Example 16 with AMAuthenticationInstance
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class UpgradeLDAPAuthModulesStep method updateAttributes.
private void updateAttributes(final String realm, final Map<String, Boolean> instanceMap) throws SMSException, AMConfigurationException, SSOException {
final AMAuthenticationManager mgr = new AMAuthenticationManager(getAdminToken(), realm);
for (final Map.Entry<String, Boolean> instance : instanceMap.entrySet()) {
final String instanceName = instance.getKey();
final String newValue = getNewValue(instance.getValue());
final AMAuthenticationInstance authModuleInstance = mgr.getAuthenticationInstance(instanceName);
final Map<String, Set<String>> moduleSettings = authModuleInstance.getAttributeValues();
final ServiceConfig moduleConfig = authModuleInstance.getServiceConfig();
Set<String> attributeValues = moduleSettings.get(SSL_ENABLED_PROPERTY);
if (attributeValues != null && !attributeValues.isEmpty()) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Removing attribute " + SSL_ENABLED_PROPERTY + " from ldap/ad auth module instance <" + instanceName + "> in realm: " + realm);
}
moduleConfig.removeAttribute(SSL_ENABLED_PROPERTY);
}
attributeValues = moduleSettings.get(CONNECTION_MODE_PROPERTY);
if (attributeValues != null && !attributeValues.isEmpty()) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Upgrading attribute " + CONNECTION_MODE_PROPERTY + " for ldap/ad auth module instance <" + instanceName + "> to <" + newValue + "> in realm: " + realm);
}
final Map<String, Set<String>> newConnectionModeValues = new HashMap<String, Set<String>>();
newConnectionModeValues.put(CONNECTION_MODE_PROPERTY, asSet(newValue));
moduleConfig.setAttributes(newConnectionModeValues);
}
}
}
Also used :
Set(java.util.Set)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
HashMap(java.util.HashMap)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashMap(java.util.HashMap)
Map(java.util.Map)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 17 with AMAuthenticationInstance
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class AuthPropertiesModelImpl method getInstanceValues.
public Map getInstanceValues(String name) {
Map values = null;
String[] params = { currentRealm, name };
logEvent("ATTEMPT_GET_AUTH_INSTANCE_PROFILE", params);
try {
AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), currentRealm);
AMAuthenticationInstance ai = mgr.getAuthenticationInstance(name);
values = ai.getAttributeValues();
logEvent("SUCCEED_GET_AUTH_INSTANCE_PROFILE", params);
} catch (AMConfigurationException e) {
String[] paramsEx = { currentRealm, name, getErrorString(e) };
logEvent("AUTH_CONFIGURATION_EXCEPTION_GET_AUTH_INSTANCE_PROFILE", paramsEx);
debug.warning("AuthPropertiesModelImpl.getInstanceValues", e);
}
return (values == null) ? Collections.EMPTY_MAP : values;
}
Also used :
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashMap(java.util.HashMap)
Map(java.util.Map)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 18 with AMAuthenticationInstance
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class AuthPropertiesModelImpl method setInstanceValues.
public void setInstanceValues(String instance, Map values) throws AMConsoleException {
String[] params = { currentRealm, instance };
logEvent("ATTEMPT_MODIFY_AUTH_INSTANCE_PROFILE", params);
try {
AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), currentRealm);
AMAuthenticationInstance ai = mgr.getAuthenticationInstance(instance);
ai.setAttributeValues(values);
logEvent("SUCCEED_MODIFY_AUTH_INSTANCE_PROFILE", params);
} catch (AMConfigurationException e) {
debug.warning("AuthPropertiesModelImpl.setInstanceValues", e);
String strError = getErrorString(e);
String[] paramsEx = { currentRealm, instance, strError };
logEvent("AUTH_CONFIGURATION_EXCEPTION_MODIFY_AUTH_INSTANCE_PROFILE", paramsEx);
throw new AMConsoleException(strError);
} catch (SMSException e) {
debug.warning("AuthPropertiesModelImpl.setInstanceValues", e);
String strError = getErrorString(e);
String[] paramsEx = { currentRealm, instance, strError };
logEvent("SMS_EXCEPTION_MODIFY_AUTH_INSTANCE_PROFILE", paramsEx);
throw new AMConsoleException(strError);
} catch (SSOException e) {
debug.warning("AuthPropertiesModelImpl.setInstanceValues", e);
String strError = getErrorString(e);
String[] paramsEx = { currentRealm, instance, strError };
logEvent("SSO_EXCEPTION_MODIFY_AUTH_INSTANCE_PROFILE", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
SMSException(com.sun.identity.sm.SMSException)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
SSOException(com.iplanet.sso.SSOException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 19 with AMAuthenticationInstance
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method getAdviceMessagesforRedirectURL.
