Search in sources :

Example 41 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class OpenAMOAuth2ProviderSettings method saveConsent.

/**
     * {@inheritDoc}
     */
public void saveConsent(ResourceOwner resourceOwner, String clientId, Set<String> scope) {
    String consentAttribute = null;
    try {
        consentAttribute = getStringSetting(realm, OAuth2ProviderService.SAVED_CONSENT_ATTRIBUTE);
        if (consentAttribute != null) {
            AMIdentity id = ((OpenAMResourceOwner) resourceOwner).getIdentity();
            //get the current set of consents and add our new consent to it if they exist.
            Set<String> existing = id.getAttribute(consentAttribute);
            Set<String> consents = (existing != null) ? new HashSet<String>(existing) : new HashSet<String>(1);
            StringBuilder sb = new StringBuilder();
            if (scope == null || scope.isEmpty()) {
                sb.append(clientId.trim()).append(" ");
            } else {
                sb.append(clientId.trim()).append(" ").append(joinScope(scope));
            }
            consents.add(sb.toString());
            if (logger.messageEnabled()) {
                logger.message("Saving consents:" + consents + " for resourceOwner: " + resourceOwner.getId() + " in attribute:" + consentAttribute + " in realm:" + realm);
            }
            updateConsentValues(consentAttribute, id, consents);
        } else {
            logger.error("Cannot save consent as no saved consent attribute defined in realm:" + realm);
        }
    } catch (Exception e) {
        logger.error("There was a problem saving the consent into the attribute: {} for realm: {}", consentAttribute, realm, e);
    }
}
Also used : AMIdentity(com.sun.identity.idm.AMIdentity) JSONException(org.json.JSONException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) UnsupportedResponseTypeException(org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException) SSOException(com.iplanet.sso.SSOException) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) IdRepoException(com.sun.identity.idm.IdRepoException) SMSException(com.sun.identity.sm.SMSException) IOException(java.io.IOException) InvalidRequestException(org.forgerock.oauth2.core.exceptions.InvalidRequestException) InvalidScopeException(org.forgerock.oauth2.core.exceptions.InvalidScopeException)

Example 42 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class OpenAMResourceOwnerAuthenticator method createResourceOwner.

private ResourceOwner createResourceOwner(AuthContext authContext) throws Exception {
    SSOToken token = authContext.getSSOToken();
    final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
    return new OpenAMResourceOwner(id.getName(), id);
}
Also used : SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity)

Example 43 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class OpenAMResourceOwnerAuthenticator method authenticate.

/**
     * {@inheritDoc}
     */
public ResourceOwner authenticate(OAuth2Request request, boolean useSession) throws NotFoundException {
    SSOToken token = null;
    try {
        SSOTokenManager mgr = SSOTokenManager.getInstance();
        token = mgr.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest()));
    } catch (Exception e) {
        logger.warning("No SSO Token in request", e);
    }
    if (token == null || !useSession) {
        final String username = request.getParameter(USERNAME);
        final char[] password = request.getParameter(PASSWORD) == null ? null : request.<String>getParameter(PASSWORD).toCharArray();
        final String realm = realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
        final String authChain = request.getParameter(AUTH_CHAIN);
        return authenticate(username, password, realm, authChain);
    } else {
        try {
            final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
            long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
            return new OpenAMResourceOwner(id.getName(), id, authTime);
        } catch (SSOException e) {
            logger.error("Unable to create ResourceOwner", e);
        } catch (ParseException e) {
            logger.error("Unable to create ResourceOwner", e);
        } catch (IdRepoException e) {
            logger.error("Unable to create ResourceOwner", e);
        }
    }
    return null;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) ParseException(java.text.ParseException) IdRepoException(com.sun.identity.idm.IdRepoException) ResourceException(org.restlet.resource.ResourceException) ParseException(java.text.ParseException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException)

Example 44 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getUserInfo.

