use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class JITAuthMech method doGet.
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) req).getSession();
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String nameAttr = null;
if (authParams.get("nameAttr") == null) {
throw new ServletException("No name attribute");
}
nameAttr = authParams.get("nameAttr").getValues().get(0);
String workflowName;
if (authParams.get("workflowName") == null) {
throw new ServletException("No workflow specified");
}
workflowName = authParams.get("workflowName").getValues().get(0);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
try {
holder.getConfig().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(authInfo, nameAttr);
as.setSuccess(true);
} catch (ProvisioningException e) {
StringBuffer b = new StringBuffer();
b.append("Could not execute workflow '").append(workflowName).append("' on '").append(authInfo.getUserDN()).append("'");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintWriter err = new PrintWriter(new OutputStreamWriter(baos));
e.printStackTrace(err);
Throwable t = e.getCause();
while (t != null) {
t.printStackTrace(err);
t = t.getCause();
}
logger.error(b.toString() + new String(baos.toByteArray()));
as.setSuccess(false);
logger.warn("Could not execute workflow " + workflowName + " for " + authInfo.getUserDN(), e);
}
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class SMSAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String from = authParams.get("fromNumber").getValues().get(0);
String toAttrName = authParams.get("toAttrName").getValues().get(0);
String redirectForm = authParams.get("redirectForm").getValues().get(0);
String message = authParams.get("message").getValues().get(0);
// Key Options
if (authParams.get("keyLength") == null) {
throw new ServletException("Key Length not set");
}
int keyLen = Integer.parseInt(authParams.get("keyLength").getValues().get(0));
boolean useLowerCase = authParams.get("useLowerCase") != null && authParams.get("useLowerCase").getValues().get(0).equalsIgnoreCase("true");
boolean useUpperCase = authParams.get("useUpperCase") != null && authParams.get("useUpperCase").getValues().get(0).equalsIgnoreCase("true");
boolean useNumbers = authParams.get("useNumbers") != null && authParams.get("useNumbers").getValues().get(0).equalsIgnoreCase("true");
// authParams.get("useSpecial") != null && authParams.get("useSpecial").getValues().get(0).equalsIgnoreCase("true");
boolean useSpecial = false;
if (!(useLowerCase || useUpperCase || useNumbers || useSpecial)) {
throw new ServletException("At least one character type must be chosen");
}
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
if (session.getAttribute("TREMOLO_SMS_KEY") == null) {
GenPasswd gp = new GenPasswd(keyLen, useUpperCase, useLowerCase, useNumbers, useSpecial);
AuthInfo user = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String to = user.getAttribs().get(toAttrName).getValues().get(0);
String key = gp.getPassword();
message = message.replaceAll("[$][{]key[}]", key);
session.setAttribute("TREMOLO_SMS_KEY", key);
sendSMS(authParams, from, message, to);
}
response.sendRedirect(redirectForm);
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class AzFilter method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
AuthInfo authData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
List<AzRuleType> rules = holder.getUrl().getAzRules().getRule();
boolean OK = az.checkRules(authData, holder.getConfig(), holder.getAzRules(), null);
if (OK) {
String respGroup = az.getResponseSuccessGroup(holder);
AccessLog.log(AccessEvent.AzSuccess, holder.getApp(), request.getServletRequest(), authData, respGroup != null ? respGroup : "NONE");
if (respGroup != null) {
az.processRequestResult(request.getServletRequest(), response.getServletResponse(), holder.getConfig().getResultGroup(respGroup), authData);
}
chain.nextFilter(request, response, chain);
if (respGroup != null) {
az.proccessResponseResult(request.getServletRequest(), response.getServletResponse(), holder.getConfig().getResultGroup(respGroup), false, authData, holder.getApp().getCookieConfig());
}
} else {
String respGroup = az.getResponseFailGroup(holder);
AccessLog.log(AccessEvent.AzFail, holder.getApp(), request.getServletRequest(), authData, respGroup != null ? respGroup : "NONE");
if (respGroup != null) {
az.proccessResponseResult(request.getServletRequest(), response.getServletResponse(), holder.getConfig().getResultGroup(respGroup), true, authData, holder.getApp().getCookieConfig());
} else {
((HttpServletResponse) response).sendError(401);
}
}
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class GithubAuthMech method doGet.
