Search in sources :

Example 1 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class OktaTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    try {
        com.okta.sdk.resource.user.User fromOkta = null;
        try {
            fromOkta = okta.getUser(userID);
        } catch (ResourceException e) {
            if (e.getStatus() == 404) {
                return null;
            } else {
                throw new ProvisioningException("Could not lookup user", e);
            }
        }
        User user = new User(userID);
        UserProfile profile = fromOkta.getProfile();
        for (Object attrKey : profile.keySet()) {
            String attrName = (String) attrKey;
            String value = (String) profile.get(attrKey);
            if (attributes.contains(attrName)) {
                user.getAttribs().put(attrName, new Attribute(attrName, value));
            }
        }
        GroupList groups = fromOkta.listGroups();
        for (Group group : groups) {
            user.getGroups().add(group.getProfile().getName());
        }
        return user;
    } catch (Exception e) {
        throw new ProvisioningException("Could not retrieve user", e);
    }
}
Also used : Group(com.okta.sdk.resource.group.Group) User(com.tremolosecurity.provisioning.core.User) UserProfile(com.okta.sdk.resource.user.UserProfile) Attribute(com.tremolosecurity.saml.Attribute) ResourceException(com.okta.sdk.resource.ResourceException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) GroupList(com.okta.sdk.resource.group.GroupList) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ResourceException(com.okta.sdk.resource.ResourceException) JSONObject(org.json.simple.JSONObject)

Example 2 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method loadOptionalAttributeValue.

private String loadOptionalAttributeValue(String name, String label, Map<String, Attribute> config, String mask) throws ProvisioningException {
    Attribute attr = config.get(name);
    if (attr == null) {
        logger.warn(label + " not found");
        return null;
    }
    String val = attr.getValues().get(0);
    if (mask != null) {
        logger.info(label + ": '" + mask + "'");
    } else {
        logger.info(label + ": '" + val + "'");
    }
    return val;
}
Also used : Attribute(com.tremolosecurity.saml.Attribute)

Example 3 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    try {
        User user = null;
        String token = this.getAuthToken();
        // users aren't bound to groups and there's no way to directly lookup what groups a user has
        // so we need to read all groups and see if the user exists
        ArrayList<String> groupsForUser = new ArrayList<String>();
        HttpCon con = this.createClient();
        StringBuffer b = new StringBuffer();
        com.tremolosecurity.unison.openshiftv3.model.List<GroupItem> groupList = null;
        try {
            String json = callWS(token, con, "/apis/user.openshift.io/v1/groups");
            Gson gson = new Gson();
            TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>> tokenType = new TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>>() {
            };
            groupList = gson.fromJson(json, tokenType.getType());
            b.append("/apis/user.openshift.io/v1/users/").append(userID);
            json = callWS(token, con, b.toString());
            com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (osUser.getKind().equalsIgnoreCase("User")) {
                user = new User(userID);
                for (String attrName : osUser.getMetadata().keySet()) {
                    if (!attrName.equalsIgnoreCase("fullName") && attributes.contains(attrName)) {
                        user.getAttribs().put(attrName, new Attribute(attrName, (String) osUser.getMetadata().get(attrName)));
                    }
                }
                if (attributes.contains("fullName") && osUser.getFullName() != null) {
                    user.getAttribs().put("fullName", new Attribute("fullName", osUser.getFullName()));
                }
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
        for (GroupItem group : groupList.getItems()) {
            if (group.getUsers() != null && group.getUsers().contains(userID)) {
                groupsForUser.add((String) group.getMetadata().get("name"));
            }
        }
        if (groupsForUser.isEmpty()) {
            return user;
        } else {
            if (user == null) {
                // user = new User(userID);
                return null;
            }
            user.getGroups().addAll(groupsForUser);
            return user;
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not load " + userID, e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) TypeToken(com.google.gson.reflect.TypeToken) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) GroupItem(com.tremolosecurity.unison.openshiftv3.model.groups.GroupItem) List(java.util.List) ArrayList(java.util.ArrayList)

Example 4 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class K8sInjectImpersonation method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Iterator<String> it = request.getHeaderNames();
    List<String> toRemove = new ArrayList<String>();
    while (it.hasNext()) {
        String headerName = it.next();
        if (headerName.toLowerCase().startsWith("impersonate-") || headerName.equalsIgnoreCase("Authorization")) {
            toRemove.add(headerName);
        }
    }
    for (String headerToRemove : toRemove) {
        request.removeHeader(headerToRemove);
    }
    request.removeHeader("Authorization");
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    request.addHeader(new Attribute("Impersonate-User", userData.getAttribs().get(this.userNameAttribute).getValues().get(0)));
    Attribute groups = new Attribute("Impersonate-Group");
    groups.getValues().add("system:authenticated");
    Attribute fromUser = userData.getAttribs().get(this.groupAttribute);
    if (fromUser != null) {
        groups.getValues().addAll(fromUser.getValues());
    }
    if (groups.getValues().size() > 0) {
        request.addHeader(groups);
    }
    OpenShiftTarget target = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
    request.addHeader(new Attribute("Authorization", new StringBuilder().append("Bearer ").append(target.getAuthToken()).toString()));
    HashMap<String, String> uriParams = (HashMap<String, String>) request.getAttribute("TREMOLO_URI_PARAMS");
    uriParams.put("k8s_url", target.getUrl());
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 5 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class RegisterPasswordResetAuth method loadAttributeValue.

private String loadAttributeValue(String name, String label, HashMap<String, Attribute> config) throws Exception {
    Attribute attr = config.get(name);
    if (attr == null) {
        throw new Exception(label + " not found");
    }
    String val = attr.getValues().get(0);
    logger.info(label + ": '" + val + "'");
    return val;
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

Attribute (com.tremolosecurity.saml.Attribute)268 LDAPAttribute (com.novell.ldap.LDAPAttribute)90 HashMap (java.util.HashMap)89 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87 IOException (java.io.IOException)69 ArrayList (java.util.ArrayList)53 LDAPException (com.novell.ldap.LDAPException)51 ServletException (javax.servlet.ServletException)48 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46 AuthController (com.tremolosecurity.proxy.auth.AuthController)45 LDAPEntry (com.novell.ldap.LDAPEntry)43 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43 HttpSession (javax.servlet.http.HttpSession)40 Gson (com.google.gson.Gson)35 User (com.tremolosecurity.provisioning.core.User)33 HttpServletRequest (javax.servlet.http.HttpServletRequest)33 UrlHolder (com.tremolosecurity.config.util.UrlHolder)31 UnsupportedEncodingException (java.io.UnsupportedEncodingException)30 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28 HashSet (java.util.HashSet)26