Example 6 with GroupList
use of com.okta.sdk.resource.group.GroupList in project OpenUnison by TremoloSecurity.
the class OktaInsert method search.
@Override
public void search(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints) throws LDAPException {
OktaTarget os = null;
try {
os = (OktaTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.target).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new LDAPException("Could not connect to kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
// base search
if (scope.getValue() == 0) {
// dir root
if (base.getDN().equals(this.baseDN)) {
ArrayList<Entry> ret = new ArrayList<Entry>();
ret.add(new Entry(EntryUtil.createBaseEntry(this.baseDN)));
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} else {
if (this.users) {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
loadUserFromOkta(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name, base.getDN().toString(), true);
} else {
String name = ((RDN) base.getDN().getRDNs().get(0)).getValue();
Client okta = os.getOkta();
GroupList groupList = null;
Group fromOkta = null;
try {
ArrayList<Entry> ret = new ArrayList<Entry>();
loadGroupFromOkta(base, filter, name, okta, ret);
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
} catch (ResourceException e) {
if (e.getStatus() == 404) {
throw new LDAPException("group not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
} else {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
} catch (IllegalStateException e) {
throw new LDAPException("group not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
}
return;
}
} else /*else if (scope.getValue() == 1) {
if (base.getDN().equals(this.baseDN)) {
if (this.users) {
String name = userFromFilter(filter.getRoot());
loadUserFromOkta(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name,new StringBuilder().append("login=").append(name).append(",").append(base.getDN().toString()).toString(),false);
}
return;
}
}*/
{
// only subtree left
// String name = userFromFilter(filter.getRoot());
// loadUserFromOkta(chain, base, scope, filter, attributes, typesOnly, results, constraints, os, name,new StringBuilder().append("uid=").append(name).append(",").append(this.baseDN.toString()).toString(),false);
Client okta = os.getOkta();
Filter newFilter = new Filter(filter.getRoot().toString());
String finalOktaFilter = null;
if (this.cleanFilter(newFilter.getRoot())) {
StringBuffer filterForOkta = new StringBuffer();
this.stringFilter(newFilter.getRoot(), filterForOkta);
finalOktaFilter = filterForOkta.toString();
}
if (logger.isDebugEnabled()) {
logger.debug(newFilter.getRoot().toString());
}
if (this.users) {
UserList usersFromOkta = okta.listUsers(null, finalOktaFilter, null, null, null);
StringBuilder sb = new StringBuilder();
ArrayList<Entry> ret = new ArrayList<Entry>();
for (User user : usersFromOkta) {
if (logger.isDebugEnabled()) {
logger.debug(user);
}
sb.setLength(0);
sb.append("login=").append(user.getProfile().getLogin().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry ldapUser = createLdapUser(sb.toString(), user);
if (filter.getRoot().checkEntry(ldapUser)) {
ret.add(new Entry(ldapUser));
}
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
} else {
HashSet<String> groupsToLookup = new HashSet<String>();
HashSet<String> usersToLookup = new HashSet<String>();
loadGroups(filter.getRoot(), groupsToLookup, usersToLookup);
StringBuilder sb = new StringBuilder();
HashSet<String> processedGroups = new HashSet<String>();
ArrayList<Entry> ret = new ArrayList<Entry>();
if (usersToLookup.size() > 0) {
sb.setLength(0);
for (String username : usersToLookup) {
sb.append("profile.login eq \"").append(username).append("\" or ");
}
String searchFilter = sb.toString();
searchFilter = searchFilter.substring(0, searchFilter.length() - 3);
UserList users = okta.listUsers(null, searchFilter, null, null, null);
for (User fromOkta : users) {
GroupList memberships = fromOkta.listGroups();
for (Group groupFromOkta : memberships) {
if (!processedGroups.contains(groupFromOkta.getProfile().getName())) {
try {
processedGroups.add(groupFromOkta.getProfile().getName());
sb.setLength(0);
sb.append("name=").append(groupFromOkta.getProfile().getName().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry entry = new LDAPEntry(sb.toString());
try {
this.oktaGroup2Ldap(filter, ret, groupFromOkta, entry);
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
} catch (IllegalStateException e) {
// no nothing
}
}
}
}
}
if (groupsToLookup.size() > 0) {
for (String group : groupsToLookup) {
if (!processedGroups.contains(group)) {
GroupList groups = okta.listGroups(group, null, null);
processedGroups.add(group);
try {
Group groupFromOkta = groups.single();
sb.setLength(0);
sb.append("name=").append(groupFromOkta.getProfile().getName().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry entry = new LDAPEntry(sb.toString());
try {
this.oktaGroup2Ldap(filter, ret, groupFromOkta, entry);
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
} catch (IllegalStateException e) {
// no nothing
}
}
}
}
if (usersToLookup.size() == 0 && groupsToLookup.size() == 0) {
GroupList groups = okta.listGroups();
try {
for (Group groupFromOkta : groups) {
sb.setLength(0);
sb.append("name=").append(groupFromOkta.getProfile().getName().replace("+", "\\+")).append(",").append(this.baseDN.toString());
LDAPEntry entry = new LDAPEntry(sb.toString());
try {
this.oktaGroup2Ldap(filter, ret, groupFromOkta, entry);
} catch (UnsupportedEncodingException e) {
throw new LDAPException("Could not load group", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
} catch (IllegalStateException e) {
// no nothing
}
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
}
return;
}
}
Also used :
Group(com.okta.sdk.resource.group.Group)
User(com.okta.sdk.resource.user.User)
ArrayList(java.util.ArrayList)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPException(com.novell.ldap.LDAPException)
GroupList(com.okta.sdk.resource.group.GroupList)
Filter(net.sourceforge.myvd.types.Filter)
OktaTarget(com.tremolosecurity.unison.okta.provisioning.OktaTarget)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ResourceException(com.okta.sdk.resource.ResourceException)
AuthenticationClient(com.okta.authn.sdk.client.AuthenticationClient)
Client(com.okta.sdk.client.Client)
RDN(com.novell.ldap.util.RDN)
UserList(com.okta.sdk.resource.user.UserList)
HashSet(java.util.HashSet)
Example 7 with GroupList
use of com.okta.sdk.resource.group.GroupList in project OpenUnison by TremoloSecurity.
