Search in sources :

Example 11 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultStepBasedSequenceHandlerTest method getMockedContextForJitProvisioning.

private AuthenticationContext getMockedContextForJitProvisioning(String provisioningUserStoreId, String provisioningUserStoreClaimUri, String tenantDomain) {
    ExternalIdPConfig externalIdPConfig = spy(new ExternalIdPConfig());
    when(externalIdPConfig.getProvisioningUserStoreId()).thenReturn(provisioningUserStoreId);
    when(externalIdPConfig.getProvisioningUserStoreClaimURI()).thenReturn(provisioningUserStoreClaimUri);
    ApplicationConfig applicationConfig = new ApplicationConfig(new ServiceProvider());
    applicationConfig.setApplicationName("DUMMY_NAME");
    SequenceConfig sequenceConfig = new SequenceConfig();
    sequenceConfig.setApplicationConfig(applicationConfig);
    context.setTenantDomain(tenantDomain);
    context.setSequenceConfig(sequenceConfig);
    context.setExternalIdP(externalIdPConfig);
    return context;
}
Also used : ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ThreadLocalProvisioningServiceProvider(org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig) ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)

Example 12 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultAuthenticationRequestHandlerTest method testHandleRememberMeOptionFromLoginPage.

@Test(dataProvider = "rememberMeParamProvider")
public void testHandleRememberMeOptionFromLoginPage(String rememberMeParam, boolean expectedResult) throws Exception {
    doReturn(rememberMeParam).when(request).getParameter(FrameworkConstants.RequestParams.REMEMBER_ME);
    AuthenticationContext context = spy(new AuthenticationContext());
    SequenceConfig sequenceConfig = spy(new SequenceConfig());
    when(sequenceConfig.isCompleted()).thenReturn(true);
    ServiceProvider serviceProvider = spy(new ServiceProvider());
    LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = spy(new LocalAndOutboundAuthenticationConfig());
    when(localAndOutboundAuthenticationConfig.getAuthenticationType()).thenReturn(ApplicationConstants.AUTH_TYPE_LOCAL);
    serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
    ApplicationConfig applicationConfig = spy(new ApplicationConfig(serviceProvider));
    sequenceConfig.setApplicationConfig(applicationConfig);
    context.setSequenceConfig(sequenceConfig);
    // mock the context to show that flow is returning back from login page
    when(context.isReturning()).thenReturn(true);
    when(context.getCurrentStep()).thenReturn(0);
    DefaultAuthenticationRequestHandler authenticationRequestHandler = spy(new DefaultAuthenticationRequestHandler());
    // mock session nonce cookie validation
    mockStatic(SessionNonceCookieUtil.class);
    when(SessionNonceCookieUtil.validateNonceCookie(any(), any())).thenReturn(true);
    // Mock conclude flow and post authentication flows to isolate remember me option
    doNothing().when(authenticationRequestHandler).concludeFlow(request, response, context);
    authenticationRequestHandler.handle(request, response, context);
    assertEquals(context.isRememberMe(), expectedResult);
}
Also used : AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig) Test(org.testng.annotations.Test) PostAuthenticationMgtServiceTest(org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtServiceTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 13 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class UIBasedConfigurationLoader method getSequence.

/**
 * Loads the sequence in the way previous loading mechanism used to work.
 * Please do not use this for any new development.
 *
 * @param serviceProvider
 * @param tenantDomain
 * @param authenticationSteps
 * @return
 * @throws FrameworkException
 */
public SequenceConfig getSequence(ServiceProvider serviceProvider, String tenantDomain, AuthenticationStep[] authenticationSteps) throws FrameworkException {
    if (serviceProvider == null) {
        throw new FrameworkException("ServiceProvider cannot be null");
    }
    SequenceConfig sequenceConfig = new SequenceConfig();
    sequenceConfig.setApplicationId(serviceProvider.getApplicationName());
    sequenceConfig.setApplicationConfig(new ApplicationConfig(serviceProvider));
    // setting request path authenticators
    loadRequestPathAuthenticators(sequenceConfig, serviceProvider);
    int stepOrder = 0;
    if (authenticationSteps == null) {
        return sequenceConfig;
    }
    // for each configured step
    for (AuthenticationStep authenticationStep : authenticationSteps) {
        try {
            stepOrder = authenticationStep.getStepOrder();
        } catch (NumberFormatException e) {
            stepOrder++;
        }
        // create a step configuration object
        StepConfig stepConfig = createStepConfigurationObject(stepOrder, authenticationStep);
        // loading Federated Authenticators
        loadFederatedAuthenticators(authenticationStep, stepConfig, tenantDomain);
        // loading local authenticators
        loadLocalAuthenticators(authenticationStep, stepConfig);
        sequenceConfig.getStepMap().put(stepOrder, stepConfig);
    }
    return sequenceConfig;
}
Also used : FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)

Example 14 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultSequenceHandlerUtils method isLocalClaimDialect.

