Search in sources :

Example 61 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class ManagerAuthorization method findMyManager.

private User findMyManager(User me) throws Exception {
    Attribute mgrAttr = me.getAttribs().get(this.managerID);
    if (mgrAttr == null) {
        return null;
    } else {
        if (this.managerIDDN) {
            ArrayList<String> attrs = new ArrayList<String>();
            attrs.addAll(me.getAttribs().keySet());
            if (!attrs.isEmpty() && !attrs.contains("*")) {
                attrs.add(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute());
            }
            LDAPSearchResults res = this.configManager.getMyVD().search(mgrAttr.getValues().get(0), 0, "(objectClass=*)", attrs);
            if (!res.hasMore()) {
                return null;
            } else {
                LDAPEntry entry = res.next();
                User manager = new User(entry);
                manager.setUserID(manager.getAttribs().get(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
                manager.getAttribs().put(DISTINGUISHED_NAME, new Attribute(DISTINGUISHED_NAME, entry.getDN()));
                return manager;
            }
        } else {
            String filter = equal(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute(), mgrAttr.getValues().get(0)).toString();
            ArrayList<String> attrs = new ArrayList<String>();
            attrs.addAll(me.getAttribs().keySet());
            if (!attrs.isEmpty() && !attrs.contains("*")) {
                attrs.add(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute());
            }
            LDAPSearchResults res = this.configManager.getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, filter, attrs);
            if (!res.hasMore()) {
                return null;
            } else {
                LDAPEntry entry = res.next();
                User manager = new User(entry);
                manager.setUserID(manager.getAttribs().get(this.configManager.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
                manager.getAttribs().put(DISTINGUISHED_NAME, new Attribute(DISTINGUISHED_NAME, entry.getDN()));
                return manager;
            }
        }
    }
}
Also used : LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList)

Example 62 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class AzSys method processRequestResult.

public void processRequestResult(ServletRequest request, ServletResponse response, ResultGroupType resGrouping, AuthInfo authData) throws ServletException, InstantiationException, IllegalAccessException, ClassNotFoundException {
    String redir = null;
    if (resGrouping == null) {
        return;
    }
    Iterator<ResultType> it = resGrouping.getResult().iterator();
    while (it.hasNext()) {
        ResultType rt = it.next();
        if (rt.getType().equals("header")) {
            String val = rt.getValue();
            String name, value;
            name = val.substring(0, val.indexOf('='));
            value = val.substring(val.indexOf('=') + 1);
            HashMap<String, Attribute> headers = (HashMap<String, Attribute>) request.getAttribute(AzSys.AUTO_IDM_HTTP_HEADERS);
            if (headers == null) {
                headers = new HashMap<String, Attribute>();
                request.setAttribute(AzSys.AUTO_IDM_HTTP_HEADERS, headers);
            }
            Attribute attrib = headers.get(name);
            if (attrib == null) {
                attrib = new Attribute(name);
                headers.put(attrib.getName(), attrib);
            }
            if (rt.getSource().equalsIgnoreCase("static")) {
                attrib.getValues().add(value);
            } else if (rt.getSource().equalsIgnoreCase("user")) {
                if (authData.getAttribs().get(value) != null) {
                    attrib.getValues().addAll(authData.getAttribs().get(value).getValues());
                }
            } else if (rt.getSource().equalsIgnoreCase("custom")) {
                CustomResult cr = (CustomResult) Class.forName(value).newInstance();
                attrib.getValues().add(cr.getResultValue((HttpServletRequest) request, (HttpServletResponse) response));
            } else {
                attrib.getValues().add("");
            }
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResultType(com.tremolosecurity.config.xml.ResultType) CustomResult(com.tremolosecurity.proxy.results.CustomResult)

Example 63 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class SMSAuth method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String from = authParams.get("fromNumber").getValues().get(0);
    String toAttrName = authParams.get("toAttrName").getValues().get(0);
    String redirectForm = authParams.get("redirectForm").getValues().get(0);
    String message = authParams.get("message").getValues().get(0);
    // Key Options
    if (authParams.get("keyLength") == null) {
        throw new ServletException("Key Length not set");
    }
    int keyLen = Integer.parseInt(authParams.get("keyLength").getValues().get(0));
    boolean useLowerCase = authParams.get("useLowerCase") != null && authParams.get("useLowerCase").getValues().get(0).equalsIgnoreCase("true");
    boolean useUpperCase = authParams.get("useUpperCase") != null && authParams.get("useUpperCase").getValues().get(0).equalsIgnoreCase("true");
    boolean useNumbers = authParams.get("useNumbers") != null && authParams.get("useNumbers").getValues().get(0).equalsIgnoreCase("true");
    // authParams.get("useSpecial") != null && authParams.get("useSpecial").getValues().get(0).equalsIgnoreCase("true");
    boolean useSpecial = false;
    if (!(useLowerCase || useUpperCase || useNumbers || useSpecial)) {
        throw new ServletException("At least one character type must be chosen");
    }
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    if (session.getAttribute("TREMOLO_SMS_KEY") == null) {
        GenPasswd gp = new GenPasswd(keyLen, useUpperCase, useLowerCase, useNumbers, useSpecial);
        AuthInfo user = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        String to = user.getAttribs().get(toAttrName).getValues().get(0);
        String key = gp.getPassword();
        message = message.replaceAll("[$][{]key[}]", key);
        session.setAttribute("TREMOLO_SMS_KEY", key);
        sendSMS(authParams, from, message, to);
    }
    response.sendRedirect(redirectForm);
}
Also used : GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) UrlHolder(com.tremolosecurity.config.util.UrlHolder) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Example 64 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class LastMileUtil method addLastMile.