the class OktaTarget method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
com.okta.sdk.resource.user.User fromOkta = null;
try {
fromOkta = okta.getUser(user.getUserID());
} catch (ResourceException e) {
if (e.getStatus() != 404) {
throw new ProvisioningException("Could not lookup user", e);
}
}
if (fromOkta == null) {
this.createUser(user, attributes, request);
} else {
HashMap<String, String> changed = new HashMap<String, String>();
for (String attrName : user.getAttribs().keySet()) {
if (attributes.contains(attrName)) {
if (fromOkta.getProfile().get(attrName) == null || !((String) fromOkta.getProfile().get(attrName)).equalsIgnoreCase(user.getAttribs().get(attrName).getValues().get(0))) {
changed.put(attrName, user.getAttribs().get(attrName).getValues().get(0));
}
}
}
for (String attrName : changed.keySet()) {
fromOkta.getProfile().put(attrName, changed.get(attrName));
}
HashSet<String> groups = new HashSet<String>();
List<String> groupsToAdd = new ArrayList<String>();
for (Group group : fromOkta.listGroups()) {
groups.add(group.getProfile().getName());
}
for (String group : user.getGroups()) {
if (!groups.contains(group)) {
groupsToAdd.add(group);
}
}
for (String group : groupsToAdd) {
GroupList gl = okta.listGroups(group, null, null);
fromOkta.addToGroup(gl.iterator().next().getId());
}
for (String attrName : changed.keySet()) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, attrName, changed.get(attrName));
}
for (String group : groupsToAdd) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", group);
}
fromOkta.update();
List<Group> groupsToRemove = new ArrayList<Group>();
if (!addOnly) {
for (Group group : fromOkta.listGroups()) {
if (!user.getGroups().contains(group.getProfile().getName())) {
groupsToRemove.add(group);
}
}
for (Group g : groupsToRemove) {
if (!g.getProfile().getName().equals("Everyone")) {
g.removeUser(fromOkta.getId());
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "group", g.getProfile().getName());
}
}
}
}
}
Also used :
Group(com.okta.sdk.resource.group.Group)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
GroupList(com.okta.sdk.resource.group.GroupList)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ResourceException(com.okta.sdk.resource.ResourceException)
HashSet(java.util.HashSet)
Example 8 with GroupList
use of com.okta.sdk.resource.group.GroupList in project cerberus by Nike-Inc.
the class OktaAuthConnector method getGroups.
/**
* Obtains groups user belongs to.
*/
@Override
public Set<String> getGroups(AuthData authData) {
Preconditions.checkNotNull(authData, "auth data cannot be null.");
User user = sdkClient.getUser(authData.getUserId());
GroupList userGroups = user.listGroups();
final Set<String> groups = new HashSet<>();
if (userGroups == null) {
return groups;
}
userGroups.forEach(group -> groups.add(group.getProfile().getName()));
return groups;
}Aggregations
GroupList (com.okta.sdk.resource.group.GroupList)8
Group (com.okta.sdk.resource.group.Group)6
Client (com.okta.sdk.client.Client)3
ResourceException (com.okta.sdk.resource.ResourceException)3
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)3
OktaTarget (com.tremolosecurity.unison.okta.provisioning.OktaTarget)3
ArrayList (java.util.ArrayList)3
HashSet (java.util.HashSet)3
LDAPEntry (com.novell.ldap.LDAPEntry)2
User (com.okta.sdk.resource.user.User)2
Workflow (com.tremolosecurity.provisioning.core.Workflow)2
HashMap (java.util.HashMap)2
JSONObject (org.json.simple.JSONObject)2
LDAPException (com.novell.ldap.LDAPException)1
RDN (com.novell.ldap.util.RDN)1
AuthenticationClient (com.okta.authn.sdk.client.AuthenticationClient)1
UserBuilder (com.okta.sdk.resource.user.UserBuilder)1
UserList (com.okta.sdk.resource.user.UserList)1
UserProfile (com.okta.sdk.resource.user.UserProfile)1
User (com.tremolosecurity.provisioning.core.User)1
