use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.
the class LoginInfoEndpointTests method mockOidcProvider.
private static void mockOidcProvider(IdentityProviderProvisioning mockIdentityProviderProvisioning) throws MalformedURLException {
IdentityProvider mockProvider = mock(IdentityProvider.class);
when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1");
when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10);
AbstractExternalOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class);
when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa"));
when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id");
when(mockOidcConfig.getResponseType()).thenReturn("token");
when(mockProvider.getConfig()).thenReturn(mockOidcConfig);
when(mockOidcConfig.isShowLinkText()).thenReturn(true);
when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), any())).thenReturn(singletonList(mockProvider));
}
use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.
the class LoginInfoEndpointTests method oauth_provider_links_shown.
@Test
void oauth_provider_links_shown() throws Exception {
LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
RawExternalOAuthIdentityProviderDefinition definition = new RawExternalOAuthIdentityProviderDefinition();
definition.setAuthUrl(new URL("http://auth.url"));
definition.setTokenUrl(new URL("http://token.url"));
IdentityProvider<AbstractExternalOAuthIdentityProviderDefinition> identityProvider = MultitenancyFixture.identityProvider("oauth-idp-alias", "uaa");
identityProvider.setConfig(definition);
when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), anyString())).thenReturn(singletonList(identityProvider));
endpoint.loginForHtml(extendedModelMap, null, new MockHttpServletRequest(), singletonList(MediaType.TEXT_HTML));
assertThat(extendedModelMap.get("showLoginLinks"), equalTo(true));
}
use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.
the class LoginInfoEndpointTests method passcode_prompt_present_whenThereIsAtleastOneActiveOauthProvider.
@Test
void passcode_prompt_present_whenThereIsAtleastOneActiveOauthProvider() throws Exception {
LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
RawExternalOAuthIdentityProviderDefinition definition = new RawExternalOAuthIdentityProviderDefinition().setAuthUrl(new URL("http://auth.url")).setTokenUrl(new URL("http://token.url"));
IdentityProvider<AbstractExternalOAuthIdentityProviderDefinition> identityProvider = MultitenancyFixture.identityProvider("oauth-idp-alias", "uaa");
identityProvider.setConfig(definition);
when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), anyString())).thenReturn(singletonList(identityProvider));
endpoint.infoForLoginJson(extendedModelMap, null, new MockHttpServletRequest("GET", "http://someurl"));
Map mapPrompts = (Map) extendedModelMap.get("prompts");
assertNotNull(mapPrompts.get("passcode"));
}
use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.
the class LoginInfoEndpoint method login.
private String login(Model model, Principal principal, List<String> excludedPrompts, boolean jsonResponse, HttpServletRequest request) {
if (principal instanceof UaaAuthentication && ((UaaAuthentication) principal).isAuthenticated()) {
return "redirect:/home";
}
HttpSession session = request != null ? request.getSession(false) : null;
List<String> allowedIdentityProviderKeys = null;
String clientName = null;
Map<String, Object> clientInfo = getClientInfo(session);
if (clientInfo != null) {
allowedIdentityProviderKeys = (List<String>) clientInfo.get(ClientConstants.ALLOWED_PROVIDERS);
clientName = (String) clientInfo.get(ClientConstants.CLIENT_NAME);
}
Map<String, SamlIdentityProviderDefinition> samlIdentityProviders = getSamlIdentityProviderDefinitions(allowedIdentityProviderKeys);
Map<String, AbstractExternalOAuthIdentityProviderDefinition> oauthIdentityProviders = getOauthIdentityProviderDefinitions(allowedIdentityProviderKeys);
Map<String, AbstractIdentityProviderDefinition> allIdentityProviders = new HashMap<>() {
{
putAll(samlIdentityProviders);
putAll(oauthIdentityProviders);
}
};
boolean fieldUsernameShow = true;
boolean returnLoginPrompts = true;
IdentityProvider ldapIdentityProvider = null;
try {
ldapIdentityProvider = providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId());
} catch (EmptyResultDataAccessException ignored) {
}
IdentityProvider uaaIdentityProvider = providerProvisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZoneHolder.get().getId());
// ldap and uaa disabled removes username/password input boxes
if (!uaaIdentityProvider.isActive()) {
if (ldapIdentityProvider == null || !ldapIdentityProvider.isActive()) {
fieldUsernameShow = false;
returnLoginPrompts = false;
}
}
// ldap or uaa not part of allowedIdentityProviderKeys
if (allowedIdentityProviderKeys != null && !allowedIdentityProviderKeys.contains(OriginKeys.LDAP) && !allowedIdentityProviderKeys.contains(OriginKeys.UAA) && !allowedIdentityProviderKeys.contains(OriginKeys.KEYSTONE)) {
fieldUsernameShow = false;
}
Map.Entry<String, AbstractIdentityProviderDefinition> idpForRedirect;
idpForRedirect = evaluateLoginHint(model, session, samlIdentityProviders, oauthIdentityProviders, allIdentityProviders, allowedIdentityProviderKeys, request);
