Search in sources :

Example 31 with Authenticator

use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.

the class ApplicationIdentityProviderMgtListener method updateApplicationWithFederatedAuthenticator.

/**
 * Update the service providers, with the default authenticator of the identity provider.
 *
 * @param identityProvider
 * @param tenantDomain
 * @param serviceProvider
 * @param authStep
 * @throws IdentityApplicationManagementException
 * @throws IdentityProviderManagementException
 */
private void updateApplicationWithFederatedAuthenticator(IdentityProvider identityProvider, String tenantDomain, ServiceProvider serviceProvider, AuthenticationStep authStep) throws IdentityApplicationManagementException, IdentityProviderManagementException {
    IdentityProvider fedIdp = authStep.getFederatedIdentityProviders()[0];
    if (StringUtils.equals(fedIdp.getIdentityProviderName(), identityProvider.getIdentityProviderName())) {
        String defaultAuthName = fedIdp.getDefaultAuthenticatorConfig().getName();
        if (identityProvider.getDefaultAuthenticatorConfig() != null) {
            String currentDefaultAuthName = identityProvider.getDefaultAuthenticatorConfig().getName();
            boolean isCurrentDefaultAuthEnabled = identityProvider.getDefaultAuthenticatorConfig().isEnabled();
            if (!StringUtils.equals(currentDefaultAuthName, defaultAuthName)) {
                FederatedAuthenticatorConfig currentDefaultAuthenticatorConfig = identityProvider.getDefaultAuthenticatorConfig();
                fedIdp.setDefaultAuthenticatorConfig(currentDefaultAuthenticatorConfig);
                fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { currentDefaultAuthenticatorConfig });
                ApplicationMgtSystemConfig.getInstance().getApplicationDAO().updateApplication(serviceProvider, tenantDomain);
            } else if (!isCurrentDefaultAuthEnabled && StringUtils.equals(currentDefaultAuthName, defaultAuthName)) {
                throw new IdentityProviderManagementException("Error in disabling default federated authenticator" + " as it is referred by service providers.");
            }
        }
    }
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 32 with Authenticator

use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.

the class DefaultRequestPathBasedSequenceHandlerTest method testHandleAuthenticatorFailedException.

/*
        Request path authenticator throws an InvalidCredentialsException
    */
@Test
public void testHandleAuthenticatorFailedException() throws Exception {
    // mock the behaviour of the request path authenticator
    when(requestPathAuthenticator.canHandle(any(HttpServletRequest.class))).thenReturn(true);
    doThrow(new AuthenticationFailedException("Authentication Failed.")).when(requestPathAuthenticator).process(request, response, context);
    requestPathBasedSequenceHandler.handle(request, response, context);
    assertEquals(context.isRequestAuthenticated(), false);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 33 with Authenticator

use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project carbon-identity-framework by wso2.

the class DefaultStepBasedSequenceHandlerTest method testHandlePostUserName.

@Test(dataProvider = "postAuthenticationDataProvider")
public void testHandlePostUserName(String subjectClaimUriFromAppConfig, String spSubjectClaimValue, boolean appendTenantDomainToSubject, boolean appendUserStoreDomainToSubject, String authenticatedUserNameInSequence, String expectedSubjectIdentifier) throws Exception {
    stepBasedSequenceHandler = new DefaultStepBasedSequenceHandler();
    ApplicationConfig applicationConfig = spy(new ApplicationConfig(new ServiceProvider()));
    when(applicationConfig.getSubjectClaimUri()).thenReturn(subjectClaimUriFromAppConfig);
    when(applicationConfig.isUseTenantDomainInLocalSubjectIdentifier()).thenReturn(appendTenantDomainToSubject);
    when(applicationConfig.isUseUserstoreDomainInLocalSubjectIdentifier()).thenReturn(appendUserStoreDomainToSubject);
    AuthenticatedUser authenticatedUser = new AuthenticatedUser();
    authenticatedUser.setUserName(authenticatedUserNameInSequence);
    authenticatedUser.setTenantDomain(FOO_TENANT);
    authenticatedUser.setUserStoreDomain(XY_USER_STORE_DOMAIN);
    SequenceConfig sequenceConfig = spy(new SequenceConfig());
    Map<Integer, StepConfig> stepConfigMap = new HashMap<>();
    StepConfig stepConfig = spy(new StepConfig());
    when(stepConfig.getAuthenticatedUser()).thenReturn(authenticatedUser);
    when(stepConfig.isSubjectIdentifierStep()).thenReturn(false);
    when(stepConfig.isSubjectAttributeStep()).thenReturn(false);
    AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
    authenticatorConfig.setApplicationAuthenticator(authenticator);
    when(stepConfig.getAuthenticatedAutenticator()).thenReturn(authenticatorConfig);
    stepConfigMap.put(1, stepConfig);
    sequenceConfig.setStepMap(stepConfigMap);
    sequenceConfig.setAuthenticatedUser(authenticatedUser);
    sequenceConfig.setApplicationConfig(applicationConfig);
    // SP subject claim value
    context.setProperty(FrameworkConstants.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, spSubjectClaimValue);
    context.setSequenceConfig(sequenceConfig);
    stepBasedSequenceHandler.handlePostAuthentication(request, response, context);
    assertEquals(context.getSequenceConfig().getAuthenticatedUser().getUserName(), authenticatedUserNameInSequence);
}
Also used : AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) HashMap(java.util.HashMap) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ThreadLocalProvisioningServiceProvider(org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 34 with Authenticator

use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method processFirstStepOnly.

