use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getUserIdClaimUriInLocalDialect.
private String getUserIdClaimUriInLocalDialect(ExternalIdPConfig idPConfig) {
// get external identity provider user id claim URI.
String userIdClaimUri = idPConfig.getUserIdClaimUri();
if (StringUtils.isBlank(userIdClaimUri)) {
return null;
}
boolean useDefaultLocalIdpDialect = idPConfig.useDefaultLocalIdpDialect();
if (useDefaultLocalIdpDialect) {
return userIdClaimUri;
} else {
ClaimMapping[] claimMappings = idPConfig.getClaimMappings();
if (!ArrayUtils.isEmpty(claimMappings)) {
for (ClaimMapping claimMapping : claimMappings) {
if (userIdClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
return claimMapping.getLocalClaim().getClaimUri();
}
}
}
}
return null;
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method redirectToAccountCreateUI.
/**
* Call the relevant URL to add the new user.
*
* @param externalIdPConfig Relevant external IDP.
* @param context Authentication context.
* @param localClaimValues Local claim values.
* @param response HttpServlet response.
* @param username Relevant user name
* @throws PostAuthenticationFailedException Post Authentication Failed Exception.
*/
private void redirectToAccountCreateUI(ExternalIdPConfig externalIdPConfig, AuthenticationContext context, Map<String, String> localClaimValues, HttpServletResponse response, String username, HttpServletRequest request) throws PostAuthenticationFailedException {
try {
ServiceURLBuilder uriBuilder = ServiceURLBuilder.create();
if (externalIdPConfig.isModifyUserNameAllowed()) {
context.setProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED, true);
uriBuilder = uriBuilder.addPath(FrameworkUtils.getUserNameProvisioningUIUrl());
uriBuilder.addParameter(FrameworkConstants.ALLOW_CHANGE_USER_NAME, String.valueOf(true));
if (log.isDebugEnabled()) {
log.debug(externalIdPConfig.getName() + " allow to change the username, redirecting to " + "registration endpoint to provision the user: " + username);
}
} else {
uriBuilder = uriBuilder.addPath(FrameworkUtils.getPasswordProvisioningUIUrl());
if (log.isDebugEnabled()) {
if (externalIdPConfig.isPasswordProvisioningEnabled()) {
log.debug(externalIdPConfig.getName() + " supports password provisioning, redirecting to " + "sign up endpoint to provision the user : " + username);
}
}
}
if (externalIdPConfig.isPasswordProvisioningEnabled()) {
uriBuilder.addParameter(FrameworkConstants.PASSWORD_PROVISION_ENABLED, String.valueOf(true));
}
if (!IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
uriBuilder.addParameter(MultitenantConstants.TENANT_DOMAIN_HEADER_NAME, context.getTenantDomain());
}
uriBuilder.addParameter(FrameworkConstants.SERVICE_PROVIDER, context.getSequenceConfig().getApplicationConfig().getApplicationName());
uriBuilder.addParameter(FrameworkConstants.USERNAME, username);
uriBuilder.addParameter(FrameworkConstants.SKIP_SIGN_UP_ENABLE_CHECK, String.valueOf(true));
uriBuilder.addParameter(FrameworkConstants.SESSION_DATA_KEY, context.getContextIdentifier());
addMissingClaims(uriBuilder, context);
localClaimValues.forEach(uriBuilder::addParameter);
response.sendRedirect(uriBuilder.build().getRelativePublicURL());
} catch (IOException | URLBuilderException e) {
handleExceptions(String.format(ErrorMessages.ERROR_WHILE_TRYING_CALL_SIGN_UP_ENDPOINT_FOR_PASSWORD_PROVISIONING.getMessage(), username, externalIdPConfig.getName()), ErrorMessages.ERROR_WHILE_TRYING_CALL_SIGN_UP_ENDPOINT_FOR_PASSWORD_PROVISIONING.getCode(), e);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.
the class DefaultLogoutRequestHandler method handle.
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
if (log.isTraceEnabled()) {
log.trace("Inside handle()");
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
// Retrieve session information from cache.
