use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class ApplicationIdentityProviderMgtListener method updateApplicationWithFederatedAuthenticator.
/**
* Update the service providers, with the default authenticator of the identity provider.
*
* @param identityProvider
* @param tenantDomain
* @param serviceProvider
* @param authStep
* @throws IdentityApplicationManagementException
* @throws IdentityProviderManagementException
*/
private void updateApplicationWithFederatedAuthenticator(IdentityProvider identityProvider, String tenantDomain, ServiceProvider serviceProvider, AuthenticationStep authStep) throws IdentityApplicationManagementException, IdentityProviderManagementException {
IdentityProvider fedIdp = authStep.getFederatedIdentityProviders()[0];
if (StringUtils.equals(fedIdp.getIdentityProviderName(), identityProvider.getIdentityProviderName())) {
String defaultAuthName = fedIdp.getDefaultAuthenticatorConfig().getName();
if (identityProvider.getDefaultAuthenticatorConfig() != null) {
String currentDefaultAuthName = identityProvider.getDefaultAuthenticatorConfig().getName();
boolean isCurrentDefaultAuthEnabled = identityProvider.getDefaultAuthenticatorConfig().isEnabled();
if (!StringUtils.equals(currentDefaultAuthName, defaultAuthName)) {
FederatedAuthenticatorConfig currentDefaultAuthenticatorConfig = identityProvider.getDefaultAuthenticatorConfig();
fedIdp.setDefaultAuthenticatorConfig(currentDefaultAuthenticatorConfig);
fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { currentDefaultAuthenticatorConfig });
ApplicationMgtSystemConfig.getInstance().getApplicationDAO().updateApplication(serviceProvider, tenantDomain);
} else if (!isCurrentDefaultAuthEnabled && StringUtils.equals(currentDefaultAuthName, defaultAuthName)) {
throw new IdentityProviderManagementException("Error in disabling default federated authenticator" + " as it is referred by service providers.");
}
}
}
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class DefaultRequestPathBasedSequenceHandlerTest method testHandleAuthenticatorFailedException.
/*
Request path authenticator throws an InvalidCredentialsException
*/
@Test
public void testHandleAuthenticatorFailedException() throws Exception {
// mock the behaviour of the request path authenticator
when(requestPathAuthenticator.canHandle(any(HttpServletRequest.class))).thenReturn(true);
doThrow(new AuthenticationFailedException("Authentication Failed.")).when(requestPathAuthenticator).process(request, response, context);
requestPathBasedSequenceHandler.handle(request, response, context);
assertEquals(context.isRequestAuthenticated(), false);
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.
the class DefaultStepBasedSequenceHandlerTest method testHandlePostUserName.
@Test(dataProvider = "postAuthenticationDataProvider")
public void testHandlePostUserName(String subjectClaimUriFromAppConfig, String spSubjectClaimValue, boolean appendTenantDomainToSubject, boolean appendUserStoreDomainToSubject, String authenticatedUserNameInSequence, String expectedSubjectIdentifier) throws Exception {
stepBasedSequenceHandler = new DefaultStepBasedSequenceHandler();
ApplicationConfig applicationConfig = spy(new ApplicationConfig(new ServiceProvider()));
when(applicationConfig.getSubjectClaimUri()).thenReturn(subjectClaimUriFromAppConfig);
when(applicationConfig.isUseTenantDomainInLocalSubjectIdentifier()).thenReturn(appendTenantDomainToSubject);
when(applicationConfig.isUseUserstoreDomainInLocalSubjectIdentifier()).thenReturn(appendUserStoreDomainToSubject);
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
authenticatedUser.setUserName(authenticatedUserNameInSequence);
authenticatedUser.setTenantDomain(FOO_TENANT);
authenticatedUser.setUserStoreDomain(XY_USER_STORE_DOMAIN);
SequenceConfig sequenceConfig = spy(new SequenceConfig());
Map<Integer, StepConfig> stepConfigMap = new HashMap<>();
StepConfig stepConfig = spy(new StepConfig());
when(stepConfig.getAuthenticatedUser()).thenReturn(authenticatedUser);
when(stepConfig.isSubjectIdentifierStep()).thenReturn(false);
when(stepConfig.isSubjectAttributeStep()).thenReturn(false);
AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
authenticatorConfig.setApplicationAuthenticator(authenticator);
when(stepConfig.getAuthenticatedAutenticator()).thenReturn(authenticatorConfig);
stepConfigMap.put(1, stepConfig);
sequenceConfig.setStepMap(stepConfigMap);
sequenceConfig.setAuthenticatedUser(authenticatedUser);
sequenceConfig.setApplicationConfig(applicationConfig);
// SP subject claim value
context.setProperty(FrameworkConstants.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, spSubjectClaimValue);
context.setSequenceConfig(sequenceConfig);
stepBasedSequenceHandler.handlePostAuthentication(request, response, context);
assertEquals(context.getSequenceConfig().getAuthenticatedUser().getUserName(), authenticatedUserNameInSequence);
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project identity-outbound-auth-sms-otp by wso2-extensions.
