com.sun.identity.saml2.plugins

Interface SAML2IdentityProviderAdapter

public interface SAML2IdentityProviderAdapter

This interface SAML2IdentityProviderAdapter is used to perform specific tasks in the IdP

Method Summary

Modifier and Type	Method and Description
void	initialize(String hostedEntityID, String realm) Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.
boolean	preAuthentication(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Object session, String reqID, String relayState) Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication.
void	preSendFailureResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) Called before a SAML error message is returned.
boolean	preSendResponse(AuthnRequest authnRequest, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object session, String reqID, String relayState) This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed.
void	preSignResponse(AuthnRequest authnRequest, Response res, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, Object session, String relayState) Called after the SAML Response object is created, but before the Response is signed/encrypted.
boolean	preSingleSignOn(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, String reqID) Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side.

Method Detail

initialize

void initialize(String hostedEntityID,
                String realm)

Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.

Parameters:

hostedEntityID - entity ID for the hosted IDP

realm - realm of the hosted IDP

preSingleSignOn

boolean preSingleSignOn(String hostedEntityID,
                        String realm,
                        javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        AuthnRequest authnRequest,
                        String reqID)
                 throws SAML2Exception

Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side. If the authentication request is subsequently cached and retrieved, this method will not be called again. This method is not triggered in the case of IDP initiated SSO or a proxied request.

Parameters:

hostedEntityID - entity ID for the hosted IDP

realm - realm of the hosted IDP

request - servlet request

response - servlet response

authnRequest - the original authentication request sent from SP

reqID - the id to use for continuation of processing if the adapter redirects

Returns:

true if browser redirection is happening after processing, false otherwise. Default to false.

Throws:

SAML2Exception - for any exceptions occurring in the adapter. The federation process will continue.

preAuthentication

boolean preAuthentication(String hostedEntityID,
                          String realm,
                          javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response,
                          AuthnRequest authnRequest,
                          Object session,
                          String reqID,
                          String relayState)
                   throws SAML2Exception

Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication. This occurs when redirecting to authentication where there is no session, or during session upgrade. This method is not triggered in the case of IDP initiated SSO or a proxied request.

Parameters:

hostedEntityID - entity ID for the hosted IDP

realm - realm of the hosted IDP

request - servlet request

response - servlet response

authnRequest - the original authentication request sent from SP

session - the user session or null if the user has no session

reqID - the id to use for continuation of processing if the adapter redirects

relayState - the relayState that will be used in the redirect

Returns:

true if browser redirection is happening after processing, false otherwise. Default to false.

Throws:

SAML2Exception - for any exceptions occurring in the adapter. The federation process will continue.

preSendResponse

boolean preSendResponse(AuthnRequest authnRequest,
                        String hostProviderID,
                        String realm,
                        javax.servlet.http.HttpServletRequest request,
                        javax.servlet.http.HttpServletResponse response,
                        Object session,
                        String reqID,
                        String relayState)
                 throws SAML2Exception

This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed. Called after successful authentication (including session upgrade) or if a valid session already exists.

Parameters:

authnRequest - original authnrequest

hostProviderID - hosted providerID.

realm - realm of the hosted IDP

request - HttpServletRequest

response - HttpServletResponse

session - the user session or null if the user has no session

reqID - the id to use for continuation of processing if the adapter redirects

relayState - the relayState that will be used in the redirect

Returns:

true if browser redirection happened after processing, false otherwise. Default to false.

Throws:

SAML2Exception - if error occurs. The federation process will continue.

preSignResponse

void preSignResponse(AuthnRequest authnRequest,
                     Response res,
                     String hostProviderID,
                     String realm,
                     javax.servlet.http.HttpServletRequest request,
                     Object session,
                     String relayState)
              throws SAML2Exception

Called after the SAML Response object is created, but before the Response is signed/encrypted. When artifact binding is being used, this method is invoked when the response object is created, and not when the artifact is actually resolved. This extension point's purpose is to make it possible to adjust the content of the SAML response (for example by adding custom SAML extensions), hence this method does not provide a way to abort the SAML flow.

Parameters:

authnRequest - The original SAML Authentication Request (may be null if this was an IdP initiated SSO).

res - The SAML Response.

hostProviderID - The entity ID of the IdP.

realm - The realm the IdP belongs to.

request - The HttpServletRequest object.

session - The user session or null if the user has no session.

relayState - The relayState that will be used in the redirect

Throws:

SAML2Exception - If an error occurs. The federation process will continue.

preSendFailureResponse

void preSendFailureResponse(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response,
                            String faultCode,
                            String faultDetail)
                     throws SAML2Exception

Called before a SAML error message is returned. This method is not triggered during IDP initiated SSO.

Parameters:

request - HttpServletRequest

response - HttpServletResponse

faultCode - the fault code that will be returned in the SAML response

faultDetail - the fault detail that will be returned in the SAML response

Throws:

SAML2Exception - if error occurs. The federation process will continue.