Example 1 with ClaimMetaData
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getConsentRequiredClaimData.
private ConsentClaimsData getConsentRequiredClaimData(List<String> mandatoryClaims, List<String> requestedClaims, String tenantDomain) throws SSOConsentServiceException {
ConsentClaimsData consentClaimsData = new ConsentClaimsData();
try {
List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(tenantDomain);
List<ClaimMetaData> mandatoryClaimsMetaData = new ArrayList<>();
List<ClaimMetaData> requestedClaimsMetaData = new ArrayList<>();
int claimId = 0;
if (isNotEmpty(localClaims)) {
for (LocalClaim localClaim : localClaims) {
if (isAllRequiredClaimsChecked(mandatoryClaims, requestedClaims)) {
break;
}
String claimURI = localClaim.getClaimURI();
if (mandatoryClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
} else if (requestedClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
}
if (isNotEmpty(mandatoryClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
}
}
if (isNotEmpty(requestedClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
consentClaimsData.setMandatoryClaims(mandatoryClaimsMetaData);
consentClaimsData.setRequestedClaims(requestedClaimsMetaData);
} catch (ClaimMetadataException e) {
throw new SSOConsentServiceException("Error while retrieving local claims", "Error occurred while " + "retrieving local claims for tenant: " + tenantDomain, e);
}
return consentClaimsData;
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
ArrayList(java.util.ArrayList)
LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
Example 2 with ClaimMetaData
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method addReceipt.
private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
AddReceiptResponse receiptResponse;
try {
startTenantFlowWithUser(subject, subjectTenantDomain);
receiptResponse = getConsentManager().addConsent(receiptInput);
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
if (isDebugEnabled()) {
logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
}
}
Also used :
AddReceiptResponse(org.wso2.carbon.consent.mgt.core.model.AddReceiptResponse)
ReceiptInput(org.wso2.carbon.consent.mgt.core.model.ReceiptInput)
ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
Example 3 with ClaimMetaData
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getClaimsWithConsents.
/**
* Retrieves claims which a user has provided consent for a given service provider.
*
* @param serviceProvider Service provider to retrieve the consent against.
* @param authenticatedUser Authenticated user to related to consent claim retrieval.
* @return List of claim which the user has provided consent for the given service provider.
* @throws SSOConsentServiceException If error occurs while retrieve user consents.
*/
@Override
public List<ClaimMetaData> getClaimsWithConsents(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (serviceProvider == null) {
throw new SSOConsentServiceException("Service provider cannot be null.");
}
String spName = serviceProvider.getApplicationName();
List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
if (receipt == null) {
return receiptConsentMetaData;
} else {
receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
}
return receiptConsentMetaData;
}
Also used :
SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)
Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt)
ArrayList(java.util.ArrayList)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
Example 4 with ClaimMetaData
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method processConsent.
@Override
public void processConsent(List<Integer> consentApprovedClaimIds, ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser, ConsentClaimsData consentClaimsData, boolean overrideExistingConsent) throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (isDebugEnabled()) {
logDebug("User: " + authenticatedUser.getAuthenticatedSubjectIdentifier() + " has approved consent.");
}
UserConsent userConsent = processUserConsent(consentApprovedClaimIds, consentClaimsData);
if (isEmpty(userConsent.getApprovedClaims()) && isEmpty(userConsent.getDisapprovedClaims())) {
if (isDebugEnabled()) {
logDebug("User: " + authenticatedUser.getAuthenticatedSubjectIdentifier() + " has not provided new " + "approved/disapproved consent. Hence skipping the consent progress.");
}
return;
}
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
List<ClaimMetaData> claimsWithConsent;
List<ClaimMetaData> claimsDeniedConsent;
if (!overrideExistingConsent) {
String spName = serviceProvider.getApplicationName();
String spTenantDomain = getSPTenantDomain(serviceProvider);
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
claimsWithConsent = getUserRequestedClaims(receipt, userConsent, true);
claimsDeniedConsent = getUserRequestedClaims(receipt, userConsent, false);
} else {
claimsWithConsent = userConsent.getApprovedClaims();
claimsDeniedConsent = userConsent.getDisapprovedClaims();
}
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subjectTenantDomain = authenticatedUser.getTenantDomain();
if (isNotEmpty(claimsWithConsent) || isNotEmpty(claimsDeniedConsent)) {
addReceipt(subject, subjectTenantDomain, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
}
}
Also used :
SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)
Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt)
Example 5 with ClaimMetaData
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getPiiCategoryValidityForRequestedClaims.
private List<PIICategoryValidity> getPiiCategoryValidityForRequestedClaims(List<ClaimMetaData> requestedClaims, boolean isConsented, String termination) throws SSOConsentServiceException {
List<PIICategoryValidity> piiCategoryIds = new ArrayList<>();
if (CollectionUtils.isEmpty(requestedClaims)) {
return piiCategoryIds;
}
for (ClaimMetaData requestedClaim : requestedClaims) {
if (requestedClaim == null || requestedClaim.getClaimUri() == null) {
continue;
}
PIICategory piiCategory;
try {
piiCategory = getConsentManager().getPIICategoryByName(requestedClaim.getClaimUri());
} catch (ConsentManagementClientException e) {
if (isInvalidPIICategoryError(e)) {
piiCategory = addPIICategoryForClaim(requestedClaim);
} else {
throw new SSOConsentServiceException("Consent PII category error", "Error while retrieving" + " PII category: " + DEFAULT_PURPOSE_CATEGORY, e);
}
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent PII category error", "Error while retrieving " + "PII category: " + DEFAULT_PURPOSE_CATEGORY, e);
}
PIICategoryValidity piiCategoryValidity = new PIICategoryValidity(piiCategory.getId(), termination);
piiCategoryValidity.setConsented(isConsented);
piiCategoryIds.add(piiCategoryValidity);
}
return piiCategoryIds;
}
Also used :
PIICategory(org.wso2.carbon.consent.mgt.core.model.PIICategory)
ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)
ArrayList(java.util.ArrayList)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
PIICategoryValidity(org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)
ConsentManagementClientException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementClientException)
Aggregations
ArrayList (java.util.ArrayList)10
SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)8
HashMap (java.util.HashMap)5
ClaimMetaData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData)5
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)3
ConsentManagementException (org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)3
PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)3
Receipt (org.wso2.carbon.consent.mgt.core.model.Receipt)3
SSOConsentDisabledException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)3
ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)3
Map (java.util.Map)2
JSONObject (org.json.JSONObject)2
PIICategory (org.wso2.carbon.consent.mgt.core.model.PIICategory)2
ConsentClaimsData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentClaimsData)2
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)2
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)2
ExternalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim)2
ConsentHandlingFailedException (org.wso2.carbon.identity.oauth.endpoint.exception.ConsentHandlingFailedException)2
RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)2
RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)2