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), context.getLoginTenantDomain());
ExternalIdPConfig externalIdPConfig = null;
// Remove the session related information from the session tables.
clearUserSessionData(request);
if (FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy() != null && FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy().isEnabled(context) && sessionContext != null) {
Object authenticatedUserObj = sessionContext.getProperty(FrameworkConstants.AUTHENTICATED_USER);
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
if (authenticatedUserObj instanceof AuthenticatedUser) {
authenticatedUser = (AuthenticatedUser) authenticatedUserObj;
}
FrameworkUtils.publishSessionEvent(context.getSessionIdentifier(), request, context, sessionContext, authenticatedUser, FrameworkConstants.AnalyticsAttributes.SESSION_TERMINATE);
}
// Remove federated authentication session details from the database.
if (sessionContext != null && StringUtils.isNotBlank(context.getSessionIdentifier()) && sessionContext.getSessionAuthHistory() != null && sessionContext.getSessionAuthHistory().getHistory() != null) {
for (AuthHistory authHistory : sessionContext.getSessionAuthHistory().getHistory()) {
if (FED_AUTH_NAME.equals(authHistory.getAuthenticatorName())) {
try {
UserSessionStore.getInstance().removeFederatedAuthSessionInfo(context.getSessionIdentifier());
break;
} catch (UserSessionException e) {
throw new FrameworkException("Error while deleting federated authentication session details for" + " the session context key :" + context.getSessionIdentifier(), e);
}
}
}
}
// remove SessionContext from the cache and auth cookie before sending logout request to federated IDP,
// without waiting till a logout response is received from federated IDP.
// remove the SessionContext from the cache
FrameworkUtils.removeSessionContextFromCache(context.getSessionIdentifier(), context.getLoginTenantDomain());
// remove the cookie
if (IdentityTenantUtil.isTenantedSessionsEnabled()) {
FrameworkUtils.removeAuthCookie(request, response, context.getLoginTenantDomain());
} else {
FrameworkUtils.removeAuthCookie(request, response);
}
if (context.isPreviousSessionFound()) {
// if this is the start of the logout sequence
if (context.getCurrentStep() == 0) {
context.setCurrentStep(1);
}
int stepCount = sequenceConfig.getStepMap().size();
while (context.getCurrentStep() <= stepCount) {
int currentStep = context.getCurrentStep();
StepConfig stepConfig = sequenceConfig.getStepMap().get(currentStep);
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
authenticatorConfig = sequenceConfig.getAuthenticatedReqPathAuthenticator();
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
String idpName = stepConfig.getAuthenticatedIdP();
// TODO: Need to fix occurrences where idPName becomes "null"
if ((idpName == null || "null".equalsIgnoreCase(idpName) || idpName.isEmpty()) && sequenceConfig.getAuthenticatedReqPathAuthenticator() != null) {
idpName = FrameworkConstants.LOCAL_IDP_NAME;
}
try {
externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(idpName, context.getTenantDomain());
context.setExternalIdP(externalIdPConfig);
context.setAuthenticatorProperties(FrameworkUtils.getAuthenticatorPropertyMapFromIdP(externalIdPConfig, authenticator.getName()));
if (authenticatorConfig.getAuthenticatorStateInfo() != null) {
context.setStateInfo(authenticatorConfig.getAuthenticatorStateInfo());
} else {
context.setStateInfo(getStateInfoFromPreviousAuthenticatedIdPs(idpName, authenticatorConfig.getName(), context));
}
AuthenticatorFlowStatus status = authenticator.process(request, response, context);
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, status);
if (!status.equals(AuthenticatorFlowStatus.INCOMPLETE)) {
// TODO what if logout fails. this is an edge case
currentStep++;
context.setCurrentStep(currentStep);
continue;
}
// sends the logout request to the external IdP
return;
} catch (AuthenticationFailedException | LogoutFailedException e) {
throw new FrameworkException("Exception while handling logout request", e);
} catch (IdentityProviderManagementException e) {
log.error("Exception while getting IdP by name", e);
}
}
}
try {
sendResponse(request, response, context, true);
} catch (ServletException | IOException e) {
throw new FrameworkException(e.getMessage(), e);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.
the class PostAuthAssociationHandlerTest method setupSuite.