boolean discoveryEnabled = IdentityZoneHolder.get().getConfig().isIdpDiscoveryEnabled();
boolean discoveryPerformed = Boolean.parseBoolean(request.getParameter("discoveryPerformed"));
String defaultIdentityProviderName = IdentityZoneHolder.get().getConfig().getDefaultIdentityProvider();
idpForRedirect = evaluateIdpDiscovery(model, samlIdentityProviders, oauthIdentityProviders, allIdentityProviders, allowedIdentityProviderKeys, idpForRedirect, discoveryEnabled, discoveryPerformed, defaultIdentityProviderName);
if (idpForRedirect == null && !jsonResponse && !fieldUsernameShow && allIdentityProviders.size() == 1) {
idpForRedirect = allIdentityProviders.entrySet().stream().findAny().get();
}
if (idpForRedirect != null) {
String externalRedirect = redirectToExternalProvider(idpForRedirect.getValue(), idpForRedirect.getKey(), request);
if (externalRedirect != null && !jsonResponse) {
logger.debug("Following external redirect : " + externalRedirect);
return externalRedirect;
}
}
boolean linkCreateAccountShow = fieldUsernameShow;
if (fieldUsernameShow && (allowedIdentityProviderKeys != null) && (!discoveryEnabled || discoveryPerformed)) {
if (!allowedIdentityProviderKeys.contains(OriginKeys.UAA)) {
linkCreateAccountShow = false;
model.addAttribute("login_hint", new UaaLoginHint(OriginKeys.LDAP).toString());
} else if (!allowedIdentityProviderKeys.contains(OriginKeys.LDAP)) {
model.addAttribute("login_hint", new UaaLoginHint(OriginKeys.UAA).toString());
}
}
String zonifiedEntityID = getZonifiedEntityId();
Map links = getLinksInfo();
if (jsonResponse) {
setJsonInfo(model, samlIdentityProviders, zonifiedEntityID, links);
} else {
updateLoginPageModel(model, request, clientName, samlIdentityProviders, oauthIdentityProviders, fieldUsernameShow, linkCreateAccountShow);
}
model.addAttribute(LINKS, links);
setCommitInfo(model);
model.addAttribute(ZONE_NAME, IdentityZoneHolder.get().getName());
// Entity ID to start the discovery
model.addAttribute(ENTITY_ID, zonifiedEntityID);
excludedPrompts = new LinkedList<>(excludedPrompts);
String origin = request != null ? request.getParameter("origin") : null;
populatePrompts(model, excludedPrompts, origin, samlIdentityProviders, oauthIdentityProviders, excludedPrompts, returnLoginPrompts);
if (principal == null) {
return getUnauthenticatedRedirect(model, request, discoveryEnabled, discoveryPerformed);
}
return "home";
}
use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.
the class LoginInfoEndpoint method populatePrompts.
private void populatePrompts(Model model, List<String> exclude, String origin, Map<String, SamlIdentityProviderDefinition> samlIdentityProviders, Map<String, AbstractExternalOAuthIdentityProviderDefinition> oauthIdentityProviders, List<String> excludedPrompts, boolean returnLoginPrompts) {
boolean noIdpsPresent = true;
for (SamlIdentityProviderDefinition idp : samlIdentityProviders.values()) {
if (idp.isShowSamlLink()) {
model.addAttribute(SHOW_LOGIN_LINKS, true);
noIdpsPresent = false;
break;
}
}
for (AbstractExternalOAuthIdentityProviderDefinition oauthIdp : oauthIdentityProviders.values()) {
if (oauthIdp.isShowLinkText()) {
model.addAttribute(SHOW_LOGIN_LINKS, true);
noIdpsPresent = false;
break;
}
}
// make the list writeable
if (noIdpsPresent) {
excludedPrompts.add(PASSCODE);
}
if (!returnLoginPrompts) {
excludedPrompts.add("username");
excludedPrompts.add("password");
}
List<Prompt> prompts;
IdentityZoneConfiguration zoneConfiguration = IdentityZoneHolder.get().getConfig();
if (isNull(zoneConfiguration)) {
zoneConfiguration = new IdentityZoneConfiguration();
}
prompts = zoneConfiguration.getPrompts();
if (origin != null) {
IdentityProvider providerForOrigin = null;
try {
providerForOrigin = providerProvisioning.retrieveByOrigin(origin, IdentityZoneHolder.get().getId());
} catch (DataAccessException ignored) {
}
if (providerForOrigin != null) {
if (providerForOrigin.getConfig() instanceof OIDCIdentityProviderDefinition) {
OIDCIdentityProviderDefinition oidcConfig = (OIDCIdentityProviderDefinition) providerForOrigin.getConfig();
List<Prompt> providerPrompts = oidcConfig.getPrompts();
if (providerPrompts != null) {
prompts = providerPrompts;
}
}
}
}
Map<String, String[]> map = new LinkedHashMap<>();
for (Prompt prompt : prompts) {
String[] details = prompt.getDetails();
if (PASSCODE.equals(prompt.getName()) && !IdentityZoneHolder.isUaa()) {
String urlInPasscode = extractUrlFromString(prompt.getDetails()[1]);
if (hasText(urlInPasscode)) {
String[] newDetails = new String[details.length];
System.arraycopy(details, 0, newDetails, 0, details.length);
newDetails[1] = newDetails[1].replace(urlInPasscode, addSubdomainToUrl(urlInPasscode, IdentityZoneHolder.get().getSubdomain()));
details = newDetails;
}
}
map.put(prompt.getName(), details);
}
if (mfaChecker.isMfaEnabled(IdentityZoneHolder.get())) {
Prompt p = new Prompt(MFA_CODE, "password", "MFA Code ( Register at " + addSubdomainToUrl(baseUrl + " )", IdentityZoneHolder.get().getSubdomain()));
map.putIfAbsent(p.getName(), p.getDetails());
}
for (String excludeThisPrompt : exclude) {
map.remove(excludeThisPrompt);
}
model.addAttribute("prompts", map);
}
Aggregations