Example 16 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
StringBuffer b = new StringBuffer(this.url).append("/users/").append(id);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), true, ActionType.Delete, approvalID, workflow, "name", user.getUserID());
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
User(com.tremolosecurity.provisioning.core.User)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Example 17 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method lookupUser.
public UserAndID lookupUser(String userID, Set<String> attributes, Map<String, Object> request, KSToken token, HttpCon con) throws Exception {
KSUser fromKS = null;
List<NameValuePair> qparams = new ArrayList<NameValuePair>();
qparams.add(new BasicNameValuePair("domain_id", this.usersDomain));
qparams.add(new BasicNameValuePair("name", userID));
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users?").append(URLEncodedUtils.format(qparams, "UTF-8"));
String fullURL = b.toString();
String json = this.callWS(token.getAuthToken(), con, fullURL);
Gson gson = new Gson();
UserLookupResponse resp = gson.fromJson(json, UserLookupResponse.class);
if (resp.getUsers().isEmpty()) {
return null;
} else {
fromKS = resp.getUsers().get(0);
User user = new User(fromKS.getName());
if (attributes.contains("name")) {
user.getAttribs().put("name", new Attribute("name", fromKS.getName()));
}
if (attributes.contains("id")) {
user.getAttribs().put("id", new Attribute("id", fromKS.getId()));
}
if (attributes.contains("email") && fromKS.getEmail() != null) {
user.getAttribs().put("email", new Attribute("email", fromKS.getEmail()));
}
if (attributes.contains("description") && fromKS.getDescription() != null) {
user.getAttribs().put("description", new Attribute("description", fromKS.getEmail()));
}
if (attributes.contains("enabled")) {
user.getAttribs().put("enabled", new Attribute("enabled", Boolean.toString(fromKS.getEnabled())));
}
if (!rolesOnly) {
b.setLength(0);
b.append(this.url).append("/users/").append(fromKS.getId()).append("/groups");
json = this.callWS(token.getAuthToken(), con, b.toString());
GroupLookupResponse gresp = gson.fromJson(json, GroupLookupResponse.class);
for (KSGroup group : gresp.getGroups()) {
user.getGroups().add(group.getName());
}
}
if (attributes.contains("roles")) {
b.setLength(0);
b.append(this.url).append("/role_assignments?user.id=").append(fromKS.getId()).append("&include_names=true");
json = this.callWS(token.getAuthToken(), con, b.toString());
RoleAssignmentResponse rar = gson.fromJson(json, RoleAssignmentResponse.class);
Attribute attr = new Attribute("roles");
for (KSRoleAssignment role : rar.getRole_assignments()) {
if (role.getScope().getProject() != null) {
attr.getValues().add(gson.toJson(new Role(role.getRole().getName(), "project", role.getScope().getProject().getDomain().getName(), role.getScope().getProject().getName())));
} else {
attr.getValues().add(gson.toJson(new Role(role.getRole().getName(), "domain", role.getScope().getDomain().getName())));
}
}
if (!attr.getValues().isEmpty()) {
user.getAttribs().put("roles", attr);
}
}
UserAndID userAndId = new UserAndID();
userAndId.setUser(user);
userAndId.setId(fromKS.getId());
return userAndId;
}
}
Also used :
NameValuePair(org.apache.http.NameValuePair)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID)
User(com.tremolosecurity.provisioning.core.User)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
KSGroup(com.tremolosecurity.unison.openstack.model.KSGroup)
Attribute(com.tremolosecurity.saml.Attribute)
GroupLookupResponse(com.tremolosecurity.unison.openstack.model.GroupLookupResponse)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
ArrayList(java.util.ArrayList)
KSRoleAssignment(com.tremolosecurity.unison.openstack.model.KSRoleAssignment)
Gson(com.google.gson.Gson)
RoleAssignmentResponse(com.tremolosecurity.unison.openstack.model.RoleAssignmentResponse)
KSRole(com.tremolosecurity.unison.openstack.model.KSRole)
Role(com.tremolosecurity.unison.openstack.model.Role)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
UserLookupResponse(com.tremolosecurity.unison.openstack.model.UserLookupResponse)
Example 18 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class Drupal7GetSequence method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
try {
if (logger.isDebugEnabled()) {
logger.debug("Searching for users.id");
logger.debug("Looking for user : '" + user.getUserID() + "'");
}
User looking = task.getConfigManager().getProvisioningEngine().getTarget(this.targetName).findUser(user.getUserID(), new HashMap<String, Object>());
if (logger.isDebugEnabled()) {
logger.debug("User object : '" + looking + "'");
}
if (looking == null) {
if (logger.isDebugEnabled()) {
logger.debug("User not found");
}
}
if (looking != null) {
if (logger.isDebugEnabled()) {
logger.debug("User found, setting to user id : '" + looking.getAttribs().get("uid").getValues().get(0) + "'");
}
user.getAttribs().put("drupalid", new Attribute("drupalid", looking.getAttribs().get("uid").getValues().get(0)));
return true;
}
} catch (ProvisioningException pe) {
// do nothing
pe.printStackTrace();
}
UserStoreProvider provider = task.getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
BasicDBInterface dbprovider = (BasicDBInterface) provider;
Connection con = null;
try {
if (logger.isDebugEnabled()) {
logger.debug("Getting Connection");
}
