Example 21 with CustomScriptConfiguration
use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method userAuthenticationInteractive.
private String userAuthenticationInteractive(HttpServletRequest servletRequest) {
SessionId sessionId = getSessionId(servletRequest);
Map<String, String> sessionIdAttributes = sessionIdService.getSessionAttributes(sessionId);
if (sessionIdAttributes == null) {
logger.debug("Unable to get session attributes. SessionId: " + (sessionId != null ? sessionId.getId() : null));
return Constants.RESULT_EXPIRED;
}
// Set current state into identity to allow use in login form and
// authentication scripts
identity.setSessionId(sessionId);
initCustomAuthenticatorVariables(sessionIdAttributes);
boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
initCustomAuthenticatorVariables(sessionIdAttributes);
if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
logger.error("Failed to determine authentication mode");
return Constants.RESULT_EXPIRED;
}
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
if (customScriptConfiguration == null) {
logger.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return Constants.RESULT_FAILURE;
}
// Check if all previous steps had passed
boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
if (!passedPreviousSteps) {
logger.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return Constants.RESULT_FAILURE;
}
// Restore identity working parameters from session
setIdentityWorkingParameters(sessionIdAttributes);
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
if (logger.isDebugEnabled()) {
String userId = credentials.getUsername();
if (StringHelper.isEmpty(userId)) {
User user = identity.getUser();
if (user != null) {
userId = user.getUserId();
}
logger.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", userId, this.authStep, result, System.identityHashCode(credentials));
}
}
int overridenNextStep = -1;
logger.trace("#########################################################################");
logger.trace("++++++++++++++++++++++++++++++++++++++++++CURRENT ACR:" + this.authAcr);
logger.trace("++++++++++++++++++++++++++++++++++++++++++CURRENT STEP:" + this.authStep);
int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
if (apiVersion > 1) {
logger.trace("According to API version script supports steps overriding");
overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
logger.debug("Get next step from script: '{}'", overridenNextStep);
}
if (!result && (overridenNextStep == -1)) {
// Force session lastUsedAt update if authentication attempt is failed
sessionIdService.updateSessionId(sessionId);
return Constants.RESULT_AUTHENTICATION_FAILED;
}
boolean overrideCurrentStep = false;
if (overridenNextStep > -1) {
overrideCurrentStep = true;
// Reload session id
/*
* TODO: Remove after 6.0. Check if this will not led to external script problems.
sessionId = sessionIdService.getSessionId();
*/
// Reset to specified step
sessionId = sessionIdService.resetToStep(sessionId, overridenNextStep);
if (sessionId == null) {
return Constants.RESULT_AUTHENTICATION_FAILED;
}
this.authStep = overridenNextStep;
logger.info("Authentication reset to step : '{}'", this.authStep);
}
// Update parameters map to allow access it from count
// authentication steps method
updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
// Determine count authentication methods
int countAuthenticationSteps = externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
/*
* TODO: Remove after 6.0. Check if this will not led to external script problems.
// Reload from LDAP to make sure that we are updating latest session
// attributes
sessionId = sessionIdService.getSessionId();
*/
sessionIdAttributes = sessionIdService.getSessionAttributes(sessionId);
// Prepare for next step
if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
int nextStep;
if (overrideCurrentStep) {
nextStep = overridenNextStep;
} else {
nextStep = this.authStep + 1;
}
String redirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, nextStep);
if (redirectTo == null) {
return Constants.RESULT_FAILURE;
} else if (StringHelper.isEmpty(redirectTo)) {
redirectTo = "/login.xhtml";
}
// Store/Update extra parameters in session attributes map
updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);
if (!overrideCurrentStep) {
// Update auth_step
sessionIdAttributes.put("auth_step", Integer.toString(nextStep));
// Mark step as passed
markAuthStepAsPassed(sessionIdAttributes, this.authStep);
}
if (sessionId != null) {
boolean updateResult = updateSession(sessionId, sessionIdAttributes);
if (!updateResult) {
return Constants.RESULT_EXPIRED;
}
}
logger.trace("Redirect to page: '{}'", redirectTo);
facesService.redirectWithExternal(redirectTo, null);
return Constants.RESULT_SUCCESS;
}
if (this.authStep == countAuthenticationSteps) {
// Store/Update extra parameters in session attributes map
updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
SessionId eventSessionId = authenticationService.configureSessionUser(sessionId, sessionIdAttributes);
authenticationService.quietLogin(credentials.getUsername());
// Redirect to authorization workflow
logger.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionId);
logger.info("Authentication success for User: '{}'", credentials.getUsername());
return Constants.RESULT_SUCCESS;
}
} else {
if (StringHelper.isNotEmpty(credentials.getUsername())) {
boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
if (authenticated) {
SessionId eventSessionId = authenticationService.configureSessionUser(sessionId, sessionIdAttributes);
// Redirect to authorization workflow
logger.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionId);
} else {
// Force session lastUsedAt update if authentication attempt is failed
sessionIdService.updateSessionId(sessionId);
}
logger.info("Authentication success for User: '{}'", credentials.getUsername());
return Constants.RESULT_SUCCESS;
}
}
return Constants.RESULT_FAILURE;
}
Also used :
User(org.gluu.oxauth.model.common.User)
SessionId(org.gluu.oxauth.model.common.SessionId)
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Example 22 with CustomScriptConfiguration
use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method userAuthenticationService.
private boolean userAuthenticationService() {
if (externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
if (customScriptConfiguration == null) {
logger.error("Failed to get CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep, this.authAcr);
} else {
this.authAcr = customScriptConfiguration.getName();
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
logger.info("Authentication result for '{}'. auth_step: '{}', result: '{}'", credentials.getUsername(), this.authStep, result);
if (result) {
authenticationService.configureEventUser();
logger.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
logger.info("Authentication failed for User: '{}'", credentials.getUsername());
}
}
if (StringHelper.isNotEmpty(credentials.getUsername())) {
boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
if (authenticated) {
authenticationService.configureEventUser();
logger.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
logger.info("Authentication failed for User: '{}'", credentials.getUsername());
}
return false;
}
Also used :
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Example 23 with CustomScriptConfiguration
use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class GluuConfigurationWS method createAuthLevelMapping.
public Map<Integer, Set<String>> createAuthLevelMapping() {
Map<Integer, Set<String>> map = Maps.newHashMap();
try {
for (CustomScriptConfiguration script : externalAuthenticationService.getCustomScriptConfigurationsMap()) {
String acr = script.getName();
int level = script.getLevel();
Set<String> acrs = map.get(level);
if (acrs == null) {
acrs = Sets.newHashSet();
map.put(level, acrs);
}
acrs.add(acr);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return map;
}
Also used :
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
WebApplicationException(javax.ws.rs.WebApplicationException)
Example 24 with CustomScriptConfiguration
use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class IdTokenFactory method setAmrClaim.
private void setAmrClaim(JsonWebResponse jwt, String acrValues) {
List<String> amrList = Lists.newArrayList();
CustomScriptConfiguration script = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues);
if (script != null) {
amrList.add(Integer.toString(script.getLevel()));
PersonAuthenticationType externalAuthenticator = (PersonAuthenticationType) script.getExternalType();
int apiVersion = externalAuthenticator.getApiVersion();
if (apiVersion > 3) {
Map<String, String> authenticationMethodClaimsOrNull = externalAuthenticator.getAuthenticationMethodClaims(script.getConfigurationAttributes());
if (authenticationMethodClaimsOrNull != null) {
for (String key : authenticationMethodClaimsOrNull.keySet()) {
amrList.add(key + ":" + authenticationMethodClaimsOrNull.get(key));
}
}
}
}
jwt.getClaims().setClaim(JwtClaimName.AUTHENTICATION_METHOD_REFERENCES, amrList);
}
Also used :
PersonAuthenticationType(org.gluu.model.custom.script.type.auth.PersonAuthenticationType)
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Example 25 with CustomScriptConfiguration
use of org.gluu.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class ExternalAuthenticationService method determineExternalAuthenticatorForWorkflow.
public CustomScriptConfiguration determineExternalAuthenticatorForWorkflow(AuthenticationScriptUsageType usageType, CustomScriptConfiguration customScriptConfiguration) {
String authMode = customScriptConfiguration.getName();
log.trace("Validating acr_values: '{}'", authMode);
boolean isValidAuthenticationMethod = executeExternalIsValidAuthenticationMethod(usageType, customScriptConfiguration);
if (!isValidAuthenticationMethod) {
log.warn("Current acr_values: '{}' isn't valid", authMode);
String alternativeAuthenticationMethod = executeExternalGetAlternativeAuthenticationMethod(usageType, customScriptConfiguration);
if (StringHelper.isEmpty(alternativeAuthenticationMethod)) {
log.error("Failed to determine alternative authentication mode for acr_values: '{}'", authMode);
return null;
} else {
CustomScriptConfiguration alternativeCustomScriptConfiguration = getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, alternativeAuthenticationMethod);
if (alternativeCustomScriptConfiguration == null) {
log.error("Failed to get alternative CustomScriptConfiguration '{}' for acr_values: '{}'", alternativeAuthenticationMethod, authMode);
return null;
} else {
return alternativeCustomScriptConfiguration;
}
}
}
return customScriptConfiguration;
}
Also used :
CustomScriptConfiguration(org.gluu.model.custom.script.conf.CustomScriptConfiguration)
Aggregations
CustomScriptConfiguration (org.gluu.model.custom.script.conf.CustomScriptConfiguration)35
SessionId (org.gluu.oxauth.model.common.SessionId)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)5
ArrayList (java.util.ArrayList)4
HashMap (java.util.HashMap)4
WebApplicationException (javax.ws.rs.WebApplicationException)3
CustomScript (org.gluu.model.custom.script.model.CustomScript)3
AuthenticationCustomScript (org.gluu.model.custom.script.model.auth.AuthenticationCustomScript)3
ConsentGatheringContext (org.gluu.oxauth.service.external.context.ConsentGatheringContext)3
UmaGatherContext (org.gluu.oxauth.uma.authorization.UmaGatherContext)3
AuthenticationScriptUsageType (org.gluu.model.AuthenticationScriptUsageType)2
User (org.gluu.oxauth.model.common.User)2
Client (org.gluu.oxauth.model.registration.Client)2
Scope (org.oxauth.persistence.model.Scope)2
IOException (java.io.IOException)1
URI (java.net.URI)1
Date (java.util.Date)1
HashSet (java.util.HashSet)1
List (java.util.List)1
