Example 6 with FederatedApplicationAuthenticator
use of org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator in project carbon-identity-framework by wso2.
the class JsGraphBuilderTest method filterParamsDataProvider.
@DataProvider
public Object[][] filterParamsDataProvider() {
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().clear();
LocalAuthenticatorConfig basic = new LocalAuthenticatorConfig();
basic.setName("BasicAuthenticator");
basic.setDisplayName("basic");
LocalAuthenticatorConfig totp = new LocalAuthenticatorConfig();
totp.setName("TOTPAuthenticator");
totp.setDisplayName("totp");
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(basic);
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(totp);
FederatedAuthenticatorConfig twitterFederated = new FederatedAuthenticatorConfig();
twitterFederated.setDisplayName("twitter");
twitterFederated.setName("TwitterAuthenticator");
IdentityProvider localIdp = new IdentityProvider();
localIdp.setId("local");
localIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
IdentityProvider customIdp2 = new IdentityProvider();
customIdp2.setId("customIdp2");
customIdp2.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { twitterFederated });
customIdp2.setDefaultAuthenticatorConfig(twitterFederated);
AuthenticatorConfig basicAuthConfig = new AuthenticatorConfig();
basicAuthConfig.setName("BasicAuthenticator");
basicAuthConfig.setEnabled(true);
when(localApplicationAuthenticator.getName()).thenReturn("BasicAuthenticator");
when(localApplicationAuthenticator.getFriendlyName()).thenReturn("basic");
basicAuthConfig.setApplicationAuthenticator(localApplicationAuthenticator);
basicAuthConfig.getIdps().put("local", localIdp);
AuthenticatorConfig totpAuthConfig = new AuthenticatorConfig();
totpAuthConfig.setName("TOTPAuthenticator");
totpAuthConfig.setEnabled(true);
when(totpApplicationAuthenticator.getName()).thenReturn("TOTPAuthenticator");
when(totpApplicationAuthenticator.getFriendlyName()).thenReturn("totp");
totpAuthConfig.setApplicationAuthenticator(totpApplicationAuthenticator);
totpAuthConfig.getIdps().put("local", localIdp);
AuthenticatorConfig twitterAuthConfig = new AuthenticatorConfig();
twitterAuthConfig.setName("TwitterAuthenticator");
twitterAuthConfig.setEnabled(true);
when(federatedApplicationAuthenticator.getName()).thenReturn("TwitterAuthenticator");
when(federatedApplicationAuthenticator.getFriendlyName()).thenReturn("twitter");
twitterAuthConfig.setApplicationAuthenticator(federatedApplicationAuthenticator);
twitterAuthConfig.getIdps().put("customIdp2", customIdp2);
StepConfig stepWithSingleOption = new StepConfig();
stepWithSingleOption.setAuthenticatorList(Collections.singletonList(basicAuthConfig));
Map<String, Object> singleParamConfig = new HashMap<>();
Map<String, Object> params = new HashMap<>();
params.put("BasicAuthenticator", Collections.singletonMap("foo", "xyz"));
singleParamConfig.put("local", params);
StepConfig stepWithMultipleOptions = new StepConfig();
stepWithMultipleOptions.setAuthenticatorList(new ArrayList<>(Arrays.asList(basicAuthConfig, totpAuthConfig, twitterAuthConfig)));
Map<String, Object> localParams = new HashMap<>();
localParams.put("BasicAuthenticator", Collections.singletonMap("foo", "xyz"));
localParams.put("TOTPAuthenticator", Collections.singletonMap("domain", "localhost"));
Map<String, Object> federatedParams = new HashMap<>();
federatedParams.put("customIdp2", Collections.singletonMap("foo", "user"));
Map<String, Object> multiParamConfig = new HashMap<>();
multiParamConfig.put("local", localParams);
multiParamConfig.put("federated", federatedParams);
return new Object[][] { { singleParamConfig, duplicateStepConfig(stepWithSingleOption), "BasicAuthenticator", "foo", "xyz" }, { singleParamConfig, duplicateStepConfig(stepWithSingleOption), "BasicAuthenticator", "foos", null }, { singleParamConfig, duplicateStepConfig(stepWithMultipleOptions), "BasicAuthenticator", "foo", "xyz" }, { multiParamConfig, duplicateStepConfig(stepWithMultipleOptions), "BasicAuthenticator", "domain", null }, { multiParamConfig, duplicateStepConfig(stepWithMultipleOptions), "TwitterAuthenticator", "foo", "user" }, { multiParamConfig, duplicateStepConfig(stepWithMultipleOptions), "TOTPAuthenticator", "domain", "localhost" } };
}
Also used :
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
HashMap(java.util.HashMap)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
DataProvider(org.testng.annotations.DataProvider)
Example 7 with FederatedApplicationAuthenticator
use of org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator in project carbon-identity-framework by wso2.
the class DefaultStepBasedSequenceHandler method handlePostAuthentication.