con = dbprovider.getDS().getConnection();
if (logger.isDebugEnabled()) {
logger.debug("Preparing Statement");
}
PreparedStatement ps = con.prepareStatement("INSERT INTO sequences () VALUES ()", Statement.RETURN_GENERATED_KEYS);
if (logger.isDebugEnabled()) {
logger.debug("Executing Statement");
}
ps.executeUpdate();
if (logger.isDebugEnabled()) {
logger.debug("Getting key");
}
ResultSet rs = ps.getGeneratedKeys();
rs.next();
int id = rs.getInt(1);
if (logger.isDebugEnabled()) {
logger.debug("ID: '" + id + "'");
}
rs.close();
ps.close();
user.getAttribs().put("drupalid", new Attribute("drupalid", Integer.toString(id)));
return true;
} catch (SQLException e) {
throw new ProvisioningException("Could not generate userid", e);
} finally {
if (con != null) {
try {
logger.info("Closing connection");
con.close();
} catch (Exception e1) {
// do nothing
}
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
Attribute(com.tremolosecurity.saml.Attribute)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
BasicDBInterface(com.tremolosecurity.provisioning.core.providers.BasicDBInterface)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
SQLException(java.sql.SQLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ResultSet(java.sql.ResultSet)
UserStoreProvider(com.tremolosecurity.provisioning.core.UserStoreProvider)
Example 19 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class GitlabUserProvider method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
org.gitlab4j.api.models.User newUser = new org.gitlab4j.api.models.User();
newUser.setUsername(user.getUserID());
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
try {
this.beanUtils.setProperty(newUser, attrName, attr.getValues().get(0));
} catch (IllegalAccessException | InvocationTargetException e) {
throw new ProvisioningException("Could not set " + attrName + " for " + user.getUserID(), e);
}
}
}
try {
this.userApi.createUser(newUser, new GenPasswd(50).getPassword(), false);
} catch (GitLabApiException e) {
throw new ProvisioningException("Could not create user", e);
}
newUser = this.findUserByName(user.getUserID());
int numTries = 0;
while (newUser == null) {
if (numTries > 10) {
throw new ProvisioningException("User " + user.getUserID() + " never created");
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
newUser = this.findUserByName(user.getUserID());
numTries++;
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "id", newUser.getId().toString());
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, attr.getValues().get(0));
}
}
List<GitlabFedIdentity> ids = (List<GitlabFedIdentity>) request.get(GitlabUserProvider.GITLAB_IDENTITIES);
if (ids != null) {
ArrayList<Header> defheaders = new ArrayList<Header>();
defheaders.add(new BasicHeader("Private-Token", this.token));
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultHeaders(defheaders).setDefaultRequestConfig(rc).build();
try {
for (GitlabFedIdentity id : ids) {
HttpPut getmembers = new HttpPut(new StringBuilder().append(this.url).append("/api/v4/users/").append(newUser.getId()).append("?provider=").append(id.getProvider()).append("&extern_uid=").append(URLEncoder.encode(user.getUserID(), "UTF-8")).toString());
CloseableHttpResponse resp = http.execute(getmembers);
if (resp.getStatusLine().getStatusCode() != 200) {
throw new IOException("Invalid response " + resp.getStatusLine().getStatusCode());
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "identity-provider", id.getProvider());
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "identity-externid", id.getExternalUid());
}
} catch (IOException e) {
throw new ProvisioningException("Could not set identity", e);
} finally {
try {
http.close();
} catch (IOException e) {
}
bhcm.close();
}
}
HashMap<String, Integer> groupmap = (HashMap<String, Integer>) request.get(GitlabUserProvider.GITLAB_GROUP_ENTITLEMENTS);
if (groupmap == null) {
groupmap = new HashMap<String, Integer>();
}
for (String group : user.getGroups()) {
try {
Group groupObj = this.findGroupByName(group);
if (groupObj == null) {
logger.warn("Group " + group + " does not exist");
} else {
int accessLevel = AccessLevel.DEVELOPER.ordinal();
if (groupmap.containsKey(group)) {
accessLevel = groupmap.get(group);
}
this.groupApi.addMember(groupObj.getId(), newUser.getId(), accessLevel);
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
}
} catch (GitLabApiException e) {
throw new ProvisioningException("Could not find group " + group, e);
}
}
}
Also used :
Group(org.gitlab4j.api.models.Group)
UserStoreProviderWithAddGroup(com.tremolosecurity.provisioning.core.UserStoreProviderWithAddGroup)
User(com.tremolosecurity.provisioning.core.User)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
HttpPut(org.apache.http.client.methods.HttpPut)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
ArrayList(java.util.ArrayList)
List(java.util.List)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd)
RequestConfig(org.apache.http.client.config.RequestConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
GitLabApiException(org.gitlab4j.api.GitLabApiException)
IOException(java.io.IOException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Header(org.apache.http.Header)
BasicHeader(org.apache.http.message.BasicHeader)
BasicHeader(org.apache.http.message.BasicHeader)
Example 20 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class SamlTransaction method postResponse.
