com.adobe.idp.um.spi.authentication
Interface IdentityResolver


public interface IdentityResolver

Interface allowing extensions to the AuthProvider to allow resolving the user identity based on the authentication details provided. These extensions if configured would be invoked once the authentication details have been validated. The resolver can then interpret the authentication details to identify the user and thus override the default implementation.

Registration - Registering the Identity resolver would depend on the type of authentication detail it would deal with. To register it the resolver provider must configure a property identityResolver with the corresponding authentication provider configuration. Its value should be the name of the DSC which implements the IdentityResolver interface. Currently two AuthProviders support this extension point


Method Summary
 User resolve(java.util.Map credential)
          Invoked to resolve the user identity.
 

Method Detail

resolve

User resolve(java.util.Map credential)
Invoked to resolve the user identity. The resolver can use the authentication details to look up the user which is already present or create the user from the data present in the authentication details passed in the credential map.

Depending on the AuthProvider with which the resolver is registered it would get the required authentication details. For e.g if it is registered with a SAML AuthProvider then the SAML assertion XML would would be passed to it in the credential map.

Creating Users - If required the resolver can use the information present in the passed details to create the user if it is not already present. For e.g in case of SAML authentication the SAML assertion may have some user related attributes which can be used.

           DirectoryManager dm = new DirectoryManagerServiceClient(ServiceClientFactory.createInstance());
           User u = UMBaseLibrary.createUser(userId, domainName, userId);
           //Set other user properties from the authentication details
           dm.createLocalUser(u,pwd);
 

In above code example we create the User and then set its properties like email, org etc from the details present in authentication detail. Then the user is created using the DirectoryManager api

Note - The resolver is invoked using system Context hence it can create users without need to pass an explicit Context to the ServiceClientFactory

Parameters:
credential - a map containing the passed authentication details.
Returns:
a user as identified from the passed information
See Also:
UMConstants.AuthenticationOptions.THIRD_PARTY_SAML_ASSERTION, UMConstants.AuthenticationOptions.USER_CERTIFICATE