Search in sources :

Example 1 with IdentityProvider

use of org.cloudfoundry.identity.uaa.provider.IdentityProvider in project uaa by cloudfoundry.

the class LdapLoginAuthenticationManager method getExternalUserAuthorities.

@Override
protected List<String> getExternalUserAuthorities(UserDetails request) {
    List<String> result = super.getExternalUserAuthorities(request);
    if (getProviderProvisioning() != null) {
        IdentityProvider provider = getProviderProvisioning().retrieveByOrigin(getOrigin(), IdentityZoneHolder.get().getId());
        LdapIdentityProviderDefinition ldapIdentityProviderDefinition = ObjectUtils.castInstance(provider.getConfig(), LdapIdentityProviderDefinition.class);
        List<String> externalWhiteList = ldapIdentityProviderDefinition.getExternalGroupsWhitelist();
        result = new ArrayList(retainAllMatches(getAuthoritesAsNames(request.getAuthorities()), externalWhiteList));
    }
    return result;
}
Also used : ArrayList(java.util.ArrayList) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) LdapIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition)

Example 2 with IdentityProvider

use of org.cloudfoundry.identity.uaa.provider.IdentityProvider in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method getPromptsFromNonOIDCProvider.

@Test
void getPromptsFromNonOIDCProvider() {
    MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest();
    mockHttpServletRequest.setParameter("origin", "non-OIDC");
    IdentityProvider provider = mock(IdentityProvider.class);
    SamlIdentityProviderDefinition samlConfig = mock(SamlIdentityProviderDefinition.class);
    when(provider.getConfig()).thenReturn(samlConfig);
    when(mockIdentityProviderProvisioning.retrieveByOrigin("non-OIDC", "uaa")).thenReturn(provider);
    MultitenantClientServices clientDetailsService = mockClientService();
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    endpoint.infoForLoginJson(extendedModelMap, null, mockHttpServletRequest);
    assertNotNull(extendedModelMap.get("prompts"));
    assertTrue(extendedModelMap.get("prompts") instanceof Map);
    Map<String, String[]> returnedPrompts = (Map<String, String[]>) extendedModelMap.get("prompts");
    assertEquals(2, returnedPrompts.size());
    assertNotNull(returnedPrompts.get("username"));
    assertEquals("Email", returnedPrompts.get("username")[1]);
    assertNotNull(returnedPrompts.get("password"));
    assertEquals("Password", returnedPrompts.get("password")[1]);
}
Also used : MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Example 3 with IdentityProvider

use of org.cloudfoundry.identity.uaa.provider.IdentityProvider in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method mockOidcProvider.

private static void mockOidcProvider(IdentityProviderProvisioning mockIdentityProviderProvisioning) throws MalformedURLException {
    IdentityProvider mockProvider = mock(IdentityProvider.class);
    when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1");
    when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10);
    AbstractExternalOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class);
    when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa"));
    when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id");
    when(mockOidcConfig.getResponseType()).thenReturn("token");
    when(mockProvider.getConfig()).thenReturn(mockOidcConfig);
    when(mockOidcConfig.isShowLinkText()).thenReturn(true);
    when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), any())).thenReturn(singletonList(mockProvider));
}
Also used : AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) URL(java.net.URL)

Example 4 with IdentityProvider

use of org.cloudfoundry.identity.uaa.provider.IdentityProvider in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method promptLogic.

