federation/plugins/FederationSPAdapter.java

a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FederationSPAdapter.java,v 1.4 2008/06/25 05:46:50 qcheng Exp $
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * Portions Copyrighted 2014 ForgeRock AS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.plugins;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSFederationTerminationNotification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutNotification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameRegistrationRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameRegistrationResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Set;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServletRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServletResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The interface <code>FederationSPAdapter</code> could be implemented to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * perform user specific processing during federation process on the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Liberty Service Provider side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <p>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * A singleton instance of this <code>FederationSPAdapter</code> will be used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * during runtime, so make sure implementation of the federation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * processing methods (except initialize() method) are thread safe.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * @deprecated since 12.0.0
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna@Deprecated
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic interface FederationSPAdapter {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Federation or Single Sign on process succeed at <code>SP</code> side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SUCCESS = 0;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Response from <code>IDP</code> with Browser POST or LECP profile contains     * non-Success status code.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int INVALID_AUTHN_RESPONSE = 1;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Response from <code>IDP</code> with Browser Artifact profile contains
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * non-Success status code.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int INVALID_RESPONSE = 2;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED = 3;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed because it failed to generate user token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED_SSO_TOKEN_GENERATION = 4;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed because it failed to generate anonymous
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED_ANON_TOKEN_GENERATION = 5;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed because anonymous user account is inactive.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE = 6;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed because anonymous user account is locked.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED_ANON_AUTH_USER_LOCKED = 7;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed because anonymous user account is expired.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED = 8;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Account federation failed because it failed to write account federation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * info.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int FEDERATION_FAILED_WRITING_ACCOUNT_INFO = 9;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED = 10;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed because federation info does not exist at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * <code>SP</code> side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED_FEDERATION_DOESNOT_EXIST = 11;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed because it failed to find auto federation user.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED_AUTO_FED = 12;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed because the user account is inactive.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED_AUTH_USER_INACTIVE = 13;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed because the user account is locked.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED_AUTH_USER_LOCKED = 14;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed because the user account is expired.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED_AUTH_ACCOUNT_EXPIRED = 15;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Single Sign On failed because it failed to generate user token.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final int SSO_FAILED_TOKEN_GENERATION = 16;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Adapter's initialization parameter name for realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final String ENV_REALM = "REALM=";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Initializes the federation adapter, this method will only be executed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * once after creation of the adapter instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param initParams  initial set of parameters(such as REALM) configured
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *  in the service provider for this adapter.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void initialize(String hostedEntityID, Set initParams);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes before federation manager sends the Single-Sing-On and Federation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * request to IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param idpEntityID entity id for the IDP to which the request will
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      be sent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnRequest the authentication request to be send to IDP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void preSSOFederationRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String idpEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes when the FM received the Single-Sign-On and Federation response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * from the IDP, this is called before any processing started on SP side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnRequest the original authentication request sent from SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnResponse response from IDP if Browser POST or LECP profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      is used for the request, value will be null if Browser Artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      profile is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param samlResponse response from IDP if Browser Artifact profile is used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      for the request, value will be null if Browser POST or LECP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      profile is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @exception FederationException if user want to fail the process.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void preSSOFederationProcess(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnResponse authnResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSResponse samlResponse)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    throws FederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes after Single-Sign-On and Federation processing is successful.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID Entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param ssoToken   user's SSO Token
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnRequest the original authentication request sent from SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnResponse response from IDP if Browser POST or LECP profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      is used for the request, value will be null if Browser Artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      profile is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param samlResponse response from IDP if Browser Artifact profile is used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      for the request, value will be null if Browser POST or LECP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      profile is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return true if browser redirection happened, false otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @exception FederationException if user want to fail the process.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public boolean postSSOFederationSuccess(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        Object ssoToken,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnResponse authnResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSResponse samlResponse)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    throws FederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes after Single-Sign-On or Federation processing is failed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID Entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnRequest the original authentication request sent from SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param authnResponse response from IDP if Browser POST or LECP profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          is used for the request, value will be null if Browser Artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          profile is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param samlResponse response from IDP if Browser Artifact profile is used     *          for the request, value will be null if Browser POST or LECP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          profile is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param failureCode an integer specifies the failure code. Possible
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          failure codes are defined in this interface.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return true if browser redirection happened, false otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public boolean postSSOFederationFailure(String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                FSAuthnRequest authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                FSAuthnResponse authnResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                FSResponse samlResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                int failureCode);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes after Register Name Identifier processing is successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID Entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param userDN DN of the user with whom name identifier registration
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        performed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param regRequest register name identifier request, value will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *                null if the request object is not available
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param regResponse register name identifier response, value will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      null if the response object is not available
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param regProfile register name identifier profile used, one of following
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void postRegisterNameIdentifierSuccess(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSNameRegistrationRequest regRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSNameRegistrationResponse regResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String regProfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes after the service provider successfully terminates federation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * with IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID Entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param userDN DN of the user with whom name identifier registration
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        performed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param notification federation termination notification message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param termProfile federation termination profile used, one of following
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.TERMINATION_SP_HTTP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.TERMINATION_SP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.TERMINATION_IDP_HTTP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.TERMINATION_IDP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void postTerminationNotificationSuccess(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSFederationTerminationNotification notification,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String termProfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes before single logout process started on FM side. This method
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * is called before the user token is invalidated on the service provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID Entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param userDN user DN
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param logoutRequest single logout request object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param logoutResponse single logout response, value will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          null if the response object is not available
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param sloProfile single logout profile used, one of following
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.LOGOUT_SP_REDIRECT_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.LOGOUT_SP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *      IFSConstants.LOGOUT_IDP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void preSingleLogoutProcess(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSLogoutNotification logoutRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSLogoutResponse logoutResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String sloProfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Invokes after single logout is successful completed, i.e. user token
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * has been invalidated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param hostedEntityID Entity ID for the hosted SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request servlet request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response servlet response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param userDN user DN
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param logoutRequest single logout request, value will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          null if the request object is not available
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param logoutResponse single logout response, value will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          null if the response object is not available
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param sloProfile single logout profile used, one of following
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          IFSConstants.LOGOUT_SP_HTTP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          IFSConstants.LOGOUT_SP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          IFSConstants.LOGOUT_IDP_HTTP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          IFSConstants.LOGOUT_IDP_SOAP_PROFILE
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void postSingleLogoutSuccess(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String hostedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSLogoutNotification logoutRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSLogoutResponse logoutResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String sloProfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}