com.tivoli.am.fim.trustserver.sts.utilities
Class IDMappingExtUtils

java.lang.Object
  com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils

public class IDMappingExtUtils
extends java.lang.Object

Implementation for STS Mapping Extension Functions. These functions can be called from XSLT mapping rules by declaring the following in the root <xsl:stylesheet> element: xmlns:mapping-ext="com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils" extension-element-prefixes="mapping-ext" Then using the following format in the body of the mapping rule:

Field Summary

static com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCache	_cache
static java.lang.String	ALIAS_TYPE_OLD
static java.lang.String	ALIAS_TYPE_PARTNER
static java.lang.String	ALIAS_TYPE_SELF
static java.lang.String	IDMappingExtUtils_java_copyright
static java.lang.String	IDMappingExtUtils_java_sourceCodeID

Constructor Summary

IDMappingExtUtils()

Method Summary

static boolean	addAliasForUser(java.lang.String fedContextId, java.lang.String username, java.lang.String alias) addAliasForUser will store a mapping from the given federation context id and username to the given alias.
static boolean	addAliasForUser(java.lang.String fedContextId, java.lang.String username, java.lang.String alias, java.lang.String aliasType) addAliasForUser will store a mapping from the given federation context id and username to the given alias.
static java.lang.String	generateHmacSecretKey(int keyLength) Generate Hmac Secret Key for the length specified.
static java.lang.String	getCurrentTimeStringUTC() Returns the current time in UTC in XML format.
static com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCache	getIDMappingExtCache()
protected static com.tivoli.am.fim.config.feds.EntityGroup	getOTPEntityGroup(java.lang.String federationIdentifier) Return the first entity group that its name or id matches the specified federation identifier.
protected static java.util.Vector	getQueryServiceAttributes(org.w3c.dom.Element e) Recursively find any claims elements.
static java.lang.String	getSPSSessionData(java.lang.String key) Retrieves a String value from the user's Single Sign-on Protocol Service (SPS) session based on a key
static java.lang.String	getSPSSessionID() Returns an id that is guaranteed to be consistent across multiple federation contexts within the Single Sign-On Protocol Service (SPS).
static java.lang.String	getTimeStringUTC(int year, int month, int day, int hour, int minute, int second) Constructs a time string in XML format based on the specified year, month, day, hour, minute and second.
static java.lang.String	lookupAliasesForUserAsDelimitedString(java.lang.String fedContextId, java.lang.String username, java.lang.String delimiter) Returns the list of aliases associated with a given username within a given federation context id.
static java.lang.String	lookupAliasesForUserAsDelimitedString(java.lang.String fedContextId, java.lang.String username, java.lang.String delimiter, java.lang.String aliasType) Returns the list of aliases associated with a given username within a given federation context id.
static java.lang.String[]	lookupAliasesForUserAsStringArray(java.lang.String fedContextId, java.lang.String username) Returns the list of aliases associated with a given username within a given federation context id.
static java.lang.String[]	lookupAliasesForUserAsStringArray(java.lang.String fedContextId, java.lang.String username, java.lang.String aliasType) Returns the list of aliases associated with a given username within a given federation context id.
static java.lang.String	lookupUserFromAlias(java.lang.String fedContextId, java.lang.String alias) Finds and returns the user associated with the given alias within the given federation context id (scope of the alias->username mapping).
static java.lang.String	lookupUserFromAlias(java.lang.String fedContextId, java.lang.String alias, java.lang.String aliasType) Finds and returns the user associated with the given alias within the given federation context id (scope of the alias->username mapping).
static QueryServiceAttribute[]	parseQueryServiceAttributes(java.lang.String claimsNode) Recursively searches the XML contained in the passed-in string looking for elements which have this format: <fimqs:Attribute xmlns:fimqs="urn:ibm:names:ITFIM:queryservice" name="openid.sreg.email" type="whatever&quote optional="true" /> If it finds elements that match this qname, they will be added to the result set.
static com.tivoli.am.fim.trustserver.sts.utilities.InfoCardClaim[]	parseRequestedClaims(java.lang.String claimsNode) Recursively searches the XML contained in the passed-in string looking for elements which have this format: <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true" /> If it finds elements that match this qname, they will be added to the result set.
static boolean	removeAliasForUser(java.lang.String fedContextId, java.lang.String username, java.lang.String alias) removeAliasForUser will remove a mapping from the given federation context id and username for the given alias.
static boolean	removeAliasForUser(java.lang.String fedContextId, java.lang.String username, java.lang.String alias, java.lang.String aliasType) removeAliasForUser will remove a mapping from the given federation context id and username for the given alias.
static java.lang.String	removeSecretKey(java.lang.String otpFederation, java.lang.String userInfoProviderType, java.lang.String user, java.lang.String secretKeyName, java.lang.String secretKeyNamespace) Stores the secret key for a user given the secretKeyName, secretKeyNamespace and secretKeyDatatype.
static java.lang.String	removeSPSSessionData(java.lang.String key) Removes a String value from the user's Single Sign-on Protocol Service (SPS) session based on a key
static java.lang.String	retrieveSecretKey(java.lang.String otpFederation, java.lang.String userInfoProviderType, java.lang.String user, java.lang.String secretKeyName, java.lang.String secretKeyNamespace) Stores the secret key for a user given the secretKeyName, secretKeyNamespace and secretKeyDatatype.
static void	setSPSSessionData(java.lang.String key, java.lang.String value) Stores a key/value String pair in the user's Single Sign-on Protocol Service (SPS) session
static void	storeSecretKey(java.lang.String otpFederation, java.lang.String userInfoProviderType, java.lang.String user, java.lang.String secretKeyName, java.lang.String secretKeyNamespace, java.lang.String value) Stores the secret key for a user given the secretKeyName, secretKeyNamespace and secretKeyDatatype.
static java.lang.String	subStringAfterLast(java.lang.String text, java.lang.String chars) Returns the substring of text after the last occurence of chars.
static java.lang.String	subStringBeforeLast(java.lang.String text, java.lang.String chars) Returns the substring of text before the last occurence of chars.
static void	throwSTSException(java.lang.String message) Used to throw STS Messages from XLST/Javascript mapping rules.
static void	throwSTSUserMessageException(java.lang.String message) Used to throw STSUserMessageException from XSLT/Javascript mapping rules The error message of this exception is displayed in the response to the client.
static void	traceString(java.lang.String str) Provides a convenient tracing mechanism for XSLT authors.
static java.lang.String	translatePPID(java.lang.String ppid) Tranlates a base64 encoded PPID string into a friendly display format according to the Information Card specifications.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

