Example 61 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class ModuleType method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
try {
ModuleType mt = this.getModuleType(request);
String sessionId = sugarLogin();
Gson gson = new Gson();
SugarGetEntryList sgel = new SugarGetEntryList();
sgel.setSession(sessionId);
sgel.setModule_name(mt.name);
StringBuffer b = new StringBuffer();
b.append(mt.lookupByEmail).append(userID).append("')");
sgel.setQuery(b.toString());
sgel.setOrder_by("");
sgel.setOffset(0);
ArrayList<String> reqFields = new ArrayList<String>();
reqFields.add("id");
sgel.setSelect_fields(reqFields);
sgel.setMax_results(-1);
sgel.setDeleted(false);
sgel.setLink_name_to_fields_array(new HashMap<String, List<String>>());
String searchJson = gson.toJson(sgel);
String respJSON = execJson(searchJson, "get_entry_list");
JSONObject jsonObj = (JSONObject) JSONValue.parse(respJSON);
JSONArray jsonArray = (JSONArray) jsonObj.get("entry_list");
String id = (String) ((JSONObject) jsonArray.get(0)).get("id");
SugarGetEntry sge = new SugarGetEntry();
sge.setId(id);
sge.setSession(sessionId);
sge.setSelect_fields(new ArrayList<String>());
sge.setModule_name(mt.name);
sge.setLink_name_to_fields_array(new HashMap<String, List<String>>());
searchJson = gson.toJson(sge);
respJSON = execJson(searchJson, "get_entry");
// System.out.println(respJSON);
SugarEntrySet res = gson.fromJson(respJSON, SugarEntrySet.class);
User user = new User(userID);
SugarContactEntry sce = res.getEntry_list().get(0);
for (String attrName : sce.getName_value_list().keySet()) {
NVP nvp = sce.getName_value_list().get(attrName);
if (attributes.size() > 0 && !attributes.contains(nvp.getName())) {
continue;
}
if (nvp.getValue() != null && !nvp.getValue().isEmpty()) {
Attribute attr = new Attribute(nvp.getName(), nvp.getValue());
user.getAttribs().put(nvp.getName(), attr);
}
}
return user;
} catch (Exception e) {
throw new ProvisioningException("Could not find user", e);
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
SugarGetEntry(com.tremolosecurity.provisioning.core.providers.sugarcrm.SugarGetEntry)
SugarContactEntry(com.tremolosecurity.provisioning.core.providers.sugarcrm.SugarContactEntry)
Attribute(com.tremolosecurity.saml.Attribute)
ArrayList(java.util.ArrayList)
JSONArray(org.json.simple.JSONArray)
Gson(com.google.gson.Gson)
NVP(com.tremolosecurity.util.NVP)
SugarEntrySet(com.tremolosecurity.provisioning.core.providers.sugarcrm.SugarEntrySet)
MalformedCookieException(org.apache.http.cookie.MalformedCookieException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
SugarGetEntryList(com.tremolosecurity.provisioning.core.providers.sugarcrm.SugarGetEntryList)
SugarGetEntryList(com.tremolosecurity.provisioning.core.providers.sugarcrm.SugarGetEntryList)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 62 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class TokenData method generateClaims.