/**
 * Checks if the service provider is using the local claim dialect.
 * Extracts the service provider details from the authentication context.
 *
 * @param context AuthenticationContext.
 * @return True if the used dialect is the local dialect.
 */
private static boolean isLocalClaimDialect(AuthenticationContext context) {
    ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
    ClaimConfig claimConfig = appConfig.getServiceProvider().getClaimConfig();
    return claimConfig.isLocalClaimDialect();
}
Also used : ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig)

Example 15 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultStepBasedSequenceHandler method handlePostAuthentication.

@SuppressWarnings("unchecked")
protected void handlePostAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
    if (log.isDebugEnabled()) {
        log.debug("Handling Post Authentication tasks");
    }
    SequenceConfig sequenceConfig = context.getSequenceConfig();
    StringBuilder jsonBuilder = new StringBuilder();
    boolean subjectFoundInStep = false;
    boolean subjectAttributesFoundInStep = false;
    int stepCount = 1;
    Map<String, String> mappedAttrs = new HashMap<>();
    Map<ClaimMapping, String> authenticatedUserAttributes = new HashMap<>();
    boolean isAuthenticatorExecuted = false;
    for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
        StepConfig stepConfig = entry.getValue();
        AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
        if (authenticatorConfig == null) {
            // ex: Different authentication sequences evaluated by the script
            continue;
        }
        ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
        if (!(authenticator instanceof AuthenticationFlowHandler)) {
            isAuthenticatorExecuted = true;
        }
        // build the authenticated idps JWT to send to the calling servlet.
        if (stepCount == 1) {
            jsonBuilder.append("\"idps\":");
            jsonBuilder.append("[");
        }
        // build the JSON object for this step
        jsonBuilder.append("{");
        jsonBuilder.append("\"idp\":\"").append(stepConfig.getAuthenticatedIdP()).append("\",");
        jsonBuilder.append("\"authenticator\":\"").append(authenticator.getName()).append("\"");
        if (stepCount != sequenceConfig.getStepMap().size()) {
            jsonBuilder.append("},");
        } else {
            // wrap up the JSON object
            jsonBuilder.append("}");
            jsonBuilder.append("]");
            sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder.toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));
            stepConfig.setSubjectIdentifierStep(!subjectFoundInStep);
            stepConfig.setSubjectAttributeStep(!subjectAttributesFoundInStep);
        }
        stepCount++;
        if (authenticator instanceof FederatedApplicationAuthenticator) {
            ExternalIdPConfig externalIdPConfig = null;
            try {
                externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(stepConfig.getAuthenticatedIdP(), context.getTenantDomain());
            } catch (IdentityProviderManagementException e) {
                log.error("Exception while getting IdP by name", e);
            }
            context.setExternalIdP(externalIdPConfig);
            String originalExternalIdpSubjectValueForThisStep = stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
            if (externalIdPConfig == null) {
                String errorMsg = "An External IdP cannot be null for a FederatedApplicationAuthenticator";
                log.error(errorMsg);
                throw new FrameworkException(errorMsg);
            }
            Map<ClaimMapping, String> extAttrs;
            Map<String, String> extAttibutesValueMap;
            Map<String, String> localClaimValues = null;
            Map<String, String> idpClaimValues = null;
            extAttrs = stepConfig.getAuthenticatedUser().getUserAttributes();
            extAttibutesValueMap = FrameworkUtils.getClaimMappings(extAttrs, false);
            if (stepConfig.isSubjectAttributeStep()) {
                subjectAttributesFoundInStep = true;
                String idpRoleClaimUri = getIdpRoleClaimUri(stepConfig, context);
                // Get the mapped user roles according to the mapping in the IDP configuration.
                // Include the unmapped roles as it is.
                List<String> identityProviderMappedUserRolesUnmappedInclusive = getIdentityProvideMappedUserRoles(externalIdPConfig, extAttibutesValueMap, idpRoleClaimUri, returnOnlyMappedLocalRoles);
                String serviceProviderMappedUserRoles = getServiceProviderMappedUserRoles(sequenceConfig, identityProviderMappedUserRolesUnmappedInclusive);
                if (StringUtils.isNotBlank(idpRoleClaimUri) && StringUtils.isNotBlank(serviceProviderMappedUserRoles)) {
                    extAttibutesValueMap.put(idpRoleClaimUri, serviceProviderMappedUserRoles);
                }
                if (mappedAttrs == null || mappedAttrs.isEmpty()) {
                    // do claim handling
                    mappedAttrs = handleClaimMappings(stepConfig, context, extAttibutesValueMap, true);
                    // external claim values mapped to local claim uris.
                    localClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
                    idpClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
                }
            }
            if (stepConfig.isSubjectIdentifierStep()) {
                if (!stepConfig.isSubjectAttributeStep()) {
