Search in sources :

Example 6 with ExternalIdPConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.

the class JITProvisioningPostAuthenticationHandler method getUserIdClaimUriInLocalDialect.

private String getUserIdClaimUriInLocalDialect(ExternalIdPConfig idPConfig) {
    // get external identity provider user id claim URI.
    String userIdClaimUri = idPConfig.getUserIdClaimUri();
    if (StringUtils.isBlank(userIdClaimUri)) {
        return null;
    }
    boolean useDefaultLocalIdpDialect = idPConfig.useDefaultLocalIdpDialect();
    if (useDefaultLocalIdpDialect) {
        return userIdClaimUri;
    } else {
        ClaimMapping[] claimMappings = idPConfig.getClaimMappings();
        if (!ArrayUtils.isEmpty(claimMappings)) {
            for (ClaimMapping claimMapping : claimMappings) {
                if (userIdClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
                    return claimMapping.getLocalClaim().getClaimUri();
                }
            }
        }
    }
    return null;
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)

Example 7 with ExternalIdPConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.

the class JITProvisioningPostAuthenticationHandler method redirectToAccountCreateUI.

/**
 * Call the relevant URL to add the new user.
 *
 * @param externalIdPConfig Relevant external IDP.
 * @param context           Authentication context.
 * @param localClaimValues  Local claim values.
 * @param response          HttpServlet response.
 * @param username          Relevant user name
 * @throws PostAuthenticationFailedException Post Authentication Failed Exception.
 */
private void redirectToAccountCreateUI(ExternalIdPConfig externalIdPConfig, AuthenticationContext context, Map<String, String> localClaimValues, HttpServletResponse response, String username, HttpServletRequest request) throws PostAuthenticationFailedException {
    try {
        ServiceURLBuilder uriBuilder = ServiceURLBuilder.create();
        if (externalIdPConfig.isModifyUserNameAllowed()) {
            context.setProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED, true);
            uriBuilder = uriBuilder.addPath(FrameworkUtils.getUserNameProvisioningUIUrl());
            uriBuilder.addParameter(FrameworkConstants.ALLOW_CHANGE_USER_NAME, String.valueOf(true));
            if (log.isDebugEnabled()) {
                log.debug(externalIdPConfig.getName() + " allow to change the username, redirecting to " + "registration endpoint to provision the user: " + username);
            }
        } else {
            uriBuilder = uriBuilder.addPath(FrameworkUtils.getPasswordProvisioningUIUrl());
            if (log.isDebugEnabled()) {
                if (externalIdPConfig.isPasswordProvisioningEnabled()) {
                    log.debug(externalIdPConfig.getName() + " supports password provisioning, redirecting to " + "sign up endpoint to provision the user : " + username);
                }
            }
        }
        if (externalIdPConfig.isPasswordProvisioningEnabled()) {
            uriBuilder.addParameter(FrameworkConstants.PASSWORD_PROVISION_ENABLED, String.valueOf(true));
        }
        if (!IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
            uriBuilder.addParameter(MultitenantConstants.TENANT_DOMAIN_HEADER_NAME, context.getTenantDomain());
        }
        uriBuilder.addParameter(FrameworkConstants.SERVICE_PROVIDER, context.getSequenceConfig().getApplicationConfig().getApplicationName());
        uriBuilder.addParameter(FrameworkConstants.USERNAME, username);
        uriBuilder.addParameter(FrameworkConstants.SKIP_SIGN_UP_ENABLE_CHECK, String.valueOf(true));
        uriBuilder.addParameter(FrameworkConstants.SESSION_DATA_KEY, context.getContextIdentifier());
        addMissingClaims(uriBuilder, context);
        localClaimValues.forEach(uriBuilder::addParameter);
        response.sendRedirect(uriBuilder.build().getRelativePublicURL());
    } catch (IOException | URLBuilderException e) {
        handleExceptions(String.format(ErrorMessages.ERROR_WHILE_TRYING_CALL_SIGN_UP_ENDPOINT_FOR_PASSWORD_PROVISIONING.getMessage(), username, externalIdPConfig.getName()), ErrorMessages.ERROR_WHILE_TRYING_CALL_SIGN_UP_ENDPOINT_FOR_PASSWORD_PROVISIONING.getCode(), e);
    }
}
Also used : URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException) IOException(java.io.IOException) ServiceURLBuilder(org.wso2.carbon.identity.core.ServiceURLBuilder)

Example 8 with ExternalIdPConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.

the class DefaultLogoutRequestHandler method handle.