/**
* Returns advice messages for Authentication Redirect condition.
*/
private Set getAdviceMessagesforRedirectURL(String adviceValue, SSOToken token, Map env) throws PolicyException, SSOException {
Set adviceMessages = new HashSet();
Set requestAuthSchemes = null;
Set requestAuthSchemesIgnoreRealm = null;
boolean nullRealm = false;
boolean allow = false;
String orgName = "/";
if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
try {
Set<String> orgSet = (Set<String>) env.get(PolicyEvaluator.REALM_DN);
if (orgSet != null) {
orgName = orgSet.iterator().next();
}
requestAuthSchemes = (Set) env.get(REQUEST_AUTH_SCHEMES);
if (DEBUG.messageEnabled()) {
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "requestAuthSchemes from env= " + requestAuthSchemes + " AND orgName from env= " + orgName);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTH_SCHEMES };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
orgName = token.getProperty(ISAuthConstants.ORGANIZATION);
requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
if (DEBUG.messageEnabled()) {
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "orgName from ssoToken= " + orgName);
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "requestAuthSchemes from ssoToken= " + requestAuthSchemes);
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL(): " + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
}
}
}
if (requestAuthSchemes == null) {
requestAuthSchemes = Collections.EMPTY_SET;
}
if (requestAuthSchemesIgnoreRealm == null) {
requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
}
String schemeInstance = null;
String authSchemeType = null;
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
for (Iterator iter = requestAuthSchemes.iterator(); iter.hasNext(); ) {
String requestAuthnScheme = (String) iter.next();
schemeInstance = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnScheme);
String realm = AMAuthUtils.getRealmFromRealmQualifiedData(requestAuthnScheme);
if ((realm == null) || (realm.length() == 0)) {
nullRealm = true;
break;
} else {
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
if (nullRealm) {
for (Iterator iter = requestAuthSchemesIgnoreRealm.iterator(); iter.hasNext(); ) {
schemeInstance = (String) iter.next();
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
} catch (AMConfigurationException ace) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL():" + "got AMConfigurationException:" + "schemeInstance=" + schemeInstance + ", authSchemeType = " + authSchemeType);
}
Object[] args = { schemeInstance };
throw new PolicyException(ResBundleUtils.rbName, "auth_scheme_not_found", args, ace);
}
if (!allow) {
adviceMessages.add(adviceValue);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At ResourceEnvIPCondition." + "getAdviceMessagesforRedirectURL():" + "redirectURL=" + adviceValue + "schemeInstance=" + schemeInstance + ",authSchemeType=" + authSchemeType + ",adviceMessages=" + adviceMessages);
}
return adviceMessages;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SSOToken(com.iplanet.sso.SSOToken)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashSet(java.util.HashSet)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 20 with AMAuthenticationInstance
use of com.sun.identity.authentication.config.AMAuthenticationInstance in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method getAdviceMessagesforRedirectURL.
/**
* Returns advice messages for Authentication Redirect condition.