@SuppressWarnings("unchecked")
protected void handlePostAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Handling Post Authentication tasks");
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
StringBuilder jsonBuilder = new StringBuilder();
boolean subjectFoundInStep = false;
boolean subjectAttributesFoundInStep = false;
int stepCount = 1;
Map<String, String> mappedAttrs = new HashMap<>();
Map<ClaimMapping, String> authenticatedUserAttributes = new HashMap<>();
boolean isAuthenticatorExecuted = false;
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
// ex: Different authentication sequences evaluated by the script
continue;
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (!(authenticator instanceof AuthenticationFlowHandler)) {
isAuthenticatorExecuted = true;
}
// build the authenticated idps JWT to send to the calling servlet.
if (stepCount == 1) {
jsonBuilder.append("\"idps\":");
jsonBuilder.append("[");
}
// build the JSON object for this step
jsonBuilder.append("{");
jsonBuilder.append("\"idp\":\"").append(stepConfig.getAuthenticatedIdP()).append("\",");
jsonBuilder.append("\"authenticator\":\"").append(authenticator.getName()).append("\"");
if (stepCount != sequenceConfig.getStepMap().size()) {
jsonBuilder.append("},");
} else {
// wrap up the JSON object
jsonBuilder.append("}");
jsonBuilder.append("]");
sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder.toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));
stepConfig.setSubjectIdentifierStep(!subjectFoundInStep);
stepConfig.setSubjectAttributeStep(!subjectAttributesFoundInStep);
}
stepCount++;
if (authenticator instanceof FederatedApplicationAuthenticator) {
ExternalIdPConfig externalIdPConfig = null;
try {
externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(stepConfig.getAuthenticatedIdP(), context.getTenantDomain());
} catch (IdentityProviderManagementException e) {
log.error("Exception while getting IdP by name", e);
}
context.setExternalIdP(externalIdPConfig);
String originalExternalIdpSubjectValueForThisStep = stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
if (externalIdPConfig == null) {
String errorMsg = "An External IdP cannot be null for a FederatedApplicationAuthenticator";
log.error(errorMsg);
throw new FrameworkException(errorMsg);
}
Map<ClaimMapping, String> extAttrs;
Map<String, String> extAttibutesValueMap;
Map<String, String> localClaimValues = null;
Map<String, String> idpClaimValues = null;
extAttrs = stepConfig.getAuthenticatedUser().getUserAttributes();
extAttibutesValueMap = FrameworkUtils.getClaimMappings(extAttrs, false);
if (stepConfig.isSubjectAttributeStep()) {
subjectAttributesFoundInStep = true;
String idpRoleClaimUri = getIdpRoleClaimUri(stepConfig, context);
// Get the mapped user roles according to the mapping in the IDP configuration.
// Include the unmapped roles as it is.
List<String> identityProviderMappedUserRolesUnmappedInclusive = getIdentityProvideMappedUserRoles(externalIdPConfig, extAttibutesValueMap, idpRoleClaimUri, returnOnlyMappedLocalRoles);
String serviceProviderMappedUserRoles = getServiceProviderMappedUserRoles(sequenceConfig, identityProviderMappedUserRolesUnmappedInclusive);
if (StringUtils.isNotBlank(idpRoleClaimUri) && StringUtils.isNotBlank(serviceProviderMappedUserRoles)) {
extAttibutesValueMap.put(idpRoleClaimUri, serviceProviderMappedUserRoles);
}
if (mappedAttrs == null || mappedAttrs.isEmpty()) {
// do claim handling
mappedAttrs = handleClaimMappings(stepConfig, context, extAttibutesValueMap, true);
// external claim values mapped to local claim uris.
localClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
idpClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
}
}
if (stepConfig.isSubjectIdentifierStep()) {
if (!stepConfig.isSubjectAttributeStep()) {
/*
Do claim mapping inorder to get subject claim uri requested. This is done only if the
step is not a subject attribute step. Because it is already done in the previous flow if
the step is a subject attribute step.
*/
handleClaimMappings(stepConfig, context, extAttibutesValueMap, true);
}
subjectFoundInStep = true;
sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(stepConfig.getAuthenticatedUser()));
}
if (stepConfig.isSubjectAttributeStep()) {
if (!sequenceConfig.getApplicationConfig().isMappedSubjectIDSelected()) {
// if we found the mapped subject - then we do not need to worry about
// finding attributes.