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
    if (log.isTraceEnabled()) {
        log.trace("Inside handle()");
    }
    SequenceConfig sequenceConfig = context.getSequenceConfig();
    // Retrieve session information from cache.
    SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), context.getLoginTenantDomain());
    ExternalIdPConfig externalIdPConfig = null;
    // Remove the session related information from the session tables.
    clearUserSessionData(request);
    if (FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy() != null && FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy().isEnabled(context) && sessionContext != null) {
        Object authenticatedUserObj = sessionContext.getProperty(FrameworkConstants.AUTHENTICATED_USER);
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        if (authenticatedUserObj instanceof AuthenticatedUser) {
            authenticatedUser = (AuthenticatedUser) authenticatedUserObj;
        }
        FrameworkUtils.publishSessionEvent(context.getSessionIdentifier(), request, context, sessionContext, authenticatedUser, FrameworkConstants.AnalyticsAttributes.SESSION_TERMINATE);
    }
    // Remove federated authentication session details from the database.
    if (sessionContext != null && StringUtils.isNotBlank(context.getSessionIdentifier()) && sessionContext.getSessionAuthHistory() != null && sessionContext.getSessionAuthHistory().getHistory() != null) {
        for (AuthHistory authHistory : sessionContext.getSessionAuthHistory().getHistory()) {
            if (FED_AUTH_NAME.equals(authHistory.getAuthenticatorName())) {
                try {
                    UserSessionStore.getInstance().removeFederatedAuthSessionInfo(context.getSessionIdentifier());
                    break;
                } catch (UserSessionException e) {
                    throw new FrameworkException("Error while deleting federated authentication session details for" + " the session context key :" + context.getSessionIdentifier(), e);
                }
            }
        }
    }
    // remove SessionContext from the cache and auth cookie before sending logout request to federated IDP,
    // without waiting till a logout response is received from federated IDP.
    // remove the SessionContext from the cache
    FrameworkUtils.removeSessionContextFromCache(context.getSessionIdentifier(), context.getLoginTenantDomain());
    // remove the cookie
    if (IdentityTenantUtil.isTenantedSessionsEnabled()) {
        FrameworkUtils.removeAuthCookie(request, response, context.getLoginTenantDomain());
    } else {
        FrameworkUtils.removeAuthCookie(request, response);
    }
    if (context.isPreviousSessionFound()) {
        // if this is the start of the logout sequence
        if (context.getCurrentStep() == 0) {
            context.setCurrentStep(1);
        }
        int stepCount = sequenceConfig.getStepMap().size();
        while (context.getCurrentStep() <= stepCount) {
            int currentStep = context.getCurrentStep();
            StepConfig stepConfig = sequenceConfig.getStepMap().get(currentStep);
            AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
            if (authenticatorConfig == null) {
                authenticatorConfig = sequenceConfig.getAuthenticatedReqPathAuthenticator();
            }
            ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
            String idpName = stepConfig.getAuthenticatedIdP();
            // TODO: Need to fix occurrences where idPName becomes "null"
            if ((idpName == null || "null".equalsIgnoreCase(idpName) || idpName.isEmpty()) && sequenceConfig.getAuthenticatedReqPathAuthenticator() != null) {
                idpName = FrameworkConstants.LOCAL_IDP_NAME;
            }
            try {
                externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(idpName, context.getTenantDomain());
                context.setExternalIdP(externalIdPConfig);
                context.setAuthenticatorProperties(FrameworkUtils.getAuthenticatorPropertyMapFromIdP(externalIdPConfig, authenticator.getName()));
                if (authenticatorConfig.getAuthenticatorStateInfo() != null) {
                    context.setStateInfo(authenticatorConfig.getAuthenticatorStateInfo());
                } else {
                    context.setStateInfo(getStateInfoFromPreviousAuthenticatedIdPs(idpName, authenticatorConfig.getName(), context));
                }
                AuthenticatorFlowStatus status = authenticator.process(request, response, context);
                request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, status);
                if (!status.equals(AuthenticatorFlowStatus.INCOMPLETE)) {
                    // TODO what if logout fails. this is an edge case
                    currentStep++;
                    context.setCurrentStep(currentStep);
                    continue;
                }
                // sends the logout request to the external IdP
                return;
            } catch (AuthenticationFailedException | LogoutFailedException e) {
                throw new FrameworkException("Exception while handling logout request", e);
            } catch (IdentityProviderManagementException e) {
                log.error("Exception while getting IdP by name", e);
            }
        }
    }
    try {
        sendResponse(request, response, context, true);
    } catch (ServletException | IOException e) {
        throw new FrameworkException(e.getMessage(), e);
    }
}
Also used : AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) LogoutFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException) IOException(java.io.IOException) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException) ServletException(javax.servlet.ServletException) ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator) SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig) ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig) AuthHistory(org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory) AuthenticatorFlowStatus(org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 9 with ExternalIdPConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.

the class PostAuthAssociationHandlerTest method setupSuite.

