Example 26 with PostAuthenticationFailedException
use of org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method handlePostConsent.
protected PostAuthnHandlerFlowStatus handlePostConsent(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
AuthenticatedUser authenticatedUser = getAuthenticatedUser(context);
ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
Map<String, String> claimMappings = applicationConfig.getClaimMappings();
ServiceProvider serviceProvider = getServiceProvider(context);
if (request.getParameter(USER_CONSENT_INPUT).equalsIgnoreCase(USER_CONSENT_APPROVE)) {
if (isDebugEnabled()) {
String message = "User: %s has approved consent for service provider: %s in tenant domain %s.";
message = String.format(message, authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
UserConsent userConsent = processUserConsent(request, context);
ConsentClaimsData consentClaimsData = getConsentClaimsData(context, authenticatedUser, serviceProvider);
// Remove the claims which dont have values given by the user.
consentClaimsData.setRequestedClaims(removeConsentRequestedNullUserAttributes(consentClaimsData.getRequestedClaims(), authenticatedUser.getUserAttributes(), claimMappings));
try {
List<Integer> claimIdsWithConsent = getClaimIdsWithConsent(userConsent);
getSSOConsentService().processConsent(claimIdsWithConsent, serviceProvider, authenticatedUser, consentClaimsData);
removeDisapprovedClaims(context, authenticatedUser);
} catch (SSOConsentDisabledException e) {
String error = "Authentication Failure: Consent management is disabled for SSO.";
String errorDesc = "Illegal operation. Consent management is disabled, but post authentication for " + "sso consent management is invoked.";
throw new PostAuthenticationFailedException(error, errorDesc, e);
} catch (SSOConsentServiceException e) {
String error = "Error occurred while processing consent input of user: %s, for service provider: %s " + "in tenant domain: %s.";
error = String.format(error, authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
throw new PostAuthenticationFailedException("Authentication failed. Error while processing user " + "consent input.", error, e);
}
} else {
String error = String.format("Authentication failed. User denied consent to share information with %s.", applicationConfig.getApplicationName());
if (isDebugEnabled()) {
logDebug(String.format("User: %s denied consent to share information with the service " + "provider: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), applicationConfig.getApplicationName()));
}
throw new PostAuthenticationFailedException(error, error);
}
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
Also used :
SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)
ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Example 27 with PostAuthenticationFailedException
use of org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method redirectToConsentPage.
private void redirectToConsentPage(HttpServletResponse response, AuthenticationContext context, String requestedLocalClaims, String mandatoryLocalClaims) throws PostAuthenticationFailedException {
URIBuilder uriBuilder;
try {
uriBuilder = getUriBuilder(context, requestedLocalClaims, mandatoryLocalClaims);
response.sendRedirect(uriBuilder.build().toString());
} catch (IOException e) {
throw new PostAuthenticationFailedException("Authentication failed. Error while processing consent " + "requirements.", "Error while redirecting to consent page.", e);
} catch (URISyntaxException e) {
throw new PostAuthenticationFailedException("Authentication failed. Error while processing consent " + "requirements.", "Error while building redirect URI.", e);
}
}
Also used :
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
URIBuilder(org.apache.http.client.utils.URIBuilder)
Example 28 with PostAuthenticationFailedException
use of org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getLocalUserAssociatedForFederatedIdentifier.
/**
* To get the associated username for the current step.
*
* @param idpName Name of IDP related with current step.
* @param authenticatedSubjectIdentifier Authenticated subject identifier.
* @return username associated locally.
*/
private String getLocalUserAssociatedForFederatedIdentifier(String idpName, String authenticatedSubjectIdentifier, String tenantDomain) throws PostAuthenticationFailedException {
String username = null;
try {
FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
username = federatedAssociationManager.getUserForFederatedAssociation(tenantDomain, idpName, authenticatedSubjectIdentifier);
} catch (FederatedAssociationManagerException | FrameworkException e) {
handleExceptions(String.format(ErrorMessages.ERROR_WHILE_GETTING_USERNAME_ASSOCIATED_WITH_IDP.getMessage(), idpName), ErrorMessages.ERROR_WHILE_GETTING_USERNAME_ASSOCIATED_WITH_IDP.getCode(), e);
}
return username;
}
Also used :
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)
Example 29 with PostAuthenticationFailedException
use of org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException in project carbon-identity-framework by wso2.
the class PostAuthAssociationHandler method getUserNameAssociatedWith.
/**
* To get the local user name associated with the given federated IDP and the subject identifier.
*
* @param context Authentication context.
* @param stepConfig Step config.
* @return user name associated with.
* @throws PostAuthenticationFailedException Post Authentication Failed Exception.
*/
private String getUserNameAssociatedWith(AuthenticationContext context, StepConfig stepConfig) throws PostAuthenticationFailedException {
String associatesUserName;
String originalExternalIdpSubjectValueForThisStep = stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
try {
FrameworkUtils.startTenantFlow(context.getTenantDomain());
FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
associatesUserName = federatedAssociationManager.getUserForFederatedAssociation(context.getTenantDomain(), stepConfig.getAuthenticatedIdP(), originalExternalIdpSubjectValueForThisStep);
if (StringUtils.isNotBlank(associatesUserName)) {
if (log.isDebugEnabled()) {
log.debug("User : " + stepConfig.getAuthenticatedUser() + " has an associated account as " + associatesUserName + ". Hence continuing as " + associatesUserName);
}
stepConfig.getAuthenticatedUser().setUserName(associatesUserName);
stepConfig.getAuthenticatedUser().setTenantDomain(context.getTenantDomain());
stepConfig.setAuthenticatedUser(stepConfig.getAuthenticatedUser());
} else {
if (log.isDebugEnabled()) {
log.debug("User " + stepConfig.getAuthenticatedUser() + " doesn't have an associated" + " account. Hence continuing as the same user.");
}
}
} catch (FederatedAssociationManagerException | FrameworkException e) {
throw new PostAuthenticationFailedException(FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_GETTING_LOCAL_USER_ID.getCode(), String.format(FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_GETTING_IDP_BY_NAME.getMessage(), originalExternalIdpSubjectValueForThisStep), e);
} finally {
FrameworkUtils.endTenantFlow();
}
return associatesUserName;
}
Also used :
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
Example 30 with PostAuthenticationFailedException
use of org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method handle.
@Override
public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
AuthenticatedUser authenticatedUser = getAuthenticatedUser(context);
if (authenticatedUser == null) {
if (isDebugEnabled()) {
String message = "User not available in AuthenticationContext. Returning";
logDebug(message);
}
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
// handled from OAuth endpoint. OpenID flow is skipped as it is deprecated.
if (isOAuthFlow(context) || isOpenIDFlow(context)) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
// Check whether currently engaged SP has skipConsent enabled
if (FrameworkUtils.isConsentPageSkippedForSP(getServiceProvider(context))) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
if (isConsentPrompted(context)) {
return handlePostConsent(request, response, context);
} else {
return handlePreConsent(request, response, context);
}
}
Also used :
StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Aggregations
PostAuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)17
HashMap (java.util.HashMap)7
StringUtils.defaultString (org.apache.commons.lang.StringUtils.defaultString)7
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)7
Map (java.util.Map)6
FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)6
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)6
ApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)5
FederatedApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)5
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)5
SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)4
StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)4
UserRealm (org.wso2.carbon.user.core.UserRealm)4
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
ApplicationConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)3
AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)3
ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)3
FederatedAssociationManager (org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)3
FederatedAssociationManagerException (org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)3