/**
     * {@inheritDoc}
     */
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
    Map<String, Object> response = new HashMap<>();
    Bindings scriptVariables = new SimpleBindings();
    SSOToken ssoToken = getUsersSession(request);
    String realm;
    Set<String> scopes;
    AMIdentity id;
    OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
    try {
        if (token != null) {
            OpenIdConnectClientRegistration clientRegistration;
            try {
                clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
            } catch (InvalidClientException e) {
                logger.message("Unable to retrieve client from store.");
                throw new NotFoundException("No valid client registration found.");
            }
            final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
            //data comes from token when we have one
            realm = token.getRealm();
            scopes = token.getScope();
            id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
            response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
            response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
        } else {
            //otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
            realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
            id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
            String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
            scopes = splitScope(scopeStr);
        }
        scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
        scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
        scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
        scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
        scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
        scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
        ScriptObject script = getOIDCClaimsExtensionScript(realm);
        try {
            return scriptEvaluator.evaluateScript(script, scriptVariables);
        } catch (ScriptException e) {
            logger.message("Error running OIDC claims script", e);
            throw new ServerException("Error running OIDC claims script: " + e.getMessage());
        }
    } catch (ServerException e) {
        //API does not allow ServerExceptions to be thrown!
        throw new NotFoundException(e.getMessage());
    } catch (SSOException e) {
        throw new NotFoundException(e.getMessage());
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) AMHashMap(com.iplanet.am.sdk.AMHashMap) HashMap(java.util.HashMap) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) SSOException(com.iplanet.sso.SSOException) SimpleBindings(javax.script.SimpleBindings) Bindings(javax.script.Bindings) ScriptException(javax.script.ScriptException) SimpleBindings(javax.script.SimpleBindings) AMIdentity(com.sun.identity.idm.AMIdentity) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) JSONObject(org.json.JSONObject) ScriptObject(org.forgerock.openam.scripting.ScriptObject) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 45 with AMIdentity

use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.

the class RealmTest method unassignServiceFromRealm.

@Parameters({ "realm", "service-name", "attribute-value" })
@Test(groups = { "cli-realm", "remove-svc-realm" }, dependsOnGroups = { "services" })
public void unassignServiceFromRealm(String realm, String serviceName, String attributeValue) throws CLIException, IdRepoException, SSOException {
    String[] param = { realm };
    entering("unassignServiceFromRealm", param);
    String[] args = { "remove-svc-realm", CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME, realm, CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.SERVICE_NAME, serviceName };
    CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    AMIdentityRepository amir = new AMIdentityRepository(getAdminSSOToken(), realm);
    AMIdentity ai = amir.getRealmIdentity();
    Map map = ai.getServiceAttributes(serviceName);
    Map orig = CollectionUtils.parseStringToMap(attributeValue);
    assert !map.equals(orig);
    exiting("unassignServiceFromRealm");
}
Also used : AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) CLIRequest(com.sun.identity.cli.CLIRequest) HashMap(java.util.HashMap) Map(java.util.Map) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) AfterTest(org.testng.annotations.AfterTest)

Aggregations

AMIdentity (com.sun.identity.idm.AMIdentity)373 IdRepoException (com.sun.identity.idm.IdRepoException)243 SSOException (com.iplanet.sso.SSOException)215 Set (java.util.Set)170 HashSet (java.util.HashSet)150 SSOToken (com.iplanet.sso.SSOToken)112 Iterator (java.util.Iterator)91 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)85 Map (java.util.Map)83 HashMap (java.util.HashMap)78 IdType (com.sun.identity.idm.IdType)52 SMSException (com.sun.identity.sm.SMSException)52 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)44 CLIException (com.sun.identity.cli.CLIException)43 IOutput (com.sun.identity.cli.IOutput)42 IdSearchResults (com.sun.identity.idm.IdSearchResults)39 IdSearchControl (com.sun.identity.idm.IdSearchControl)35 OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)23 Test (org.testng.annotations.Test)23 List (java.util.List)22