@BeforeMethod
protected void setupSuite() throws Exception {
    configurationLoader = new UIBasedConfigurationLoader();
    mockStatic(FrameworkUtils.class);
    mockStatic(ConfigurationFacade.class);
    mockStatic(ClaimMetadataHandler.class);
    mockStatic(IdentityTenantUtil.class);
    ConfigurationFacade configurationFacade = mock(ConfigurationFacade.class);
    PowerMockito.when(ConfigurationFacade.getInstance()).thenReturn(configurationFacade);
    ClaimMetadataHandler claimMetadataHandler = mock(ClaimMetadataHandler.class);
    PowerMockito.when(ClaimMetadataHandler.getInstance()).thenReturn(claimMetadataHandler);
    Map<String, String> emptyMap = new HashMap<>();
    PowerMockito.when(ClaimMetadataHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(Mockito.anyString(), Mockito.anySet(), Mockito.anyString(), Mockito.anyBoolean())).thenReturn(emptyMap);
    IdentityProvider identityProvider = getTestIdentityProvider("default-tp-1.xml");
    ExternalIdPConfig externalIdPConfig = new ExternalIdPConfig(identityProvider);
    Mockito.doReturn(externalIdPConfig).when(configurationFacade).getIdPConfigByName(Mockito.anyString(), Mockito.anyString());
    when(FrameworkUtils.isStepBasedSequenceHandlerExecuted(Mockito.any(AuthenticationContext.class))).thenCallRealMethod();
    when(FrameworkUtils.prependUserStoreDomainToName(Mockito.anyString())).thenCallRealMethod();
    when(FrameworkUtils.buildClaimMappings(Mockito.anyMap())).thenCallRealMethod();
    when(FrameworkUtils.getStandardDialect(Mockito.anyString(), Mockito.any(ApplicationConfig.class))).thenCallRealMethod();
    request = mock(HttpServletRequest.class);
    response = mock(HttpServletResponse.class);
    postAuthAssociationHandler = PostAuthAssociationHandler.getInstance();
    sp = getTestServiceProvider("default-sp-1.xml");
    PowerMockito.when(FrameworkUtils.getMultiAttributeSeparator()).thenReturn(",");
    ClaimHandler claimHandler = PowerMockito.mock(ClaimHandler.class);
    Map<String, String> claims = new HashMap<>();
    claims.put("claim1", "value1");
    claims.put(FrameworkConstants.LOCAL_ROLE_CLAIM_URI, String.format("%s,%s", ORI_ROLE_1, ORI_ROLE_2));
    PowerMockito.doReturn(claims).when(claimHandler).handleClaimMappings(any(StepConfig.class), any(AuthenticationContext.class), any(Map.class), anyBoolean());
    PowerMockito.when(FrameworkUtils.getClaimHandler()).thenReturn(claimHandler);
}
Also used : AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext) ConfigurationFacade(org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade) ClaimMetadataHandler(org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler) HashMap(java.util.HashMap) HttpServletResponse(javax.servlet.http.HttpServletResponse) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) Matchers.anyString(org.mockito.Matchers.anyString) ClaimHandler(org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimHandler) HttpServletRequest(javax.servlet.http.HttpServletRequest) UIBasedConfigurationLoader(org.wso2.carbon.identity.application.authentication.framework.config.loader.UIBasedConfigurationLoader) ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig) Map(java.util.Map) HashMap(java.util.HashMap) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 10 with ExternalIdPConfig

use of org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig in project carbon-identity-framework by wso2.

the class DefaultStepBasedSequenceHandlerTest method testGetIdentityProviderMappedUserRoles.

@Test(dataProvider = "idpMappedUserRoleDataProvider")
public void testGetIdentityProviderMappedUserRoles(Map<String, String> attributeValueMap, String idpRoleClaimUri, boolean excludeUnmapped, String multiAttributeSeparator, Map<String, String> idpToLocalRoleMappings, List<String> expected) throws Exception {
    mockStatic(FrameworkUtils.class);
    when(FrameworkUtils.getMultiAttributeSeparator()).thenReturn(multiAttributeSeparator);
    ExternalIdPConfig externalIdPConfig = mock(ExternalIdPConfig.class);
    when(externalIdPConfig.getRoleMappings()).thenReturn(idpToLocalRoleMappings);
    when(FrameworkUtils.getIdentityProvideMappedUserRoles(externalIdPConfig, attributeValueMap, idpRoleClaimUri, excludeUnmapped)).thenCallRealMethod();
    List<String> mappedUserRoles = stepBasedSequenceHandler.getIdentityProvideMappedUserRoles(externalIdPConfig, attributeValueMap, idpRoleClaimUri, excludeUnmapped);
    if (CollectionUtils.isEmpty(mappedUserRoles)) {
        mappedUserRoles = Collections.emptyList();
    }
    if (CollectionUtils.isEmpty(expected)) {
        expected = Collections.emptyList();
    }
    Collections.sort(mappedUserRoles);
    Collections.sort(expected);
    assertEquals(mappedUserRoles, expected);
}
Also used : ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

ExternalIdPConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)18 ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)8 SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)8 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)7 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)7 HashMap (java.util.HashMap)6 FederatedApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)6 AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)6 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)6 Map (java.util.Map)5 FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)5 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)5 IOException (java.io.IOException)3 Matchers.anyString (org.mockito.Matchers.anyString)3 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3 Test (org.testng.annotations.Test)3 ApplicationConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)3 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2