/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: DefaultActionMapper.java,v 1.4 2008/08/19 19:12:24 veiming Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* The class <code>DefaultActionMapper</code> provide a default
* implementation of the <code>ActionMapper</code> interface.
*/
/**
* Default Constructor
*/
public DefaultActionMapper() {}
/**
* This method exams the SubjectConfirmation of the Subject in the
* AuthorizationDecisionQuery. If the SubjectConfirmation has only one
* ConfirmationMethod; and this ConfirmationMethod is equals to
* "urn:com:sun:identity"; and its SubjectConfirmationData contains
* TEXT node only, then the method returns the concatenated string of all
* the TEXT nodes. Otherwise, it returns null.
* <p>
* @see com.sun.identity.saml.plugins.ActionMapper#getSSOTokenID
*/
return null;
}
return null;
}
return null;
}
}
/**
* This method exams the Evidence in the AuthorizationDecisionQuery.
* It returns the first valid Assertion that contains at least one
* AuthenticationStatement.
* <p>
* @see com.sun.identity.saml.plugins.ActionMapper#getSSOAssertion
*/
{
return null;
}
// check evidence
if (assertions != null) {
return assertion;
}
} // loop through assertions
}
try {
try {
// get the assertion from server id
// call AssertionManagerClient.getAssertion
+ "per: calling another in lb site:" +
}
} else {
}
} catch (Exception e) {
+ "getSSOAssertion: exception when retrieving "
+ "Assertion from IDRef:" + e);
}
continue;
}
return assertion;
}
}
} catch (Exception e) {
+ " obtain AssertionManager instance:" + e);
}
}
}
}
return null;
}
/**
* This method first converts the AttributeStatements in Evidence to
* OpenAM Policy API environment variables. The Attributes in
* the AttributeStatement(s) are expected to be OpenAM
* attributes.
* It then query the Policy decision one action at a time. Currently,
* it handles actions defined in urn:oasis:names:tc:SAML:1.0:ghpp only.
* This action Namespace is mapped to OpenAM
* iPlanetAMWebAgentService.
*/
throws SAMLException {
}
// get ActionNameSpace
{
try {
}
if (result) {
} else {
}
} catch (Exception e) {
+ "Exception from policy:" + e);
}
continue; // indeterminate
}
}
} // while loop for each action
if (!permitActions.isEmpty()) {
} else if (!denyActions.isEmpty()) {
} else {
}
return resultMap;
}
return envParams;
}
try {
try {
// get the assertion from server id
// call AssertionManagerClient.getAssertion
+ "calling another server in lb site:" +
}
} else {
}
} catch (Exception e) {
+ "couldn't retrieve assertion from idRef:"+ e);
}
continue;
}
// no need to check signature or time validation
subject);
}
} catch (Exception e) {
+ "obtain AssertionManager instance:" + e);
}
}
}
if (assertions != null) {
if ((!assertion.isSignatureValid()) ||
(!assertion.isTimeValid()))
{
continue;
}
// this server is the issuer
} else {
// is issuer trusted
if (sourceSite == null) {
continue;
}
}
subject);
}
}
return envParams;
}
}