/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems, Inc. All Rights Reserved.
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: DefaultLibraryIDPAttributeMapper.java,v 1.3 2009/11/30 21:11:08 exu Exp $
*/
/**
* Portions Copyrighted 2013 ForgeRock AS
*/
/**
* This class <code>DefaultLibraryIDPAttributeMapper</code> implements the
* <code>IDPAttributeMapper</code> to return the SAML <code>Attribute</code>
* objects that may be inserted in the SAML Assertion.
* This IDP attribute mapper reads the attribute map configuration defined
* in the hosted IDP configuration and construct the SAML
* <code>Attribute</code> objects. If the mapped values are not present in
* the data store, this will try to read from the Single sign-on token.
* <p>
* Supports attribute mappings defined as:
*
* [NameFormatURI|]SAML ATTRIBUTE NAME=["]LOCAL NAME["][;binary]
*
* where [] elements are optional.
*
* Using "" (double quotes) around the LOCAL NAME will turn it into a static value.
*
* Adding ;binary at the end of the LOCAL NAME will indicate that this attribute should be treated as binary and Base64
* encoded.
* <p>
* Examples:
* <p>
* <code>
* email=mail
* </code>
* will map the local attribute called mail onto a SAML attribute called email.
* <p>
* <code>
* urn:oasis:names:tc:SAML:2.0:attrname-format:uri|urn:mace:dir:attribute-def:cn=cn
* </code>
* will map the local attribute called cn onto a SAML attribute called
* urn:mace:dir:attribute-def:cn with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri
* <p>
* <code>
* partnerID="staticPartnerIDValue"
* </code>
* will add a static SAML attribute called partnerID with a value of staticPartnerIDValue
* <p>
* <code>
* urn:oasis:names:tc:SAML:2.0:attrname-format:uri|nameID="staticNameIDValue"
* </code>
* will add a static SAML attribute called nameID with a value of staticNameIDValue
* with a name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri
*<p>
*<code>
* objectGUID=objectGUID;binary
*</code>
* will map the local binary attribute called objectGUID onto a SAML attribute called objectGUID Base64 encoded.
*<p>
*<code>
* urn:oasis:names:tc:SAML:2.0:attrname-format:uri|objectGUID=objectGUID;binary
*</code>
* will map the local binary attribute called objectGUID onto a SAML attribute called objectGUID Base64 encoded with a
* name format of urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
*/
implements IDPAttributeMapper {
/**
* Constructor
*/
public DefaultLibraryIDPAttributeMapper() {
}
/**
* Returns list of SAML <code>Attribute</code> objects for the
* IDP framework to insert into the generated <code>Assertion</code>.
*
* @param session Single sign-on session.
* @param hostEntityID <code>EntityID</code> of the hosted entity.
* @param remoteEntityID <code>EntityID</code> of the remote entity.
* @param realm name of the realm.
* @exception SAML2Exception if any failure.
*/
throws SAML2Exception {
if (hostEntityID == null) {
}
}
}
try {
if (debug.warningEnabled()) {
"getAttributes: Invalid session");
}
return null;
}
if (debug.messageEnabled()) {
"getAttributes: remote SP attribute map = " + configMap);
}
if (debug.messageEnabled()) {
"getAttributes: Configuration map is not defined.");
}
return null;
}
if (debug.messageEnabled()) {
"getAttributes: hosted IDP attribute map=" + configMap);
}
}
if (!isDynamicalOrIgnoredProfile(realm)) {
try {
// Resolve attributes to be read from the datastore.
if (isStaticAttributeValue(localAttribute)) {
// skip over, handled directly in next step
} else if (isBinaryAttributeValue(localAttribute)) {
// add it to the list of attributes to treat as being binary
} else {
}
}
if (!stringAttributes.isEmpty()) {
}
if (!binaryAttributes.isEmpty()) {
}
} catch (DataStoreProviderException dse) {
if (debug.warningEnabled()) {
"getAttributes:", dse);
}
//continue to check in ssotoken.
}
}
// check if samlAttribute has format nameFormat|samlAttribute
}
if (isStaticAttributeValue(localAttribute)) {
// Remove the static flag before using it as the static value
if (debug.messageEnabled()) {
"getAttribute: adding static " +
"value " + localAttribute +
" for attribute named " + samlAttribute);
}
} else {
if (isBinaryAttributeValue(localAttribute)) {
// Remove the flag as not used for lookup
} else {
} else {
if (debug.messageEnabled()) {
"getAttribute: " + localAttribute +
" string value map was empty or null");
}
}
}
// If all else fails, try to get the value from the users ssoToken
if (debug.messageEnabled()) {
"getAttribute: user profile does not have " +
}
}
}
if (debug.messageEnabled()) {
"user profile does not have a value for " + localAttribute);
}
} else {
}
}
return attributes;
} catch (SessionException se) {
throw new SAML2Exception(se);
}
}
/**
* Decides whether it needs to escape XML special characters for attribute
* values or not.
* @param hostEntityID Entity ID for hosted provider.
* @param remoteEntityID Entity ID for remote provider.
* @param realm the providers are in.
* @return <code>true</code> if it should escape special characters for
* attribute values; <code>false</code> otherwise.
*/
protected boolean needToEscapeXMLSpecialCharacters(String hostEntityID, String remoteEntityID, String realm) {
return true;
}
/**
* Returns the SAML <code>Attribute</code> object.
*
* @param name attribute name.
* @param nameFormat Name format of the attribute
* @param values attribute values.
* @param hostEntityID Entity ID for hosted provider.
* @param remoteEntityID Entity ID for remote provider.
* @param realm the providers are in.
* @return SAML <code>Attribute</code> element.
* @exception SAML2Exception if any failure.
*/
Set<String> values, String hostEntityID, String remoteEntityID, String realm) throws SAML2Exception {
}
if (nameFormat != null) {
}
if (toEscape) {
} else {
}
}
}
return attribute;
}
/**
* Checks if dynamical profile creation or ignore profile is enabled.
* @param realm realm to check the dynamical profile creation attributes.
* @return true if dynamical profile creation or ignore profile is enabled,
* false otherwise.
*/
return true;
}
/**
* Return a Set of Base64 encoded String values that represent the binary attribute values.
* @param localAttribute the attribute to find in the map.
* @param samlAttribute the SAML attribute that will be assigned these values
* @param binaryValueMap the map of binary values for the all binary attributes.
* @return Set of Base64 encoded String values for the given binary attribute values.
*/
// Expect to find the value in the binary Map
// Base64 encode the binary values before they are added as an attribute value
}
if (debug.messageEnabled()) {
"getBinaryAttributeValues: adding " + localAttribute +
" as binary for attribute named " + samlAttribute);
}
} else {
if (debug.messageEnabled()) {
"getBinaryAttributeValues: " + localAttribute +
" was flagged as binary but no value was found");
}
}
} else {
if (debug.messageEnabled()) {
"getBinaryAttributeValues: " + localAttribute +
" was flagged as binary but binary value map was empty or null");
}
}
return result;
}
}
}
}
}
}