Search in sources :

Example 1 with User

use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.

the class OktaTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    try {
        com.okta.sdk.resource.user.User fromOkta = null;
        try {
            fromOkta = okta.getUser(userID);
        } catch (ResourceException e) {
            if (e.getStatus() == 404) {
                return null;
            } else {
                throw new ProvisioningException("Could not lookup user", e);
            }
        }
        User user = new User(userID);
        UserProfile profile = fromOkta.getProfile();
        for (Object attrKey : profile.keySet()) {
            String attrName = (String) attrKey;
            String value = (String) profile.get(attrKey);
            if (attributes.contains(attrName)) {
                user.getAttribs().put(attrName, new Attribute(attrName, value));
            }
        }
        GroupList groups = fromOkta.listGroups();
        for (Group group : groups) {
            user.getGroups().add(group.getProfile().getName());
        }
        return user;
    } catch (Exception e) {
        throw new ProvisioningException("Could not retrieve user", e);
    }
}
Also used : Group(com.okta.sdk.resource.group.Group) User(com.tremolosecurity.provisioning.core.User) UserProfile(com.okta.sdk.resource.user.UserProfile) Attribute(com.tremolosecurity.saml.Attribute) ResourceException(com.okta.sdk.resource.ResourceException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) GroupList(com.okta.sdk.resource.group.GroupList) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ResourceException(com.okta.sdk.resource.ResourceException) JSONObject(org.json.simple.JSONObject)

Example 2 with User

use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method deleteFullName.

private String deleteFullName(User user, int approvalID, Workflow workflow, Gson gson, StringBuffer b) throws Exception, IOException, ClientProtocolException, ProvisioningException {
    String token;
    token = this.getAuthToken();
    HttpCon con = this.createClient();
    try {
        b.append("/apis/user.openshift.io/v1/users/").append(user.getUserID());
        String json = callWS(token, con, b.toString());
        com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
        osUser.setFullName(null);
        json = gson.toJson(osUser);
        json = callWSPut(token, con, b.toString(), json);
        osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
        if (osUser.getKind().equals("User")) {
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "fullName", osUser.getFullName());
        } else {
            throw new Exception("Could not unset fullName for " + user.getUserID() + " - " + osUser.getReason());
        }
    } finally {
        con.getHttp().close();
        con.getBcm().shutdown();
    }
    return token;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) User(com.tremolosecurity.provisioning.core.User) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 3 with User

use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    Gson gson = new Gson();
    User fromServer = this.findUser(user.getUserID(), attributes, request);
    if (fromServer == null) {
        this.createUser(user, attributes, request);
    } else {
        StringBuffer b = new StringBuffer();
        String token = null;
        if (attributes.contains("fullName")) {
            if (user.getAttribs().get("fullName") != null) {
                String fullName = user.getAttribs().get("fullName").getValues().get(0);
                String fromServerFullName = fromServer.getAttribs().get("fullName") != null ? fromServer.getAttribs().get("fullName").getValues().get(0) : null;
                if (fromServerFullName == null || !fromServerFullName.equalsIgnoreCase(fullName)) {
                    try {
                        token = setFullName(user, approvalID, workflow, gson, b);
                    } catch (Exception e) {
                        throw new ProvisioningException("Could not set fullName from " + user.getUserID(), e);
                    }
                }
            } else {
                if (!addOnly) {
                    try {
                        token = deleteFullName(user, approvalID, workflow, gson, b);
                    } catch (Exception e) {
                        throw new ProvisioningException("Could not delete fullName from " + user.getUserID(), e);
                    }
                }
            }
        }
        try {
            syncGroups(user, addOnly, approvalID, workflow, fromServer, token);
        } catch (Exception e) {
            throw new ProvisioningException("Could not sync groups for " + user.getUserID(), e);
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 4 with User

