Package com.sun.identity.saml2.plugins
Interface SAML2IdentityProviderAdapter
-
@SupportedAll public interface SAML2IdentityProviderAdapter
This interfaceSAML2IdentityProviderAdapter
is used to perform specific tasks in the IdP
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description void
initialize(String hostedEntityID, String realm)
Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.boolean
preAuthentication(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Object session, String reqID, String relayState)
Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication.default void
preSendFailureResponse(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail)
Called before a SAML error message is returned.void
preSendFailureResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail)
Deprecated, for removal: This API element is subject to removal in a future version.boolean
preSendResponse(AuthnRequest authnRequest, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object session, String reqID, String relayState)
This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed.void
preSignResponse(AuthnRequest authnRequest, Response res, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, Object session, String relayState)
Called after the SAML Response object is created, but before the Response is signed/encrypted.boolean
preSingleSignOn(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, String reqID)
Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side.
-
-
-
Method Detail
-
initialize
void initialize(String hostedEntityID, String realm)
Initializes the federation adapter, this method will only be executed once after creation of the adapter instance.- Parameters:
hostedEntityID
- entity ID for the hosted IDPrealm
- realm of the hosted IDP
-
preSingleSignOn
boolean preSingleSignOn(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, String reqID) throws SAML2Exception
Invokes when OpenAM receives the authentication request for the first time from the SP, and is called before any processing started on the IDP side. If the authentication request is subsequently cached and retrieved, this method will not be called again. This method is not triggered in the case of IDP initiated SSO or a proxied request.- Parameters:
hostedEntityID
- entity ID for the hosted IDPrealm
- realm of the hosted IDPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SPreqID
- the id to use for continuation of processing if the adapter redirects- Returns:
- true if browser redirection is happening after processing, false otherwise. Default to false.
- Throws:
SAML2Exception
- for any exceptions occurring in the adapter. The federation process will continue.
-
preAuthentication
boolean preAuthentication(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthnRequest authnRequest, Object session, String reqID, String relayState) throws SAML2Exception
Invokes when OpenAM has received the authn request, processed it, and is ready to redirect to authentication. This occurs when redirecting to authentication where there is no session, or during session upgrade. This method is not triggered in the case of IDP initiated SSO or a proxied request.- Parameters:
hostedEntityID
- entity ID for the hosted IDPrealm
- realm of the hosted IDPrequest
- servlet requestresponse
- servlet responseauthnRequest
- the original authentication request sent from SPsession
- the user session or null if the user has no sessionreqID
- the id to use for continuation of processing if the adapter redirectsrelayState
- the relayState that will be used in the redirect- Returns:
- true if browser redirection is happening after processing, false otherwise. Default to false.
- Throws:
SAML2Exception
- for any exceptions occurring in the adapter. The federation process will continue.
-
preSendResponse
boolean preSendResponse(AuthnRequest authnRequest, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object session, String reqID, String relayState) throws SAML2Exception
This method is invoked before sending a non-error SAML2 Response, but before the SAML Response object is constructed. Called after successful authentication (including session upgrade) or if a valid session already exists.- Parameters:
authnRequest
- original authnrequesthostProviderID
- hosted providerID.realm
- realm of the hosted IDPrequest
- HttpServletRequestresponse
- HttpServletResponsesession
- the user session or null if the user has no sessionreqID
- the id to use for continuation of processing if the adapter redirectsrelayState
- the relayState that will be used in the redirect- Returns:
- true if browser redirection happened after processing, false otherwise. Default to false.
- Throws:
SAML2Exception
- if error occurs. The federation process will continue.
-
preSignResponse
void preSignResponse(AuthnRequest authnRequest, Response res, String hostProviderID, String realm, javax.servlet.http.HttpServletRequest request, Object session, String relayState) throws SAML2Exception
Called after the SAML Response object is created, but before the Response is signed/encrypted. When artifact binding is being used, this method is invoked when the response object is created, and not when the artifact is actually resolved. This extension point's purpose is to make it possible to adjust the content of the SAML response (for example by adding custom SAML extensions), hence this method does not provide a way to abort the SAML flow.- Parameters:
authnRequest
- The original SAML Authentication Request (may be null if this was an IdP initiated SSO).res
- The SAML Response.hostProviderID
- The entity ID of the IdP.realm
- The realm the IdP belongs to.request
- The HttpServletRequest object.session
- The user session or null if the user has no session.relayState
- The relayState that will be used in the redirect- Throws:
SAML2Exception
- If an error occurs. The federation process will continue.
-
preSendFailureResponse
@Deprecated(forRemoval=true, since="7.2.0") void preSendFailureResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) throws SAML2Exception
Deprecated, for removal: This API element is subject to removal in a future version.This was previously called before a SAML error message was returned - now superceded bypreSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String)
. This method is not triggered during IDP initiated SSO.- Parameters:
request
- HttpServletRequestresponse
- HttpServletResponsefaultCode
- the fault code that will be returned in the SAML responsefaultDetail
- the fault detail that will be returned in the SAML response- Throws:
SAML2Exception
- if error occurs. The federation process will continue.
-
preSendFailureResponse
default void preSendFailureResponse(String hostedEntityID, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String faultCode, String faultDetail) throws SAML2Exception
Called before a SAML error message is returned. This method is not triggered during IDP initiated SSO.- Parameters:
hostedEntityID
- The entity ID of the IdP.realm
- The realm the IdP belongs to.request
- HttpServletRequestresponse
- HttpServletResponsefaultCode
- the fault code that will be returned in the SAML responsefaultDetail
- the fault detail that will be returned in the SAML response- Throws:
SAML2Exception
- if error occurs. The federation process will continue.
-
-