a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: DefaultIDPAttributeMapper.java,v 1.4 2008/08/29 02:29:17 superpat7 Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Attribute;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.datastore.DataStoreProviderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class <code>DefaultAttributeMapper</code> implements the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>IDPAttributeMapper</code> to return the SAML <code>Attribute</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * objects that may be inserted in the SAML Assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This IDP attribute mapper reads the attribute map configuration defined
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the hosted IDP configuration and construct the SAML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Attribute</code> objects. If the mapped values are not present in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the data store, this will try to read from the Single sign-on token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class DefaultIDPAttributeMapper extends DefaultAttributeMapper
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("DefaultIDPAttributeMapper.Constructor");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns list of SAML <code>Attribute</code> objects for the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * IDP framework to insert into the generated <code>Assertion</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param session Single sign-on session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostEntityID <code>EntityID</code> of the hosted entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param remoteEntityID <code>EntityID</code> of the remote entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm name of the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception WSFederationException if any failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new WSFederationException(bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullHostEntityID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new WSFederationException(bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullRealm"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new WSFederationException(bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullSSOToken"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(!SessionManager.getProvider().isValid(session)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.warning("DefaultIDPAttributeMapper.getAttributes: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Invalid session");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map configMap = getConfigAttributeMap(realm, hostEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("DefaultIDPAttributeMapper.getAttributes:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Configuration map is not defined.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionManager.getProvider().getPrincipalName(session),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.warning("DefaultIDPAttributeMapper.getAttributes: "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //continue to check in ssotoken.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String localAttribute = (String)configMap.get(samlAttribute);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set values = (Set)valueMap.get(localAttribute);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("DefaultIDPAttributeMapper.getAttribute:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " user profile does not have value for " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster localAttribute + " but is going to check ssotoken:");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getProvider().getProperty(session, localAttribute);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("DefaultIDPAttributeMapper.getAttribute:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getSAMLAttribute(samlAttribute, localAttributeValues));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("DefaultIDPAttribute.getAttributes: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("DefaultIDPAttribute.getAttributes: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the SAML <code>Attribute</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param name attribute name.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param values attribute values.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception WSFederationException if any failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected Attribute getSAMLAttribute(String name, String[] values)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new WSFederationException(bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Make the AttributeValue element 'by hand', since Attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // constructor below is expecting a list of AttributeValue
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrValueString = SAMLUtils.makeStartElementTagXML(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeValue", true, true)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + (XMLUtils.escapeSpecialCharacters(values[i]))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + SAMLUtils.makeEndElementTagXML("AttributeValue",true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster list.add(XMLUtils.toDOMDocument(attrValueString,