Examples with ApplicationConfig org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig used on opensource projects

Example 21 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultClaimHandler method handleClaimMappings.

@Override
public Map<String, String> handleClaimMappings(StepConfig stepConfig, AuthenticationContext context, Map<String, String> remoteClaims, boolean isFederatedClaims) throws FrameworkException {
    if (log.isDebugEnabled()) {
        logInput(remoteClaims, isFederatedClaims);
    }
    ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
    String spStandardDialect = getStandardDialect(context.getRequestType(), appConfig);
    context.setProperty(FrameworkConstants.SP_STANDARD_DIALECT, spStandardDialect);
    List<ClaimMapping> selectedRequestedClaims = FrameworkServiceDataHolder.getInstance().getHighestPriorityClaimFilter().getFilteredClaims(context, appConfig);
    setMandatoryAndRequestedClaims(appConfig, selectedRequestedClaims);
    context.getSequenceConfig().setApplicationConfig(appConfig);
    Map<String, String> returningClaims;
    if (isFederatedClaims) {
        returningClaims = handleFederatedClaims(remoteClaims, spStandardDialect, stepConfig, context);
    } else {
        returningClaims = handleLocalClaims(spStandardDialect, stepConfig, context);
    }
    if (log.isDebugEnabled()) {
        logOutput(returningClaims, context);
    }
    return returningClaims;
}

Example 22 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultClaimHandler method handleLocalClaims.

/**
 * @param context
 * @return
 * @throws FrameworkException
 */
protected Map<String, String> handleLocalClaims(String spStandardDialect, StepConfig stepConfig, AuthenticationContext context) throws FrameworkException {
    ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
    Map<String, String> spToLocalClaimMappings = appConfig.getClaimMappings();
    if (spToLocalClaimMappings == null) {
        spToLocalClaimMappings = new HashMap<>();
    }
    Map<String, String> carbonToStandardClaimMapping;
    Map<String, String> requestedClaimMappings = appConfig.getRequestedClaimMappings();
    if (requestedClaimMappings == null) {
        requestedClaimMappings = new HashMap<>();
    }
    AuthenticatedUser authenticatedUser = getAuthenticatedUser(stepConfig, context);
    String tenantDomain = authenticatedUser.getTenantDomain();
    UserRealm realm = getUserRealm(tenantDomain);
    if (realm == null) {
        log.warn("No valid tenant domain provider. No claims returned back");
        return new HashMap<>();
    }
    ClaimManager claimManager = getClaimManager(tenantDomain, realm);
    AbstractUserStoreManager userStore = getUserStoreManager(tenantDomain, realm);
    // key:value -> carbon_dialect:claim_value
    Map<String, String> allLocalClaims;
    // If default dialect -> all non-null user claims
    // If custom dialect -> all non-null user claims that have been mapped to custom claims
    // key:value -> sp_dialect:claim_value
    Map<String, String> allSPMappedClaims = new HashMap<>();
    // Requested claims only
    // key:value -> sp_dialect:claim_value
    Map<String, String> spRequestedClaims = new HashMap<>();
    // Retrieve all non-null user claim values against local claim uris.
    allLocalClaims = retrieveAllNunNullUserClaimValues(authenticatedUser, claimManager, appConfig, userStore);
    // Insert the runtime claims from the context. The priority is for runtime claims.
    allLocalClaims.putAll(context.getRuntimeClaims());
    handleRoleClaim(context, allLocalClaims);
    // if standard dialect get all claim mappings from standard dialect to carbon dialect
    spToLocalClaimMappings = getStandardDialectToCarbonMapping(spStandardDialect, context, spToLocalClaimMappings, tenantDomain);
    if (StringUtils.isNotBlank(spStandardDialect) && (!StringUtils.equals(spStandardDialect, ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT))) {
        carbonToStandardClaimMapping = getCarbonToStandardDialectMapping(spStandardDialect, context, spToLocalClaimMappings, tenantDomain);
        requestedClaimMappings = mapRequestClaimsInStandardDialect(requestedClaimMappings, carbonToStandardClaimMapping);
        context.setProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING, requestedClaimMappings);
    }
    mapSPClaimsAndFilterRequestedClaims(spToLocalClaimMappings, requestedClaimMappings, allLocalClaims, allSPMappedClaims, spRequestedClaims);
    if (stepConfig == null || stepConfig.isSubjectAttributeStep()) {
        context.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, allLocalClaims);
        context.setProperty(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES, allSPMappedClaims);
    }
    if (stepConfig == null || stepConfig.isSubjectIdentifierStep()) {
        if (spStandardDialect != null) {
            setSubjectClaimForLocalClaims(authenticatedUser, userStore, allLocalClaims, spStandardDialect, context);
        } else {
            setSubjectClaimForLocalClaims(authenticatedUser, userStore, allSPMappedClaims, null, context);
        }
    }
    if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(context.getRequestType())) {
        spRequestedClaims = allSPMappedClaims;
    }
    /*
        * This is a custom change added to pass 'MultipleAttributeSeparator' attribute value to other components,
        * since we can't get the logged in user in some situations.
        *
        * Following components affected from this change -
        * org.wso2.carbon.identity.application.authentication.endpoint
        * org.wso2.carbon.identity.provider
        * org.wso2.carbon.identity.oauth
        * org.wso2.carbon.identity.oauth.endpoint
        * org.wso2.carbon.identity.sso.saml
        *
        * TODO: Should use Map<String, List<String>> in future for claim mapping
        * */
    addMultiAttributeSeparatorToRequestedClaims(authenticatedUser, userStore, spRequestedClaims, realm);
    return spRequestedClaims;
}

