Example 21 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerAuthenticator method authenticate.
/**
* {@inheritDoc}
*/
public ResourceOwner authenticate(OAuth2Request request, boolean useSession) throws NotFoundException {
SSOToken token = null;
try {
SSOTokenManager mgr = SSOTokenManager.getInstance();
token = mgr.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest()));
} catch (Exception e) {
logger.warning("No SSO Token in request", e);
}
if (token == null || !useSession) {
final String username = request.getParameter(USERNAME);
final char[] password = request.getParameter(PASSWORD) == null ? null : request.<String>getParameter(PASSWORD).toCharArray();
final String realm = realmNormaliser.normalise(request.<String>getParameter(OAuth2Constants.Custom.REALM));
final String authChain = request.getParameter(AUTH_CHAIN);
return authenticate(username, password, realm, authChain);
} else {
try {
final AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
long authTime = stringToDate(token.getProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
return new OpenAMResourceOwner(id.getName(), id, authTime);
} catch (SSOException e) {
logger.error("Unable to create ResourceOwner", e);
} catch (ParseException e) {
logger.error("Unable to create ResourceOwner", e);
} catch (IdRepoException e) {
logger.error("Unable to create ResourceOwner", e);
}
}
return null;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ParseException(java.text.ParseException)
IdRepoException(com.sun.identity.idm.IdRepoException)
ResourceException(org.restlet.resource.ResourceException)
ParseException(java.text.ParseException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
Example 22 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUpdatedAt.
private String getUpdatedAt(String username, String realm, OAuth2Request request) throws NotFoundException {
try {
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
String modifyTimestampAttributeName;
String createdTimestampAttributeName;
try {
modifyTimestampAttributeName = providerSettings.getModifiedTimestampAttributeName();
createdTimestampAttributeName = providerSettings.getCreatedTimestampAttributeName();
} catch (ServerException e) {
logger.error("Unable to read last modified attribute from datastore", e);
return DEFAULT_TIMESTAMP;
}
if (modifyTimestampAttributeName == null && createdTimestampAttributeName == null) {
return null;
}
final AMHashMap timestamps = getTimestamps(username, realm, modifyTimestampAttributeName, createdTimestampAttributeName);
final String modifyTimestamp = CollectionHelper.getMapAttr(timestamps, modifyTimestampAttributeName);
if (modifyTimestamp != null) {
synchronized (TIMESTAMP_DATE_FORMAT) {
return Long.toString(TIMESTAMP_DATE_FORMAT.parse(modifyTimestamp).getTime() / 1000);
}
} else {
final String createTimestamp = CollectionHelper.getMapAttr(timestamps, createdTimestampAttributeName);
if (createTimestamp != null) {
synchronized (TIMESTAMP_DATE_FORMAT) {
return Long.toString(TIMESTAMP_DATE_FORMAT.parse(createTimestamp).getTime() / 1000);
}
} else {
return DEFAULT_TIMESTAMP;
}
}
} catch (IdRepoException e) {
if (logger.errorEnabled()) {
logger.error("ScopeValidatorImpl" + ".getUpdatedAt: " + "error searching Identities with username : " + username, e);
}
} catch (SSOException e) {
logger.warning("Error getting updatedAt attribute", e);
} catch (ParseException e) {
logger.warning("Error getting updatedAt attribute", e);
}
return null;
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
ParseException(java.text.ParseException)
Example 23 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getUserInfo.
/**
* {@inheritDoc}
*/
public UserInfoClaims getUserInfo(AccessToken token, OAuth2Request request) throws UnauthorizedClientException, NotFoundException {
Map<String, Object> response = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
SSOToken ssoToken = getUsersSession(request);
String realm;
Set<String> scopes;
AMIdentity id;
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Map<String, Set<String>> requestedClaimsValues = gatherRequestedClaims(providerSettings, request, token);
try {
if (token != null) {
OpenIdConnectClientRegistration clientRegistration;
try {
clientRegistration = clientRegistrationStore.get(token.getClientId(), request);
} catch (InvalidClientException e) {
logger.message("Unable to retrieve client from store.");
throw new NotFoundException("No valid client registration found.");
}
final String subId = clientRegistration.getSubValue(token.getResourceOwnerId(), providerSettings);
//data comes from token when we have one
realm = token.getRealm();
scopes = token.getScope();
id = identityManager.getResourceOwnerIdentity(token.getResourceOwnerId(), realm);
response.put(OAuth2Constants.JWTTokenParams.SUB, subId);
response.put(OAuth2Constants.JWTTokenParams.UPDATED_AT, getUpdatedAt(token.getResourceOwnerId(), token.getRealm(), request));
} else {
//otherwise we're simply reading claims into the id_token, so grab it from the request/ssoToken
realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(ISAuthConstants.ORGANIZATION));
id = identityManager.getResourceOwnerIdentity(ssoToken.getProperty(ISAuthConstants.USER_ID), realm);
String scopeStr = request.getParameter(OAuth2Constants.Params.SCOPE);
scopes = splitScope(scopeStr);
}
scriptVariables.put(OAuth2Constants.ScriptParams.SCOPES, getScriptFriendlyScopes(scopes));
scriptVariables.put(OAuth2Constants.ScriptParams.IDENTITY, id);
scriptVariables.put(OAuth2Constants.ScriptParams.LOGGER, logger);
scriptVariables.put(OAuth2Constants.ScriptParams.CLAIMS, response);
scriptVariables.put(OAuth2Constants.ScriptParams.SESSION, ssoToken);
scriptVariables.put(OAuth2Constants.ScriptParams.REQUESTED_CLAIMS, requestedClaimsValues);
ScriptObject script = getOIDCClaimsExtensionScript(realm);
try {
return scriptEvaluator.evaluateScript(script, scriptVariables);
} catch (ScriptException e) {
logger.message("Error running OIDC claims script", e);
throw new ServerException("Error running OIDC claims script: " + e.getMessage());
}
} catch (ServerException e) {
//API does not allow ServerExceptions to be thrown!
