saml/plugins/PartnerAccountMapper.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: PartnerAccountMapper.java,v 1.4 2008/08/19 19:11:14 veiming Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml.plugins;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.protocol.SubjectQuery;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.List;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Map;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>PartnerAccountMapper</code> is an interface
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that is implemented to map partner account to user account
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * in OpenAM.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <p>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Different partner would need to have a different implementation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the interface. The mappings between the partner source ID and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the implementation class are configured at the <code>Partner URLs</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * field in SAML service.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic interface PartnerAccountMapper {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Key to hold user DN in returned map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final String NAME = "name";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Key to hold organization DN in returned map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final String ORG = "org";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Key to hold attributes to be set as session properties.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public static final String ATTRIBUTE = "attribute";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     * Returns user account in OpenAM to which the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * subject in the assertion is mapped. This method will be called in POST
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * profile, <code>ARTIFACT</code> profile, <code>AttributeQuery</code> and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * <code>AuthorizationDecisionQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param assertions a list of authentication assertions returned from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        partner side, this will contains user's identity in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        the partner side. The object in the list will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        <code>com.sun.identity.saml.assertion.Assertion</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param sourceID source ID for the site from which the subject
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        originated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param targetURL value for <code>TARGET</code> query parameter when the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        user accessing the SAML aware servlet or post profile servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return Map which contains <code>NAME</code>, <code>ORG</code> and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         <code>ATTRIBUTE</code> keys, value of the <code>NAME</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         key is the user DN, value of the <code>ORG</code> is the user
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         organization  DN, value of the <code>ATTRIBUTE</code> is a Map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         containing key/value pairs which will be set as properties
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     *         on the OpenAM SSO token, the key is the SSO
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         property name, the value is a String value of the property.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         Returns empty map if the mapped user could not be obtained
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         from the subject.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public Map getUser(List assertions,String sourceID,String targetURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     * Returns user account in OpenAM to which the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * subject in the query is mapped. This method will be called in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * <code>AttributeQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param subjectQuery subject query returned from partner side,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        this will contains user's identity in the partner side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param sourceID source ID for the site from which the subject
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *        originated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @return Map which contains <code>NAME</code> and <code>ORG</code> keys,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         value of the <code>NAME<code> key is the user DN, value of the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         <code>ORG</code> is the user organization  DN. Returns empty map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         if the mapped user could not be obtained from the subject.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public Map getUser(SubjectQuery subjectQuery,String sourceID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}