Examples with SSOToken - com.iplanet.sso.SSOToken

Example 96 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class PolicyClientServlet method doGet.

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // Get query parameters
    String orgname = request.getParameter("orgname");
    if ((orgname == null) || (orgname.length() == 0)) {
        orgname = "/";
    }
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    String servicename = request.getParameter("servicename");
    String resource = request.getParameter("resource");
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    out.println(SampleConstants.HTML_HEADER);
    if ((username == null) || (password == null) || (servicename == null) || (resource == null)) {
        out.println(displayXML("Usage: " + request.getRequestURL() + "?username=<username>&password=<password>&orgname=<orgname>" + "&servicename=<servicename>&resource=<resource>"));
        out.println("</body></html>");
        return;
    }
    try {
        PolicyEvaluatorFactory pef = PolicyEvaluatorFactory.getInstance();
        PolicyEvaluator pe = pef.getPolicyEvaluator(servicename);
        AuthContext lc = authenticate(orgname, username, password, out);
        if (lc != null) {
            SSOToken token = lc.getSSOToken();
            Set actions = new HashSet();
            actions.add("GET");
            actions.add("POST");
            Map env = new HashMap();
            Set attrSet = new HashSet();
            attrSet.add("mail");
            env.put("Get_Response_Attributes", attrSet);
            out.println("<h5>USERID: " + username + "<br>");
            out.println("ORG: " + orgname + "<br>");
            out.println("SERVICE NAME: " + servicename + "<br>");
            out.println("RESOURCE: " + resource + "<br>");
            out.println("</h5><br>");
            out.println("----------getPolicyDecision() Test-----------");
            out.println("<br>");
            PolicyDecision pd = pe.getPolicyDecision(token, resource, actions, env);
            out.println(displayXML(pd.toXML()));
            out.println("End of Test.<br>");
        }
    } catch (Exception e) {
        e.printStackTrace(out);
    }
    out.println("</body></html>");
}

Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) HashMap(java.util.HashMap) AuthContext(com.sun.identity.authentication.AuthContext) HashMap(java.util.HashMap) Map(java.util.Map) PolicyEvaluatorFactory(com.sun.identity.policy.client.PolicyEvaluatorFactory) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) PrintWriter(java.io.PrintWriter) HashSet(java.util.HashSet)

Example 97 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class PolicyEvaluationSample method runSample.

public void runSample(String[] args) throws Exception {
    if (args.length == 0 || args.length > 1) {
        System.out.println("Missing argument:" + "properties file name not specified");
    } else {
        System.out.println("Using properties file:" + args[0]);
        Properties sampleProperties = getProperties(args[0]);
        SSOToken ssoToken = getSSOToken((String) sampleProperties.get("user.name"), (String) sampleProperties.get("user.password"));
        getPolicyDecision(ssoToken, (String) sampleProperties.get("service.name"), (String) sampleProperties.get("resource.name"), (String) sampleProperties.get("action.name"));
    }
}

Also used : SSOToken(com.iplanet.sso.SSOToken) Properties(java.util.Properties)

Example 98 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenAMResourceOwnerAuthenticator method createResourceOwner.

private ResourceOwner createResourceOwner(AuthContext authContext) throws Exception {
    SSOToken token = authContext.getSSOToken();
    final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
    return new OpenAMResourceOwner(id.getName(), id);
}

Also used : SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity)

Example 99 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenAMResourceOwnerAuthenticator method authenticate.

/**
     * {@inheritDoc}
     */
public ResourceOwner authenticate(OAuth2Request request, boolean useSession) throws NotFoundException {
    SSOToken token = null;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        token = mgr.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest()));
    } catch (Exception e) {
        logger.warning("No SSO Token in request", e);
    }
    if (token == null || !useSession) {
        final String username = request.getParameter(USERNAME);
        final char[] password = request.getParameter(PASSWORD) == null ? null : request.<String>getParameter(PASSWORD).toCharArray();
        final String realm = realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
        final String authChain = request.getParameter(AUTH_CHAIN);
        return authenticate(username, password, realm, authChain);
    } else {
        try {
            final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
            long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
            return new OpenAMResourceOwner(id.getName(), id, authTime);
        } catch (SSOException e) {
            logger.error("Unable to create ResourceOwner", e);
        } catch (ParseException e) {
            logger.error("Unable to create ResourceOwner", e);
        } catch (IdRepoException e) {
            logger.error("Unable to create ResourceOwner", e);
        }
    }
    return null;
}

Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) ParseException(java.text.ParseException) IdRepoException(com.sun.identity.idm.IdRepoException) ResourceException(org.restlet.resource.ResourceException) ParseException(java.text.ParseException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException)

Example 100 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getUserInfo.

/**
     * {@inheritDoc}
     */
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
    Map<String, Object> response = new HashMap<>();
    Bindings scriptVariables = new SimpleBindings();
    SSOToken ssoToken = getUsersSession(request);
    String realm;
    Set<String> scopes;
    AMIdentity id;
    OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
    try {
        if (token != null) {
            OpenIdConnectClientRegistration clientRegistration;
            try {
                clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
            } catch (InvalidClientException e) {
                logger.message("Unable to retrieve client from store.");
                throw new NotFoundException("No valid client registration found.");
            }
            final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
            //data comes from token when we have one
            realm = token.getRealm();
            scopes = token.getScope();
            id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
            response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
            response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
        } else {
            //otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
            realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
            id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
            String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
            scopes = splitScope(scopeStr);
        }
        scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
        scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
        scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
        scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
        scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
        scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
        ScriptObject script = getOIDCClaimsExtensionScript(realm);
        try {
            return scriptEvaluator.evaluateScript(script, scriptVariables);
        } catch (ScriptException e) {
            logger.message("Error running OIDC claims script", e);
            throw new ServerException("Error running OIDC claims script: " + e.getMessage());
        }
    } catch (ServerException e) {
        //API does not allow ServerExceptions to be thrown!
        throw new NotFoundException(e.getMessage());
    } catch (SSOException e) {
        throw new NotFoundException(e.getMessage());
    }
}

Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) SSOException(com.iplanet.sso.SSOException) SimpleBindings(javax.script.SimpleBindings) Bindings(javax.script.Bindings) ScriptException(javax.script.ScriptException) SimpleBindings(javax.script.SimpleBindings) AMIdentity(com.sun.identity.idm.AMIdentity) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) JSONObject(org.json.JSONObject) ScriptObject(org.forgerock.openam.scripting.ScriptObject) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Aggregations

SSOToken (com.iplanet.sso.SSOToken)776 SSOException (com.iplanet.sso.SSOException)390 Set (java.util.Set)226 SMSException (com.sun.identity.sm.SMSException)218 HashSet (java.util.HashSet)179 IdRepoException (com.sun.identity.idm.IdRepoException)144 HashMap (java.util.HashMap)130 Test (org.testng.annotations.Test)130 CLIException (com.sun.identity.cli.CLIException)117 Iterator (java.util.Iterator)115 AMIdentity (com.sun.identity.idm.AMIdentity)113 Map (java.util.Map)113 IOutput (com.sun.identity.cli.IOutput)99 IOException (java.io.IOException)68 List (java.util.List)57 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56 IdType (com.sun.identity.idm.IdType)54 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53 EntitlementException (com.sun.identity.entitlement.EntitlementException)52 ServiceConfig (com.sun.identity.sm.ServiceConfig)52