saml2/plugins/DefaultIDPAccountMapper.java

dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk/*
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * The contents of this file are subject to the terms
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * of the Common Development and Distribution License
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * (the License). You may not use this file except in
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * compliance with the License.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * You can obtain a copy of the License at
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * https://opensso.dev.java.net/public/CDDLv1.0.html or
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * opensso/legal/CDDLv1.0.txt
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * See the License for the specific language governing
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * permission and limitations under the License.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * When distributing Covered Code, include this CDDL
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Header Notice in each file and include the License file
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * at opensso/legal/CDDLv1.0.txt.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * If applicable, add the following below the CDDL Header,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * with the fields enclosed by brackets [] replaced by
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * your own identifying information:
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * "Portions Copyrighted [year] [name of copyright owner]"
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * $Id: DefaultIDPAccountMapper.java,v 1.9 2008/11/10 22:57:02 veiming Exp $
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Portions Copyrighted 2015 ForgeRock AS.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk */
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkpackage com.sun.identity.saml2.plugins;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport java.util.HashMap;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport java.util.List;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport java.util.Map;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport java.util.Set;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.plugin.datastore.DataStoreProviderException;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.plugin.session.SessionManager;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.plugin.session.SessionProvider;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.plugin.session.SessionException;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.common.SAML2Exception;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.common.SAML2Constants;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.common.SAML2Utils;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.assertion.NameID;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.assertion.AssertionFactory;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.profile.IDPCache;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.profile.IDPSession;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.profile.IDPSSOUtil;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.saml2.profile.NameIDandSPpair;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk/**
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * This class <code>DefaultIDPAccountMapper</code> is the default implementation of the <code>IDPAccountMapper</code>
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * that is used to map the <code>SAML</code> protocol objects to the user accounts at the <code>IdentityProvider</code>
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * side of SAML v2 plugin.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Custom implementations may extend from this class to override some of these implementations if they choose to do so.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk */
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkpublic class DefaultIDPAccountMapper extends DefaultAccountMapper implements IDPAccountMapper {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    public DefaultIDPAccountMapper() {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        debug.message("DefaultIDPAccountMapper.constructor");
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        role = IDP;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    @Override
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    public NameID getNameID(Object session, String hostEntityID, String remoteEntityID, String realm,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            String nameIDFormat) throws SAML2Exception {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        String userID;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        try {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            SessionProvider sessionProv = SessionManager.getProvider();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            userID = sessionProv.getPrincipalName(session);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        } catch (SessionException se) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        String nameIDValue = null;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (nameIDFormat.equals(SAML2Constants.NAMEID_TRANSIENT_FORMAT)) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            String sessionIndex = IDPSSOUtil.getSessionIndex(session);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            if (sessionIndex != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                IDPSession idpSession = IDPCache.idpSessionsByIndices.get(sessionIndex);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                if (idpSession != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    List<NameIDandSPpair> list = idpSession.getNameIDandSPpairs();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    if (list != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                        for (NameIDandSPpair pair : list) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                            if (pair.getSPEntityID().equals(remoteEntityID)) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                                nameIDValue = pair.getNameID().getValue();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                                break;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                            }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            if (nameIDValue == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                nameIDValue = getNameIDValueFromUserProfile(realm, hostEntityID, userID, nameIDFormat);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                if (nameIDValue == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    nameIDValue = SAML2Utils.createNameIdentifier();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        } else {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            nameIDValue = getNameIDValueFromUserProfile(realm, hostEntityID, userID, nameIDFormat);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            if (nameIDValue == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                if (nameIDFormat.equals(SAML2Constants.PERSISTENT)) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    nameIDValue = SAML2Utils.createNameIdentifier();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                } else {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    throw new SAML2Exception(bundle.getString("unableToGenerateNameIDValue"));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        NameID nameID = AssertionFactory.getInstance().createNameID();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        nameID.setValue(nameIDValue);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        nameID.setFormat(nameIDFormat);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        nameID.setNameQualifier(hostEntityID);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        nameID.setSPNameQualifier(remoteEntityID);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        nameID.setSPProvidedID(null);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        return nameID;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    @Override