IDMappingExtUtils_java_sourceCodeID

public static final java.lang.String IDMappingExtUtils_java_sourceCodeID

See Also:

Constant Field Values

IDMappingExtUtils_java_copyright

public static final java.lang.String IDMappingExtUtils_java_copyright

See Also:

Constant Field Values

ALIAS_TYPE_SELF

public static final java.lang.String ALIAS_TYPE_SELF

See Also:

Constant Field Values

ALIAS_TYPE_PARTNER

public static final java.lang.String ALIAS_TYPE_PARTNER

See Also:

Constant Field Values

ALIAS_TYPE_OLD

public static final java.lang.String ALIAS_TYPE_OLD

See Also:

Constant Field Values

_cache

public static com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCache _cache

Constructor Detail

IDMappingExtUtils

public IDMappingExtUtils()

Method Detail

throwSTSException

public static void throwSTSException(java.lang.String message)
                              throws com.tivoli.am.fim.trustserver.sts.STSException

Used to throw STS Messages from XLST/Javascript mapping rules.

Parameters:

message -

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

throwSTSUserMessageException

public static void throwSTSUserMessageException(java.lang.String message)
                                         throws com.tivoli.am.fim.trustserver.sts.utilities.STSUserMessageException

Used to throw STSUserMessageException from XSLT/Javascript mapping rules The error message of this exception is displayed in the response to the client.

Parameters:

message -

Throws:

com.tivoli.am.fim.trustserver.sts.utilities.STSUserMessageException

translatePPID

public static java.lang.String translatePPID(java.lang.String ppid)

Tranlates a base64 encoded PPID string into a friendly display format according to the Information Card specifications. If the input string cannot be translated for any reason, the input string will be returned.

Parameters:

ppid -

Returns:

String

subStringAfterLast

public static java.lang.String subStringAfterLast(java.lang.String text,
                                                  java.lang.String chars)

Returns the substring of text after the last occurence of chars. If chars is not present in text, returns text. If chars is same as text, or occurs at end of text, returns the empty string.

Parameters:

text -

chars -

Returns:

String

subStringBeforeLast

public static java.lang.String subStringBeforeLast(java.lang.String text,
                                                   java.lang.String chars)

Returns the substring of text before the last occurence of chars. If chars is not present in text, returns text. If last occurence of chars is at start of text, returns the empty string.