throw new NotFoundException(e.getMessage());
} catch (SSOException e) {
throw new NotFoundException(e.getMessage());
}
}
Also used :
ScriptObject(org.forgerock.openam.scripting.ScriptObject)
OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration)
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
SSOException(com.iplanet.sso.SSOException)
SimpleBindings(javax.script.SimpleBindings)
Bindings(javax.script.Bindings)
ScriptException(javax.script.ScriptException)
SimpleBindings(javax.script.SimpleBindings)
AMIdentity(com.sun.identity.idm.AMIdentity)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
JSONObject(org.json.JSONObject)
ScriptObject(org.forgerock.openam.scripting.ScriptObject)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Example 24 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMTokenStore method createAuthorizationCode.
/**
* {@inheritDoc}
*/
public AuthorizationCode createAuthorizationCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String redirectUri, String nonce, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String code = UUID.randomUUID().toString();
long expiryTime = 0;
if (clientRegistration == null) {
expiryTime = providerSettings.getAuthorizationCodeLifetime() + System.currentTimeMillis();
} else {
expiryTime = clientRegistration.getAuthorizationCodeLifeTime(providerSettings) + System.currentTimeMillis();
}
final String ssoTokenId = getSsoTokenId(request);
final OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(code, resourceOwner.getId(), clientId, redirectUri, scope, getClaimsFromRequest(request), expiryTime, nonce, realmNormaliser.normalise(request.<String>getParameter(REALM)), getAuthModulesFromSSOToken(request), getAuthenticationContextClassReferenceFromRequest(request), ssoTokenId, codeChallenge, codeChallengeMethod);
// Store in CTS
try {
tokenStore.create(authorizationCode);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_AUTHORIZATION_CODE", authorizationCode.toString() };
auditLogger.logAccessMessage("CREATED_AUTHORIZATION_CODE", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_AUTHORIZATION_CODE", authorizationCode.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_AUTHORIZATION_CODE", obs, null);
}
logger.error("Unable to create authorization code " + authorizationCode.getTokenInfo(), e);
throw new ServerException("Could not create token in CTS");
}
request.setToken(AuthorizationCode.class, authorizationCode);
return authorizationCode;
}
Also used :
OpenIdConnectClientRegistration(org.forgerock.openidconnect.OpenIdConnectClientRegistration)
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
Example 25 with NotFoundException
use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.
the class OpenAMResourceOwnerSessionValidator method authenticationRequired.
private ResourceOwnerAuthenticationRequired authenticationRequired(OAuth2Request request) throws AccessDeniedException, URISyntaxException, ServerException, NotFoundException, UnsupportedEncodingException {
OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
Template loginUrlTemplate = providerSettings.getCustomLoginUrlTemplate();
removeLoginPrompt(request.<Request>getRequest());
String gotoUrl = request.<Request>getRequest().getResourceRef().toString();
if (request.getParameter(USER_CODE) != null) {
gotoUrl += (gotoUrl.indexOf('?') > -1 ? "&" : "?") + USER_CODE + "=" + request.getParameter(USER_CODE);
}
String acrValues = request.getParameter(ACR_VALUES);
String realm = request.getParameter(OAuth2Constants.Custom.REALM);
String moduleName = request.getParameter(MODULE);
String serviceName = request.getParameter(SERVICE);
String locale = getRequestLocale(request);
URI loginUrl;
if (loginUrlTemplate != null) {
loginUrl = buildCustomLoginUrl(loginUrlTemplate, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
} else {
loginUrl = buildDefaultLoginUrl(request, gotoUrl, acrValues, realm, moduleName, serviceName, locale);
}
return new ResourceOwnerAuthenticationRequired(loginUrl);
}
Also used :
ResourceOwnerAuthenticationRequired(org.forgerock.oauth2.core.exceptions.ResourceOwnerAuthenticationRequired)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.restlet.Request)
OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)
URI(java.net.URI)
Template(freemarker.template.Template)
Aggregations
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)44
OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)34
OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)28
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)24
CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)21
JsonValue (org.forgerock.json.JsonValue)20
ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)13
AccessToken (org.forgerock.oauth2.core.AccessToken)12
ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)11
InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)11
ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11
Request (org.restlet.Request)11
SSOException (com.iplanet.sso.SSOException)10
HashSet (java.util.HashSet)10
AMIdentity (com.sun.identity.idm.AMIdentity)9
HashMap (java.util.HashMap)9
IdRepoException (com.sun.identity.idm.IdRepoException)8
OAuth2Uris (org.forgerock.oauth2.core.OAuth2Uris)8
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8
UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)8
