import { EventEmitter } from 'eventemitter3';
import { Preferences } from '@neuroadapt/core';

export interface SSOProvider {
    name: string;
    type: 'saml' | 'oauth2' | 'oidc' | 'ldap' | 'active_directory';
    config: SSOProviderConfig;
    enabled: boolean;
}
export interface SSOProviderConfig {
    clientId?: string;
    clientSecret?: string;
    issuer?: string;
    authorizationURL?: string;
    tokenURL?: string;
    userInfoURL?: string;
    jwksURI?: string;
    redirectURI: string;
    scopes: string[];
    customClaims?: Record<string, string>;
    accessibilityClaimMapping?: AccessibilityClaimMapping;
}
export interface AccessibilityClaimMapping {
    preferencesClaim: string;
    roleClaim: string;
    departmentClaim: string;
    accessibilityNeedsClaim: string;
    accommodationsClaim: string;
}
export interface SSOUser {
    id: string;
    email: string;
    name: string;
    roles: string[];
    department?: string;
    accessibilityNeeds?: string[];
    accommodations?: string[];
    preferences?: Preferences;
    metadata?: Record<string, any>;
}
export interface SSOSession {
    sessionId: string;
    userId: string;
    accessToken: string;
    refreshToken?: string;
    idToken?: string;
    expiresAt: Date;
    scope: string[];
    provider: string;
}
export interface EnterprisePreferenceSync {
    enabled: boolean;
    bidirectional: boolean;
    syncInterval: number;
    conflictResolution: 'local' | 'remote' | 'merge' | 'ask_user';
    encryptionEnabled: boolean;
}
/**
 * Enterprise SSO Integration Manager
 */
export declare class SSOManager extends EventEmitter {
    private config;
    private providers;
    private activeSessions;
    private preferenceSync;
    constructor(config?: {
        defaultProvider?: string;
        sessionTimeout: number;
        refreshThreshold: number;
        encryptionKey?: string;
        auditLogging: boolean;
    });
    /**
     * Add SSO provider configuration
     */
    addProvider(provider: SSOProvider): void;
    /**
     * Remove SSO provider
     */
    removeProvider(providerName: string): void;
    /**
     * Initiate SSO authentication flow
     */
    authenticate(providerName?: string): Promise<{
        authUrl: string;
        state: string;
    }>;
    /**
     * Handle SSO callback and complete authentication
     */
    handleCallback(providerName: string, authorizationCode: string, state: string): Promise<SSOSession>;
    /**
     * Refresh access token
     */
    refreshToken(sessionId: string): Promise<SSOSession>;
    /**
     * Sign out user and cleanup session
     */
    signOut(sessionId: string): Promise<void>;
    /**
     * Get current user session
     */
    getSession(sessionId: string): SSOSession | undefined;
    /**
     * Validate session and check if token needs refresh
     */
    validateSession(sessionId: string): Promise<{
        valid: boolean;
        needsRefresh: boolean;
    }>;
    /**
     * Sync accessibility preferences with enterprise directory
     */
    syncAccessibilityPreferences(user: SSOUser, session: SSOSession, direction?: 'push' | 'pull' | 'bidirectional'): Promise<void>;
    /**
     * Configure preference synchronization
     */
    configurePreferenceSync(config: Partial<EnterprisePreferenceSync>): void;
    /**
     * Get analytics data for enterprise dashboard
     */
    getAnalytics(): {
        totalSessions: number;
        activeSessions: number;
        authenticationsByProvider: Record<string, number>;
        preferencesSynced: number;
        averageSessionDuration: number;
    };
    private initializeDefaultProviders;
    private startSessionMonitoring;
    private cleanupExpiredSessions;
    private getProvider;
    private generateState;
    private generateSessionId;
    private buildAuthorizationUrl;
    private validateState;
    private exchangeCodeForTokens;
    private getUserInfo;
    private mapUserInfo;
    private parseAccessibilityPreferences;
    private refreshAccessToken;
    private revokeTokens;
    private fetchRemotePreferences;
    private pushRemotePreferences;
    private mergePreferences;
    private logAuditEvent;
}
export default SSOManager;
//# sourceMappingURL=sso-integration.d.ts.map