Example 71 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class ProvisioningManagementDAO method updateProvisionedIdentifier.
/**
* @param newIdentityProvider
* @param currentIdentityProvider
* @param tenantId
* @throws IdentityApplicationManagementException
*/
public void updateProvisionedIdentifier(IdentityProvider newIdentityProvider, IdentityProvider currentIdentityProvider, int tenantId) throws IdentityApplicationManagementException {
Connection dbConnection = IdentityDatabaseUtil.getDBConnection();
PreparedStatement prepStmt = null;
try {
int idPId = getIdentityProviderIdByName(dbConnection, newIdentityProvider.getIdentityProviderName(), tenantId);
if (idPId <= 0) {
String msg = "Trying to update non-existent Identity Provider for tenant " + tenantId;
throw new IdentityApplicationManagementException(msg);
}
// SP_IDP_NAME=?, SP_IDP_PRIMARY=?,SP_IDP_HOME_REALM_ID=?,
// SP_IDP_THUMBPRINT=?,
// SP_IDP_TOKEN_EP_ALIAS=?,
// SP_IDP_INBOUND_PROVISIONING_ENABLED=?,SP_IDP_INBOUND_PROVISIONING_USER_STORE_ID=?,SP_IDP_USER_CLAIM_URI=?,
// SP_IDP_ROLE_CLAIM_URI=?,SP_IDP_DEFAULT_AUTHENTICATOR_NAME=?,SP_IDP_DEFAULT_PRO_CONNECTOR_NAME=?
String sqlStmt = IdPManagementConstants.SQLQueries.UPDATE_IDP_SQL;
prepStmt = dbConnection.prepareStatement(sqlStmt);
prepStmt.setString(1, newIdentityProvider.getIdentityProviderName());
if (newIdentityProvider.isPrimary()) {
prepStmt.setString(2, IdentityProvisioningConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(2, IdentityProvisioningConstants.IS_FALSE_VALUE);
}
prepStmt.setString(3, newIdentityProvider.getHomeRealmId());
JSONArray certificateInfoJsonArray = new JSONArray(newIdentityProvider.getCertificateInfoArray());
prepStmt.setBinaryStream(4, setBlobValue(certificateInfoJsonArray.toString()));
if (log.isDebugEnabled()) {
log.debug("Certificate has been saved in the database as a JSON array: " + certificateInfoJsonArray);
}
prepStmt.setString(5, newIdentityProvider.getAlias());
if (newIdentityProvider.getJustInTimeProvisioningConfig() != null && newIdentityProvider.getJustInTimeProvisioningConfig().isProvisioningEnabled()) {
prepStmt.setString(6, IdentityProvisioningConstants.IS_TRUE_VALUE);
prepStmt.setString(7, newIdentityProvider.getJustInTimeProvisioningConfig().getProvisioningUserStore());
} else {
prepStmt.setString(6, IdentityProvisioningConstants.IS_FALSE_VALUE);
prepStmt.setString(7, null);
}
if (newIdentityProvider.getClaimConfig() != null) {
prepStmt.setString(8, newIdentityProvider.getClaimConfig().getUserClaimURI());
prepStmt.setString(9, newIdentityProvider.getClaimConfig().getRoleClaimURI());
} else {
prepStmt.setString(8, null);
prepStmt.setString(9, null);
}
// update the default authenticator
if (newIdentityProvider.getDefaultAuthenticatorConfig() != null && newIdentityProvider.getDefaultAuthenticatorConfig().getName() != null) {
prepStmt.setString(10, newIdentityProvider.getDefaultAuthenticatorConfig().getName());
} else {
// its not a must to have a default authenticator.
prepStmt.setString(10, null);
}
// update the default provisioning connector.
if (newIdentityProvider.getDefaultProvisioningConnectorConfig() != null && newIdentityProvider.getDefaultProvisioningConnectorConfig().getName() != null) {
prepStmt.setString(11, newIdentityProvider.getDefaultProvisioningConnectorConfig().getName());
} else {
// its not a must to have a default provisioning connector..
prepStmt.setString(11, null);
}
prepStmt.setString(12, newIdentityProvider.getIdentityProviderDescription());
prepStmt.setInt(13, tenantId);
prepStmt.setString(14, currentIdentityProvider.getIdentityProviderName());
prepStmt.executeUpdate();
prepStmt.clearParameters();
IdentityDatabaseUtil.commitTransaction(dbConnection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
String msg = "Error occurred while updating Identity Provider information for tenant " + tenantId;
throw new IdentityApplicationManagementException(msg, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(dbConnection, null, prepStmt);
}
}
Also used :
SQLException(java.sql.SQLException)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
Connection(java.sql.Connection)
JSONArray(org.json.JSONArray)
PreparedStatement(java.sql.PreparedStatement)
Example 72 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class FileBasedConfigurationBuilder method processStepElement.
