use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class JsGraphBuilderTest method filterOptionsDataProvider.
@DataProvider
public Object[][] filterOptionsDataProvider() {
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().clear();
LocalAuthenticatorConfig basic = new LocalAuthenticatorConfig();
basic.setName("BasicAuthenticator");
basic.setDisplayName("basic");
LocalAuthenticatorConfig totp = new LocalAuthenticatorConfig();
totp.setName("TOTPAuthenticator");
totp.setDisplayName("totp");
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(basic);
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(totp);
IdentityProvider localIdp = new IdentityProvider();
localIdp.setId("LOCAL");
localIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
FederatedAuthenticatorConfig samlFederated = new FederatedAuthenticatorConfig();
samlFederated.setDisplayName("samlsso");
samlFederated.setName("SAMLAuthenticator");
FederatedAuthenticatorConfig oidcFederated = new FederatedAuthenticatorConfig();
oidcFederated.setDisplayName("oidc");
oidcFederated.setName("OIDCAuthenticator");
FederatedAuthenticatorConfig twitterFederated = new FederatedAuthenticatorConfig();
twitterFederated.setDisplayName("twitter");
twitterFederated.setName("TwitterAuthenticator");
IdentityProvider customIdp1 = new IdentityProvider();
customIdp1.setId("customIdp1");
customIdp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { samlFederated, oidcFederated });
customIdp1.setDefaultAuthenticatorConfig(samlFederated);
IdentityProvider customIdp2 = new IdentityProvider();
customIdp2.setId("customIdp2");
customIdp2.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { twitterFederated });
customIdp2.setDefaultAuthenticatorConfig(twitterFederated);
AuthenticatorConfig basicAuthConfig = new AuthenticatorConfig();
basicAuthConfig.setName("BasicAuthenticator");
basicAuthConfig.setEnabled(true);
basicAuthConfig.getIdps().put("LOCAL", localIdp);
AuthenticatorConfig totpAuthConfig = new AuthenticatorConfig();
totpAuthConfig.setName("TOTPAuthenticator");
totpAuthConfig.setEnabled(true);
totpAuthConfig.getIdps().put("LOCAL", localIdp);
AuthenticatorConfig samlAuthConfig = new AuthenticatorConfig();
samlAuthConfig.setName("SAMLAuthenticator");
samlAuthConfig.setEnabled(true);
samlAuthConfig.getIdps().put("customIdp1", customIdp1);
AuthenticatorConfig oidcAuthConfig = new AuthenticatorConfig();
oidcAuthConfig.setName("OIDCAuthenticator");
oidcAuthConfig.setEnabled(true);
oidcAuthConfig.getIdps().put("customIdp1", customIdp1);
AuthenticatorConfig twitterAuthConfig = new AuthenticatorConfig();
twitterAuthConfig.setName("TwitterAuthenticator");
twitterAuthConfig.setEnabled(true);
twitterAuthConfig.getIdps().put("customIdp2", customIdp2);
StepConfig stepWithSingleOption = new StepConfig();
stepWithSingleOption.setAuthenticatorList(Collections.singletonList(basicAuthConfig));
Map<String, Map<String, String>> singleOptionConfig = new HashMap<>();
singleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
StepConfig stepWithMultipleOptions = new StepConfig();
stepWithMultipleOptions.setAuthenticatorList(new ArrayList<>(Arrays.asList(basicAuthConfig, totpAuthConfig, oidcAuthConfig, twitterAuthConfig)));
Map<String, String> oidcOption = new HashMap<>();
oidcOption.put("idp", "customIdp1");
oidcOption.put("authenticator", "oidc");
Map<String, String> twitterOption = new HashMap<>();
twitterOption.put("idp", "customIdp2");
twitterOption.put("authenticator", "twitter");
Map<String, String> invalidOption = new HashMap<>();
invalidOption.put("idp", "customIdp1");
invalidOption.put("authenticator", "twitter");
Map<String, Map<String, String>> multipleOptionConfig = new HashMap<>();
multipleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
multipleOptionConfig.put("1", oidcOption);
multipleOptionConfig.put("2", twitterOption);
Map<String, Map<String, String>> multipleAndInvalidOptionConfig = new HashMap<>();
multipleAndInvalidOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
multipleAndInvalidOptionConfig.put("1", oidcOption);
multipleAndInvalidOptionConfig.put("2", invalidOption);
Map<String, Map<String, String>> idpOnlyOptionConfig = new HashMap<>();
idpOnlyOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
idpOnlyOptionConfig.put("1", Collections.singletonMap("idp", "customIdp1"));
Map<String, Map<String, String>> singleInvalidOptionConfig = new HashMap<>();
singleInvalidOptionConfig.put("0", invalidOption);
return new Object[][] { { singleOptionConfig, duplicateStepConfig(stepWithSingleOption), 1 }, { singleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 1 }, { multipleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 3 }, { multipleAndInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 }, { singleInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 4 }, { idpOnlyOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 } };
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class CarbonBasicPolicyPublisherModule method doSend.