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
MyVDConnection myvd = cfg.getMyVD();
String bearerTokenName = authParams.get("bearerTokenName").getValues().get(0);
String clientid = authParams.get("clientid").getValues().get(0);
String secret = authParams.get("secretid").getValues().get(0);
String idpURL = authParams.get("idpURL") != null ? authParams.get("idpURL").getValues().get(0) : "https://github.com/login/oauth/authorize";
String scope = authParams.get("scope").getValues().get(0);
boolean linkToDirectory = Boolean.parseBoolean(authParams.get("linkToDirectory").getValues().get(0));
String noMatchOU = authParams.get("noMatchOU").getValues().get(0);
String uidAttr = authParams.get("uidAttr").getValues().get(0);
String lookupFilter = authParams.get("lookupFilter").getValues().get(0);
String defaultObjectClass = authParams.get("defaultObjectClass").getValues().get(0);
// authParams.get("forceAuthentication") != null ? authParams.get("forceAuthentication").getValues().get(0).equalsIgnoreCase("true") : false;
boolean forceAuth = true;
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
StringBuffer b = new StringBuffer();
URL reqURL = new URL(request.getRequestURL().toString());
b.append(reqURL.getProtocol()).append("://").append(reqURL.getHost());
if (reqURL.getPort() != -1) {
b.append(":").append(reqURL.getPort());
}
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
String authMechName = amt.getName();
b.append(holder.getConfig().getContextPath()).append(cfg.getAuthMechs().get(authMechName).getUri());
String loadTokenURL = authParams.get("loadTokenURL") != null ? authParams.get("loadTokenURL").getValues().get(0) : "https://github.com/login/oauth/access_token";
if (request.getParameter("state") == null) {
// initialize openidconnect
String state = new BigInteger(130, new SecureRandom()).toString(32);
request.getSession().setAttribute("UNISON_OPENIDCONNECT_STATE", state);
StringBuffer redirToSend = new StringBuffer();
redirToSend.append(idpURL).append("?client_id=").append(URLEncoder.encode(clientid, "UTF-8")).append("&scope=").append(URLEncoder.encode(scope, "UTF-8")).append("&state=").append(URLEncoder.encode("security_token=", "UTF-8")).append(URLEncoder.encode(state, "UTF-8"));
response.sendRedirect(redirToSend.toString());
} else {
String stateFromURL = request.getParameter("state");
stateFromURL = URLDecoder.decode(stateFromURL, "UTF-8");
stateFromURL = stateFromURL.substring(stateFromURL.indexOf('=') + 1);
String stateFromSession = (String) request.getSession().getAttribute("UNISON_OPENIDCONNECT_STATE");
if (!stateFromSession.equalsIgnoreCase(stateFromURL)) {
throw new ServletException("Invalid State");
}
HttpUriRequest post = null;
try {
post = RequestBuilder.post().setUri(new java.net.URI(loadTokenURL)).addParameter("code", request.getParameter("code")).addParameter("client_id", clientid).addParameter("client_secret", secret).build();
} catch (URISyntaxException e) {
throw new ServletException("Could not create post request");
}
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
try {
CloseableHttpResponse httpResp = http.execute(post);
BufferedReader in = new BufferedReader(new InputStreamReader(httpResp.getEntity().getContent()));
StringBuffer token = new StringBuffer();
String line = null;
while ((line = in.readLine()) != null) {
token.append(line);
}
List<NameValuePair> params = URLEncodedUtils.parse(token.toString(), Charset.defaultCharset());
String accessToken = null;
for (NameValuePair nvp : params) {
if (nvp.getName().equals("access_token")) {
accessToken = nvp.getValue();
}
}
if (accessToken == null) {
throw new ServletException("Could not get authorization toekn : " + token);
}
httpResp.close();
Gson gson = new Gson();
HttpGet get = new HttpGet("https://api.github.com/user");
get.addHeader("Authorization", new StringBuilder().append("Bearer ").append(accessToken).toString());
// Store the bearer token for use by Unison
