in src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java [464:503]
User doUserManagement(final Assertion assertion) {
if (assertion == null ||
assertion.getAttributeStatements().isEmpty() ||
assertion.getAttributeStatements().get(0).getAttributes().isEmpty()) {
logger.warn("SAML Assertion Attribute Statement or Attributes was null ");
return null;
}
// start a user object
Saml2User saml2User = new Saml2User();
// iterate the attribute assertions
for (Attribute attribute : assertion.getAttributeStatements().get(0).getAttributes()) {
if (attribute.getName().equals(this.getSaml2userIDAttr())) {
setUserId(attribute, saml2User);
} else if (attribute.getName().equals(this.getSaml2groupMembershipAttr())) {
setGroupMembership(attribute, saml2User);
} else if (this.getSyncAttrMap() != null && this.getSyncAttrMap().containsKey(attribute.getName())){
syncUserAttributes(attribute, saml2User, this.getSyncAttrMap().get(attribute.getName()));
}
}
boolean setUpOk = saml2UserMgtService.setUp();
if (setUpOk && saml2User != null && saml2User.getId() != null) {
User samlUser;
if(Objects.nonNull(getSaml2userHome()) && !getSaml2userHome().isEmpty()){
samlUser = saml2UserMgtService.getOrCreateSamlUser(saml2User, this.getSaml2userHome());
} else {
samlUser = saml2UserMgtService.getOrCreateSamlUser(saml2User);
}
saml2UserMgtService.updateGroupMembership(saml2User);
saml2UserMgtService.updateUserProperties(saml2User);
return samlUser;
} else if (saml2User != null && saml2User.getId() == null){
saml2UserMgtService.cleanUp();
throw new SAML2RuntimeException("SAML2 User ID attribute name (saml2userIDAttr) is not correctly configured.");
}
saml2UserMgtService.cleanUp();
return null;
}