Parameters:

text -

chars -

Returns:

String

parseRequestedClaims

public static com.tivoli.am.fim.trustserver.sts.utilities.InfoCardClaim[] parseRequestedClaims(java.lang.String claimsNode)

Recursively searches the XML contained in the passed-in string looking for elements which have this format:

                             <wsid:ClaimType
                             xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity"
                             Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
                             Optional="true" />

 

If it finds elements that match this qname, they will be added to the result set. If the passed in string cannot be parsed as XML, an empty array will be returned.

Parameters:

claimsNode -

Returns:

parseQueryServiceAttributes

public static QueryServiceAttribute[] parseQueryServiceAttributes(java.lang.String claimsNode)

Recursively searches the XML contained in the passed-in string looking for elements which have this format:

                             <fimqs:Attribute
                             xmlns:fimqs="urn:ibm:names:ITFIM:queryservice"
                             name="openid.sreg.email"
                             type="whatever&quote
                             optional="true" />

 

If it finds elements that match this qname, they will be added to the result set. If the passed in string cannot be parsed as XML, an empty array will be returned.

Parameters:

claimsNode -

Returns:

getQueryServiceAttributes

protected static java.util.Vector getQueryServiceAttributes(org.w3c.dom.Element e)

Recursively find any claims elements.

Parameters:

e -

Returns:

Vector

addAliasForUser

public static boolean addAliasForUser(java.lang.String fedContextId,
                                      java.lang.String username,
                                      java.lang.String alias)
                               throws com.tivoli.am.fim.trustserver.sts.STSException

addAliasForUser will store a mapping from the given federation context id and username to the given alias. The federation context identifier should be an identifier which scopes the mapping of the username to the alias. This method adds the alias to the "SELF" category.

Parameters:

fedContextId - - the federation context id

username - - the TFIM username

alias - - the alias to associate with the username within the given federation context id

Returns:

- true if the storage of the alias succeeded, false otherwise

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

addAliasForUser

public static boolean addAliasForUser(java.lang.String fedContextId,
                                      java.lang.String username,
                                      java.lang.String alias,
                                      java.lang.String aliasType)
                               throws com.tivoli.am.fim.trustserver.sts.STSException

addAliasForUser will store a mapping from the given federation context id and username to the given alias. The federation context identifier should be an identifier which scopes the mapping of the username to the alias.

Parameters:

fedContextId - - the federation context id

username - - the TFIM username

alias - - the alias to associate with the username within the given federation context id

aliasType - - the type of alias to add. Must be "self", "partner", or "old".

Returns:

- true if the storage of the alias succeeded, false otherwise

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

removeAliasForUser

public static boolean removeAliasForUser(java.lang.String fedContextId,
                                         java.lang.String username,
                                         java.lang.String alias)
                                  throws com.tivoli.am.fim.trustserver.sts.STSException

removeAliasForUser will remove a mapping from the given federation context id and username for the given alias. The federation context identifier should be an identifier which scopes the mapping of the username to the alias. This method removes the alias from the "self" category.

Parameters:

fedContextId - - the federation context id

username - - the TFIM username

alias - - the alias associated with the username within the given federation context id

Returns:

- true if the removal of the alias mapping succeeded (or the alias was not associated with the username in the given federation context), false otherwise

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

removeAliasForUser

public static boolean removeAliasForUser(java.lang.String fedContextId,
                                         java.lang.String username,
                                         java.lang.String alias,
                                         java.lang.String aliasType)
                                  throws com.tivoli.am.fim.trustserver.sts.STSException

removeAliasForUser will remove a mapping from the given federation context id and username for the given alias. The federation context identifier should be an identifier which scopes the mapping of the username to the alias.

Parameters:

fedContextId - - the federation context id

username - - the TFIM username

alias - - the alias associated with the username within the given federation context id

aliasType - - the type of alias to remove, must be "self", "partner", or "old".

Returns:

- true if the removal of the alias mapping succeeded (or the alias was not associated with the username in the given federation context), false otherwise

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

lookupUserFromAlias

public static java.lang.String lookupUserFromAlias(java.lang.String fedContextId,
                                                   java.lang.String alias)
                                            throws com.tivoli.am.fim.trustserver.sts.STSException

Finds and returns the user associated with the given alias within the given federation context id (scope of the alias->username mapping). This method returns "SELF" aliases only.

