SAML APIs 9-21
Return mapping information... System.out
.printlnCustomSAML2CredentialAttributeMapperImpl:mapSubject: Mapped subject: qualifier:
+ nameQualifier + , name:
+ userName + , groups:
+ groups; return new SAML2NameMapperInfonameQualifier, userName, groups;
}
private CollectionSAML2AttributeStatementInfo getAttributeStatementInfo Subject subject, ContextHandler handlers {
CollectionSAML2AttributeInfo attrs = new ArrayListSAML2AttributeInfo; SAML2AttributeInfo attrInfo = new SAML2AttributeInfo
AttributeWithSingleValue, ValueOfAttributeWithSingleValue; attrInfo.setAttributeNameFormaturn:oasis:names:tc:SAML:2.0:attrname-format:basic
; attrs.addattrInfo;
ArrayListString v = new ArrayListString; v.addValue1OfAttributeWithMultipleValue;
v.addValue2OfAttributeWithMultipleValue; v.addValue3OfAttributeWithMultipleValue;
SAML2AttributeInfo attrInfo1 = new SAML2AttributeInfo AttributeWithMultipleValue, v;
attrInfo.setAttributeNameFormaturn:oasis:names:tc:SAML:2.0:attrname-format:basic ;
attrs.addattrInfo1; :
: CollectionSAML2AttributeStatementInfo attrStatements = new
ArrayListSAML2AttributeStatementInfo; attrStatements.addnew SAML2AttributeStatementInfoattrs;
attrStatements.addnew SAML2AttributeStatementInfoattrs1; return attrStatements;
} }
Use the WebLogic Server Administration Console to configure the User Name Mapper class name to the fully-qualified class name of this mapper implementation, as
described in Section 9.4.8, Make the Custom SAML Credential Attribute Mapper
Class Available in the Console .
The attributes encapsulated in the collection of SAML2AttributeStatementInfo objects returned by the custom mapper implementation are included in the generated
assertions by the SAML 2.0 Credential Mapping provider.
9.4.6.2 Custom SAML 2.0 Identity Asserter Attribute Mapper
Example 9–7 shows an example implementation of
SAML2IdentityAsserterNameMapper and SAML2IdentityAsserterAttributeMapper.
9-22 Programming Security for Oracle WebLogic Server
Example 9–7 Custom SAML 2.0 Identity Asserter Attribute Mapper
public class CustomSAML2IdentityAsserterAttributeMapperImpl implements SAML2IdentityAsserterNameMapper, SAML2IdentityAsserterAttributeMapper {
same as SAML2NameMapperImpl public String mapNameInfoSAML2NameMapperInfo info, ContextHandler handler {
Get the user name ... String userName = info.getName;
System.out .printlnCustomSAML2IdentityAsserterAttributeMapperImpl:mapNameInfo: returning
name: + userName;
return userName; }
} :
: public CollectionObject mapAttributeInfo0
CollectionSAML2AttributeStatementInfo attrStmtInfos, ContextHandler contextHandler {
if attrStmtInfos == null || attrStmtInfos.size == 0 { System.out
.printlnCustomIAAttributeMapperImpl: attrStmtInfos has no elements; return null;
} CollectionObject customAttrs = new ArrayListObject;
for SAML2AttributeStatementInfo stmtInfo : attrStmtInfos { CollectionSAML2AttributeInfo attrs = stmtInfo.getAttributeInfo;
if attrs == null || attrs.size == 0 { System.out
.printlnCustomIAAttributeMapperImpl: no attribute in statement: + stmtInfo.toString;
} else { for SAML2AttributeInfo attr : attrs {
if attr.getAttributeName.equalsAttributeWithSingleValue{ CustomPrincipal customAttr1 = new CustomPrincipalattr
.getAttributeName, attr.getAttributeNameFormat, attr.getAttributeValues;
customAttrs.addcustomAttr1; }else{
String customAttr = new StringBuffer.append attr.getAttributeName.append,.append
attr.getAttributeValues.toString; customAttrs.addcustomAttr;
} }
} }
return customAttrs; }
public CollectionPrincipal mapAttributeInfo CollectionSAML2AttributeStatementInfo attrStmtInfos,
ContextHandler contextHandler { if attrStmtInfos == null || attrStmtInfos.size == 0 {
System.out .printlnCustomIAAttributeMapperImpl: attrStmtInfos has no elements;
SAML APIs 9-23
return null; }
CollectionPrincipal pals = new ArrayListPrincipal; for SAML2AttributeStatementInfo stmtInfo : attrStmtInfos {
CollectionSAML2AttributeInfo attrs = stmtInfo.getAttributeInfo; if attrs == null || attrs.size == 0 {
System.out .printlnCustomIAAttributeMapperImpl: no attribute in statement:
+ stmtInfo.toString; } else {
for SAML2AttributeInfo attr : attrs { CustomPrincipal pal = new CustomPrincipalattr
.getAttributeName, attr.getAttributeNameFormat, attr.getAttributeValues;
pals.addpal; }
} }
return pals; }
The SAML 2.0 IdentityAssertion provider makes the attributes from a SAML assertion available to consumers via the subject.
Use the WebLogic Server Administration Console to configure the User Name Mapper class name to the fully-qualified class name of this mapper implementation, as
described in Section 9.4.9, Make the Custom SAML Identity Asserter Class Available
in the Console .
If you are allowing virtual users to log in via SAML, you need to create and configure an instance of the SAML Authentication provider. For information, see Configuring
the SAML Authentication Provider.
If the virtual user is enabled and SAML Authenticator provider configured, the attributes returned by the custom attribute mapper are added into the subject.
The attributes returned by the mapper are stored as subject principals or private credentials, depending on the class type of the mapped attributes. Specifically, if the
mapper returns a collection of Principal objects, the mapped attributes are stored into the subject principal set. Otherwise, the subject private credential set is used to
carry the mapped attributes. The example code shows both approaches.
Your application code needs to know the class type of the object that the mapper uses to represent attributes added to the subject. Applications can retrieve the SAML
attributes from the subject private credential or principal set, given the class type that the customer attribute mapper uses to represent the attributes.
9.4.7 Examples of the SAML 1.1 Attribute Interfaces