a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: IDPCache.java,v 1.18 2009/05/14 17:23:45 exu Exp $
03796c5de88f33fc11651a032f0889c6c37d08f5Peter Major * Portions Copyrighted 2010-2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.PeriodicCleanUpMap;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class caches authn request objects and relay states
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * based on the request id of the authn requests
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It also caches idp session by session index.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * TODO: Add cleanup thread to update IDP Cache if the cached
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * objects stay in the cache longer than a certain Cache Duration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the authn request objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : request ID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : AuthnRequest object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * TODO : handle the case when assertion effective time is different
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from cleanup interval
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap authnRequestCache = new PeriodicCleanUpMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the authn context objects before IDP redirects user to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : request ID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : AuthnContext object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap idpAuthnContextCache =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the assertion objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : user ID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : list of assertion objects
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable assertionCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the assertion objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : assertion ID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : assertion object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap assertionByIDCache =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new PeriodicCleanUpMap(SPCache.interval * 1000,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the relay state strings.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : request ID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : relay state string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap relayStateCache = new PeriodicCleanUpMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the idp sessions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : sessionIndex (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value :IDPSession
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP: used in SingleSignOnService and SingleLogoutService
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to invalidate a specific session
31e5c48be26b4540b5388450d642bbc38c0afcc0Peter Major public static Hashtable<String, IDPSession> idpSessionsByIndices = new Hashtable<String, IDPSession>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves Responses to be used by ArtifactResolutionService.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key --- artifact string (after encoding and all that)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value --- Response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP: used in SingleSignOnService and ArtifactResolutionService
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * TODO : handle the case when artifact expiration time is different
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from cleanup interval
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap responsesByArtifacts =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new PeriodicCleanUpMap(SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves the MNI request info.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : requestID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : ManageNameIDRequestInfo object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap mniRequestHash = new PeriodicCleanUpMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the idp attribute mapper.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : idp attribute mapper class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : idp attribute mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable idpAttributeMapperCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the idp account mapper.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : idp account mapper class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : idp account mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable idpAccountMapperCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the idp authn context mapper.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : idp authn context mapper class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : idp authn context mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable idpAuthnContextMapperCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the idp ecp session mapper.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : idp ecp session mapper class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : idp ecp session mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable idpECPSessionMapperCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the IDP Proxy Finder.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : IDP Proxy Finder class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : IDP Proxy Finder mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable idpProxyFinderCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the IDP Adapter.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : IDP Adapter class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : IDP Adapter mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable idpAdapterCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves information needed after coming back from COT cookie setting.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key --- cachedResID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value --- Response Information List (ArrayList of size 9)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP: used in SingleSignOnService and ArtifactResolutionService
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap responseCache = new PeriodicCleanUpMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves informate needed to determine the Authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Context of the incoming request from Service Provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : sessionIndex (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : the AuthnContext object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable authnContextCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves information to determine if the request was
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a session upgrade case.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : requestID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : session upgrade (Boolean)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the IDP Session object before an session upgrade.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : requestID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : IDPSession object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable oldIDPSessionCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the original AuthnRequest coming from SP to IDP proxy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : requestID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : AuthnRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap proxySPAuthnReqCache =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
c070f56622b9a37191894cf0937d85e943ef6033Peter Major * Cache saves the IDPSession per session ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : sessionId (String)
c070f56622b9a37191894cf0937d85e943ef6033Peter Major * value : IDPSession
c070f56622b9a37191894cf0937d85e943ef6033Peter Major public static Hashtable<String, IDPSession> idpSessionsBySessionID = new Hashtable<>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves user ID for transient NameID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : NameID value (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : user ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable userIDByTransientNameIDValue = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the original LogoutRequest coming from SP to IDP proxy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : requestID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : LogoutRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap proxySPLogoutReqCache =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the SOAPMessage created by proxy IDP to the original SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : requestID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : SOAPMessage
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap SOAPMessageByLogoutRequestID =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the SAML2 Session Partner's providerID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : sessionId (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : SAML2 SessionPartner's provider id
c070f56622b9a37191894cf0937d85e943ef6033Peter Major public static Hashtable<String, String> spSessionPartnerBySessionID = new Hashtable<>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the original LogoutResponse generated by IDP proxy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to the IDP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : requestID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : Map keeping LogoutResponse, sending location,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * spEntityID and idpEntityID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap logoutResponseCache =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPCache.interval * 1000, SPCache.interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves AuthnContextClassRef to auth schems mapping
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : hostEntityID + "|" + realmName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value: Map containing AuthnContext class ref as Key and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set of auth schemes as value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable classRefSchemesHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves AuthnContextClassRef to AuthLevel mapping
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : hostEntityID + "|" + realmName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value: Map containing AuthnContext class ref as Key and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authLevel as value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable classRefLevelHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves AuthLevel to AuthnContextClassRef mapping
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : hostEntityID + "|" + realmName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value: String default AuthnContext Class Ref.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable defaultClassRefHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves NameID format to user profile attribute mapping
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : hostEntityID + "|" + realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value: Map containing NameNameID format as Key and user profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * attribute name as Value.
03796c5de88f33fc11651a032f0889c6c37d08f5Peter Major public static final Map<String, Map<String, String>> formatAttributeHash = new Hashtable<>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Clears the authn context mapping hash tables.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realmName Organization or Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (classRefSchemesHash != null && !classRefSchemesHash.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (classRefLevelHash != null && !classRefLevelHash.isEmpty()) {