request.getSession().setAttribute(bearerTokenName, accessToken);
httpResp = http.execute(get);
in = new BufferedReader(new InputStreamReader(httpResp.getEntity().getContent()));
token.setLength(0);
line = null;
while ((line = in.readLine()) != null) {
token.append(line);
}
httpResp.close();
Map jwtNVP = com.cedarsoftware.util.io.JsonReader.jsonToMaps(token.toString());
;
if (jwtNVP == null) {
as.setSuccess(false);
} else {
get = new HttpGet("https://api.github.com/user/emails");
get.addHeader("Authorization", new StringBuilder().append("Bearer ").append(accessToken).toString());
httpResp = http.execute(get);
in = new BufferedReader(new InputStreamReader(httpResp.getEntity().getContent()));
token.setLength(0);
line = null;
while ((line = in.readLine()) != null) {
token.append(line);
}
httpResp.close();
JSONParser parser = new JSONParser();
org.json.simple.JSONArray emails = (org.json.simple.JSONArray) parser.parse(token.toString());
for (Object o : emails) {
org.json.simple.JSONObject emailObj = (org.json.simple.JSONObject) o;
boolean isPrimary = (Boolean) emailObj.get("primary");
if (isPrimary) {
jwtNVP.put("mail", emailObj.get("email"));
}
}
if (!linkToDirectory) {
loadUnlinkedUser(session, noMatchOU, uidAttr, act, jwtNVP, defaultObjectClass);
as.setSuccess(true);
} else {
lookupUser(as, session, myvd, noMatchOU, uidAttr, lookupFilter, act, jwtNVP, defaultObjectClass);
}
get = new HttpGet("https://api.github.com/user/orgs");
get.addHeader("Authorization", new StringBuilder().append("Bearer ").append(accessToken).toString());
httpResp = http.execute(get);
in = new BufferedReader(new InputStreamReader(httpResp.getEntity().getContent()));
token.setLength(0);
line = null;
while ((line = in.readLine()) != null) {
token.append(line);
}
httpResp.close();
parser = new JSONParser();
org.json.simple.JSONArray orgs = (org.json.simple.JSONArray) parser.parse(token.toString());
Attribute userOrgs = new Attribute("githubOrgs");
Attribute userTeams = new Attribute("githubTeams");
for (Object o : orgs) {
org.json.simple.JSONObject org = (org.json.simple.JSONObject) o;
String orgName = (String) org.get("login");
userOrgs.getValues().add(orgName);
HttpUriRequest graphql = RequestBuilder.post().addHeader(new BasicHeader("Authorization", "Bearer " + accessToken)).setUri("https://api.github.com/graphql").setEntity(new StringEntity("{\"query\":\"{organization(login: \\\"" + orgName + "\\\") { teams(first: 100, userLogins: [\\\"" + jwtNVP.get("login") + "\\\"]) { totalCount edges {node {name description}}}}}\"}")).build();
httpResp = http.execute(graphql);
in = new BufferedReader(new InputStreamReader(httpResp.getEntity().getContent()));
token.setLength(0);
line = null;
while ((line = in.readLine()) != null) {
token.append(line);
}
httpResp.close();
org.json.simple.JSONObject root = (org.json.simple.JSONObject) parser.parse(token.toString());
org.json.simple.JSONObject data = (org.json.simple.JSONObject) root.get("data");
org.json.simple.JSONObject organization = (org.json.simple.JSONObject) data.get("organization");
org.json.simple.JSONObject teams = (org.json.simple.JSONObject) organization.get("teams");
org.json.simple.JSONArray edges = (org.json.simple.JSONArray) teams.get("edges");
for (Object oi : edges) {
org.json.simple.JSONObject edge = (org.json.simple.JSONObject) oi;
org.json.simple.JSONObject node = (org.json.simple.JSONObject) edge.get("node");
userTeams.getValues().add(orgName + "/" + node.get("name"));
}
}
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo().getAttribs().put("githubOrgs", userOrgs);
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo().getAttribs().put("githubTeams", userTeams);
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
} catch (ParseException e) {
throw new ServletException("Could not parse orgs", e);
} finally {
if (bhcm != null) {
bhcm.close();
}
if (http != null) {
http.close();
}
}
}
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class OpenIDConnectAuthMech method doGet.