                    /*
                        Do claim mapping inorder to get subject claim uri requested. This is done only if the
                        step is not a subject attribute step. Because it is already done in the previous flow if
                        the step is a subject attribute step.
                        */
                    handleClaimMappings(stepConfig, context, extAttibutesValueMap, true);
                }
                subjectFoundInStep = true;
                sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(stepConfig.getAuthenticatedUser()));
            }
            if (stepConfig.isSubjectAttributeStep()) {
                if (!sequenceConfig.getApplicationConfig().isMappedSubjectIDSelected()) {
                    // if we found the mapped subject - then we do not need to worry about
                    // finding attributes.
                    // if no requested claims are selected and sp claim dialect is not a standard dialect,
                    // send all local mapped claim values or idp claim values
                    ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
                    if (MapUtils.isEmpty(appConfig.getRequestedClaimMappings()) && !isSPStandardClaimDialect(context.getRequestType())) {
                        if (MapUtils.isNotEmpty(localClaimValues)) {
                            mappedAttrs = localClaimValues;
                        } else if (MapUtils.isNotEmpty(idpClaimValues)) {
                            mappedAttrs = idpClaimValues;
                        }
                    }
                    authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(mappedAttrs);
                }
            }
        } else {
            if (stepConfig.isSubjectIdentifierStep()) {
                if (!stepConfig.isSubjectAttributeStep()) {
                    /*
                        Do claim mapping inorder to get subject claim uri requested. This is done only if the
                        step is not a subject attribute step. Because it is already done in the previous flow if
                        the step is a subject attribute step.
                        */
                    handleClaimMappings(stepConfig, context, null, false);
                }
                subjectFoundInStep = true;
                sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(stepConfig.getAuthenticatedUser()));
                if (log.isDebugEnabled()) {
                    log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getLoggableUserId());
                    log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
                }
            }
            if (stepConfig.isSubjectAttributeStep()) {
                subjectAttributesFoundInStep = true;
                // local authentications
                mappedAttrs = handleClaimMappings(stepConfig, context, null, false);
                handleRoleMapping(context, sequenceConfig, mappedAttrs);
                authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(mappedAttrs);
            }
        }
    }
    if (!isAuthenticatorExecuted) {
        String errorMsg = String.format("No authenticator have been executed in the authentication flow of " + "application: %s in tenant-domain: %s", sequenceConfig.getApplicationConfig().getApplicationName(), context.getTenantDomain());
        log.error(errorMsg);
        throw new MisconfigurationException(errorMsg);
    }
    if (isSPStandardClaimDialect(context.getRequestType()) && authenticatedUserAttributes.isEmpty() && sequenceConfig.getAuthenticatedUser() != null) {
        sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
    }
    if (!authenticatedUserAttributes.isEmpty() && sequenceConfig.getAuthenticatedUser() != null) {
        sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
    }
}
Also used : AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) HashMap(java.util.HashMap) MisconfigurationException(org.wso2.carbon.identity.application.authentication.framework.exception.MisconfigurationException) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator) ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator) ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) AuthenticationFlowHandler(org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig) ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig) HashMap(java.util.HashMap) Map(java.util.Map) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Aggregations

ApplicationConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)25 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)11 SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)9 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)7 Test (org.testng.annotations.Test)7 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)6 ArrayList (java.util.ArrayList)5 FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)5 HashMap (java.util.HashMap)4 StringUtils.defaultString (org.apache.commons.lang.StringUtils.defaultString)4 AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)4 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)4 AuthenticationContext (org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)4 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)4 PostAuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)3 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig)3 List (java.util.List)2 Map (java.util.Map)2 ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)2 ExternalIdPConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)2