
while (iter.hasNext()) {
Statement statement = (Statement)iter.next();
if (statement.getStatementType() !=
Statement.AUTHENTICATION_STATEMENT) {
continue;
}
Subject sub = ((SubjectStatement)statement).getSubject();
SubjectConfirmation subConf = sub.getSubjectConfirmation();
if (subConf == null) {
continue;
}
Set cms = subConf.getConfirmationMethod();
if (cms == null || cms.isEmpty()) {
continue;
}
String cm = (String)cms.iterator().next();
if (cm != null &&
(cm.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)||
cm.equals(
SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT)||
cm.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER))) {
subject = sub;
break;
}
}
if (subject != null) {
getUser(subject, sourceID, map);
Map attrMap = new HashMap();
SAMLUtils.addEnvParamsFromAssertion(attrMap, assertion, subject);
if (!attrMap.isEmpty()) {
map.put(ATTRIBUTE, attrMap);
}
}
return map;
}
/**
* Returns user account in OpenAM to which the
* subject in the query is mapped. This method will be called in
* AttributeQuery.The returned Map is subject to changes per SAML
* specification.
*
* @param subjectQuery subject query returned from partner side,
* this will contains user's identity in the partner side.
* @param sourceID source ID for the site from which the subject
* originated.
* @return Map which contains NAME and ORG keys, value of the
* NAME key is the user DN, value of the ORG is the user
* organization DN. Returns empty map if the mapped user
* could not be obtained from the subject.
*/
public Map getUser(SubjectQuery subjectQuery,String sourceID) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultPartnerAccountMapper:getUser(" +
"SubjectQuery)");
}
Map