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
MyVDConnection myvd = cfg.getMyVD();
String idpURL;
String loadTokenURL;
if (authParams.get("issuer") != null) {
StringBuffer b = new StringBuffer();
String issuer = authParams.get("issuer").getValues().get(0);
b.append(issuer);
if (issuer.charAt(issuer.length() - 1) != '/') {
b.append('/');
}
b.append(".well-known/openid-configuration");
String discoveryUrl = b.toString();
OidcIdpUrls idp = this.idpUrls.get(discoveryUrl);
if (idp == null) {
idp = new OidcIdpUrls();
this.idpUrls.put(discoveryUrl, idp);
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
try {
HttpGet get = new HttpGet(b.toString());
CloseableHttpResponse resp = http.execute(get);
if (resp.getStatusLine().getStatusCode() == 200) {
String json = EntityUtils.toString(resp.getEntity());
resp.close();
JSONParser parser = new JSONParser();
org.json.simple.JSONObject root = (org.json.simple.JSONObject) parser.parse(json);
idp.setIdpUrl((String) root.get("authorization_endpoint"));
idp.setTokenUrl((String) root.get("token_endpoint"));
idp.setUserInfoUrl((String) root.get("userinfo_endpoint"));
} else {
idp.setIdpUrl(authParams.get("idpURL").getValues().get(0));
idp.setTokenUrl(loadTokenURL = authParams.get("loadTokenURL").getValues().get(0));
}
} catch (ParseException e) {
throw new ServletException("Could not parse discovery document", e);
} finally {
try {
http.close();
} catch (Throwable e) {
}
bhcm.close();
}
}
request.setAttribute(OIDC_IDP, idp);
idpURL = idp.getIdpUrl();
loadTokenURL = idp.getTokenUrl();
} else {
idpURL = authParams.get("idpURL").getValues().get(0);
loadTokenURL = authParams.get("loadTokenURL").getValues().get(0);
}
String bearerTokenName = authParams.get("bearerTokenName").getValues().get(0);
String clientid = authParams.get("clientid").getValues().get(0);
String secret = authParams.get("secretid").getValues().get(0);
String responseType = authParams.get("responseType").getValues().get(0);
String scope = authParams.get("scope").getValues().get(0);
boolean linkToDirectory = Boolean.parseBoolean(authParams.get("linkToDirectory").getValues().get(0));
String noMatchOU = authParams.get("noMatchOU").getValues().get(0);
String uidAttr = authParams.get("uidAttr").getValues().get(0);
String lookupFilter = authParams.get("lookupFilter").getValues().get(0);
String userLookupClassName = authParams.get("userLookupClassName").getValues().get(0);
String defaultObjectClass = authParams.get("defaultObjectClass").getValues().get(0);
boolean forceAuth = authParams.get("forceAuthentication") != null ? authParams.get("forceAuthentication").getValues().get(0).equalsIgnoreCase("true") : true;
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
StringBuffer b = new StringBuffer();
URL reqURL = new URL(ProxyTools.getInstance().getHttpsUrl(request.getRequestURL().toString(), request));
b.append(reqURL.getProtocol()).append("://").append(reqURL.getHost());
if (reqURL.getPort() != -1) {
b.append(":").append(reqURL.getPort());
}
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
String authMechName = amt.getName();
b.append(holder.getConfig().getContextPath()).append(cfg.getAuthMechs().get(authMechName).getUri());
String hd = authParams.get("hd").getValues().get(0);
if (request.getParameter("state") == null) {
// initialize openidconnect
String state = new BigInteger(130, new SecureRandom()).toString(32);