@BeforeMethod
protected void setupSuite() throws Exception {
configurationLoader = new UIBasedConfigurationLoader();
mockStatic(FrameworkUtils.class);
mockStatic(ConfigurationFacade.class);
mockStatic(ClaimMetadataHandler.class);
mockStatic(IdentityTenantUtil.class);
ConfigurationFacade configurationFacade = mock(ConfigurationFacade.class);
PowerMockito.when(ConfigurationFacade.getInstance()).thenReturn(configurationFacade);
ClaimMetadataHandler claimMetadataHandler = mock(ClaimMetadataHandler.class);
PowerMockito.when(ClaimMetadataHandler.getInstance()).thenReturn(claimMetadataHandler);
Map<String, String> emptyMap = new HashMap<>();
PowerMockito.when(ClaimMetadataHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(Mockito.anyString(), Mockito.anySet(), Mockito.anyString(), Mockito.anyBoolean())).thenReturn(emptyMap);
IdentityProvider identityProvider = getTestIdentityProvider("default-tp-1.xml");
ExternalIdPConfig externalIdPConfig = new ExternalIdPConfig(identityProvider);
Mockito.doReturn(externalIdPConfig).when(configurationFacade).getIdPConfigByName(Mockito.anyString(), Mockito.anyString());
when(FrameworkUtils.isStepBasedSequenceHandlerExecuted(Mockito.any(AuthenticationContext.class))).thenCallRealMethod();
when(FrameworkUtils.prependUserStoreDomainToName(Mockito.anyString())).thenCallRealMethod();
when(FrameworkUtils.buildClaimMappings(Mockito.anyMap())).thenCallRealMethod();
when(FrameworkUtils.getStandardDialect(Mockito.anyString(), Mockito.any(ApplicationConfig.class))).thenCallRealMethod();
request = mock(HttpServletRequest.class);
response = mock(HttpServletResponse.class);
postAuthAssociationHandler = PostAuthAssociationHandler.getInstance();
sp = getTestServiceProvider("default-sp-1.xml");
PowerMockito.when(FrameworkUtils.getMultiAttributeSeparator()).thenReturn(",");
ClaimHandler claimHandler = PowerMockito.mock(ClaimHandler.class);
Map<String, String> claims = new HashMap<>();
claims.put("claim1", "value1");
claims.put(FrameworkConstants.LOCAL_ROLE_CLAIM_URI, String.format("%s,%s", ORI_ROLE_1, ORI_ROLE_2));
PowerMockito.doReturn(claims).when(claimHandler).handleClaimMappings(any(StepConfig.class), any(AuthenticationContext.class), any(Map.class), anyBoolean());
PowerMockito.when(FrameworkUtils.getClaimHandler()).thenReturn(claimHandler);
}
use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.
the class DefaultStepBasedSequenceHandlerTest method testGetIdentityProviderMappedUserRoles.
@Test(dataProvider = "idpMappedUserRoleDataProvider")
public void testGetIdentityProviderMappedUserRoles(Map<String, String> attributeValueMap, String idpRoleClaimUri, boolean excludeUnmapped, String multiAttributeSeparator, Map<String, String> idpToLocalRoleMappings, List<String> expected) throws Exception {
mockStatic(FrameworkUtils.class);
when(FrameworkUtils.getMultiAttributeSeparator()).thenReturn(multiAttributeSeparator);
ExternalIdPConfig externalIdPConfig = mock(ExternalIdPConfig.class);
when(externalIdPConfig.getRoleMappings()).thenReturn(idpToLocalRoleMappings);
when(FrameworkUtils.getIdentityProvideMappedUserRoles(externalIdPConfig, attributeValueMap, idpRoleClaimUri, excludeUnmapped)).thenCallRealMethod();
List<String> mappedUserRoles = stepBasedSequenceHandler.getIdentityProvideMappedUserRoles(externalIdPConfig, attributeValueMap, idpRoleClaimUri, excludeUnmapped);
if (CollectionUtils.isEmpty(mappedUserRoles)) {
mappedUserRoles = Collections.emptyList();
}
if (CollectionUtils.isEmpty(expected)) {
expected = Collections.emptyList();
}
Collections.sort(mappedUserRoles);
Collections.sort(expected);
assertEquals(mappedUserRoles, expected);
}
Aggregations