*/
private Set<String> getAdviceMessagesforRedirectURL(String adviceValue, SSOToken token, Map env) throws EntitlementException, SSOException {
if (debug.messageEnabled()) {
localDebugName = debugName + ".getAdviceMessagesforRedirectURL(): ";
}
Set<String> adviceMessages = new HashSet<String>();
Set requestAuthSchemes = null;
Set requestAuthSchemesIgnoreRealm = null;
boolean nullRealm = false;
boolean allow = false;
String orgName = "/";
if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
try {
orgName = CollectionHelper.getMapAttr(env, PolicyEvaluator.REALM_DN, orgName);
requestAuthSchemes = (Set) env.get(REQUEST_AUTH_SCHEMES);
if (debug.messageEnabled()) {
debug.message(localDebugName + "requestAuthSchemes from env= " + requestAuthSchemes + " AND " + "orgName from env= " + orgName);
}
} catch (ClassCastException e) {
throw new EntitlementException(PROPERTY_IS_NOT_A_SET, new String[] { REQUEST_AUTH_SCHEMES }, e);
}
} else {
if (token != null) {
orgName = token.getProperty(ISAuthConstants.ORGANIZATION);
requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
if (debug.messageEnabled()) {
debug.message(localDebugName + "orgName " + "from ssoToken= " + orgName);
debug.message(localDebugName + "requestAuthSchemes from ssoToken= " + requestAuthSchemes);
debug.message(localDebugName + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
}
}
}
if (requestAuthSchemes == null) {
requestAuthSchemes = Collections.EMPTY_SET;
}
if (requestAuthSchemesIgnoreRealm == null) {
requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
}
String schemeInstance = null;
String authSchemeType = null;
try {
SSOToken adminToken = AccessController.doPrivileged(AdminTokenAction.getInstance());
for (Iterator iter = requestAuthSchemes.iterator(); iter.hasNext(); ) {
String requestAuthnScheme = (String) iter.next();
schemeInstance = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnScheme);
String realm = AMAuthUtils.getRealmFromRealmQualifiedData(requestAuthnScheme);
if ((realm == null) || (realm.length() == 0)) {
nullRealm = true;
break;
} else {
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
if (nullRealm) {
for (Iterator iter = requestAuthSchemesIgnoreRealm.iterator(); iter.hasNext(); ) {
schemeInstance = (String) iter.next();
AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
authSchemeType = authInstance.getType();
if ("Federation".equals(authSchemeType)) {
allow = true;
break;
}
}
}
} catch (AMConfigurationException ace) {
if (debug.warningEnabled()) {
debug.warning(localDebugName + "got AMConfigurationException: schemeInstance=" + schemeInstance + ", " + "authSchemeType = " + authSchemeType);
}
throw new EntitlementException(AUTH_SCHEME_NOT_FOUND, new String[] { schemeInstance }, ace);
}
if (!allow) {
adviceMessages.add(adviceValue);
}
if (debug.messageEnabled()) {
debug.message(localDebugName + "redirectURL=" + adviceValue + "schemeInstance=" + schemeInstance + "," + "authSchemeType=" + authSchemeType + ",adviceMessages=" + adviceMessages);
}
return adviceMessages;
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Set(java.util.Set)
HashSet(java.util.HashSet)
SSOToken(com.iplanet.sso.SSOToken)
Iterator(java.util.Iterator)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
HashSet(java.util.HashSet)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Aggregations
AMAuthenticationInstance (com.sun.identity.authentication.config.AMAuthenticationInstance)25
AMAuthenticationManager (com.sun.identity.authentication.config.AMAuthenticationManager)22
Set (java.util.Set)18
AMConfigurationException (com.sun.identity.authentication.config.AMConfigurationException)17
HashSet (java.util.HashSet)14
Iterator (java.util.Iterator)12
SSOException (com.iplanet.sso.SSOException)9
SSOToken (com.iplanet.sso.SSOToken)8
HashMap (java.util.HashMap)8
SMSException (com.sun.identity.sm.SMSException)6
Map (java.util.Map)6
CLIException (com.sun.identity.cli.CLIException)4
AMIdentity (com.sun.identity.idm.AMIdentity)3
IdRepoException (com.sun.identity.idm.IdRepoException)3
AMAuthenticationSchema (com.sun.identity.authentication.config.AMAuthenticationSchema)2
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)2
AuthPropertiesModel (com.sun.identity.console.authentication.model.AuthPropertiesModel)2
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)2
LoginException (javax.security.auth.login.LoginException)2