use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.tremolosecurity.unison.openshiftv3.model.users.User osUser = new com.tremolosecurity.unison.openshiftv3.model.users.User();
    osUser.setKind("User");
    osUser.setApiVersion("user.openshift.io/v1");
    osUser.getMetadata().put("name", user.getUserID());
    if (user.getAttribs().get("fullName") != null) {
        osUser.setFullName(user.getAttribs().get("fullName").getValues().get(0));
    }
    Gson gson = new Gson();
    try {
        String token = this.getAuthToken();
        HttpCon con = this.createClient();
        try {
            String json = gson.toJson(osUser);
            StringBuffer b = new StringBuffer();
            b.append("/apis/user.openshift.io/v1/users");
            osUser = gson.fromJson(this.callWSPost(token, con, b.toString(), json), com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (!osUser.getKind().equals("User")) {
                throw new ProvisioningException("Could not create user " + user.getUserID() + " - " + osUser.getReason());
            }
            this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "name", user.getUserID());
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "name", (String) osUser.getMetadata().get("name"));
            if (user.getAttribs().get("fullName") != null) {
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "fullName", osUser.getFullName());
            }
            for (String groupName : user.getGroups()) {
                this.addUserToGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create user", e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 5 with User

use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    try {
        User user = null;
        String token = this.getAuthToken();
        // users aren't bound to groups and there's no way to directly lookup what groups a user has
        // so we need to read all groups and see if the user exists
        ArrayList<String> groupsForUser = new ArrayList<String>();
        HttpCon con = this.createClient();
        StringBuffer b = new StringBuffer();
        com.tremolosecurity.unison.openshiftv3.model.List<GroupItem> groupList = null;
        try {
            String json = callWS(token, con, "/apis/user.openshift.io/v1/groups");
            Gson gson = new Gson();
            TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>> tokenType = new TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>>() {
            };
            groupList = gson.fromJson(json, tokenType.getType());
            b.append("/apis/user.openshift.io/v1/users/").append(userID);
            json = callWS(token, con, b.toString());
            com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (osUser.getKind().equalsIgnoreCase("User")) {
                user = new User(userID);
                for (String attrName : osUser.getMetadata().keySet()) {
                    if (!attrName.equalsIgnoreCase("fullName") && attributes.contains(attrName)) {
                        user.getAttribs().put(attrName, new Attribute(attrName, (String) osUser.getMetadata().get(attrName)));
                    }
                }
                if (attributes.contains("fullName") && osUser.getFullName() != null) {
                    user.getAttribs().put("fullName", new Attribute("fullName", osUser.getFullName()));
                }
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
        for (GroupItem group : groupList.getItems()) {
            if (group.getUsers() != null && group.getUsers().contains(userID)) {
                groupsForUser.add((String) group.getMetadata().get("name"));
            }
        }
        if (groupsForUser.isEmpty()) {
            return user;
        } else {
            if (user == null) {
                // user = new User(userID);
                return null;
            }
            user.getGroups().addAll(groupsForUser);
            return user;
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not load " + userID, e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) TypeToken(com.google.gson.reflect.TypeToken) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) GroupItem(com.tremolosecurity.unison.openshiftv3.model.groups.GroupItem) List(java.util.List) ArrayList(java.util.ArrayList)

Aggregations

User (com.tremolosecurity.provisioning.core.User)64 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)44 Attribute (com.tremolosecurity.saml.Attribute)33 IOException (java.io.IOException)25 ArrayList (java.util.ArrayList)21 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)18 LDAPAttribute (com.novell.ldap.LDAPAttribute)17 HashMap (java.util.HashMap)17 Workflow (com.tremolosecurity.provisioning.core.Workflow)16 ClientProtocolException (org.apache.http.client.ClientProtocolException)16 UnsupportedEncodingException (java.io.UnsupportedEncodingException)15 LDAPException (com.novell.ldap.LDAPException)14 HashSet (java.util.HashSet)14 LDAPEntry (com.novell.ldap.LDAPEntry)13 JSONObject (org.json.simple.JSONObject)13 ParseException (org.json.simple.parser.ParseException)13 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)11 JSONArray (org.json.simple.JSONArray)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 SQLException (java.sql.SQLException)9