private void doSend(String body) throws EntitlementException {
if (serverUrl != null) {
serverUrl = serverUrl.trim();
if (!serverUrl.endsWith("/")) {
serverUrl += "/";
}
}
String serverEndPoint = serverUrl + "EntitlementPolicyAdminService";
ServiceClient client = null;
try {
MultiThreadedHttpConnectionManager httpConnectionManager = new MultiThreadedHttpConnectionManager();
HttpClient httpClient = new HttpClient(httpConnectionManager);
client = new ServiceClient(configCtx, null);
Options option = client.getOptions();
option.setManageSession(true);
HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
authenticator.setUsername(serverUserName);
authenticator.setPassword(serverPassword);
authenticator.setPreemptiveAuthentication(true);
option.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, authenticator);
option.setProperty(Constants.Configuration.TRANSPORT_URL, serverEndPoint);
option.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, Constants.VALUE_TRUE);
option.setProperty(HTTPConstants.CACHED_HTTP_CLIENT, httpClient);
client.sendRobust(AXIOMUtil.stringToOM(body));
} catch (AxisFault axisFault) {
log.error("Policy publish fails due : " + axisFault.getMessage(), axisFault);
throw new EntitlementException("Policy publish fails due : " + axisFault.getMessage());
} catch (XMLStreamException e) {
log.error("Policy publish fails due : " + e.getMessage(), e);
throw new EntitlementException("Policy publish fails due : " + e.getMessage());
} finally {
if (client != null) {
try {
client.cleanupTransport();
client.cleanup();
} catch (AxisFault axisFault) {
log.error("Error while cleaning HTTP client", axisFault);
}
}
}
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class FileBasedIdPMgtDAO method getIdPByAuthenticatorPropertyValue.
public IdentityProvider getIdPByAuthenticatorPropertyValue(String property, String value, String tenantDomain, String authenticatorName) {
Map<String, IdentityProvider> identityProviders = IdPManagementServiceComponent.getFileBasedIdPs();
for (Entry<String, IdentityProvider> entry : identityProviders.entrySet()) {
FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = entry.getValue().getFederatedAuthenticatorConfigs();
// Get SAML2 Web SSO authenticator
FederatedAuthenticatorConfig samlAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(federatedAuthenticatorConfigs, authenticatorName);
if (samlAuthenticatorConfig != null) {
Property samlProperty = IdentityApplicationManagementUtil.getProperty(samlAuthenticatorConfig.getProperties(), property);
if (samlProperty != null) {
if (value.equalsIgnoreCase(samlProperty.getValue())) {
return entry.getValue();
}
}
}
}
return null;
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildFederatedIdentityProvider.
/**
* Build a federated identity provider.
*
* @param request HttpServletRequest
* @param oldIdpName This value will be populated if there is an old IDP.
* @return IdentityProvider
* @throws Exception
*/
public static IdentityProvider buildFederatedIdentityProvider(HttpServletRequest request, StringBuilder oldIdpName) throws Exception {
IdentityProvider fedIdp = new IdentityProvider();
if (ServletFileUpload.isMultipartContent(request)) {
ServletRequestContext servletContext = new ServletRequestContext(request);
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
List items = upload.parseRequest(servletContext);
Map<String, String> paramMap = new HashMap<>();
List<String> idpClaims = new ArrayList<>();
List<String> idpRoles = new ArrayList<>();
List<String> customAuthenticatorNames = new ArrayList<>();
List<String> proConnectorNames = new ArrayList<>();
Map<String, List<Property>> customAuthenticatorProperties = new HashMap<>();
Map<String, List<Property>> customProProperties = new HashMap<>();
String idpUUID = StringUtils.EMPTY;
StringBuilder deletedCertificateValue = new StringBuilder();
for (Object item : items) {
DiskFileItem diskFileItem = (DiskFileItem) item;
if (diskFileItem != null) {
byte[] value = diskFileItem.get();
String key = diskFileItem.getFieldName();
if (StringUtils.equals(key, "idpUUID")) {
idpUUID = diskFileItem.getString();
}
if (IdPManagementUIUtil.META_DATA_SAML.equals(key)) {
if (StringUtils.isNotEmpty(diskFileItem.getName()) && !diskFileItem.getName().trim().endsWith(".xml")) {
throw new CarbonException("File not supported!");
} else {
paramMap.put(key, Base64.encode(value));
}
}
if ("certFile".equals(key)) {
paramMap.put(key, Base64.encode(value));
} else if (key.startsWith(IdentityApplicationConstants.CERTIFICATE_VAL)) {