request.getSession().setAttribute("UNISON_OPENIDCONNECT_STATE", state);
StringBuffer redirToSend = new StringBuffer();
redirToSend.append(idpURL).append("?client_id=").append(URLEncoder.encode(clientid, "UTF-8")).append("&response_type=").append(URLEncoder.encode(responseType, "UTF-8")).append("&scope=").append(URLEncoder.encode(scope, "UTF-8")).append("&redirect_uri=").append(URLEncoder.encode(b.toString(), "UTF-8")).append("&state=").append(URLEncoder.encode("security_token=", "UTF-8")).append(URLEncoder.encode(state, "UTF-8"));
if (forceAuth) {
redirToSend.append("&max_age=0");
}
if (hd != null && !hd.isEmpty()) {
redirToSend.append("&hd=").append(hd);
}
response.sendRedirect(redirToSend.toString());
} else {
String stateFromURL = request.getParameter("state");
stateFromURL = URLDecoder.decode(stateFromURL, "UTF-8");
stateFromURL = stateFromURL.substring(stateFromURL.indexOf('=') + 1);
String stateFromSession = (String) request.getSession().getAttribute("UNISON_OPENIDCONNECT_STATE");
if (!stateFromSession.equalsIgnoreCase(stateFromURL)) {
throw new ServletException("Invalid State");
}
HttpUriRequest post = null;
try {
post = RequestBuilder.post().setUri(new java.net.URI(loadTokenURL)).addParameter("code", request.getParameter("code")).addParameter("client_id", clientid).addParameter("client_secret", secret).addParameter("redirect_uri", b.toString()).addParameter("grant_type", "authorization_code").build();
} catch (URISyntaxException e) {
throw new ServletException("Could not create post request");
}
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
CloseableHttpResponse httpResp = http.execute(post);
if (httpResp.getStatusLine().getStatusCode() != 200) {
logger.error("Could not retrieve token : " + httpResp.getStatusLine().getStatusCode() + " / " + httpResp.getStatusLine().getReasonPhrase());
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
BufferedReader in = new BufferedReader(new InputStreamReader(httpResp.getEntity().getContent()));
StringBuffer token = new StringBuffer();
String line = null;
while ((line = in.readLine()) != null) {
token.append(line);
}
httpResp.close();
bhcm.close();
Gson gson = new Gson();
Map tokenNVP = com.cedarsoftware.util.io.JsonReader.jsonToMaps(token.toString());
String accessToken;
// Store the bearer token for use by Unison
request.getSession().setAttribute(bearerTokenName, tokenNVP.get("access_token"));
Map jwtNVP = null;
LoadUserData loadUser = null;
try {
loadUser = (LoadUserData) Class.forName(userLookupClassName).newInstance();
jwtNVP = loadUser.loadUserAttributesFromIdP(request, response, cfg, authParams, tokenNVP);
} catch (Exception e) {
throw new ServletException("Could not load user data", e);
}
if (hd != null && !hd.isEmpty()) {
String hdFromIdToken = (String) jwtNVP.get("hd");
if (hdFromIdToken != null && !hdFromIdToken.isEmpty()) {
if (!hdFromIdToken.equalsIgnoreCase(hd)) {
as.setSuccess(false);
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
}
} else {
as.setSuccess(false);
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
}
}
if (jwtNVP == null) {
as.setSuccess(false);
} else {
if (!linkToDirectory) {
loadUnlinkedUser(session, noMatchOU, uidAttr, act, jwtNVP, defaultObjectClass);
as.setSuccess(true);
} else {
lookupUser(as, session, myvd, noMatchOU, uidAttr, lookupFilter, act, jwtNVP, defaultObjectClass);
}
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
}
Aggregations