DefaultLibrarySPAccountMapper.java revision 07856bf23b706ef4e3654388d9ca26a720e0ad6a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: DefaultLibrarySPAccountMapper.java,v 1.12 2009/03/12 20:34:45 huacui Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Portions Copyrighted 2013-2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.datastore.DataStoreProviderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Attribute;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AttributeStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.EncryptedAttribute;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.EncryptedID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.forgerock.openam.utils.CollectionUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class <code>DefaultLibrarySPAccountMapper</code> is the default implementation of the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SPAccountMapper</code> that is used to map the <code>SAML</code> protocol objects to the user accounts at the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ServiceProvider</code> side of SAML v2 plugin.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Custom implementations may extend from this class to override some of these implementations if they choose to do so.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class DefaultLibrarySPAccountMapper extends DefaultAccountMapper implements SPAccountMapper {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("DefaultLibrarySPAccountMapper.constructor: ");
* Returns the user's distinguished name or the universal ID for the corresponding <code>SAML Assertion</code>. This
* method will be invoked by the <code>SAML</code> framework while processing the <code>Assertion</code> and
* The implementation of this method first checks if the NameID-Format is transient and returns the transient user.
public String getIdentity(Assertion assertion, String hostEntityID, String realm) throws SAML2Exception {
if (isTransient) {
return userID;
return userID;
return null;
* @return The transient user id configured in entity configuration, or null if not configured or failed for any
* @return Auto federation mapped user from the assertion auto federation <code>AttributeStatement</code>. if the
* statement does not have the auto federation attribute then the NameID value will be used if use NameID as SP user
protected String getAutoFedUser(String realm, String entityID, Assertion assertion, String decryptedNameID)
throws SAML2Exception {
return null;
return null;
+ autoFedAttribute);
debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation attribute is not specified"
return null;
debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Trying now to autofederate with nameID"
return userId;
return null;
* @return <code>true</code> if dynamical profile creation or ignore profile is enabled, <code>false</code>
return null;
return null;
return null;