use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.
the class DefaultStepBasedSequenceHandlerTest method getMockedContextForJitProvisioning.
private AuthenticationContext getMockedContextForJitProvisioning(String provisioningUserStoreId, String provisioningUserStoreClaimUri, String tenantDomain) {
ExternalIdPConfig externalIdPConfig = spy(new ExternalIdPConfig());
when(externalIdPConfig.getProvisioningUserStoreId()).thenReturn(provisioningUserStoreId);
when(externalIdPConfig.getProvisioningUserStoreClaimURI()).thenReturn(provisioningUserStoreClaimUri);
ApplicationConfig applicationConfig = new ApplicationConfig(new ServiceProvider());
applicationConfig.setApplicationName("DUMMY_NAME");
SequenceConfig sequenceConfig = new SequenceConfig();
sequenceConfig.setApplicationConfig(applicationConfig);
context.setTenantDomain(tenantDomain);
context.setSequenceConfig(sequenceConfig);
context.setExternalIdP(externalIdPConfig);
return context;
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.
the class DefaultAuthenticationRequestHandlerTest method testHandleRememberMeOptionFromLoginPage.
@Test(dataProvider = "rememberMeParamProvider")
public void testHandleRememberMeOptionFromLoginPage(String rememberMeParam, boolean expectedResult) throws Exception {
doReturn(rememberMeParam).when(request).getParameter(FrameworkConstants.RequestParams.REMEMBER_ME);
AuthenticationContext context = spy(new AuthenticationContext());
SequenceConfig sequenceConfig = spy(new SequenceConfig());
when(sequenceConfig.isCompleted()).thenReturn(true);
ServiceProvider serviceProvider = spy(new ServiceProvider());
LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = spy(new LocalAndOutboundAuthenticationConfig());
when(localAndOutboundAuthenticationConfig.getAuthenticationType()).thenReturn(ApplicationConstants.AUTH_TYPE_LOCAL);
serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
ApplicationConfig applicationConfig = spy(new ApplicationConfig(serviceProvider));
sequenceConfig.setApplicationConfig(applicationConfig);
context.setSequenceConfig(sequenceConfig);
// mock the context to show that flow is returning back from login page
when(context.isReturning()).thenReturn(true);
when(context.getCurrentStep()).thenReturn(0);
DefaultAuthenticationRequestHandler authenticationRequestHandler = spy(new DefaultAuthenticationRequestHandler());
// mock session nonce cookie validation
mockStatic(SessionNonceCookieUtil.class);
when(SessionNonceCookieUtil.validateNonceCookie(any(), any())).thenReturn(true);
// Mock conclude flow and post authentication flows to isolate remember me option
doNothing().when(authenticationRequestHandler).concludeFlow(request, response, context);
authenticationRequestHandler.handle(request, response, context);
assertEquals(context.isRememberMe(), expectedResult);
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method getSequence.
/**
* Loads the sequence in the way previous loading mechanism used to work.
* Please do not use this for any new development.
*
* @param serviceProvider
* @param tenantDomain
* @param authenticationSteps
* @return
* @throws FrameworkException
*/
public SequenceConfig getSequence(ServiceProvider serviceProvider, String tenantDomain, AuthenticationStep[] authenticationSteps) throws FrameworkException {
if (serviceProvider == null) {
throw new FrameworkException("ServiceProvider cannot be null");
}
SequenceConfig sequenceConfig = new SequenceConfig();
sequenceConfig.setApplicationId(serviceProvider.getApplicationName());
sequenceConfig.setApplicationConfig(new ApplicationConfig(serviceProvider));
// setting request path authenticators
loadRequestPathAuthenticators(sequenceConfig, serviceProvider);
int stepOrder = 0;
if (authenticationSteps == null) {
return sequenceConfig;
}
// for each configured step
for (AuthenticationStep authenticationStep : authenticationSteps) {
try {
stepOrder = authenticationStep.getStepOrder();
} catch (NumberFormatException e) {
stepOrder++;
}
// create a step configuration object
StepConfig stepConfig = createStepConfigurationObject(stepOrder, authenticationStep);
// loading Federated Authenticators
loadFederatedAuthenticators(authenticationStep, stepConfig, tenantDomain);
// loading local authenticators
loadLocalAuthenticators(authenticationStep, stepConfig);
sequenceConfig.getStepMap().put(stepOrder, stepConfig);
}
return sequenceConfig;
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.
the class DefaultSequenceHandlerUtils method isLocalClaimDialect.
/**
* Checks if the service provider is using the local claim dialect.
* Extracts the service provider details from the authentication context.
*
* @param context AuthenticationContext.
* @return True if the used dialect is the local dialect.
*/
private static boolean isLocalClaimDialect(AuthenticationContext context) {
ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
ClaimConfig claimConfig = appConfig.getServiceProvider().getClaimConfig();
return claimConfig.isLocalClaimDialect();
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.
the class DefaultStepBasedSequenceHandler method handlePostAuthentication.