/**
* Create StepDOs for each step entry
*
* @param stepElem
* @return
*/
private StepConfig processStepElement(OMElement stepElem) {
StepConfig stepConfig = new StepConfig();
OMAttribute loginPageAttr = stepElem.getAttribute(new QName(FrameworkConstants.Config.ATTR_STEP_LOGIN_PAGE));
if (loginPageAttr != null) {
stepConfig.setLoginPage(loginPageAttr.getAttributeValue());
}
OMAttribute orderAttr = stepElem.getAttribute(new QName(FrameworkConstants.Config.ATTR_STEP_ORDER));
if (orderAttr == null) {
log.warn("Each Step Configuration should have an order. +" + "Authenticators under this Step will not be registered.");
return null;
}
stepConfig.setOrder(Integer.parseInt(orderAttr.getAttributeValue()));
for (Iterator authenticatorElements = stepElem.getChildrenWithLocalName(FrameworkConstants.Config.ELEM_AUTHENTICATOR); authenticatorElements.hasNext(); ) {
OMElement authenticatorElem = (OMElement) authenticatorElements.next();
String authenticatorName = authenticatorElem.getAttributeValue(new QName(FrameworkConstants.Config.ATTR_AUTHENTICATOR_NAME));
AuthenticatorConfig authenticatorConfig = authenticatorConfigMap.get(authenticatorName);
String idps = authenticatorElem.getAttributeValue(new QName(FrameworkConstants.Config.ATTR_AUTHENTICATOR_IDPS));
if (authenticatorConfig == null) {
log.error("There was no authenticator configured for name: " + authenticatorName + " Please add relevant configuration in element: " + FrameworkConstants.Config.QNAME_AUTHENTICATOR_CONFIGS);
} else {
// if IDP defined
if (idps != null && !idps.isEmpty()) {
String[] idpArr = idps.split(",");
for (String idp : idpArr) {
authenticatorConfig.getIdpNames().add(idp);
}
} else {
authenticatorConfig.getIdpNames().add(FrameworkConstants.LOCAL_IDP_NAME);
}
stepConfig.getAuthenticatorList().add(authenticatorConfig);
}
}
return stepConfig;
}
Also used :
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
QName(javax.xml.namespace.QName)
Iterator(java.util.Iterator)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
OMElement(org.apache.axiom.om.OMElement)
OMAttribute(org.apache.axiom.om.OMAttribute)
Example 73 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method loadStepAuthenticator.
private void loadStepAuthenticator(StepConfig stepConfig, IdentityProvider idp, String authenticatorName) {
AuthenticatorConfig authenticatorConfig = null;
// check if authenticator already exists
for (AuthenticatorConfig authConfig : stepConfig.getAuthenticatorList()) {
if (authenticatorName.equals(authConfig.getName())) {
authenticatorConfig = authConfig;
break;
}
}
if (authenticatorConfig == null) {
authenticatorConfig = new AuthenticatorConfig();
authenticatorConfig.setName(authenticatorName);
for (ApplicationAuthenticator appAuthenticator : FrameworkServiceComponent.getAuthenticators()) {
if (authenticatorName.equalsIgnoreCase(appAuthenticator.getName())) {
authenticatorConfig.setApplicationAuthenticator(appAuthenticator);
break;
}
}
stepConfig.getAuthenticatorList().add(authenticatorConfig);
}
if (idp != null) {
authenticatorConfig.getIdpNames().add(idp.getIdentityProviderName());
authenticatorConfig.getIdps().put(idp.getIdentityProviderName(), idp);
}
if (!stepConfig.isMultiOption() && (stepConfig.getAuthenticatorList().size() > 1 || authenticatorConfig.getIdps().size() > 1)) {
stepConfig.setMultiOption(true);
}
}
Also used :
RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)
Example 74 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class JsGraphBuilder method authenticatorParamsOptions.
/**
* Add authenticator params in the message context.