deletedCertificateValue.append(new String(value, StandardCharsets.UTF_8));
} else if ("google_prov_private_key".equals(key)) {
paramMap.put(key, Base64.encode(value));
} else if (key.startsWith("claimrowname_")) {
String strValue = new String(value, StandardCharsets.UTF_8);
idpClaims.add(strValue);
paramMap.put(key, strValue);
} else if (key.startsWith("rolerowname_")) {
String strValue = new String(value, StandardCharsets.UTF_8);
idpRoles.add(strValue);
paramMap.put(key, strValue);
} else if (key.startsWith("custom_auth_name")) {
customAuthenticatorNames.add(new String(value, StandardCharsets.UTF_8));
} else if (key.startsWith("custom_pro_name")) {
proConnectorNames.add(new String(value, StandardCharsets.UTF_8));
} else if (key.startsWith("cust_auth_prop_")) {
int length = "cust_auth_prop_".length();
String authPropString = new String(key).substring(length);
if (authPropString.indexOf("#") > 0) {
String authName = authPropString.substring(0, authPropString.indexOf("#"));
String propName = authPropString.substring(authPropString.indexOf("#") + 1);
String propVal = new String(value, StandardCharsets.UTF_8);
Property prop = new Property();
prop.setName(propName);
prop.setValue(propVal);
List<Property> propList = null;
if (customAuthenticatorProperties.get(authName) == null) {
customAuthenticatorProperties.put(authName, new ArrayList<Property>());
}
propList = customAuthenticatorProperties.get(authName);
propList.add(prop);
customAuthenticatorProperties.put(authName, propList);
}
} else if (key.startsWith("cust_pro_prop_")) {
int length = "cust_pro_prop_".length();
String provPropString = new String(key).substring(length);
if (provPropString.indexOf("#") > 0) {
String proConName = provPropString.substring(0, provPropString.indexOf("#"));
String propName = provPropString.substring(provPropString.indexOf("#") + 1);
String propVal = new String(value, StandardCharsets.UTF_8);
Property prop = new Property();
prop.setName(propName);
prop.setValue(propVal);
List<Property> propList = null;
if (customProProperties.get(proConName) == null) {
customProProperties.put(proConName, new ArrayList<Property>());
}
propList = customProProperties.get(proConName);
propList.add(prop);
customProProperties.put(proConName, propList);
}
} else {
paramMap.put(key, new String(value, StandardCharsets.UTF_8));
}
String updatedValue = paramMap.get(key);
if (updatedValue != null && updatedValue.trim().length() == 0) {
paramMap.put(key, null);
}
}
}
paramMap.put(IdentityApplicationConstants.CERTIFICATE_VAL, deletedCertificateValue.toString());
IdentityProvider oldIdentityProvider = (IdentityProvider) request.getSession().getAttribute(idpUUID);
if (oldIdentityProvider != null) {
if (oldIdpName == null) {
oldIdpName = new StringBuilder();
}
oldIdpName.append(oldIdentityProvider.getIdentityProviderName());
}
if (oldIdentityProvider != null && oldIdentityProvider.getCertificate() != null) {
if (oldIdentityProvider.getCertificateInfoArray() != null && oldIdentityProvider.getCertificateInfoArray().length > 1) {
if (log.isDebugEnabled()) {
log.debug("Number of old certificate for the identity provider " + oldIdentityProvider.getDisplayName() + " is " + oldIdentityProvider.getCertificateInfoArray().length);
}
StringBuilder multipleCertificate = new StringBuilder();
for (CertificateInfo certificateInfo : oldIdentityProvider.getCertificateInfoArray()) {
multipleCertificate.append(new String(Base64.decode(certificateInfo.getCertValue()), StandardCharsets.UTF_8));
}
paramMap.put(IdentityApplicationConstants.OLD_CERT_FILE, Base64.encode(multipleCertificate.toString().getBytes(StandardCharsets.UTF_8)));
} else {
if (log.isDebugEnabled()) {
log.debug("Only one certificate has been found as old certificate.");
}
paramMap.put(IdentityApplicationConstants.OLD_CERT_FILE, oldIdentityProvider.getCertificate());
}
}
if (oldIdentityProvider != null && oldIdentityProvider.getProvisioningConnectorConfigs() != null) {
ProvisioningConnectorConfig[] provisioningConnectorConfig = oldIdentityProvider.getProvisioningConnectorConfigs();
for (ProvisioningConnectorConfig provisioningConnector : provisioningConnectorConfig) {
if (("googleapps").equals(provisioningConnector.getName())) {
Property[] googleProperties = provisioningConnector.getProvisioningProperties();
for (Property property : googleProperties) {
if (property.getName().equals("google_prov_private_key")) {
paramMap.put("old_google_prov_private_key", property.getValue());
}
}
}
}
}
// build identity provider basic information.
