Search in sources :

Example 1 with ClaimMetaData

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getConsentRequiredClaimData.

private ConsentClaimsData getConsentRequiredClaimData(List<String> mandatoryClaims, List<String> requestedClaims, String tenantDomain) throws SSOConsentServiceException {
    ConsentClaimsData consentClaimsData = new ConsentClaimsData();
    try {
        List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(tenantDomain);
        List<ClaimMetaData> mandatoryClaimsMetaData = new ArrayList<>();
        List<ClaimMetaData> requestedClaimsMetaData = new ArrayList<>();
        int claimId = 0;
        if (isNotEmpty(localClaims)) {
            for (LocalClaim localClaim : localClaims) {
                if (isAllRequiredClaimsChecked(mandatoryClaims, requestedClaims)) {
                    break;
                }
                String claimURI = localClaim.getClaimURI();
                if (mandatoryClaims.remove(claimURI)) {
                    ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
                    mandatoryClaimsMetaData.add(claimMetaData);
                    claimId++;
                } else if (requestedClaims.remove(claimURI)) {
                    ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
                    requestedClaimsMetaData.add(claimMetaData);
                    claimId++;
                }
            }
        }
        if (isNotEmpty(mandatoryClaims)) {
            for (String claimUri : mandatoryClaims) {
                ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
                mandatoryClaimsMetaData.add(claimMetaData);
                claimId++;
            }
        }
        if (isNotEmpty(requestedClaims)) {
            for (String claimUri : mandatoryClaims) {
                ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
                requestedClaimsMetaData.add(claimMetaData);
                claimId++;
            }
        }
        consentClaimsData.setMandatoryClaims(mandatoryClaimsMetaData);
        consentClaimsData.setRequestedClaims(requestedClaimsMetaData);
    } catch (ClaimMetadataException e) {
        throw new SSOConsentServiceException("Error while retrieving local claims", "Error occurred while " + "retrieving local claims for tenant: " + tenantDomain, e);
    }
    return consentClaimsData;
}
Also used : ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException) ArrayList(java.util.ArrayList) LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 2 with ClaimMetaData

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method addReceipt.

private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
    ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
    AddReceiptResponse receiptResponse;
    try {
        startTenantFlowWithUser(subject, subjectTenantDomain);
        receiptResponse = getConsentManager().addConsent(receiptInput);
    } catch (ConsentManagementException e) {
        throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    if (isDebugEnabled()) {
        logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
    }
}
Also used : AddReceiptResponse(org.wso2.carbon.consent.mgt.core.model.AddReceiptResponse) ReceiptInput(org.wso2.carbon.consent.mgt.core.model.ReceiptInput) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 3 with ClaimMetaData

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getClaimsWithConsents.

/**
 * Retrieves claims which a user has provided consent for a given service provider.
 *
 * @param serviceProvider   Service provider to retrieve the consent against.
 * @param authenticatedUser Authenticated user to related to consent claim retrieval.
 * @return List of claim which the user has provided consent for the given service provider.
 * @throws SSOConsentServiceException If error occurs while retrieve user consents.
 */
@Override
public List<ClaimMetaData> getClaimsWithConsents(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException {
    if (!isSSOConsentManagementEnabled(serviceProvider)) {
        String message = "Consent management for SSO is disabled.";
        throw new SSOConsentDisabledException(message, message);
    }
    if (serviceProvider == null) {
        throw new SSOConsentServiceException("Service provider cannot be null.");
    }
    String spName = serviceProvider.getApplicationName();
    List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
    String spTenantDomain = getSPTenantDomain(serviceProvider);
    String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
    Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
    if (receipt == null) {
        return receiptConsentMetaData;
    } else {
        receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
    }
    return receiptConsentMetaData;
}
Also used : SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException) Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt) ArrayList(java.util.ArrayList) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 4 with ClaimMetaData

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method processConsent.