*
* @param options Authentication options
*/
protected void authenticatorParamsOptions(Map<String, Object> options, StepConfig stepConfig) {
Map<String, Map<String, String>> authenticatorParams = new HashMap<>();
Object localOptions = options.get(FrameworkConstants.JSAttributes.JS_LOCAL_IDP);
if (localOptions instanceof Map) {
((Map<String, Object>) localOptions).forEach((authenticatorName, params) -> {
if (params instanceof Map) {
authenticatorParams.put(authenticatorName, new HashMap<>((Map<String, String>) params));
}
});
}
Object federatedOptionsObj = options.get(FrameworkConstants.JSAttributes.JS_FEDERATED_IDP);
if (federatedOptionsObj instanceof Map) {
Map<String, Map<String, String>> federatedOptions = (Map<String, Map<String, String>>) federatedOptionsObj;
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> authenticatorConfig.getIdps().forEach((idpName, idp) -> {
if (!FrameworkConstants.LOCAL_IDP_NAME.equals(idpName) && federatedOptions.containsKey(idpName)) {
for (FederatedAuthenticatorConfig federatedAuthConfig : idp.getFederatedAuthenticatorConfigs()) {
String authenticatorName = authenticatorConfig.getApplicationAuthenticator().getName();
if (authenticatorConfig.getName().equals(federatedAuthConfig.getName())) {
authenticatorParams.put(authenticatorName, new HashMap<>(federatedOptions.get(idpName)));
}
}
}
}));
}
Object commonOptions = options.get(FrameworkConstants.JSAttributes.JS_COMMON_OPTIONS);
if (commonOptions instanceof Map) {
authenticatorParams.put(FrameworkConstants.JSAttributes.JS_COMMON_OPTIONS, new HashMap<>((Map<String, String>) commonOptions));
}
if (!authenticatorParams.isEmpty()) {
authenticationContext.addAuthenticatorParams(authenticatorParams);
}
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
Bindings(javax.script.Bindings)
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
FrameworkConstants(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants)
HashMap(java.util.HashMap)
Function(java.util.function.Function)
HashSet(java.util.HashSet)
AuthenticationDecisionEvaluator(org.wso2.carbon.identity.application.authentication.framework.AuthenticationDecisionEvaluator)
JSObject(jdk.nashorn.api.scripting.JSObject)
Map(java.util.Map)
JsFunctionRegistry(org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry)
BiConsumer(java.util.function.BiConsumer)
ScriptException(javax.script.ScriptException)
FrameworkServiceComponent(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent)
Compilable(javax.script.Compilable)
MapUtils(org.apache.commons.collections.MapUtils)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
ApplicationAuthenticatorService(org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService)
AsyncProcess(org.wso2.carbon.identity.application.authentication.framework.AsyncProcess)
Set(java.util.Set)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
UUID(java.util.UUID)
FunctionLibrary(org.wso2.carbon.identity.functions.library.mgt.model.FunctionLibrary)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
Collectors(java.util.stream.Collectors)
ScriptContext(javax.script.ScriptContext)
Serializable(java.io.Serializable)
FunctionLibraryManagementService(org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService)
List(java.util.List)
Invocable(javax.script.Invocable)
FrameworkServiceDataHolder(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder)
CarbonContext(org.wso2.carbon.context.CarbonContext)
CompiledScript(javax.script.CompiledScript)
ScriptEngine(javax.script.ScriptEngine)
Log(org.apache.commons.logging.Log)
FunctionLibraryManagementException(org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException)
ScriptObjectMirror(jdk.nashorn.api.scripting.ScriptObjectMirror)
LogFactory(org.apache.commons.logging.LogFactory)
JsAuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticationContext)
FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
Collections(java.util.Collections)
HashMap(java.util.HashMap)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
JSObject(jdk.nashorn.api.scripting.JSObject)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 75 with Authenticator
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class JsClaims method getRemoteClaimMappedToLocalClaim.
/**
* Gets the remote claim that is mapped to the given local claim
*
* @param localClaim local claim URI
* @param remoteClaimsMap Remote claim URI - value map
* @return Mapped remote claim URI if present. null otherwise
*/
private String getRemoteClaimMappedToLocalClaim(String localClaim, Map<String, String> remoteClaimsMap) {
String authenticatorDialect = null;
Map<String, String> localToIdpClaimMapping = null;
String tenantDomain = getContext().getTenantDomain();
try {
// Check if the IDP use an standard dialect (like oidc), If it does, dialect claim mapping are
// prioritized over IdP claim mapping
ApplicationAuthenticator authenticator = getContext().getSequenceConfig().getStepMap().get(step).getAuthenticatedAutenticator().getApplicationAuthenticator();
authenticatorDialect = authenticator.getClaimDialectURI();
ExternalIdPConfig idPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(idp, tenantDomain);
boolean useDefaultIdpDialect = idPConfig.useDefaultLocalIdpDialect();
if (authenticatorDialect != null || useDefaultIdpDialect) {
if (authenticatorDialect == null) {
authenticatorDialect = ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT;
}
localToIdpClaimMapping = ClaimMetadataHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(authenticatorDialect, remoteClaimsMap.keySet(), tenantDomain, true);
} else {
localToIdpClaimMapping = IdentityProviderManager.getInstance().getMappedIdPClaimsMap(idp, tenantDomain, Collections.singletonList(localClaim));
}
if (localToIdpClaimMapping != null) {
return localToIdpClaimMapping.get(localClaim);
}
} catch (IdentityProviderManagementException e) {
LOG.error(String.format("Error when getting claim : %s of user: %s", localClaim, authenticatedUser), e);
} catch (ClaimMetadataException e) {
LOG.error("Error when getting claim mappings from " + authenticatorDialect + " for tenant domain: " + tenantDomain);
}
return null;
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)
ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)
IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)
Aggregations
FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)27
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)25
Test (org.testng.annotations.Test)23
IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)23
ArrayList (java.util.ArrayList)22
HashMap (java.util.HashMap)22
AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)22
ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)19
StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)19
SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)16
FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)15
LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)15
ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)15
IOException (java.io.IOException)12
Map (java.util.Map)12
FederatedApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)12
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)11
RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)11
Property (org.wso2.carbon.identity.application.common.model.Property)10
HttpResponse (org.apache.http.HttpResponse)8
