use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getConsentRequiredClaimData.
private ConsentClaimsData getConsentRequiredClaimData(List<String> mandatoryClaims, List<String> requestedClaims, String tenantDomain) throws SSOConsentServiceException {
ConsentClaimsData consentClaimsData = new ConsentClaimsData();
try {
List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(tenantDomain);
List<ClaimMetaData> mandatoryClaimsMetaData = new ArrayList<>();
List<ClaimMetaData> requestedClaimsMetaData = new ArrayList<>();
int claimId = 0;
if (isNotEmpty(localClaims)) {
for (LocalClaim localClaim : localClaims) {
if (isAllRequiredClaimsChecked(mandatoryClaims, requestedClaims)) {
break;
}
String claimURI = localClaim.getClaimURI();
if (mandatoryClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
} else if (requestedClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
}
if (isNotEmpty(mandatoryClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
}
}
if (isNotEmpty(requestedClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
consentClaimsData.setMandatoryClaims(mandatoryClaimsMetaData);
consentClaimsData.setRequestedClaims(requestedClaimsMetaData);
} catch (ClaimMetadataException e) {
throw new SSOConsentServiceException("Error while retrieving local claims", "Error occurred while " + "retrieving local claims for tenant: " + tenantDomain, e);
}
return consentClaimsData;
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method addReceipt.
private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
AddReceiptResponse receiptResponse;
try {
startTenantFlowWithUser(subject, subjectTenantDomain);
receiptResponse = getConsentManager().addConsent(receiptInput);
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
if (isDebugEnabled()) {
logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
}
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getClaimsWithConsents.
/**
* Retrieves claims which a user has provided consent for a given service provider.
*
* @param serviceProvider Service provider to retrieve the consent against.
* @param authenticatedUser Authenticated user to related to consent claim retrieval.
* @return List of claim which the user has provided consent for the given service provider.
* @throws SSOConsentServiceException If error occurs while retrieve user consents.
*/
@Override
public List<ClaimMetaData> getClaimsWithConsents(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (serviceProvider == null) {
throw new SSOConsentServiceException("Service provider cannot be null.");
}
String spName = serviceProvider.getApplicationName();
List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
if (receipt == null) {
return receiptConsentMetaData;
} else {
receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
}
return receiptConsentMetaData;
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method processConsent.
@Override
public void processConsent(List<Integer> consentApprovedClaimIds, ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, ConsentClaimsData consentClaimsData, boolean overrideExistingConsent) throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (isDebugEnabled()) {
logDebug("User: " + authenticatedUser.getAuthenticatedSubjectIdentifier() + " has approved consent.");
}
UserConsent userConsent = processUserConsent(consentApprovedClaimIds, consentClaimsData);
if (isEmpty(userConsent.getApprovedClaims()) && isEmpty(userConsent.getDisapprovedClaims())) {
if (isDebugEnabled()) {
logDebug("User: " + authenticatedUser.getAuthenticatedSubjectIdentifier() + " has not provided new " + "approved/disapproved consent. Hence skipping the consent progress.");
}
return;
}
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
List<ClaimMetaData> claimsWithConsent;
List<ClaimMetaData> claimsDeniedConsent;
if (!overrideExistingConsent) {
String spName = serviceProvider.getApplicationName();
String spTenantDomain = getSPTenantDomain(serviceProvider);
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
claimsWithConsent = getUserRequestedClaims(receipt, userConsent, true);
claimsDeniedConsent = getUserRequestedClaims(receipt, userConsent, false);
} else {
claimsWithConsent = userConsent.getApprovedClaims();
claimsDeniedConsent = userConsent.getDisapprovedClaims();
}
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subjectTenantDomain = authenticatedUser.getTenantDomain();
if (isNotEmpty(claimsWithConsent) || isNotEmpty(claimsDeniedConsent)) {
addReceipt(subject, subjectTenantDomain, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getPiiCategoryValidityForRequestedClaims.
private List<PIICategoryValidity> getPiiCategoryValidityForRequestedClaims(List<ClaimMetaData> requestedClaims, boolean isConsented, String termination) throws SSOConsentServiceException {
List<PIICategoryValidity> piiCategoryIds = new ArrayList<>();
if (CollectionUtils.isEmpty(requestedClaims)) {
return piiCategoryIds;
}
for (ClaimMetaData requestedClaim : requestedClaims) {
if (requestedClaim == null || requestedClaim.getClaimUri() == null) {
continue;
}
PIICategory piiCategory;
try {
piiCategory = getConsentManager().getPIICategoryByName(requestedClaim.getClaimUri());
} catch (ConsentManagementClientException e) {
if (isInvalidPIICategoryError(e)) {
piiCategory = addPIICategoryForClaim(requestedClaim);
} else {
throw new SSOConsentServiceException("Consent PII category error", "Error while retrieving" + " PII category: " + DEFAULT_PURPOSE_CATEGORY, e);
}
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent PII category error", "Error while retrieving " + "PII category: " + DEFAULT_PURPOSE_CATEGORY, e);
}
PIICategoryValidity piiCategoryValidity = new PIICategoryValidity(piiCategory.getId(), termination);
piiCategoryValidity.setConsented(isConsented);
piiCategoryIds.add(piiCategoryValidity);
}
return piiCategoryIds;
}
Aggregations