use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class OpenAMOAuth2ProviderSettings method saveConsent.
/**
* {@inheritDoc}
*/
public void saveConsent(ResourceOwner resourceOwner, String clientId, Set<String> scope) {
String consentAttribute = null;
try {
consentAttribute = getStringSetting(realm, OAuth2ProviderService.SAVED_CONSENT_ATTRIBUTE);
if (consentAttribute != null) {
AMIdentity id = ((OpenAMResourceOwner) resourceOwner).getIdentity();
//get the current set of consents and add our new consent to it if they exist.
Set<String> existing = id.getAttribute(consentAttribute);
Set<String> consents = (existing != null) ? new HashSet<String>(existing) : new HashSet<String>(1);
StringBuilder sb = new StringBuilder();
if (scope == null || scope.isEmpty()) {
sb.append(clientId.trim()).append(" ");
} else {
sb.append(clientId.trim()).append(" ").append(joinScope(scope));
}
consents.add(sb.toString());
if (logger.messageEnabled()) {
logger.message("Saving consents:" + consents + " for resourceOwner: " + resourceOwner.getId() + " in attribute:" + consentAttribute + " in realm:" + realm);
}
updateConsentValues(consentAttribute, id, consents);
} else {
logger.error("Cannot save consent as no saved consent attribute defined in realm:" + realm);
}
} catch (Exception e) {
logger.error("There was a problem saving the consent into the attribute: {} for realm: {}", consentAttribute, realm, e);
}
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class OpenAMResourceOwnerAuthenticator method createResourceOwner.
private ResourceOwner createResourceOwner(AuthContext authContext) throws Exception {
SSOToken token = authContext.getSSOToken();
final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
return new OpenAMResourceOwner(id.getName(), id);
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class OpenAMResourceOwnerAuthenticator method authenticate.
/**
* {@inheritDoc}
*/
public ResourceOwner authenticate(OAuth2Request request, boolean useSession) throws NotFoundException {
SSOToken token = null;
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
token = mgr.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest()));
} catch (Exception e) {
logger.warning("No SSO Token in request", e);
}
if (token == null || !useSession) {
final String username = request.getParameter(USERNAME);
final char[] password = request.getParameter(PASSWORD) == null ? null : request.<String>getParameter(PASSWORD).toCharArray();
final String realm = realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
final String authChain = request.getParameter(AUTH_CHAIN);
return authenticate(username, password, realm, authChain);
} else {
try {
final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
return new OpenAMResourceOwner(id.getName(), id, authTime);
} catch (SSOException e) {
logger.error("Unable to create ResourceOwner", e);
} catch (ParseException e) {
logger.error("Unable to create ResourceOwner", e);
} catch (IdRepoException e) {
logger.error("Unable to create ResourceOwner", e);
}
}
return null;
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUserInfo.
/**
* {@inheritDoc}
*/
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
Map<String, Object> response = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
SSOToken ssoToken = getUsersSession(request);
String realm;
Set<String> scopes;
AMIdentity id;
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
try {
if (token != null) {
OpenIdConnectClientRegistration clientRegistration;
try {
clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
} catch (InvalidClientException e) {
logger.message("Unable to retrieve client from store.");
throw new NotFoundException("No valid client registration found.");
}
final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
//data comes from token when we have one
realm = token.getRealm();
scopes = token.getScope();
id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
} else {
//otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
scopes = splitScope(scopeStr);
}
scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
ScriptObject script = getOIDCClaimsExtensionScript(realm);
try {
return scriptEvaluator.evaluateScript(script, scriptVariables);
} catch (ScriptException e) {
logger.message("Error running OIDC claims script", e);
throw new ServerException("Error running OIDC claims script: " + e.getMessage());
}
} catch (ServerException e) {
//API does not allow ServerExceptions to be thrown!
throw new NotFoundException(e.getMessage());
} catch (SSOException e) {
throw new NotFoundException(e.getMessage());
}
}
use of com.sun.identity.idm.AMIdentity in project OpenAM by OpenRock.
the class RealmTest method unassignServiceFromRealm.
@Parameters({ "realm", "service-name", "attribute-value" })
@Test(groups = { "cli-realm", "remove-svc-realm" }, dependsOnGroups = { "services" })
public void unassignServiceFromRealm(String realm, String serviceName, String attributeValue) throws CLIException, IdRepoException, SSOException {
String[] param = { realm };
entering("unassignServiceFromRealm", param);
String[] args = { "remove-svc-realm", CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME, realm, CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.SERVICE_NAME, serviceName };
CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
cmdManager.addToRequestQueue(req);
cmdManager.serviceRequestQueue();
AMIdentityRepository amir = new AMIdentityRepository(getAdminSSOToken(), realm);
AMIdentity ai = amir.getRealmIdentity();
Map map = ai.getServiceAttributes(serviceName);
Map orig = CollectionUtils.parseStringToMap(attributeValue);
assert !map.equals(orig);
exiting("unassignServiceFromRealm");
}
Aggregations