Interface IdentityResolver

public interface IdentityResolver

Interface allowing extensions to the AuthProvider to allow resolving the user identity based on the authentication details provided. These extensions if configured are invoked once the authentication details have been validated. The resolver can then interpret the authentication details to identify the user and override the default implementation.

Registration - Registering the Identity resolver would depend on the type of authentication detail it would deal with. To register it the resolver provider must configure a property identityResolver with the corresponding authentication provider configuration. Its value should be the name of the DSC which implements the IdentityResolver interface. Currently two AuthProviders support this extension point

Method Summary
 User resolve(java.util.Map credential)
          Invoked to resolve the user identity.

Method Detail


User resolve(java.util.Map credential)
Invoked to resolve the user identity. The resolver can use the authentication details to look up the user which is already present or create the user from the data present in the authentication details passed in the credential map.

Depending on the AuthProvider with which the resolver is registered, it would get the required authentication details. For example, if it is registered with a SAML AuthProvider, then the SAML assertion XML would be passed to it in the credential map.

Creating Users - If required the resolver can use the information present in the passed details to create the user if it is not already present. For example, in the case of SAML authentication, the SAML assertion may have some user related attributes which can be used.

           DirectoryManager dm = new DirectoryManagerServiceClient(ServiceClientFactory.createInstance());
           User u = UMBaseLibrary.createUser(userId, domainName, userId);
           //Set other user properties from the authentication details

In the previous code example, a User instance is created. Then the user is created using the DirectoryManager object's createLocalUser method.

Note - The resolver is invoked using system Context, therefore it can create users without needing to pass an explicit Context instance to the ServiceClientFactory.

credential - A map containing the passed authentication details.
A user as identified from the passed information.
See Also:
UMConstants.AuthenticationOptions.THIRD_PARTY_SAML_ASSERTION, UMConstants.AuthenticationOptions.USER_CERTIFICATE

[an error occurred while processing this directive] [an error occurred while processing this directive]