/**
* Determines whether to release the login userid of the GuanxiPrincipal as a Subject/NameID in a
* SAML Response. If this needs to be done, the method adds a dummy attribute called "__NAMEID__"
* which is picked up later and converted to a Subject/NameID
*
* @param mapper the profile specific attribute mapper to use
* @param relyingParty the entityID of the entity looking for attributes
* @param attributes the attributes document that will hold the released attribute
*/
protected void processNameID(
AttributeMap mapper, String relyingParty, UserAttributesDocument.UserAttributes attributes) {
if (mapper.shouldReleaseNameID(relyingParty)) {
AttributorAttribute attribute = attributes.addNewAttribute();
attribute.setName("__NAMEID__");
}
}
/**
* Passes an attribute name and value through the ARP engine. If the name/value can be released,
* they will be added to the attributes document.
*
* @param arpEngine the ARP engine to use
* @param relyingParty the entityID of the entity looking for attributes
* @param attributeName the name of the attribute
* @param attributeValue the value of the attribute
* @param attributes the attributes document that will hold the released attribute
*/
protected void arp(
ARPEngine arpEngine,
String relyingParty,
String attributeName,
String attributeValue,
UserAttributesDocument.UserAttributes attributes) {
// Can we release the original attributes without mapping?
if (arpEngine.release(relyingParty, attributeName, attributeValue)) {
AttributorAttribute attribute = attributes.addNewAttribute();
attribute.setName(attributeName);
attribute.setValue(attributeValue);
logger.debug("Released attribute " + attributeName + " to " + relyingParty);
} else {
logger.debug("Attribute release blocked by ARP : " + attributeName + " to " + relyingParty);
}
}
/**
* Passes an attribute name and value through the Mapper and ARP engines. If the name/value can be
* released after being mapped, they will be added to the attributes document.
*
* @param arpEngine the ARP engine to use
* @param mapper the profile specific attribute mapper to use
* @param principal the GuanxiPrincipal for the user who's attributes are being requested
* @param relyingParty the entityID of the entity looking for attributes
* @param attributeName the name of the attribute
* @param attributeValue the value of the attribute
* @param attributeSet The complete set of attributes to allow cross referencing when mapping
* @param attributes the attributes document that will hold the released attribute
*/
protected void map(
ARPEngine arpEngine,
AttributeMap mapper,
GuanxiPrincipal principal,
String relyingParty,
String attributeName,
String attributeValue,
HashMap<String, String[]> attributeSet,
UserAttributesDocument.UserAttributes attributes) {
GuanxiAttribute mappedAttribute =
mapper.map(principal, relyingParty, attributeName, attributeValue, attributeSet);
if (mappedAttribute != null) {
for (int mapCount = 0; mapCount < mappedAttribute.getNames().size(); mapCount++) {
// Release the mapped attribute if appropriate
if (arpEngine.release(
relyingParty,
mappedAttribute.getNameAtIndex(mapCount),
mappedAttribute.getValueAtIndex(mapCount))) {
String mappedValue = mappedAttribute.getValueAtIndex(mapCount);
AttributorAttribute attribute = attributes.addNewAttribute();
attribute.setName(mappedAttribute.getNameAtIndex(mapCount));
attribute.setValue(mappedValue);
if (mappedAttribute.hasFriendlyNames()) {
attribute.setFriendlyName(mappedAttribute.getFriendlyNameAtIndex(mapCount));
}
logger.debug(
"Released attribute "
+ mappedAttribute.getNameAtIndex(mapCount)
+ " -> "
+ mappedValue
+ " to "
+ relyingParty);
} else {
logger.debug(
"Attribute release blocked by ARP : "
+ mappedAttribute.getNameAtIndex(mapCount)
+ " to "
+ relyingParty);
}
}
}
}