public static void addLastMile(ConfigManager cfg, String username, String userNameAttr, HttpRequestBase req, String keyAlias, boolean addHeader) throws Exception {
    if (!addHeader) {
        return;
    }
    String uri = req.getURI().getPath();
    DateTime now = new DateTime();
    DateTime notBefore = now.minus(5 * 60 * 1000);
    DateTime notAfter = now.plus(5 * 60 * 1000);
    LastMile lm = new LastMile(uri, notBefore, notAfter, 0, "nochain");
    lm.getAttributes().add(new Attribute(userNameAttr, username));
    SecretKey sk = cfg.getSecretKey(keyAlias);
    String header = lm.generateLastMileToken(sk);
    req.addHeader("tremoloHeader", header);
}
Also used : LastMile(com.tremolosecurity.lastmile.LastMile) SecretKey(javax.crypto.SecretKey) Attribute(com.tremolosecurity.saml.Attribute) DateTime(org.joda.time.DateTime)

Example 65 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class AmazonSimpleDBProvider method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    Iterator<String> it = user.getAttribs().keySet().iterator();
    String userid = null;
    ArrayList<ReplaceableAttribute> attrs = new ArrayList<ReplaceableAttribute>();
    while (it.hasNext()) {
        String attrName = it.next();
        if (attributes.contains(attrName)) {
            Attribute attr = user.getAttribs().get(attrName);
            Iterator<String> vals = attr.getValues().iterator();
            while (vals.hasNext()) {
                attrs.add(new ReplaceableAttribute(attr.getName().toLowerCase(), vals.next(), false));
            }
        }
        if (attrName.equalsIgnoreCase(this.uidAttrName)) {
            userid = user.getAttribs().get(attrName).getValues().get(0);
        }
    }
    if (userid == null) {
        throw new ProvisioningException("No valid userid attribute");
    }
    sdb.putAttributes(new PutAttributesRequest(this.userDomain, userid, attrs));
    this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "userName", userid);
    for (String attrName : user.getAttribs().keySet()) {
        Attribute attr = user.getAttribs().get(attrName);
        if (!attributes.contains(attr.getName())) {
            continue;
        }
        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
    }
    boolean ok = false;
    while (!ok) {
        try {
            Thread.sleep(10);
        } catch (InterruptedException e) {
        }
        try {
            if (this.findUser(userid, attributes, request) != null) {
                ok = true;
            } else {
            }
        } catch (Exception e) {
        }
    }
    Iterator<String> groupNames = user.getGroups().iterator();
    while (groupNames.hasNext()) {
        String groupName = groupNames.next();
        SelectResult res = this.sdb.select(new SelectRequest(this.getGroupSelect(groupName)));
        if (res.getItems().size() == 0) {
            attrs = new ArrayList<ReplaceableAttribute>();
            attrs.add(new ReplaceableAttribute("cn", groupName, false));
            sdb.putAttributes(new PutAttributesRequest(groupDomain, groupName, attrs));
        }
        attrs = new ArrayList<ReplaceableAttribute>();
        attrs.add(new ReplaceableAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userid, false));
        sdb.putAttributes(new PutAttributesRequest(this.groupDomain, groupName, attrs));
        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
        ok = false;
        while (!ok) {
            try {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
            }
            StringBuffer select = new StringBuffer();
            select.append("SELECT ").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append(" FROM `").append(this.groupDomain).append("` WHERE cn='").append(groupName).append("' AND ").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append("='").append(userid).append("'");
            res = this.sdb.select(new SelectRequest(select.toString()));
            ok = res.getItems().size() > 0;
        }
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute) SelectResult(com.amazonaws.services.simpledb.model.SelectResult) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) PutAttributesRequest(com.amazonaws.services.simpledb.model.PutAttributesRequest) SelectRequest(com.amazonaws.services.simpledb.model.SelectRequest)

Aggregations

Attribute (com.tremolosecurity.saml.Attribute)268 LDAPAttribute (com.novell.ldap.LDAPAttribute)90 HashMap (java.util.HashMap)89 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87 IOException (java.io.IOException)69 ArrayList (java.util.ArrayList)53 LDAPException (com.novell.ldap.LDAPException)51 ServletException (javax.servlet.ServletException)48 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46 AuthController (com.tremolosecurity.proxy.auth.AuthController)45 LDAPEntry (com.novell.ldap.LDAPEntry)43 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43 HttpSession (javax.servlet.http.HttpSession)40 Gson (com.google.gson.Gson)35 User (com.tremolosecurity.provisioning.core.User)33 HttpServletRequest (javax.servlet.http.HttpServletRequest)33 UrlHolder (com.tremolosecurity.config.util.UrlHolder)31 UnsupportedEncodingException (java.io.UnsupportedEncodingException)30 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28 HashSet (java.util.HashSet)26