the class SMSOTPAuthenticator method processFirstStepOnly.
/**
* In SMSOTP optional case proceed with first step only.It can be basic or federated.
*
* @param authenticatedUser the name of authenticatedUser
* @param context the AuthenticationContext
*/
private void processFirstStepOnly(AuthenticatedUser authenticatedUser, AuthenticationContext context) {
if (log.isDebugEnabled()) {
log.debug("Processing First step only. Skipping SMSOTP");
}
// the authentication flow happens with basic authentication.
StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(context.getCurrentStep() - 1);
if (stepConfig.getAuthenticatedAutenticator().getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) {
if (log.isDebugEnabled()) {
log.debug("Found local authenticator in previous step. Hence setting a local user");
}
FederatedAuthenticatorUtil.updateLocalAuthenticatedUserInStepConfig(context, authenticatedUser);
context.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.BASIC);
} else {
if (log.isDebugEnabled()) {
log.debug("Found federated authenticator in previous step. Hence setting a local user");
}
FederatedAuthenticatorUtil.updateAuthenticatedUserInStepConfig(context, authenticatedUser);
context.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.FEDERETOR);
}
}
use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleAuthFlowThroughFramework.
/**
* This method use to call authentication framework directly via API other than using HTTP redirects.
* Sending wrapper request object to doGet method since other original request doesn't exist required parameters
* Doesn't check SUCCESS_COMPLETED since taking decision with INCOMPLETE status
*
* @param type authenticator type
* @throws URISyntaxException
* @throws InvalidRequestParentException
* @Param type OAuthMessage
*/
private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, String type) throws URISyntaxException, InvalidRequestParentException {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Forward authorization request to framework for user authentication.", "hand-over-to-framework", null);
}
try {
String sessionDataKey = (String) oAuthMessage.getRequest().getAttribute(FrameworkConstants.SESSION_DATA_KEY);
CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();
CommonAuthRequestWrapper requestWrapper = new CommonAuthRequestWrapper(oAuthMessage.getRequest());
requestWrapper.setParameter(FrameworkConstants.SESSION_DATA_KEY, sessionDataKey);
requestWrapper.setParameter(FrameworkConstants.RequestParams.TYPE, type);
CommonAuthResponseWrapper responseWrapper = new CommonAuthResponseWrapper(oAuthMessage.getResponse());
commonAuthenticationHandler.doGet(requestWrapper, responseWrapper);
Object attribute = oAuthMessage.getRequest().getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
if (attribute != null) {
if (attribute == AuthenticatorFlowStatus.INCOMPLETE) {
if (responseWrapper.isRedirect()) {
return Response.status(HttpServletResponse.SC_FOUND).location(buildURI(responseWrapper.getRedirectURL())).build();
} else {
return Response.status(HttpServletResponse.SC_OK).entity(responseWrapper.getContent()).build();
}
} else {
return authorize(requestWrapper, responseWrapper);
}
} else {
requestWrapper.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.UNKNOWN);
return authorize(requestWrapper, responseWrapper);
}
} catch (ServletException | IOException | URLBuilderException e) {
log.error("Error occurred while sending request to authentication framework.");
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Server error occurred.", "hand-over-to-framework", null);
}
return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build();
}
}
Aggregations