Parameters:

fedContextId - - the federation context id

alias - - the alias of the associated user within the given federation context id

Returns:

- The username if the alias was mapped to a user, or the empty string if the alias could not be mapped to a user

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

lookupUserFromAlias

public static java.lang.String lookupUserFromAlias(java.lang.String fedContextId,
                                                   java.lang.String alias,
                                                   java.lang.String aliasType)
                                            throws com.tivoli.am.fim.trustserver.sts.STSException

Finds and returns the user associated with the given alias within the given federation context id (scope of the alias->username mapping).

Parameters:

fedContextId - - the federation context id

alias - - the alias of the associated user within the given federation context id

aliasType - - the type of alias to search for. Valid values are "self", "parnter", or "old".

Returns:

- The username if the alias was mapped to a user, or the empty string if the alias could not be mapped to a user

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

lookupAliasesForUserAsStringArray

public static java.lang.String[] lookupAliasesForUserAsStringArray(java.lang.String fedContextId,
                                                                   java.lang.String username)
                                                            throws com.tivoli.am.fim.trustserver.sts.STSException

Returns the list of aliases associated with a given username within a given federation context id.

Parameters:

fedContextId - - the federation context id

username - - the username for which to search for aliases

Returns:

The list of aliases for the user within the given federation context id, otherwise an empty array.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

lookupAliasesForUserAsStringArray

public static java.lang.String[] lookupAliasesForUserAsStringArray(java.lang.String fedContextId,
                                                                   java.lang.String username,
                                                                   java.lang.String aliasType)
                                                            throws com.tivoli.am.fim.trustserver.sts.STSException

Returns the list of aliases associated with a given username within a given federation context id.

Parameters:

fedContextId - - the federation context id

username - - the username for which to search for aliases

aliasType - - the type of alias to search.

Returns:

The list of aliases for the user within the given federation context id, otherwise an empty array.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

lookupAliasesForUserAsDelimitedString

public static java.lang.String lookupAliasesForUserAsDelimitedString(java.lang.String fedContextId,
                                                                     java.lang.String username,
                                                                     java.lang.String delimiter)
                                                              throws com.tivoli.am.fim.trustserver.sts.STSException

Returns the list of aliases associated with a given username within a given federation context id. The aliases are returned in a single string, separated by a user-supplied delimiter. This is useful for XSLT mapping rules that may want to use this as an extension function since they cannot manage an array return value.

Parameters:

fedContextId - - the federation context id

username - - the username for which to search for aliases

delimiter - - the string delimiter to put between aliases in the return value

Returns:

The list of aliases for the user within the given federation context id, otherwise an empty array.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

lookupAliasesForUserAsDelimitedString

public static java.lang.String lookupAliasesForUserAsDelimitedString(java.lang.String fedContextId,
                                                                     java.lang.String username,
                                                                     java.lang.String delimiter,
                                                                     java.lang.String aliasType)
                                                              throws com.tivoli.am.fim.trustserver.sts.STSException

Returns the list of aliases associated with a given username within a given federation context id. The aliases are returned in a single string, separated by a user-supplied delimiter. This is useful for XSLT mapping rules that may want to use this as an extension function since they cannot manage an array return value.

Parameters:

fedContextId - - the federation context id

username - - the username for which to search for aliases

delimiter - - the string delimiter to put between aliases in the return value

aliasType - - the type of alias to lookup

Returns:

The list of aliases for the user within the given federation context id, otherwise an empty array.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

traceString

public static void traceString(java.lang.String str)

Provides a convenient tracing mechanism for XSLT authors. You can invoke it like this:

Parameters:

str - - String to trace

getCurrentTimeStringUTC

public static java.lang.String getCurrentTimeStringUTC()

Returns the current time in UTC in XML format. As this timestamp will generally be consumed in OpenID federations with PAPE enabled, the generated timestamp does NOT contain a millisecond field.

Returns:

getTimeStringUTC

public static java.lang.String getTimeStringUTC(int year,
                                                int month,
                                                int day,
                                                int hour,
                                                int minute,
                                                int second)

Constructs a time string in XML format based on the specified year, month, day, hour, minute and second. The time specified is assumed to be in UTC aka Zulu time. Years must be fully specified (eg "1999" not "99").