private JwtClaims generateClaims(String dn, ConfigManager cfg, URL url, OpenIDConnectTrust trust, String nonce, HashMap<String, String> extraAttribs, HttpServletRequest request, String authChainName, JSONObject existingClaims, JSONObject actor) throws LDAPException, ProvisioningException {
StringBuffer issuer = new StringBuffer();
// issuer.append(cfg.getAuthIdPPath()).append(this.idpName);
issuer.append(this.authURI);
String issuerUrl = ProxyTools.getInstance().getFqdnUrl(issuer.toString(), request);
// Create the Claims, which will be the content of the JWT
JwtClaims claims = new JwtClaims();
// who creates the token and signs it
claims.setIssuer(issuerUrl);
// to whom the token is intended to be sent
claims.setAudience(trust.getClientID());
// time when the token will expire (10 minutes from now)
claims.setExpirationTimeMinutesInTheFuture(trust.getAccessTokenTimeToLive() / 1000 / 60);
// a unique identifier for the token
claims.setGeneratedJwtId();
// when the token was issued/created (now)
claims.setIssuedAtToNow();
// time before which the token is not yet valid (2 minutes ago)
claims.setNotBeforeMinutesInThePast(trust.getAccessTokenSkewMillis() / 1000 / 60);
// claims.setSubject(dn); // the subject/principal is whom the token is about
if (nonce != null) {
claims.setClaim("nonce", nonce);
}
LDAPEntry entry = null;
User user = null;
ArrayList<String> attrs = new ArrayList<String>();
LDAPSearchResults res = null;
boolean userFromLdap = false;
try {
res = cfg.getMyVD().search(dn, 0, "(objectClass=*)", attrs);
if (res.hasMore()) {
userFromLdap = true;
}
} catch (LDAPException e) {
if (e.getResultCode() == 32) {
userFromLdap = false;
} else {
throw e;
}
}
if (userFromLdap) {
entry = res.next();
} else {
if (existingClaims != null) {
LDAPAttributeSet atts = new LDAPAttributeSet();
for (Object key : existingClaims.keySet()) {
if (!ignoredClaims.contains((String) key)) {
LDAPAttribute attr = new LDAPAttribute((String) key);
atts.add(attr);
Object o = existingClaims.get(key);
if (o instanceof JSONArray) {
JSONArray vals = (JSONArray) o;
for (Object x : vals) {
try {
attr.addValue(x.toString().getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
// can't happen
}
}
} else {
try {
attr.addValue(o.toString().getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
// can't happen
}
}
}
}
entry = new LDAPEntry(dn, atts);
} else {
throw new ProvisioningException("Could not lookup user or get from existing claims");
}
}
user = new User(entry);
if (userFromLdap) {
user = this.mapper.mapUser(user, true);
}
for (String attrName : user.getAttribs().keySet()) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
if (attr.getName().equalsIgnoreCase("sub")) {
claims.setSubject(attr.getValues().get(0));
} else if (attr.getValues().size() == 1) {
claims.setClaim(attrName, attr.getValues().get(0));
} else {
claims.setStringListClaim(attrName, attr.getValues());
}
}
}
String amr = this.authChainToAmr.get(authChainName);
if (amr != null) {
claims.setClaim("amr", new String[] { amr });
}
if (extraAttribs != null) {
for (String key : extraAttribs.keySet()) {
claims.setClaim(key, extraAttribs.get(key));
}
}
if (actor != null) {
JSONObject actorToAdd = new JSONObject();
for (Object key : existingClaims.keySet()) {
if (!ignoredClaims.contains((String) key)) {
actorToAdd.put(key, actor.get(key));
}
}
Map actorFromSubject = (Map) claims.getClaimValue("actor");
if (actorFromSubject != null) {
actorFromSubject.put("act", actorToAdd);
} else {
claims.setClaim("act", actorToAdd);
}
}
if (this.claimsUpdater != null) {
this.claimsUpdater.updateClaimsBeforeSigning(dn, cfg, url, trust, nonce, extraAttribs, entry, user, claims);
}
return claims;
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
JwtClaims(org.jose4j.jwt.JwtClaims)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ArrayList(java.util.ArrayList)
JSONArray(org.json.simple.JSONArray)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONObject(org.json.simple.JSONObject)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 63 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class TokenData method jwtToAuthInfo.
