Search in sources :

Example 1 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class OktaTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    try {
        com.okta.sdk.resource.user.User fromOkta = null;
        try {
            fromOkta = okta.getUser(userID);
        } catch (ResourceException e) {
            if (e.getStatus() == 404) {
                return null;
            } else {
                throw new ProvisioningException("Could not lookup user", e);
            }
        }
        User user = new User(userID);
        UserProfile profile = fromOkta.getProfile();
        for (Object attrKey : profile.keySet()) {
            String attrName = (String) attrKey;
            String value = (String) profile.get(attrKey);
            if (attributes.contains(attrName)) {
                user.getAttribs().put(attrName, new Attribute(attrName, value));
            }
        }
        GroupList groups = fromOkta.listGroups();
        for (Group group : groups) {
            user.getGroups().add(group.getProfile().getName());
        }
        return user;
    } catch (Exception e) {
        throw new ProvisioningException("Could not retrieve user", e);
    }
}
Also used : Group(com.okta.sdk.resource.group.Group) User(com.tremolosecurity.provisioning.core.User) UserProfile(com.okta.sdk.resource.user.UserProfile) Attribute(com.tremolosecurity.saml.Attribute) ResourceException(com.okta.sdk.resource.ResourceException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) GroupList(com.okta.sdk.resource.group.GroupList) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ResourceException(com.okta.sdk.resource.ResourceException) JSONObject(org.json.simple.JSONObject)

Example 2 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class OktaTarget method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.okta.sdk.resource.user.User fromOkta = null;
    try {
        fromOkta = okta.getUser(user.getUserID());
    } catch (ResourceException e) {
        throw new ProvisioningException("Could not lookup user", e);
    }
    fromOkta.deactivate();
    fromOkta.delete();
    this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "login", user.getUserID());
}
Also used : ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) ResourceException(com.okta.sdk.resource.ResourceException)

Example 3 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method deleteFullName.

private String deleteFullName(User user, int approvalID, Workflow workflow, Gson gson, StringBuffer b) throws Exception, IOException, ClientProtocolException, ProvisioningException {
    String token;
    token = this.getAuthToken();
    HttpCon con = this.createClient();
    try {
        b.append("/apis/user.openshift.io/v1/users/").append(user.getUserID());
        String json = callWS(token, con, b.toString());
        com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
        osUser.setFullName(null);
        json = gson.toJson(osUser);
        json = callWSPut(token, con, b.toString(), json);
        osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
        if (osUser.getKind().equals("User")) {
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "fullName", osUser.getFullName());
        } else {
            throw new Exception("Could not unset fullName for " + user.getUserID() + " - " + osUser.getReason());
        }
    } finally {
        con.getHttp().close();
        con.getBcm().shutdown();
    }
    return token;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) User(com.tremolosecurity.provisioning.core.User) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 4 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    Gson gson = new Gson();
    User fromServer = this.findUser(user.getUserID(), attributes, request);
    if (fromServer == null) {
        this.createUser(user, attributes, request);
    } else {
        StringBuffer b = new StringBuffer();
        String token = null;
        if (attributes.contains("fullName")) {
            if (user.getAttribs().get("fullName") != null) {
                String fullName = user.getAttribs().get("fullName").getValues().get(0);
                String fromServerFullName = fromServer.getAttribs().get("fullName") != null ? fromServer.getAttribs().get("fullName").getValues().get(0) : null;
                if (fromServerFullName == null || !fromServerFullName.equalsIgnoreCase(fullName)) {
                    try {
                        token = setFullName(user, approvalID, workflow, gson, b);
                    } catch (Exception e) {
                        throw new ProvisioningException("Could not set fullName from " + user.getUserID(), e);
                    }
                }
            } else {
                if (!addOnly) {
                    try {
                        token = deleteFullName(user, approvalID, workflow, gson, b);
                    } catch (Exception e) {
                        throw new ProvisioningException("Could not delete fullName from " + user.getUserID(), e);
                    }
                }
            }
        }
        try {
            syncGroups(user, addOnly, approvalID, workflow, fromServer, token);
        } catch (Exception e) {
            throw new ProvisioningException("Could not sync groups for " + user.getUserID(), e);
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 5 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.tremolosecurity.unison.openshiftv3.model.users.User osUser = new com.tremolosecurity.unison.openshiftv3.model.users.User();
    osUser.setKind("User");
    osUser.setApiVersion("user.openshift.io/v1");
    osUser.getMetadata().put("name", user.getUserID());
    if (user.getAttribs().get("fullName") != null) {
        osUser.setFullName(user.getAttribs().get("fullName").getValues().get(0));
    }
    Gson gson = new Gson();
    try {
        String token = this.getAuthToken();
        HttpCon con = this.createClient();
        try {
            String json = gson.toJson(osUser);
            StringBuffer b = new StringBuffer();
            b.append("/apis/user.openshift.io/v1/users");
            osUser = gson.fromJson(this.callWSPost(token, con, b.toString(), json), com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (!osUser.getKind().equals("User")) {
                throw new ProvisioningException("Could not create user " + user.getUserID() + " - " + osUser.getReason());
            }
            this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "name", user.getUserID());
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "name", (String) osUser.getMetadata().get("name"));
            if (user.getAttribs().get("fullName") != null) {
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "fullName", osUser.getFullName());
            }
            for (String groupName : user.getGroups()) {
                this.addUserToGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create user", e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)265 IOException (java.io.IOException)91 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)79 Attribute (com.tremolosecurity.saml.Attribute)75 Workflow (com.tremolosecurity.provisioning.core.Workflow)67 JSONObject (org.json.simple.JSONObject)67 UnsupportedEncodingException (java.io.UnsupportedEncodingException)57 ClientProtocolException (org.apache.http.client.ClientProtocolException)57 LDAPException (com.novell.ldap.LDAPException)56 ArrayList (java.util.ArrayList)54 ParseException (org.json.simple.parser.ParseException)51 HashMap (java.util.HashMap)50 Gson (com.google.gson.Gson)45 User (com.tremolosecurity.provisioning.core.User)44 JSONParser (org.json.simple.parser.JSONParser)42 SQLException (java.sql.SQLException)39 LDAPAttribute (com.novell.ldap.LDAPAttribute)33 LDAPEntry (com.novell.ldap.LDAPEntry)33 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)30 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)28