saml/plugins/DefaultPartnerAccountMapper.java

bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington/*
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: DefaultPartnerAccountMapper.java,v 1.7 2010/01/09 19:41:52 qcheng Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Portions Copyright 2015 ForgeRock AS.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.saml.plugins;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport java.util.HashMap;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport java.util.Iterator;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport java.util.List;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport java.util.Map;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport java.util.Set;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.Assertion;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.Statement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.Subject;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.SubjectConfirmation;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.SubjectStatement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.common.SAMLConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.common.SAMLUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.protocol.SubjectQuery;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.sm.SMSEntry;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport org.forgerock.opendj.ldap.DN;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport org.forgerock.opendj.ldap.RDN;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport org.forgerock.opendj.ldap.SearchScope;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The class <code>DefaultPartnerAccountMapper</code> provide a default
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * implementation of the <code>PartnerAccountMapper</code> interface.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * <p>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The implementation assumes two sites have exactly the same DIT structure,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * and it maps remote user to the anonymous user by default if the DIT
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * structure could not be determined.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpublic class DefaultPartnerAccountMapper implements PartnerAccountMapper {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    static String ANONYMOUS_USER = "anonymous";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Default Constructor
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public DefaultPartnerAccountMapper() {}
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     * Returns user account in OpenAM to which the
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * subject in the assertion is mapped. This method will be called in POST
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * profile, ARTIFACT profile, AttributeQuery and AuthorizationDecisionQuery.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param assertions a list of authentication assertions returned from
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                   partner side, this will contains user's identity in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                   the partner side. The object in the list will be
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                   <code>com.sun.identity.saml.assertion.Assertion</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param sourceID source ID for the site from which the subject
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                 originated.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param targetURL value for TARGET query parameter when the user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                  accessing the SAML aware servlet or post profile
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                  servlet
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return Map which contains NAME, ORG and ATTRIBUTE keys, value of the
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             NAME key is the user DN, value of the ORG is the user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             organization  DN, value of the ATTRIBUTE is a Map
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             containing key/value pairs which will be set as properties
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     *             on the OpenAM SSO token, the key is the SSO
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             property name, the value is a String value of the property.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             Returns empty map if the mapped user could not be obtained
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             from the subject.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public Map getUser(List assertions, String sourceID, String targetURL) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (SAMLUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SAMLUtils.debug.message("DefaultPartnerAccountMapper:getUser(" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    "List) targetURL = " + targetURL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Map map = new HashMap();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Subject subject = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Assertion assertion = (Assertion)assertions.get(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Iterator iter = assertion.getStatement().iterator();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        while (iter.hasNext()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Statement statement = (Statement)iter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (statement.getStatementType() !=
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Statement.AUTHENTICATION_STATEMENT) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Subject sub = ((SubjectStatement)statement).getSubject();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SubjectConfirmation subConf = sub.getSubjectConfirmation();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (subConf == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Set cms = subConf.getConfirmationMethod();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (cms == null || cms.isEmpty()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String cm = (String)cms.iterator().next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (cm != null &&
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                (cm.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)||
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 cm.equals(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                     SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT)||
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 cm.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER))) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 subject = sub;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 break;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (subject != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            getUser(subject, sourceID, map);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Map attrMap = new HashMap();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SAMLUtils.addEnvParamsFromAssertion(attrMap, assertion, subject);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (!attrMap.isEmpty()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                map.put(ATTRIBUTE, attrMap);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     * Returns user account in OpenAM to which the
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * subject in the query is mapped. This method will be called in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * AttributeQuery.The returned Map is subject to changes per SAML
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * specification.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param subjectQuery subject query returned from partner side,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                  this will contains user's identity in the partner side.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param sourceID source ID for the site from which the subject
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *                 originated.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return Map which contains NAME and ORG keys, value of the
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             NAME key is the user DN, value of the ORG is the user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             organization  DN. Returns empty map if the mapped user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *             could not be obtained from the subject.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public Map getUser(SubjectQuery subjectQuery,String sourceID) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (SAMLUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            SAMLUtils.debug.message("DefaultPartnerAccountMapper:getUser(" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    "SubjectQuery)");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington        Map<String, String> map = new HashMap<>();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        getUser(subjectQuery.getSubject(), sourceID, map);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington    protected void getUser(Subject subject, String sourceID, Map<String, String> map) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // No need to check SSO in SubjectConfirmation here
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // since AssertionManager will handle it without calling account mapper
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        NameIdentifier nameIdentifier = subject.getNameIdentifier();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (nameIdentifier != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String name = nameIdentifier.getName();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String org = nameIdentifier.getNameQualifier();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String rootSuffix = SMSEntry.getRootSuffix();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (name != null && (name.length() != 0)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (org != null && (org.length() != 0)) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington                    DN dn1 = DN.valueOf(name);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington                    DN dn2 = DN.valueOf(org);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington                    if (dn1.isInScopeOf(dn2, SearchScope.SUBORDINATES)) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington                        StringBuilder sb = new StringBuilder(50);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington                        for (RDN rdn : dn1) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington                            sb.append(rdn.toString()).append(",");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        sb.append(rootSuffix);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (SAMLUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            SAMLUtils.debug.message("DefaultPAccountMapper: "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                + "name = " + sb.toString());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        map.put(NAME, sb.toString());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        SAMLUtils.debug.warning("DefaultPAMapper:to anonymous");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        // map to anonymous user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        map.put(NAME, ANONYMOUS_USER);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    SAMLUtils.debug.warning("DefaultAccountMapper: Org null.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    // map to anonymous user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    map.put(NAME, ANONYMOUS_USER);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SAMLUtils.debug.warning("DefaultAccountMapper: Name is null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                // map to anonymous user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                map.put(NAME, ANONYMOUS_USER);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            map.put(ORG, "/");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}