Example 23 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class DefaultRequestCoordinator method refreshAppConfig.

private void refreshAppConfig(SequenceConfig sequenceConfig, String clientId, String clientType, String tenantDomain) throws FrameworkException {
    try {
        ServiceProvider serviceProvider = getServiceProvider(clientType, clientId, tenantDomain);
        ApplicationConfig appConfig = new ApplicationConfig(serviceProvider);
        sequenceConfig.setApplicationConfig(appConfig);
        if (log.isDebugEnabled()) {
            log.debug("Refresh application config in sequence config for application id: " + sequenceConfig.getApplicationId() + " in tenant: " + tenantDomain);
        }
    } catch (FrameworkException e) {
        String message = "No application found for application id: " + sequenceConfig.getApplicationId() + " in tenant: " + tenantDomain + " Probably, the Service Provider would have been removed.";
        throw new FrameworkException(message, e);
    }
}

Example 24 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method getSPMandatoryLocalClaims.

private List<String> getSPMandatoryLocalClaims(AuthenticationContext context) throws PostAuthenticationFailedException {
    List<String> spMandatoryLocalClaims = new ArrayList<>();
    ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
    if (applicationConfig == null) {
        ServiceProvider serviceProvider = getServiceProvider(context);
        String error = "Application configs are null in AuthenticationContext for SP: " + serviceProvider.getApplicationName() + " in tenant domain: " + getSPTenantDomain(serviceProvider);
        throw new PostAuthenticationFailedException("Authentication failed. Error while processing application " + "claim configurations.", error);
    }
    Map<String, String> claimMappings = applicationConfig.getMandatoryClaimMappings();
    if (isNotEmpty(claimMappings) && isNotEmpty(claimMappings.values())) {
        spMandatoryLocalClaims = new ArrayList<>(claimMappings.values());
    }
    String subjectClaimUri = getSubjectClaimUri(applicationConfig);
    if (!spMandatoryLocalClaims.contains(subjectClaimUri)) {
        spMandatoryLocalClaims.add(subjectClaimUri);
    }
    if (isDebugEnabled()) {
        String message = String.format("Mandatory claims for SP: %s - " + spMandatoryLocalClaims, applicationConfig.getApplicationName());
        logDebug(message);
    }
    return spMandatoryLocalClaims;
}

Example 25 with ApplicationConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method handlePostConsent.

protected PostAuthnHandlerFlowStatus handlePostConsent(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
    AuthenticatedUser authenticatedUser = getAuthenticatedUser(context);
    ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
    Map<String, String> claimMappings = applicationConfig.getClaimMappings();
    ServiceProvider serviceProvider = getServiceProvider(context);
    if (request.getParameter(USER_CONSENT_INPUT).equalsIgnoreCase(USER_CONSENT_APPROVE)) {
        if (isDebugEnabled()) {
            String message = "User: %s has approved consent for service provider: %s in tenant domain %s.";
            message = String.format(message, authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
            logDebug(message);
        }
        UserConsent userConsent = processUserConsent(request, context);
        ConsentClaimsData consentClaimsData = getConsentClaimsData(context, authenticatedUser, serviceProvider);
        // Remove the claims which dont have values given by the user.
        consentClaimsData.setRequestedClaims(removeConsentRequestedNullUserAttributes(consentClaimsData.getRequestedClaims(), authenticatedUser.getUserAttributes(), claimMappings));
        try {
            List<Integer> claimIdsWithConsent = getClaimIdsWithConsent(userConsent);
            getSSOConsentService().processConsent(claimIdsWithConsent, serviceProvider, authenticatedUser, consentClaimsData);
            removeDisapprovedClaims(context, authenticatedUser);
        } catch (SSOConsentDisabledException e) {
            String error = "Authentication Failure: Consent management is disabled for SSO.";
            String errorDesc = "Illegal operation. Consent management is disabled, but post authentication for " + "sso consent management is invoked.";
            throw new PostAuthenticationFailedException(error, errorDesc, e);
        } catch (SSOConsentServiceException e) {
            String error = "Error occurred while processing consent input of user: %s, for service provider: %s " + "in tenant domain: %s.";
            error = String.format(error, authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
            throw new PostAuthenticationFailedException("Authentication failed. Error while processing user " + "consent input.", error, e);
        }
    } else {
        String error = String.format("Authentication failed. User denied consent to share information with %s.", applicationConfig.getApplicationName());
        if (isDebugEnabled()) {
            logDebug(String.format("User: %s denied consent to share information with the service " + "provider: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), applicationConfig.getApplicationName()));
        }
        throw new PostAuthenticationFailedException(error, error);
    }
    return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}