private AuthInfo jwtToAuthInfo(TokenData td, String uidAttr, AuthChainType act, String subjectAuthMethod) throws ServletException {
String filter = "";
if (td.subjectUid == null) {
filter = "(!(objectClass=*))";
} else {
filter = equal(uidAttr, td.subjectUid).toString();
}
try {
String root = act.getRoot();
if (root == null || root.trim().isEmpty()) {
root = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
}
AuthChainType actForSubject = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(subjectAuthMethod);
if (actForSubject == null) {
logger.warn(new StringBuilder("No authentication chain named '").append(subjectAuthMethod).append("'"));
}
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(root, 2, filter, new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
AuthInfo authInfo = new AuthInfo(entry.getDN(), null, actForSubject != null ? actForSubject.getName() : null, actForSubject != null ? actForSubject.getLevel() : 0);
User user = new User(entry);
user = this.getMapper().mapUser(user);
for (String attrName : user.getAttribs().keySet()) {
authInfo.getAttribs().put(attrName, user.getAttribs().get(attrName));
}
if (authInfo.getAttribs().get(uidAttr) == null) {
authInfo.getAttribs().put(uidAttr, new Attribute(uidAttr, td.subjectUid));
}
return authInfo;
} else {
String dn = new StringBuilder().append(uidAttr).append("=").append(td.subjectUid).append(",ou=oauth2,").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot()).toString();
AuthInfo authInfo = new AuthInfo(dn, null, actForSubject != null ? actForSubject.getName() : null, actForSubject != null ? actForSubject.getLevel() : 0);
for (Object key : td.root.keySet()) {
Attribute attr = new Attribute(key.toString());
if (attr.getName().equalsIgnoreCase("sub")) {
authInfo.getAttribs().put(uidAttr, new Attribute(uidAttr, (String) td.root.get(key)));
}
if (td.root.get(key) instanceof JSONArray) {
attr.getValues().addAll(((JSONArray) td.root.get(key)));
} else {
attr.getValues().add(td.root.get(key).toString());
}
authInfo.getAttribs().put((String) key, attr);
return authInfo;
}
}
} catch (LDAPException | ProvisioningException e) {
throw new ServletException("Could not lookup sts subject", e);
}
return null;
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
User(com.tremolosecurity.provisioning.core.User)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
JSONArray(org.json.simple.JSONArray)
ServletException(javax.servlet.ServletException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONObject(org.json.simple.JSONObject)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 64 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class TokenPostAuth method lookupUser.
private AuthInfo lookupUser(HttpSession session, MyVDConnection myvd, String uidAttr, AuthChainType act, String uid, String subjectAuthMethod) throws ServletException {
String filter = "";
StringBuffer b = new StringBuffer();
String userParam = uid;
b.append('(').append(uidAttr).append('=').append(userParam).append(')');
if (userParam == null) {
filter = "(!(objectClass=*))";
} else {
filter = equal(uidAttr, userParam).toString();
}
try {
String root = act.getRoot();
if (root == null || root.trim().isEmpty()) {
root = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
}
LDAPSearchResults res = myvd.search(root, 2, filter, new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
AuthChainType actForSubject = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(subjectAuthMethod);
if (actForSubject == null) {
logger.warn(new StringBuilder("No authentication chain named '").append(subjectAuthMethod).append("'"));
}
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), actForSubject.getName(), actForSubject.getLevel());
User user = new User(entry);
user = idp.getMapper().mapUser(user);
for (String attrName : user.getAttribs().keySet()) {
authInfo.getAttribs().put(attrName, user.getAttribs().get(attrName));
}
return authInfo;
} else {
return null;
}
} catch (LDAPException | ProvisioningException e) {
throw new ServletException("Could not lookup sts subject", e);
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
User(com.tremolosecurity.provisioning.core.User)
ServletException(javax.servlet.ServletException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Aggregations
User (com.tremolosecurity.provisioning.core.User)64
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)44
Attribute (com.tremolosecurity.saml.Attribute)33
IOException (java.io.IOException)25
ArrayList (java.util.ArrayList)21
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
HashMap (java.util.HashMap)17
Workflow (com.tremolosecurity.provisioning.core.Workflow)16
ClientProtocolException (org.apache.http.client.ClientProtocolException)16
UnsupportedEncodingException (java.io.UnsupportedEncodingException)15
LDAPException (com.novell.ldap.LDAPException)14
HashSet (java.util.HashSet)14
LDAPEntry (com.novell.ldap.LDAPEntry)13
JSONObject (org.json.simple.JSONObject)13
ParseException (org.json.simple.parser.ParseException)13
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)11
JSONArray (org.json.simple.JSONArray)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
SQLException (java.sql.SQLException)9