buildBasicInformation(fedIdp, paramMap);
// build out-bound authentication configuration.
buildOutboundAuthenticationConfiguration(fedIdp, paramMap);
// build custom authenticator configuration.
buildCustomAuthenticationConfiguration(fedIdp, customAuthenticatorNames, customAuthenticatorProperties, paramMap);
// build claim configuration.
if (oldIdentityProvider != null && oldIdentityProvider.getClaimConfig().getClaimMappings() != null) {
buildClaimConfiguration(fedIdp, paramMap, idpClaims, oldIdentityProvider.getClaimConfig().getClaimMappings());
} else {
buildClaimConfiguration(fedIdp, paramMap, idpClaims, null);
}
// build role configuration.
if (oldIdentityProvider != null && oldIdentityProvider.getPermissionAndRoleConfig() != null && oldIdentityProvider.getPermissionAndRoleConfig().getRoleMappings() != null) {
buildRoleConfiguration(fedIdp, paramMap, idpRoles, oldIdentityProvider.getPermissionAndRoleConfig().getRoleMappings());
} else {
buildRoleConfiguration(fedIdp, paramMap, idpRoles, null);
}
// build in-bound provisioning configuration.
buildInboundProvisioningConfiguration(fedIdp, paramMap);
// build out-bound provisioning configuration.
buildOutboundProvisioningConfiguration(fedIdp, paramMap);
// build custom provisioning connectors.
buildCustomProvisioningConfiguration(fedIdp, proConnectorNames, customProProperties, paramMap);
} else {
throw new Exception("Invalid Content Type: Not multipart/form-data");
}
return fedIdp;
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class IdPManagementDAO method updateFederatedAuthenticatorConfigs.
/**
* @param newFederatedAuthenticatorConfigs
* @param oldFederatedAuthenticatorConfigs
* @param dbConnection
* @param idpId
* @param tenantId
* @throws IdentityProviderManagementException
* @throws SQLException
*/
private void updateFederatedAuthenticatorConfigs(FederatedAuthenticatorConfig[] newFederatedAuthenticatorConfigs, FederatedAuthenticatorConfig[] oldFederatedAuthenticatorConfigs, Connection dbConnection, int idpId, int tenantId, boolean isResidentIdP) throws IdentityProviderManagementException, SQLException {
Map<String, FederatedAuthenticatorConfig> oldFedAuthnConfigMap = new HashMap<>();
if (oldFederatedAuthenticatorConfigs != null && oldFederatedAuthenticatorConfigs.length > 0) {
for (FederatedAuthenticatorConfig fedAuthnConfig : oldFederatedAuthenticatorConfigs) {
oldFedAuthnConfigMap.put(fedAuthnConfig.getName(), fedAuthnConfig);
}
}
Map<String, FederatedAuthenticatorConfig> newFedAuthnConfigMap = new HashMap<>();
if (newFederatedAuthenticatorConfigs != null && newFederatedAuthenticatorConfigs.length > 0) {
for (FederatedAuthenticatorConfig fedAuthenticator : newFederatedAuthenticatorConfigs) {
newFedAuthnConfigMap.put(fedAuthenticator.getName(), fedAuthenticator);
if (fedAuthenticator.isValid()) {
if (oldFedAuthnConfigMap.containsKey(fedAuthenticator.getName())) {
updateFederatedAuthenticatorConfig(fedAuthenticator, oldFedAuthnConfigMap.get(fedAuthenticator.getName()), dbConnection, idpId, tenantId);
} else {
addFederatedAuthenticatorConfig(fedAuthenticator, dbConnection, idpId, tenantId);
}
}
}
}
if (!isResidentIdP) {
// Remove deleted federated authenticator configs.
for (String oldFedAuthenticator : oldFedAuthnConfigMap.keySet()) {
if (!newFedAuthnConfigMap.containsKey(oldFedAuthenticator)) {
deleteFederatedAuthenticatorConfig(oldFedAuthnConfigMap.get(oldFedAuthenticator), dbConnection, idpId, tenantId);
}
}
}
}
Aggregations