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    public String getIdentity(NameID nameID, String hostEntityID, String remoteEntityID, String realm)
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            throws SAML2Exception {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (nameID == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            return null;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (hostEntityID == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            throw new SAML2Exception(bundle.getString("nullHostEntityID"));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (remoteEntityID == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            throw new SAML2Exception(bundle.getString("nullRemoteEntityID"));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (realm == null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            throw new SAML2Exception(bundle.getString("nullRealm"));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (debug.messageEnabled()) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            debug.message("DefaultIDPAccountMapper.getIdentity: realm = " + realm + ", hostEntityID = " + hostEntityID
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    + ", remoteEntityID = " + remoteEntityID);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        try {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, hostEntityID, remoteEntityID, realm,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    role));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        } catch (DataStoreProviderException dse) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            debug.error("DefaultIDPAccountMapper.getIdentity(NameIDMappingRequest): ", dse);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            throw new SAML2Exception(dse.getMessage());
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    /**
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * {@inheritDoc}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * This implementation first checks whether NameID persistence has been completely disabled at the IdP level
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * (idpDisableNameIDPersistence setting), and if not, it will look at the SP configuration as well
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * (spDoNotWriteFederationInfo setting).
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     *
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * @param realm {@inheritDoc}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * @param hostEntityID {@inheritDoc}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * @param remoteEntityID {@inheritDoc}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * @param nameIDFormat {@inheritDoc}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     * @return {@inheritDoc}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk     */
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    @Override
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    public boolean shouldPersistNameIDFormat(String realm, String hostEntityID, String remoteEntityID,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            String nameIDFormat) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        final boolean disableNameIDPersistence = Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSSOConfig(realm,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                hostEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.IDP_DISABLE_NAMEID_PERSISTENCE));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (disableNameIDPersistence) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            return false;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        return !Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSSOConfig(realm, remoteEntityID,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                SAML2Constants.SP_ROLE, SAML2Constants.SP_DO_NOT_WRITE_FEDERATION_INFO));
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    protected String getNameIDValueFromUserProfile(String realm, String hostEntityID, String userID,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                String nameIDFormat) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        String nameIDValue = null;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        Map<String, String> formatAttrMap = getFormatAttributeMap(realm, hostEntityID);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        String attrName = formatAttrMap.get(nameIDFormat);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (attrName != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            try {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                Set<String> attrValues = dsProvider.getAttribute(userID, attrName);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                if (attrValues != null && !attrValues.isEmpty()) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    nameIDValue = attrValues.iterator().next();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            } catch (DataStoreProviderException dspe) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                if (debug.warningEnabled()) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    debug.warning("DefaultIDPAccountMapper.getNameIDValueFromUserProfile:", dspe);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        return nameIDValue;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    private Map<String, String> getFormatAttributeMap(String realm, String hostEntityID) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        String key = hostEntityID + "|" + realm;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        Map<String, String> formatAttributeMap = IDPCache.formatAttributeHash.get(key);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (formatAttributeMap != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            return formatAttributeMap;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        formatAttributeMap = new HashMap<>();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        List<String> values = SAML2Utils.getAllAttributeValueFromSSOConfig(realm, hostEntityID, role,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                SAML2Constants.NAME_ID_FORMAT_MAP);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        if (values != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            for (String value : values) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                int index = value.indexOf('=');
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                if (index != -1) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    String format = value.substring(0, index).trim();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    String attrName = value.substring(index + 1).trim();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    if (!format.isEmpty() && !attrName.isEmpty()) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                        formatAttributeMap.put(format, attrName);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk                }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk            }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        IDPCache.formatAttributeHash.put(key, formatAttributeMap);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk        return formatAttributeMap;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk    }
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk}
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk