xacml/plugins/FMSubjectMapper.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: FMSubjectMapper.java,v 1.4 2009/09/22 22:57:43 madan_ranganath Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.xacml.plugins;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOTokenManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.server.AuthContextLocal;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.service.AuthException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.service.AuthUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.plugin.session.SessionException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.plugin.session.SessionProvider;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.plugin.session.impl.FMSessionProvider;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.profile.IDPCache;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.xml.XMLUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.xacml.context.Attribute;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.xacml.context.Subject;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.xacml.common.XACMLException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.xacml.common.XACMLConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.xacml.common.XACMLSDKUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.xacml.spi.SubjectMapper;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.net.URI;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.HashMap;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Iterator;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.List;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.security.auth.login.LoginException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport org.w3c.dom.Element;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * This class implements SubjectMapper to map between XACML context
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Subject and native subject
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * This mapper recognises only the following XACML specification defined
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * attributeId
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * <pre>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * urn:oasis:names:tc:xacml:1.0:subject:subject-id
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * </pre>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Only following dataTypes would be understood for subject-id
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * <pre>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * urn:oasis:names:tc:xacml:1.0:data-type:x500Name
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * urn:sun:names:xacml:2.0:data-type:opensso-session-id
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * </pre>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Only following value would be accepted for subject-category attribute
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of Subject
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * <pre>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * </pre>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If the attribute or the value is not specified in the request, it would
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * default to this value. The Subject would map to null if a different
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * value has been specified
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * in error condition.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpublic class FMSubjectMapper implements SubjectMapper {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    FMSessionProvider fmSessionProvider = new FMSessionProvider();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Initializes the mapper implementation. This would be called immediately
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * after constructing an instance of the implementation.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param pdpEntityId EntityID of PDP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param pepEntityId EntityID of PEP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param properties configuration properties
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @exception XACMLException if can not initialize
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void initialize(String pdpEntityId, String pepEntityId, Map properties)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throws XACMLException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     * Returns native subject, OpenAM SSOToken
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param xacmlContextSubjects XACML  context Subject(s) from the
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * xacml-context:Request
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     * @return native subject, OpenAM SSOToken, returns null if
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *         Subject did not match
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @exception XACMLException if can not map to native subject
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public Object mapToNativeSubject(List xacmlContextSubjects)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throws XACMLException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // Method curently supports only
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // urn:sun:names:xacml:2.0:data-type:opensso-session-id
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // TODO : Support for
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // urn:oasis:names:tc:xacml:1.0:data-type:x500Name
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (xacmlContextSubjects == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String sid = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String userName = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        //for (int subCount=0;subCount<xacmlContextSubjects.length;subCount++) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        for (Iterator iter = xacmlContextSubjects.iterator(); iter.hasNext(); ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            //Subject subject = xacmlContextSubjects[subCount];
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Subject subject = (Subject)iter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (subject == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            URI subjectCategory = subject.getSubjectCategory();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if ((subjectCategory != null) && (!subjectCategory.toString().
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                equals(XACMLConstants.ACCESS_SUBJECT))) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            List attributes = subject.getAttributes();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (attributes != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                for (int count = 0; count < attributes.size(); count++) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    Attribute attr = (Attribute) attributes.get(count);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    if (attr != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        URI tmpURI = attr.getAttributeId();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (tmpURI.toString().equals(XACMLConstants.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            SUBJECT_ID)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            tmpURI = attr.getDataType();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            if (tmpURI.toString().equals(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                        XACMLConstants.OPENSSO_SESSION_ID)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                Element sidElement = (Element)attr.getAttributeValues()
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                        .get(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                sid = XMLUtils.getElementValue(sidElement);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            } else if (tmpURI.toString().equals(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    XACMLConstants.X500NAME)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                Element sidElement = (Element)attr.getAttributeValues()
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                        .get(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                userName = XMLUtils.getElementValue(sidElement);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            } else if (tmpURI.toString().equals(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    XACMLConstants.SAML2_NAMEID)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                Element sidElement = (Element)attr.getAttributeValues()
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                        .get(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                String nameID = XMLUtils.getElementValue(sidElement);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                if (nameID != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    userName = (String)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                       IDPCache.userIDByTransientNameIDValue.get(nameID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                // TODO:Need to support non-transient nameid format
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        SSOToken ssoToken = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (sid != null) { //create ssoToken based on sessionId
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SSOTokenManager tokenManager = SSOTokenManager.getInstance();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                ssoToken = tokenManager.createSSOToken(sid);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (SSOException ssoExp) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (XACMLSDKUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    XACMLSDKUtils.debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            "FMSubjectMapper.mapToNativeSubject()"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            + ":caught SSOException:", ssoExp);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        //create ssoToken based on x500name (userName)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((ssoToken == null) && (userName != null)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster               ssoToken = createFMSession(userName);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           } catch (SessionException se) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (XACMLSDKUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    XACMLSDKUtils.debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            "FMSubjectMapper.mapToNativeSubject()"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            + ":caught SessionException:", se);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster           }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return ssoToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private SSOToken createFMSession(String userName) throws SessionException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Map info = new HashMap();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        info.put(SessionProvider.REALM, "/");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        info.put(SessionProvider.PRINCIPAL_NAME, userName);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        SSOToken ssoToken = (SSOToken)fmSessionProvider.createSession(info,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                null, null, null);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return ssoToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster