Example 1 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-apimgt by wso2.
the class APIAuthenticationHandler method isAuthenticate.
/**
* Authenticates the given request using the authenticators which have been initialized.
*
* @param messageContext The message to be authenticated
* @return true if the authentication is successful (never returns false)
* @throws APISecurityException If an authentication failure or some other error occurs
*/
protected boolean isAuthenticate(MessageContext messageContext) throws APISecurityException, APIManagementException {
boolean authenticated = false;
AuthenticationResponse authenticationResponse;
List<AuthenticationResponse> authResponses = new ArrayList<>();
for (Authenticator authenticator : authenticators) {
authenticationResponse = authenticator.authenticate(messageContext);
if (authenticationResponse.isMandatoryAuthentication()) {
// Update authentication status only if the authentication is a mandatory one
authenticated = authenticationResponse.isAuthenticated();
}
if (!authenticationResponse.isAuthenticated()) {
authResponses.add(authenticationResponse);
}
if (!authenticationResponse.isContinueToNextAuthenticator()) {
break;
}
}
if (!authenticated) {
Pair<Integer, String> error = getError(authResponses);
throw new APISecurityException(error.getKey(), error.getValue());
}
return true;
}
Also used :
ArrayList(java.util.ArrayList)
OAuthAuthenticator(org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator)
BasicAuthAuthenticator(org.wso2.carbon.apimgt.gateway.handlers.security.basicauth.BasicAuthAuthenticator)
InternalAPIKeyAuthenticator(org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.InternalAPIKeyAuthenticator)
MutualSSLAuthenticator(org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator)
ApiKeyAuthenticator(org.wso2.carbon.apimgt.gateway.handlers.security.apikey.ApiKeyAuthenticator)
Example 2 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class FileBasedConfigurationBuilder method processAuthenticatorConfigElement.
/**
* Create AuthenticatorBean elements for each authenticator entry
*
* @param authenticatorConfigElem OMElement for Authenticator
* @return AuthenticatorBean object
*/
private AuthenticatorConfig processAuthenticatorConfigElement(OMElement authenticatorConfigElem) {
// read the name of the authenticator. this is a mandatory attribute.
OMAttribute nameAttr = authenticatorConfigElem.getAttribute(new QName(FrameworkConstants.Config.ATTR_AUTHENTICATOR_CONFIG_NAME));
// if the name is not given, do not register this authenticator
if (nameAttr == null) {
log.warn("Each Authenticator Configuration should have a unique name attribute. +" + "This Authenticator will not be registered.");
return null;
}
String authenticatorName = nameAttr.getAttributeValue();
// Check whether the enabled attribute is set. By default it will be true if not configured.
boolean enabled = true;
OMAttribute enabledAttr = authenticatorConfigElem.getAttribute(new QName(FrameworkConstants.Config.ATTR_AUTHENTICATOR_ENABLED));
if (enabledAttr != null) {
enabled = Boolean.parseBoolean(enabledAttr.getAttributeValue());
}
// read the config parameters
Map<String, String> parameterMap = new HashMap<>();
for (Iterator paramIterator = authenticatorConfigElem.getChildrenWithLocalName(FrameworkConstants.Config.ELEM_PARAMETER); paramIterator.hasNext(); ) {
OMElement paramElem = (OMElement) paramIterator.next();
OMAttribute paramNameAttr = paramElem.getAttribute(new QName(FrameworkConstants.Config.ATTR_PARAMETER_NAME));
if (paramNameAttr == null) {
log.warn("An Authenticator Parameter should have a name attribute. Skipping the parameter.");
continue;
}
parameterMap.put(paramNameAttr.getAttributeValue(), paramElem.getText());
}
AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig(authenticatorName, enabled, parameterMap);
authenticatorConfig.setApplicationAuthenticator(FrameworkUtils.getAppAuthenticatorByName(authenticatorName));
return authenticatorConfig;
}
Also used :
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
Iterator(java.util.Iterator)
OMElement(org.apache.axiom.om.OMElement)
OMAttribute(org.apache.axiom.om.OMAttribute)
Example 3 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method loadRequestPathAuthenticators.
protected void loadRequestPathAuthenticators(SequenceConfig sequenceConfig, ServiceProvider serviceProvider) {
if (serviceProvider.getRequestPathAuthenticatorConfigs() != null && serviceProvider.getRequestPathAuthenticatorConfigs().length > 0) {
List<AuthenticatorConfig> requestPathAuthenticators = new ArrayList<AuthenticatorConfig>();
RequestPathAuthenticatorConfig[] reqAuths = serviceProvider.getRequestPathAuthenticatorConfigs();
// for each request path authenticator
for (RequestPathAuthenticatorConfig reqAuth : reqAuths) {
AuthenticatorConfig authConfig = new AuthenticatorConfig();
String authenticatorName = reqAuth.getName();
authConfig.setName(authenticatorName);
authConfig.setEnabled(true);
// iterate through each system authentication config
for (ApplicationAuthenticator appAuthenticator : FrameworkServiceComponent.getAuthenticators()) {
if (authenticatorName.equalsIgnoreCase(appAuthenticator.getName())) {
authConfig.setApplicationAuthenticator(appAuthenticator);
break;
}
}
requestPathAuthenticators.add(authConfig);
}
sequenceConfig.setReqPathAuthenticators(requestPathAuthenticators);
}
}
Also used :
RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)
ArrayList(java.util.ArrayList)
RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)
Example 4 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class JsGraphBuilder method filterOptions.
/**
* Filter out options in the step config to retain only the options provided in authentication options
*
* @param authenticationOptions Authentication options to keep
* @param stepConfig The step config to be modified
*/
protected void filterOptions(Map<String, Map<String, String>> authenticationOptions, StepConfig stepConfig) {
Map<String, Set<String>> filteredOptions = new HashMap<>();
authenticationOptions.forEach((id, option) -> {
String idp = option.get(FrameworkConstants.JSAttributes.IDP);
String authenticator = option.get(FrameworkConstants.JSAttributes.AUTHENTICATOR);
if (StringUtils.isNotBlank(authenticator) && StringUtils.isBlank(idp)) {
// If Idp is not set, but authenticator is set, idp is assumed as local
idp = FrameworkConstants.LOCAL_IDP_NAME;
}
if (StringUtils.isNotBlank(idp)) {
filteredOptions.putIfAbsent(idp, new HashSet<>());
if (StringUtils.isNotBlank(authenticator)) {
filteredOptions.get(idp).add(authenticator.toLowerCase());
}
}
});
if (log.isDebugEnabled()) {
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, Set<String>> entry : filteredOptions.entrySet()) {
sb.append('\n').append(entry.getKey()).append(" : ");
sb.append(StringUtils.join(entry.getValue(), ","));
}
log.debug("Authenticator options: " + sb.toString());
}
Set<AuthenticatorConfig> authenticatorsToRemove = new HashSet<>();
Map<String, AuthenticatorConfig> idpsToRemove = new HashMap<>();
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> authenticatorConfig.getIdps().forEach((idpName, idp) -> {
Set<String> authenticators = filteredOptions.get(idpName);
boolean removeOption = false;
if (authenticators == null) {
if (log.isDebugEnabled()) {
log.debug(String.format("Authentication options didn't include idp: %s. Hence excluding from " + "options list", idpName));
}
removeOption = true;
} else if (!authenticators.isEmpty()) {
// Both idp and authenticator present, but authenticator is given by display name due to the fact
// that it is the one available at UI. Should translate the display name to actual name, and
// keep/remove option
removeOption = true;
if (FrameworkConstants.LOCAL_IDP_NAME.equals(idpName)) {
List<LocalAuthenticatorConfig> localAuthenticators = ApplicationAuthenticatorService.getInstance().getLocalAuthenticators();
for (LocalAuthenticatorConfig localAuthenticatorConfig : localAuthenticators) {
if (authenticatorConfig.getName().equals(localAuthenticatorConfig.getName()) && authenticators.contains(localAuthenticatorConfig.getDisplayName().toLowerCase())) {
removeOption = false;
break;
}
}
if (log.isDebugEnabled()) {
if (removeOption) {
log.debug(String.format("Authenticator options don't match any entry for local" + "authenticator: %s. Hence removing the option", authenticatorConfig.getName()));
} else {
log.debug(String.format("Authenticator options contained a match for local " + "authenticator: %s. Hence keeping the option", authenticatorConfig.getName()));
}
}
} else {
for (FederatedAuthenticatorConfig federatedAuthConfig : idp.getFederatedAuthenticatorConfigs()) {
if (authenticatorConfig.getName().equals(federatedAuthConfig.getName()) && authenticators.contains(federatedAuthConfig.getDisplayName().toLowerCase())) {
removeOption = false;
break;
}
}
if (log.isDebugEnabled()) {
if (removeOption) {
log.debug(String.format("Authenticator options don't match any entry for idp: %s, " + "authenticator: %s. Hence removing the option", idpName, authenticatorConfig.getName()));
} else {
log.debug(String.format("Authenticator options contained a match for idp: %s, " + "authenticator: %s. Hence keeping the option", idpName, authenticatorConfig.getName()));
}
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("No authenticator filters for idp %s, hence keeping it as an option", idpName));
}
}
if (removeOption) {
if (authenticatorConfig.getIdps().size() > 1) {
idpsToRemove.put(idpName, authenticatorConfig);
} else {
authenticatorsToRemove.add(authenticatorConfig);
}
}
}));
if (stepConfig.getAuthenticatorList().size() > authenticatorsToRemove.size()) {
idpsToRemove.forEach((idp, authenticatorConfig) -> {
int index = stepConfig.getAuthenticatorList().indexOf(authenticatorConfig);
stepConfig.getAuthenticatorList().get(index).getIdps().remove(idp);
stepConfig.getAuthenticatorList().get(index).getIdpNames().remove(idp);
if (log.isDebugEnabled()) {
log.debug("Removed " + idp + " option from " + authenticatorConfig.getName() + " as it " + "doesn't match the provided authenticator options");
}
});
// If all idps are removed from the authenticator the authenticator should be removed.
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> {
if (authenticatorConfig.getIdps().isEmpty()) {
authenticatorsToRemove.add(authenticatorConfig);
}
});
stepConfig.getAuthenticatorList().removeAll(authenticatorsToRemove);
if (log.isDebugEnabled()) {
log.debug("Removed " + authenticatorsToRemove.size() + " options which doesn't match the " + "provided authenticator options");
}
} else {
log.warn("The filtered authenticator list is empty, hence proceeding without filtering");
}
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
Bindings(javax.script.Bindings)
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
FrameworkConstants(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants)
HashMap(java.util.HashMap)
Function(java.util.function.Function)
HashSet(java.util.HashSet)
AuthenticationDecisionEvaluator(org.wso2.carbon.identity.application.authentication.framework.AuthenticationDecisionEvaluator)
JSObject(jdk.nashorn.api.scripting.JSObject)
Map(java.util.Map)
JsFunctionRegistry(org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry)
BiConsumer(java.util.function.BiConsumer)
ScriptException(javax.script.ScriptException)
FrameworkServiceComponent(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent)
Compilable(javax.script.Compilable)
MapUtils(org.apache.commons.collections.MapUtils)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
ApplicationAuthenticatorService(org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService)
AsyncProcess(org.wso2.carbon.identity.application.authentication.framework.AsyncProcess)
Set(java.util.Set)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
UUID(java.util.UUID)
FunctionLibrary(org.wso2.carbon.identity.functions.library.mgt.model.FunctionLibrary)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
Collectors(java.util.stream.Collectors)
ScriptContext(javax.script.ScriptContext)
Serializable(java.io.Serializable)
FunctionLibraryManagementService(org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService)
List(java.util.List)
Invocable(javax.script.Invocable)
FrameworkServiceDataHolder(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder)
CarbonContext(org.wso2.carbon.context.CarbonContext)
CompiledScript(javax.script.CompiledScript)
ScriptEngine(javax.script.ScriptEngine)
Log(org.apache.commons.logging.Log)
FunctionLibraryManagementException(org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException)
ScriptObjectMirror(jdk.nashorn.api.scripting.ScriptObjectMirror)
LogFactory(org.apache.commons.logging.LogFactory)
JsAuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticationContext)
FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
Collections(java.util.Collections)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 5 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method loadFederatedAuthenticators.
protected void loadFederatedAuthenticators(AuthenticationStep authenticationStep, StepConfig stepConfig, String tenantDomain) throws FrameworkException {
IdentityProvider[] federatedIDPs = authenticationStep.getFederatedIdentityProviders();
if (federatedIDPs != null) {
// for each idp in the step
for (IdentityProvider federatedIDP : federatedIDPs) {
FederatedAuthenticatorConfig federatedAuthenticator = federatedIDP.getDefaultAuthenticatorConfig();
// retrieve the federated IDP and load
if (federatedAuthenticator == null) {
try {
federatedAuthenticator = IdentityProviderManager.getInstance().getIdPByName(federatedIDP.getIdentityProviderName(), tenantDomain).getDefaultAuthenticatorConfig();
} catch (IdentityProviderManagementException e) {
throw new FrameworkException("Failed to load the default authenticator for IDP : " + federatedIDP.getIdentityProviderName(), e);
}
}
String actualAuthenticatorName = federatedAuthenticator.getName();
// assign it to the step
loadStepAuthenticator(stepConfig, federatedIDP, actualAuthenticatorName);
}
}
}
Also used :
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)
Aggregations
FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)27
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)25
Test (org.testng.annotations.Test)23
IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)23
ArrayList (java.util.ArrayList)22
HashMap (java.util.HashMap)22
AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)22
ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)19
StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)19
SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)15
LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)15
ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)15
FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)14
FederatedApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)12
IOException (java.io.IOException)11
Map (java.util.Map)11
RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)11
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)10
Property (org.wso2.carbon.identity.application.common.model.Property)10
HttpResponse (org.apache.http.HttpResponse)8