// if no requested claims are selected and sp claim dialect is not a standard dialect,
// send all local mapped claim values or idp claim values
ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
if (MapUtils.isEmpty(appConfig.getRequestedClaimMappings()) && !isSPStandardClaimDialect(context.getRequestType())) {
if (MapUtils.isNotEmpty(localClaimValues)) {
mappedAttrs = localClaimValues;
} else if (MapUtils.isNotEmpty(idpClaimValues)) {
mappedAttrs = idpClaimValues;
}
}
authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(mappedAttrs);
}
}
} else {
if (stepConfig.isSubjectIdentifierStep()) {
if (!stepConfig.isSubjectAttributeStep()) {
/*
Do claim mapping inorder to get subject claim uri requested. This is done only if the
step is not a subject attribute step. Because it is already done in the previous flow if
the step is a subject attribute step.
*/
handleClaimMappings(stepConfig, context, null, false);
}
subjectFoundInStep = true;
sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(stepConfig.getAuthenticatedUser()));
if (log.isDebugEnabled()) {
log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getLoggableUserId());
log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
}
}
if (stepConfig.isSubjectAttributeStep()) {
subjectAttributesFoundInStep = true;
// local authentications
mappedAttrs = handleClaimMappings(stepConfig, context, null, false);
handleRoleMapping(context, sequenceConfig, mappedAttrs);
authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(mappedAttrs);
}
}
}
if (!isAuthenticatorExecuted) {
String errorMsg = String.format("No authenticator have been executed in the authentication flow of " + "application: %s in tenant-domain: %s", sequenceConfig.getApplicationConfig().getApplicationName(), context.getTenantDomain());
log.error(errorMsg);
throw new MisconfigurationException(errorMsg);
}
if (isSPStandardClaimDialect(context.getRequestType()) && authenticatedUserAttributes.isEmpty() && sequenceConfig.getAuthenticatedUser() != null) {
sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
if (!authenticatedUserAttributes.isEmpty() && sequenceConfig.getAuthenticatedUser() != null) {
sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
}
Also used :
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
HashMap(java.util.HashMap)
MisconfigurationException(org.wso2.carbon.identity.application.authentication.framework.exception.MisconfigurationException)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)
ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)
ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)
AuthenticationFlowHandler(org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler)
SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)
ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)
HashMap(java.util.HashMap)
Map(java.util.Map)
IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)
Example 8 with FederatedApplicationAuthenticator
use of org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator in project carbon-identity-framework by wso2.
the class FrameworkServiceComponent method unsetAuthenticator.
protected void unsetAuthenticator(ApplicationAuthenticator authenticator) {
FrameworkServiceDataHolder.getInstance().getAuthenticators().remove(authenticator);
String authenticatorName = authenticator.getName();
ApplicationAuthenticatorService appAuthenticatorService = ApplicationAuthenticatorService.getInstance();
if (authenticator instanceof LocalApplicationAuthenticator) {
LocalAuthenticatorConfig localAuthenticatorConfig = appAuthenticatorService.getLocalAuthenticatorByName(authenticatorName);
appAuthenticatorService.removeLocalAuthenticator(localAuthenticatorConfig);
} else if (authenticator instanceof FederatedApplicationAuthenticator) {
FederatedAuthenticatorConfig federatedAuthenticatorConfig = appAuthenticatorService.getFederatedAuthenticatorByName(authenticatorName);
appAuthenticatorService.removeFederatedAuthenticator(federatedAuthenticatorConfig);
} else if (authenticator instanceof RequestPathApplicationAuthenticator) {
RequestPathAuthenticatorConfig reqPathAuthenticatorConfig = appAuthenticatorService.getRequestPathAuthenticatorByName(authenticatorName);
appAuthenticatorService.removeRequestPathAuthenticator(reqPathAuthenticatorConfig);
}
if (log.isDebugEnabled()) {
log.debug("Removed application authenticator : " + authenticator.getName());
}
}
Also used :
ApplicationAuthenticatorService(org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
RequestPathApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.RequestPathApplicationAuthenticator)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)
LocalApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator)
FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)
Aggregations
FederatedApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)7
AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)6
StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)6
HashMap (java.util.HashMap)5
ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)5
SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)5
Map (java.util.Map)4
LocalApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator)3
ExternalIdPConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)3
FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)3
LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)3
AuthenticationFlowHandler (org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler)2
RequestPathApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.RequestPathApplicationAuthenticator)2
FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)2
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)2
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)2
RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)2
Serializable (java.io.Serializable)1
JSONObject (org.json.JSONObject)1
Reference (org.osgi.service.component.annotations.Reference)1