@Test
void promptLogic() throws Exception {
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
    IdentityZoneHolder.get().getConfig().getMfaConfig().setEnabled(true);
    endpoint.loginForHtml(extendedModelMap, null, new MockHttpServletRequest("GET", "http://someurl"), singletonList(MediaType.TEXT_HTML));
    assertNotNull("prompts attribute should be present", extendedModelMap.get("prompts"));
    assertTrue("prompts should be a Map for Html content", extendedModelMap.get("prompts") instanceof Map);
    Map mapPrompts = (Map) extendedModelMap.get("prompts");
    assertEquals("there should be two prompts for html", 2, mapPrompts.size());
    assertNotNull(mapPrompts.get("username"));
    assertNotNull(mapPrompts.get("password"));
    assertNull(mapPrompts.get("passcode"));
    assertNull(mapPrompts.get("mfaCode"));
    extendedModelMap.clear();
    endpoint.infoForJson(extendedModelMap, null, new MockHttpServletRequest("GET", "http://someurl"));
    assertNotNull("prompts attribute should be present", extendedModelMap.get("prompts"));
    assertTrue("prompts should be a Map for JSON content", extendedModelMap.get("prompts") instanceof Map);
    mapPrompts = (Map) extendedModelMap.get("prompts");
    assertEquals("there should be two prompts for html", 3, mapPrompts.size());
    assertNotNull(mapPrompts.get("username"));
    assertNotNull(mapPrompts.get("password"));
    assertNotNull(mapPrompts.get("mfaCode"));
    assertNull(mapPrompts.get("passcode"));
    // add a SAML IDP, should make the passcode prompt appear
    extendedModelMap.clear();
    when(mockSamlIdentityProviderConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(IdentityZone.getUaa()))).thenReturn(idps);
    endpoint.infoForJson(extendedModelMap, null, new MockHttpServletRequest("GET", "http://someurl"));
    assertNotNull("prompts attribute should be present", extendedModelMap.get("prompts"));
    assertTrue("prompts should be a Map for JSON content", extendedModelMap.get("prompts") instanceof Map);
    mapPrompts = (Map) extendedModelMap.get("prompts");
    assertEquals("there should be three prompts for html", 4, mapPrompts.size());
    assertNotNull(mapPrompts.get("username"));
    assertNotNull(mapPrompts.get("password"));
    assertNotNull(mapPrompts.get("passcode"));
    assertNotNull(mapPrompts.get("mfaCode"));
    when(mockSamlIdentityProviderConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(IdentityZone.getUaa()))).thenReturn(idps);
    IdentityProvider ldapIdentityProvider = new IdentityProvider();
    ldapIdentityProvider.setActive(false);
    when(mockIdentityProviderProvisioning.retrieveByOrigin(OriginKeys.LDAP, "uaa")).thenReturn(ldapIdentityProvider);
    IdentityProvider uaaIdentityProvider = new IdentityProvider();
    uaaIdentityProvider.setActive(false);
    when(mockIdentityProviderProvisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, "uaa")).thenReturn(uaaIdentityProvider);
    extendedModelMap.clear();
    endpoint.infoForJson(extendedModelMap, null, new MockHttpServletRequest("GET", "http://someurl"));
    assertNotNull("prompts attribute should be present", extendedModelMap.get("prompts"));
    mapPrompts = (Map) extendedModelMap.get("prompts");
    assertNull(mapPrompts.get("username"));
    assertNull(mapPrompts.get("password"));
    assertNotNull(mapPrompts.get("passcode"));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Example 5 with IdentityProvider

use of org.cloudfoundry.identity.uaa.provider.IdentityProvider in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method getPromptsFromOIDCProvider.

@Test
void getPromptsFromOIDCProvider() {
    List<Prompt> customPrompts = new ArrayList<>();
    customPrompts.add(new Prompt("username", "text", "MyEmail"));
    customPrompts.add(new Prompt("password", "password", "MyPassword"));
    customPrompts.add(new Prompt("passcode", "text", "MyTemporary Authentication Code ( Get one at " + HTTP_LOCALHOST_8080_UAA + "/passcode )"));
    MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest();
    mockHttpServletRequest.setParameter("origin", "OIDC-without-prompts");
    IdentityProvider provider = mock(IdentityProvider.class);
    OIDCIdentityProviderDefinition oidcConfig = mock(OIDCIdentityProviderDefinition.class);
    when(oidcConfig.getPrompts()).thenReturn(customPrompts);
    when(provider.getConfig()).thenReturn(oidcConfig);
    when(mockIdentityProviderProvisioning.retrieveByOrigin("OIDC-without-prompts", "uaa")).thenReturn(provider);
    MultitenantClientServices clientDetailsService = mockClientService();
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get(), clientDetailsService);
    endpoint.infoForLoginJson(extendedModelMap, null, mockHttpServletRequest);
    assertNotNull(extendedModelMap.get("prompts"));
    assertTrue(extendedModelMap.get("prompts") instanceof Map);
    Map<String, String[]> returnedPrompts = (Map<String, String[]>) extendedModelMap.get("prompts");
    assertEquals(2, returnedPrompts.size());
    assertNotNull(returnedPrompts.get("username"));
    assertEquals("MyEmail", returnedPrompts.get("username")[1]);
    assertNotNull(returnedPrompts.get("password"));
    assertEquals("MyPassword", returnedPrompts.get("password")[1]);
}
Also used : MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ArrayList(java.util.ArrayList) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) OIDCIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) HashMap(java.util.HashMap) Test(org.junit.jupiter.api.Test)

Aggregations

IdentityProvider (org.cloudfoundry.identity.uaa.provider.IdentityProvider)148 Matchers.containsString (org.hamcrest.Matchers.containsString)59 Test (org.junit.jupiter.api.Test)59 SamlIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition)33 RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)31 Test (org.junit.Test)30 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)27 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)24 OIDCIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition)23 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)23 IdentityZone (org.cloudfoundry.identity.uaa.zone.IdentityZone)21 UaaIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition)17 RestTemplate (org.springframework.web.client.RestTemplate)16 HashMap (java.util.HashMap)15 URL (java.net.URL)14 Map (java.util.Map)14 SetServerNameRequestPostProcessor (org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor)14 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)14 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)14 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)13