Parameters:

year -

month -

day -

hour -

minute -

second -

timeZone -

Returns:

getIDMappingExtCache

public static com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCache getIDMappingExtCache()

getSPSSessionID

public static java.lang.String getSPSSessionID()

Returns an id that is guaranteed to be consistent across multiple federation contexts within the Single Sign-On Protocol Service (SPS). This method will only return a value if the mapping module where it is being called from is part of a chain that has been invoked by the Single Sign-On Protocol Service (SPS) (a built-in federation, USC or OTP). This value can be used as a key to store state across federation contexts such as User Self Care (USC) and One Time Password (OTP).

Returns:

a session id for the Single Sign-on Protocol Service (SPS)

setSPSSessionData

public static void setSPSSessionData(java.lang.String key,
                                     java.lang.String value)

Stores a key/value String pair in the user's Single Sign-on Protocol Service (SPS) session

Parameters:

key - the key used to store the entry

value - the value to store in the user's session

getSPSSessionData

public static java.lang.String getSPSSessionData(java.lang.String key)

Retrieves a String value from the user's Single Sign-on Protocol Service (SPS) session based on a key

Parameters:

key - the key used to retrieve the entry

Returns:

the value associated with this key in the user's session, or null if a value for the key doesn't exist

removeSPSSessionData

public static java.lang.String removeSPSSessionData(java.lang.String key)

Removes a String value from the user's Single Sign-on Protocol Service (SPS) session based on a key

Parameters:

key - the key used to remove the entry

Returns:

the value associated with this key in the user's session, or null if a value for the key doesn't exist

generateHmacSecretKey

public static java.lang.String generateHmacSecretKey(int keyLength)
                                              throws com.tivoli.am.fim.trustserver.sts.STSException

Generate Hmac Secret Key for the length specified.

Parameters:

keyLengh - the length of the key to generate. The keyLength should be multiples of 5.

Returns:

the base32 encoded generate key

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

storeSecretKey

public static void storeSecretKey(java.lang.String otpFederation,
                                  java.lang.String userInfoProviderType,
                                  java.lang.String user,
                                  java.lang.String secretKeyName,
                                  java.lang.String secretKeyNamespace,
                                  java.lang.String value)
                           throws com.tivoli.am.fim.trustserver.sts.STSException

Stores the secret key for a user given the secretKeyName, secretKeyNamespace and secretKeyDatatype.

Parameters:

otpFederation - - OTP federation name or group id.

userInfoProviderType - - OTP user info provider type.

user - - user name

secretKeyName - - secret key attribute name.

secretKeyNamespace - - secret key attribute namespace.

secretKeyDatatype - - secret key attribute datatype.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

retrieveSecretKey

public static java.lang.String retrieveSecretKey(java.lang.String otpFederation,
                                                 java.lang.String userInfoProviderType,
                                                 java.lang.String user,
                                                 java.lang.String secretKeyName,
                                                 java.lang.String secretKeyNamespace)
                                          throws com.tivoli.am.fim.trustserver.sts.STSException

Stores the secret key for a user given the secretKeyName, secretKeyNamespace and secretKeyDatatype.

Parameters:

otpFederation - - OTP federation name or group id.

userInfoProviderType - - OTP user info provider type.

user - - user name

secretKeyName - - secret key attribute name.

secretKeyNamespace - - secret key attribute namespace.

secretKeyDatatype - - secret key attribute datatype.

Returns:

The retrieved secret key or null if not found.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

removeSecretKey

public static java.lang.String removeSecretKey(java.lang.String otpFederation,
                                               java.lang.String userInfoProviderType,
                                               java.lang.String user,
                                               java.lang.String secretKeyName,
                                               java.lang.String secretKeyNamespace)
                                        throws com.tivoli.am.fim.trustserver.sts.STSException

Stores the secret key for a user given the secretKeyName, secretKeyNamespace and secretKeyDatatype.

Parameters:

otpFederation - - OTP federation name or group id.

userInfoProviderType - - OTP user info provider type.

user - - user name

secretKeyName - - secret key attribute name.

secretKeyNamespace - - secret key attribute namespace.

secretKeyDatatype - - secret key attribute datatype.

Returns:

The retrieved secret key or null if not found.

Throws:

com.tivoli.am.fim.trustserver.sts.STSException

getOTPEntityGroup

protected static com.tivoli.am.fim.config.feds.EntityGroup getOTPEntityGroup(java.lang.String federationIdentifier)

Return the first entity group that its name or id matches the specified federation identifier.

Parameters:

federationIdentifier -

Returns:

entityGroup