Examples with AMAuthenticationManager com.sun.identity.authentication.config.AMAuthenticationManager used on opensource projects

Example 41 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getAdviceMessagesforRedirectURL.

/**
     * Returns advice messages for Authentication Redirect condition.
     */
private Set<String> getAdviceMessagesforRedirectURL(String adviceValue, SSOToken token, Map env) throws EntitlementException, SSOException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".getAdviceMessagesforRedirectURL(): ";
    }
    Set<String> adviceMessages = new HashSet<String>();
    Set requestAuthSchemes = null;
    Set requestAuthSchemesIgnoreRealm = null;
    boolean nullRealm = false;
    boolean allow = false;
    String orgName = "/";
    if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
        try {
            orgName = CollectionHelper.getMapAttr(env, PolicyEvaluator.REALM_DN, orgName);
            requestAuthSchemes = (Set) env.get(REQUEST_AUTH_SCHEMES);
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "requestAuthSchemes from env= " + requestAuthSchemes + " AND " + "orgName from env= " + orgName);
            }
        } catch (ClassCastException e) {
            throw new EntitlementException(PROPERTY_IS_NOT_A_SET, new String[] { REQUEST_AUTH_SCHEMES }, e);
        }
    } else {
        if (token != null) {
            orgName = token.getProperty(ISAuthConstants.ORGANIZATION);
            requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
            requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "orgName " + "from ssoToken= " + orgName);
                debug.message(localDebugName + "requestAuthSchemes from ssoToken= " + requestAuthSchemes);
                debug.message(localDebugName + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
            }
        }
    }
    if (requestAuthSchemes == null) {
        requestAuthSchemes = Collections.EMPTY_SET;
    }
    if (requestAuthSchemesIgnoreRealm == null) {
        requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
    }
    String schemeInstance = null;
    String authSchemeType = null;
    try {
        SSOToken adminToken = AccessController.doPrivileged(AdminTokenAction.getInstance());
        for (Iterator iter = requestAuthSchemes.iterator(); iter.hasNext(); ) {
            String requestAuthnScheme = (String) iter.next();
            schemeInstance = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnScheme);
            String realm = AMAuthUtils.getRealmFromRealmQualifiedData(requestAuthnScheme);
            if ((realm == null) || (realm.length() == 0)) {
                nullRealm = true;
                break;
            } else {
                AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
                AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
                authSchemeType = authInstance.getType();
                if ("Federation".equals(authSchemeType)) {
                    allow = true;
                    break;
                }
            }
        }
        if (nullRealm) {
            for (Iterator iter = requestAuthSchemesIgnoreRealm.iterator(); iter.hasNext(); ) {
                schemeInstance = (String) iter.next();
                AMAuthenticationManager authManager = new AMAuthenticationManager(adminToken, orgName);
                AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(schemeInstance);
                authSchemeType = authInstance.getType();
                if ("Federation".equals(authSchemeType)) {
                    allow = true;
                    break;
                }
            }
        }
    } catch (AMConfigurationException ace) {
        if (debug.warningEnabled()) {
            debug.warning(localDebugName + "got AMConfigurationException: schemeInstance=" + schemeInstance + ", " + "authSchemeType = " + authSchemeType);
        }
        throw new EntitlementException(AUTH_SCHEME_NOT_FOUND, new String[] { schemeInstance }, ace);
    }
    if (!allow) {
        adviceMessages.add(adviceValue);
    }
    if (debug.messageEnabled()) {
        debug.message(localDebugName + "redirectURL=" + adviceValue + "schemeInstance=" + schemeInstance + "," + "authSchemeType=" + authSchemeType + ",adviceMessages=" + adviceMessages);
    }
    return adviceMessages;
}

Example 42 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class ConfigureSocialAuthN method createAuthModule.

private void createAuthModule(String realm, String authModuleName, Map<String, Set<String>> attrs) throws WorkflowException {
    try {
        AMAuthenticationManager mgr = new AMAuthenticationManager(getAdminToken(), realm);
        Map<String, Set<String>> moduleAttrs = mgr.getAuthenticationSchema(AUTH_MODULE_TYPE).getAttributeValues();
        // Override default attributes using the provided attrs, but skip any the auth module doesn't expect
        for (Map.Entry<String, Set<String>> attr : attrs.entrySet()) {
            if (moduleAttrs.containsKey(attr.getKey())) {
                moduleAttrs.put(attr.getKey(), attr.getValue());
            }
        }
        mgr.createAuthenticationInstance(authModuleName, AUTH_MODULE_TYPE, moduleAttrs);
    } catch (AMConfigurationException e) {
        DEBUG.error("An error occurred while creating/modifying social authentication module", e);
        throw new WorkflowException("social-service-error", null);
    }
}

Example 43 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class UpgradeLDAPAuthModulesStep method updateAttributes.

private void updateAttributes(final String realm, final Map<String, Boolean> instanceMap) throws SMSException, AMConfigurationException, SSOException {
    final AMAuthenticationManager mgr = new AMAuthenticationManager(getAdminToken(), realm);
    for (final Map.Entry<String, Boolean> instance : instanceMap.entrySet()) {
        final String instanceName = instance.getKey();
        final String newValue = getNewValue(instance.getValue());
        final AMAuthenticationInstance authModuleInstance = mgr.getAuthenticationInstance(instanceName);
        final Map<String, Set<String>> moduleSettings = authModuleInstance.getAttributeValues();
        final ServiceConfig moduleConfig = authModuleInstance.getServiceConfig();
        Set<String> attributeValues = moduleSettings.get(SSL_ENABLED_PROPERTY);
        if (attributeValues != null && !attributeValues.isEmpty()) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Removing attribute " + SSL_ENABLED_PROPERTY + " from ldap/ad auth module instance <" + instanceName + "> in realm: " + realm);
            }
            moduleConfig.removeAttribute(SSL_ENABLED_PROPERTY);
        }
        attributeValues = moduleSettings.get(CONNECTION_MODE_PROPERTY);
        if (attributeValues != null && !attributeValues.isEmpty()) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Upgrading attribute " + CONNECTION_MODE_PROPERTY + " for ldap/ad auth module instance <" + instanceName + "> to <" + newValue + "> in realm: " + realm);
            }
            final Map<String, Set<String>> newConnectionModeValues = new HashMap<String, Set<String>>();
            newConnectionModeValues.put(CONNECTION_MODE_PROPERTY, asSet(newValue));
            moduleConfig.setAttributes(newConnectionModeValues);
        }
    }
}