@Override
public void processConsent(List<Integer> consentApprovedClaimIds, ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, ConsentClaimsData consentClaimsData, boolean overrideExistingConsent) throws SSOConsentServiceException {
    if (!isSSOConsentManagementEnabled(serviceProvider)) {
        String message = "Consent management for SSO is disabled.";
        throw new SSOConsentDisabledException(message, message);
    }
    if (isDebugEnabled()) {
        logDebug("User: " + authenticatedUser.getAuthenticatedSubjectIdentifier() + " has approved consent.");
    }
    UserConsent userConsent = processUserConsent(consentApprovedClaimIds, consentClaimsData);
    if (isEmpty(userConsent.getApprovedClaims()) && isEmpty(userConsent.getDisapprovedClaims())) {
        if (isDebugEnabled()) {
            logDebug("User: " + authenticatedUser.getAuthenticatedSubjectIdentifier() + " has not provided new " + "approved/disapproved consent. Hence skipping the consent progress.");
        }
        return;
    }
    String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
    List<ClaimMetaData> claimsWithConsent;
    List<ClaimMetaData> claimsDeniedConsent;
    if (!overrideExistingConsent) {
        String spName = serviceProvider.getApplicationName();
        String spTenantDomain = getSPTenantDomain(serviceProvider);
        Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
        claimsWithConsent = getUserRequestedClaims(receipt, userConsent, true);
        claimsDeniedConsent = getUserRequestedClaims(receipt, userConsent, false);
    } else {
        claimsWithConsent = userConsent.getApprovedClaims();
        claimsDeniedConsent = userConsent.getDisapprovedClaims();
    }
    String spTenantDomain = getSPTenantDomain(serviceProvider);
    String subjectTenantDomain = authenticatedUser.getTenantDomain();
    if (isNotEmpty(claimsWithConsent) || isNotEmpty(claimsDeniedConsent)) {
        addReceipt(subject, subjectTenantDomain, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
    }
}
Also used : SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException) Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt)

Example 5 with ClaimMetaData

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getPiiCategoryValidityForRequestedClaims.

private List<PIICategoryValidity> getPiiCategoryValidityForRequestedClaims(List<ClaimMetaData> requestedClaims, boolean isConsented, String termination) throws SSOConsentServiceException {
    List<PIICategoryValidity> piiCategoryIds = new ArrayList<>();
    if (CollectionUtils.isEmpty(requestedClaims)) {
        return piiCategoryIds;
    }
    for (ClaimMetaData requestedClaim : requestedClaims) {
        if (requestedClaim == null || requestedClaim.getClaimUri() == null) {
            continue;
        }
        PIICategory piiCategory;
        try {
            piiCategory = getConsentManager().getPIICategoryByName(requestedClaim.getClaimUri());
        } catch (ConsentManagementClientException e) {
            if (isInvalidPIICategoryError(e)) {
                piiCategory = addPIICategoryForClaim(requestedClaim);
            } else {
                throw new SSOConsentServiceException("Consent PII category error", "Error while retrieving" + " PII category: " + DEFAULT_PURPOSE_CATEGORY, e);
            }
        } catch (ConsentManagementException e) {
            throw new SSOConsentServiceException("Consent PII category error", "Error while retrieving " + "PII category: " + DEFAULT_PURPOSE_CATEGORY, e);
        }
        PIICategoryValidity piiCategoryValidity = new PIICategoryValidity(piiCategory.getId(), termination);
        piiCategoryValidity.setConsented(isConsented);
        piiCategoryIds.add(piiCategoryValidity);
    }
    return piiCategoryIds;
}
Also used : PIICategory(org.wso2.carbon.consent.mgt.core.model.PIICategory) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) ArrayList(java.util.ArrayList) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity) ConsentManagementClientException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementClientException)

Aggregations

ArrayList (java.util.ArrayList)10 SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)8 HashMap (java.util.HashMap)5 ClaimMetaData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData)5 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)3 ConsentManagementException (org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)3 PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)3 Receipt (org.wso2.carbon.consent.mgt.core.model.Receipt)3 SSOConsentDisabledException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)3 ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)3 Map (java.util.Map)2 JSONObject (org.json.JSONObject)2 PIICategory (org.wso2.carbon.consent.mgt.core.model.PIICategory)2 ConsentClaimsData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentClaimsData)2 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)2 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)2 ExternalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim)2 ConsentHandlingFailedException (org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException)2 RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)2 RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)2