use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class OktaTarget method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
try {
com.okta.sdk.resource.user.User fromOkta = null;
try {
fromOkta = okta.getUser(userID);
} catch (ResourceException e) {
if (e.getStatus() == 404) {
return null;
} else {
throw new ProvisioningException("Could not lookup user", e);
}
}
User user = new User(userID);
UserProfile profile = fromOkta.getProfile();
for (Object attrKey : profile.keySet()) {
String attrName = (String) attrKey;
String value = (String) profile.get(attrKey);
if (attributes.contains(attrName)) {
user.getAttribs().put(attrName, new Attribute(attrName, value));
}
}
GroupList groups = fromOkta.listGroups();
for (Group group : groups) {
user.getGroups().add(group.getProfile().getName());
}
return user;
} catch (Exception e) {
throw new ProvisioningException("Could not retrieve user", e);
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method loadOptionalAttributeValue.
private String loadOptionalAttributeValue(String name, String label, Map<String, Attribute> config, String mask) throws ProvisioningException {
Attribute attr = config.get(name);
if (attr == null) {
logger.warn(label + " not found");
return null;
}
String val = attr.getValues().get(0);
if (mask != null) {
logger.info(label + ": '" + mask + "'");
} else {
logger.info(label + ": '" + val + "'");
}
return val;
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
try {
User user = null;
String token = this.getAuthToken();
// users aren't bound to groups and there's no way to directly lookup what groups a user has
// so we need to read all groups and see if the user exists
ArrayList<String> groupsForUser = new ArrayList<String>();
HttpCon con = this.createClient();
StringBuffer b = new StringBuffer();
com.tremolosecurity.unison.openshiftv3.model.List<GroupItem> groupList = null;
try {
String json = callWS(token, con, "/apis/user.openshift.io/v1/groups");
Gson gson = new Gson();
TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>> tokenType = new TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>>() {
};
groupList = gson.fromJson(json, tokenType.getType());
b.append("/apis/user.openshift.io/v1/users/").append(userID);
json = callWS(token, con, b.toString());
com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
if (osUser.getKind().equalsIgnoreCase("User")) {
user = new User(userID);
for (String attrName : osUser.getMetadata().keySet()) {
if (!attrName.equalsIgnoreCase("fullName") && attributes.contains(attrName)) {
user.getAttribs().put(attrName, new Attribute(attrName, (String) osUser.getMetadata().get(attrName)));
}
}
if (attributes.contains("fullName") && osUser.getFullName() != null) {
user.getAttribs().put("fullName", new Attribute("fullName", osUser.getFullName()));
}
}
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
for (GroupItem group : groupList.getItems()) {
if (group.getUsers() != null && group.getUsers().contains(userID)) {
groupsForUser.add((String) group.getMetadata().get("name"));
}
}
if (groupsForUser.isEmpty()) {
return user;
} else {
if (user == null) {
// user = new User(userID);
return null;
}
user.getGroups().addAll(groupsForUser);
return user;
}
} catch (Exception e) {
throw new ProvisioningException("Could not load " + userID, e);
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class K8sInjectImpersonation method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Iterator<String> it = request.getHeaderNames();
List<String> toRemove = new ArrayList<String>();
while (it.hasNext()) {
String headerName = it.next();
if (headerName.toLowerCase().startsWith("impersonate-") || headerName.equalsIgnoreCase("Authorization")) {
toRemove.add(headerName);
}
}
for (String headerToRemove : toRemove) {
request.removeHeader(headerToRemove);
}
request.removeHeader("Authorization");
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
request.addHeader(new Attribute("Impersonate-User", userData.getAttribs().get(this.userNameAttribute).getValues().get(0)));
Attribute groups = new Attribute("Impersonate-Group");
groups.getValues().add("system:authenticated");
Attribute fromUser = userData.getAttribs().get(this.groupAttribute);
if (fromUser != null) {
groups.getValues().addAll(fromUser.getValues());
}
if (groups.getValues().size() > 0) {
request.addHeader(groups);
}
OpenShiftTarget target = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
request.addHeader(new Attribute("Authorization", new StringBuilder().append("Bearer ").append(target.getAuthToken()).toString()));
HashMap<String, String> uriParams = (HashMap<String, String>) request.getAttribute("TREMOLO_URI_PARAMS");
uriParams.put("k8s_url", target.getUrl());
chain.nextFilter(request, response, chain);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class RegisterPasswordResetAuth method loadAttributeValue.
private String loadAttributeValue(String name, String label, HashMap<String, Attribute> config) throws Exception {
Attribute attr = config.get(name);
if (attr == null) {
throw new Exception(label + " not found");
}
String val = attr.getValues().get(0);
logger.info(label + ": '" + val + "'");
return val;
}
Aggregations