@SuppressWarnings("unchecked")
protected void handlePostAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Handling Post Authentication tasks");
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
StringBuilder jsonBuilder = new StringBuilder();
boolean subjectFoundInStep = false;
boolean subjectAttributesFoundInStep = false;
int stepCount = 1;
Map<String, String> mappedAttrs = new HashMap<>();
Map<ClaimMapping, String> authenticatedUserAttributes = new HashMap<>();
boolean isAuthenticatorExecuted = false;
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
// ex: Different authentication sequences evaluated by the script
continue;
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (!(authenticator instanceof AuthenticationFlowHandler)) {
isAuthenticatorExecuted = true;
}
// build the authenticated idps JWT to send to the calling servlet.
if (stepCount == 1) {
jsonBuilder.append("\"idps\":");
jsonBuilder.append("[");
}
// build the JSON object for this step
jsonBuilder.append("{");
jsonBuilder.append("\"idp\":\"").append(stepConfig.getAuthenticatedIdP()).append("\",");
jsonBuilder.append("\"authenticator\":\"").append(authenticator.getName()).append("\"");
if (stepCount != sequenceConfig.getStepMap().size()) {
jsonBuilder.append("},");
} else {
// wrap up the JSON object
jsonBuilder.append("}");
jsonBuilder.append("]");
sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder.toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));
stepConfig.setSubjectIdentifierStep(!subjectFoundInStep);
stepConfig.setSubjectAttributeStep(!subjectAttributesFoundInStep);
}
stepCount++;
if (authenticator instanceof FederatedApplicationAuthenticator) {
ExternalIdPConfig externalIdPConfig = null;
try {
externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(stepConfig.getAuthenticatedIdP(), context.getTenantDomain());
} catch (IdentityProviderManagementException e) {
log.error("Exception while getting IdP by name", e);
}
context.setExternalIdP(externalIdPConfig);
String originalExternalIdpSubjectValueForThisStep = stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
if (externalIdPConfig == null) {
String errorMsg = "An External IdP cannot be null for a FederatedApplicationAuthenticator";
log.error(errorMsg);
throw new FrameworkException(errorMsg);
}
Map<ClaimMapping, String> extAttrs;
Map<String, String> extAttibutesValueMap;
Map<String, String> localClaimValues = null;
Map<String, String> idpClaimValues = null;
extAttrs = stepConfig.getAuthenticatedUser().getUserAttributes();
extAttibutesValueMap = FrameworkUtils.getClaimMappings(extAttrs, false);
if (stepConfig.isSubjectAttributeStep()) {
subjectAttributesFoundInStep = true;
String idpRoleClaimUri = getIdpRoleClaimUri(stepConfig, context);
// Get the mapped user roles according to the mapping in the IDP configuration.
// Include the unmapped roles as it is.
List<String> identityProviderMappedUserRolesUnmappedInclusive = getIdentityProvideMappedUserRoles(externalIdPConfig, extAttibutesValueMap, idpRoleClaimUri, returnOnlyMappedLocalRoles);
String serviceProviderMappedUserRoles = getServiceProviderMappedUserRoles(sequenceConfig, identityProviderMappedUserRolesUnmappedInclusive);
if (StringUtils.isNotBlank(idpRoleClaimUri) && StringUtils.isNotBlank(serviceProviderMappedUserRoles)) {
extAttibutesValueMap.put(idpRoleClaimUri, serviceProviderMappedUserRoles);
}
if (mappedAttrs == null || mappedAttrs.isEmpty()) {
// do claim handling
mappedAttrs = handleClaimMappings(stepConfig, context, extAttibutesValueMap, true);
// external claim values mapped to local claim uris.
localClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
idpClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
}
}
if (stepConfig.isSubjectIdentifierStep()) {
if (!stepConfig.isSubjectAttributeStep()) {
/*
Do claim mapping inorder to get subject claim uri requested. This is done only if the
step is not a subject attribute step. Because it is already done in the previous flow if
the step is a subject attribute step.
*/
handleClaimMappings(stepConfig, context, extAttibutesValueMap, true);
}
subjectFoundInStep = true;
sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(stepConfig.getAuthenticatedUser()));
}
if (stepConfig.isSubjectAttributeStep()) {
if (!sequenceConfig.getApplicationConfig().isMappedSubjectIDSelected()) {
// if we found the mapped subject - then we do not need to worry about
// finding attributes.
// if no requested claims are selected and sp claim dialect is not a standard dialect,
// send all local mapped claim values or idp claim values
ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
if (MapUtils.isEmpty(appConfig.getRequestedClaimMappings()) && !isSPStandardClaimDialect(context.getRequestType())) {
if (MapUtils.isNotEmpty(localClaimValues)) {
mappedAttrs = localClaimValues;
} else if (MapUtils.isNotEmpty(idpClaimValues)) {
mappedAttrs = idpClaimValues;
}
}
authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(mappedAttrs);
}
}
} else {
if (stepConfig.isSubjectIdentifierStep()) {
if (!stepConfig.isSubjectAttributeStep()) {
/*
Do claim mapping inorder to get subject claim uri requested. This is done only if the
step is not a subject attribute step. Because it is already done in the previous flow if
the step is a subject attribute step.
*/
handleClaimMappings(stepConfig, context, null, false);
}
subjectFoundInStep = true;
sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(stepConfig.getAuthenticatedUser()));
if (log.isDebugEnabled()) {
log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getLoggableUserId());
log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
}
}
if (stepConfig.isSubjectAttributeStep()) {
subjectAttributesFoundInStep = true;
// local authentications
mappedAttrs = handleClaimMappings(stepConfig, context, null, false);
handleRoleMapping(context, sequenceConfig, mappedAttrs);
authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(mappedAttrs);
}
}
}
if (!isAuthenticatorExecuted) {
String errorMsg = String.format("No authenticator have been executed in the authentication flow of " + "application: %s in tenant-domain: %s", sequenceConfig.getApplicationConfig().getApplicationName(), context.getTenantDomain());
log.error(errorMsg);
throw new MisconfigurationException(errorMsg);
}
if (isSPStandardClaimDialect(context.getRequestType()) && authenticatedUserAttributes.isEmpty() && sequenceConfig.getAuthenticatedUser() != null) {
sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
if (!authenticatedUserAttributes.isEmpty() && sequenceConfig.getAuthenticatedUser() != null) {
sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
}
Aggregations