/**
 * In SMSOTP optional case proceed with first step only.It can be basic or federated.
 *
 * @param authenticatedUser the name of authenticatedUser
 * @param context           the AuthenticationContext
 */
private void processFirstStepOnly(AuthenticatedUser authenticatedUser, AuthenticationContext context) {
    if (log.isDebugEnabled()) {
        log.debug("Processing First step only. Skipping SMSOTP");
    }
    // the authentication flow happens with basic authentication.
    StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(context.getCurrentStep() - 1);
    if (stepConfig.getAuthenticatedAutenticator().getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) {
        if (log.isDebugEnabled()) {
            log.debug("Found local authenticator in previous step. Hence setting a local user");
        }
        FederatedAuthenticatorUtil.updateLocalAuthenticatedUserInStepConfig(context, authenticatedUser);
        context.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.BASIC);
    } else {
        if (log.isDebugEnabled()) {
            log.debug("Found federated authenticator in previous step. Hence setting a local user");
        }
        FederatedAuthenticatorUtil.updateAuthenticatedUserInStepConfig(context, authenticatedUser);
        context.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.FEDERETOR);
    }
}
Also used : StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) LocalApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator)

Example 35 with Authenticator

use of org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleAuthFlowThroughFramework.

/**
 * This method use to call authentication framework directly via API other than using HTTP redirects.
 * Sending wrapper request object to doGet method since other original request doesn't exist required parameters
 * Doesn't check SUCCESS_COMPLETED since taking decision with INCOMPLETE status
 *
 * @param type authenticator type
 * @throws URISyntaxException
 * @throws InvalidRequestParentException
 * @Param type OAuthMessage
 */
private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, String type) throws URISyntaxException, InvalidRequestParentException {
    if (LoggerUtils.isDiagnosticLogsEnabled()) {
        Map<String, Object> params = new HashMap<>();
        params.put("clientId", oAuthMessage.getClientId());
        LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Forward authorization request to framework for user authentication.", "hand-over-to-framework", null);
    }
    try {
        String sessionDataKey = (String) oAuthMessage.getRequest().getAttribute(FrameworkConstants.SESSION_DATA_KEY);
        CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();
        CommonAuthRequestWrapper requestWrapper = new CommonAuthRequestWrapper(oAuthMessage.getRequest());
        requestWrapper.setParameter(FrameworkConstants.SESSION_DATA_KEY, sessionDataKey);
        requestWrapper.setParameter(FrameworkConstants.RequestParams.TYPE, type);
        CommonAuthResponseWrapper responseWrapper = new CommonAuthResponseWrapper(oAuthMessage.getResponse());
        commonAuthenticationHandler.doGet(requestWrapper, responseWrapper);
        Object attribute = oAuthMessage.getRequest().getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
        if (attribute != null) {
            if (attribute == AuthenticatorFlowStatus.INCOMPLETE) {
                if (responseWrapper.isRedirect()) {
                    return Response.status(HttpServletResponse.SC_FOUND).location(buildURI(responseWrapper.getRedirectURL())).build();
                } else {
                    return Response.status(HttpServletResponse.SC_OK).entity(responseWrapper.getContent()).build();
                }
            } else {
                return authorize(requestWrapper, responseWrapper);
            }
        } else {
            requestWrapper.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.UNKNOWN);
            return authorize(requestWrapper, responseWrapper);
        }
    } catch (ServletException | IOException | URLBuilderException e) {
        log.error("Error occurred while sending request to authentication framework.");
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            params.put("clientId", oAuthMessage.getClientId());
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Server error occurred.", "hand-over-to-framework", null);
        }
        return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).build();
    }
}
Also used : ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) CommonAuthenticationHandler(org.wso2.carbon.identity.application.authentication.framework.CommonAuthenticationHandler) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException) CommonAuthRequestWrapper(org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthRequestWrapper) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) CommonAuthResponseWrapper(org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper)

Aggregations

FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)27 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)25 Test (org.testng.annotations.Test)23 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)23 ArrayList (java.util.ArrayList)22 HashMap (java.util.HashMap)22 AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)22 ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)19 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)19 SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)16 FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)15 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)15 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)15 IOException (java.io.IOException)12 Map (java.util.Map)12 FederatedApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)12 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)11 RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)11 Property (org.wso2.carbon.identity.application.common.model.Property)10 HttpResponse (org.apache.http.HttpResponse)8