private void postResponse(final SamlTransaction transaction, HttpServletRequest request, HttpServletResponse response, AuthInfo authInfo, UrlHolder holder) throws MalformedURLException, ServletException, UnsupportedEncodingException, IOException {
User mapped = null;
try {
if (authInfo.getAttribs().get(transaction.nameIDAttr) == null) {
StringBuffer b = new StringBuffer();
b.append("No attribute mapping for '").append(transaction.nameIDAttr).append("'");
throw new ServletException(b.toString());
}
User orig = new User(authInfo.getAttribs().get(transaction.nameIDAttr).getValues().get(0));
orig.getAttribs().putAll(authInfo.getAttribs());
mapped = this.mapper.mapUser(orig);
} catch (Exception e) {
throw new ServletException("Could not map user", e);
}
String subject = authInfo.getAttribs().get(transaction.nameIDAttr).getValues().get(0);
Saml2Trust trust = trusts.get(transaction.issuer);
if (transaction.authnCtxName == null) {
transaction.authnCtxName = trust.params.get("defaultAuthCtx").getValues().get(0);
}
PrivateKey pk = holder.getConfig().getPrivateKey(this.idpSigKeyName);
java.security.cert.X509Certificate cert = holder.getConfig().getCertificate(this.idpSigKeyName);
java.security.cert.X509Certificate spEncCert = holder.getConfig().getCertificate(trust.spEncCert);
StringBuffer issuer = new StringBuffer();
URL url = new URL(request.getRequestURL().toString());
if (request.isSecure()) {
issuer.append("https://");
} else {
issuer.append("http://");
}
issuer.append(url.getHost());
if (url.getPort() != -1) {
issuer.append(':').append(url.getPort());
}
ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
// issuer.append(holder.getUrl().getUri());
issuer.append(cfg.getAuthIdPPath()).append(this.idpName);
Saml2Assertion resp = new Saml2Assertion(subject, pk, cert, spEncCert, issuer.toString(), transaction.postToURL, transaction.issuer, trust.signAssertion, trust.signResponse, trust.encAssertion, transaction.nameIDFormat, transaction.authnCtxName);
for (String attrName : mapped.getAttribs().keySet()) {
resp.getAttribs().add(mapped.getAttribs().get(attrName));
}
// resp.getAttribs().add(new Attribute("groups","admin"));
String respXML = "";
try {
respXML = resp.generateSaml2Response();
} catch (Exception e) {
throw new ServletException("Could not generate SAMLResponse", e);
}
if (logger.isDebugEnabled()) {
logger.debug(respXML);
}
String base64 = Base64.encodeBase64String(respXML.getBytes("UTF-8"));
request.setAttribute("postdata", base64);
request.setAttribute("postaction", transaction.postToURL);
if (transaction.relayState != null) {
request.setAttribute("relaystate", transaction.relayState);
} else {
request.setAttribute("relaystate", "");
}
ST st = new ST(this.saml2PostTemplate, '$', '$');
st.add("relaystate", (String) request.getAttribute("relaystate"));
st.add("postdata", base64);
st.add("postaction", transaction.postToURL);
response.setContentType("text/html");
response.getWriter().write(st.render());
}
Also used :
ST(org.stringtemplate.v4.ST)
User(com.tremolosecurity.provisioning.core.User)
PrivateKey(java.security.PrivateKey)
ServletException(javax.servlet.ServletException)
SignatureException(java.security.SignatureException)
UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAXException(org.xml.sax.SAXException)
InvalidKeyException(java.security.InvalidKeyException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InitializationException(org.opensaml.core.config.InitializationException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
URL(java.net.URL)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
Saml2Assertion(com.tremolosecurity.saml.Saml2Assertion)
Aggregations
User (com.tremolosecurity.provisioning.core.User)64
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)44
Attribute (com.tremolosecurity.saml.Attribute)33
IOException (java.io.IOException)25
ArrayList (java.util.ArrayList)21
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
HashMap (java.util.HashMap)17
Workflow (com.tremolosecurity.provisioning.core.Workflow)16
ClientProtocolException (org.apache.http.client.ClientProtocolException)16
UnsupportedEncodingException (java.io.UnsupportedEncodingException)15
LDAPException (com.novell.ldap.LDAPException)14
HashSet (java.util.HashSet)14
LDAPEntry (com.novell.ldap.LDAPEntry)13
JSONObject (org.json.simple.JSONObject)13
ParseException (org.json.simple.parser.ParseException)13
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)11
JSONArray (org.json.simple.JSONArray)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
SQLException (java.sql.SQLException)9
