use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method handlePreConsent.
protected PostAuthnHandlerFlowStatus handlePreConsent(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
String spName = context.getSequenceConfig().getApplicationConfig().getApplicationName();
Map<String, String> claimMappings = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
// Should be removed once the issue is fixed
if (SP_NAME_DEFAULT.equalsIgnoreCase(spName)) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
AuthenticatedUser authenticatedUser = getAuthenticatedUser(context);
ServiceProvider serviceProvider = getServiceProvider(context);
try {
ConsentClaimsData consentClaimsData = getSSOConsentService().getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser);
if (isDebugEnabled()) {
String message = String.format("Retrieving required consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
removeClaimsWithoutConsent(context, consentClaimsData);
// Remove the claims which dont have values given by the user.
consentClaimsData.setRequestedClaims(removeConsentRequestedNullUserAttributes(consentClaimsData.getRequestedClaims(), authenticatedUser.getUserAttributes(), claimMappings));
if (hasConsentForRequiredClaims(consentClaimsData)) {
if (isDebugEnabled()) {
String message = String.format("Required consent data is empty for user: %s for service " + "provider: %s in tenant domain: %s. Post authentication completed.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
} else {
String mandatoryLocalClaims = buildConsentClaimString(consentClaimsData.getMandatoryClaims());
String requestedLocalClaims = buildConsentClaimString(consentClaimsData.getRequestedClaims());
if (isDebugEnabled()) {
String message = "Require consent for mandatory claims: %s, requested claims: %s, from user: %s " + "for service provider: %s in tenant domain: %s.";
message = String.format(message, consentClaimsData.getMandatoryClaims(), consentClaimsData.getRequestedClaims(), authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
redirectToConsentPage(response, context, requestedLocalClaims, mandatoryLocalClaims);
setConsentPoppedUpState(context);
context.addParameter(CONSENT_CLAIM_META_DATA, consentClaimsData);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
} catch (SSOConsentDisabledException e) {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
} catch (SSOConsentServiceException e) {
String error = String.format("Error occurred while retrieving consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
throw new PostAuthenticationFailedException("Authentication failed. Error occurred while processing user " + "consent.", error, e);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method removeDisapprovedClaims.
private void removeDisapprovedClaims(AuthenticationContext context, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException, PostAuthenticationFailedException {
String spStandardDialect = getStandardDialect(context);
List<String> claimWithConsent = getClaimsFromMetaData(getSSOConsentService().getClaimsWithConsents(getServiceProvider(context), authenticatedUser));
List<String> disapprovedClaims = getClaimsWithoutConsent(claimWithConsent, context);
if (isDebugEnabled()) {
String message = "Removing disapproved claims: %s in the dialect: %s by user: %s for service provider: %s" + " in tenant domain: %s.";
ServiceProvider serviceProvider = getServiceProvider(context);
message = String.format(message, disapprovedClaims, defaultString(spStandardDialect), getAuthenticatedUser(context).getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
removeUserClaimsFromContext(context, disapprovedClaims, spStandardDialect);
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getConsentRequiredClaimData.
private ConsentClaimsData getConsentRequiredClaimData(List<String> mandatoryClaims, List<String> requestedClaims, String tenantDomain) throws SSOConsentServiceException {
ConsentClaimsData consentClaimsData = new ConsentClaimsData();
try {
List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(tenantDomain);
List<ClaimMetaData> mandatoryClaimsMetaData = new ArrayList<>();
List<ClaimMetaData> requestedClaimsMetaData = new ArrayList<>();
int claimId = 0;
if (isNotEmpty(localClaims)) {
for (LocalClaim localClaim : localClaims) {
if (isAllRequiredClaimsChecked(mandatoryClaims, requestedClaims)) {
break;
}
String claimURI = localClaim.getClaimURI();
if (mandatoryClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
} else if (requestedClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
}
if (isNotEmpty(mandatoryClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
}
}
if (isNotEmpty(requestedClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
consentClaimsData.setMandatoryClaims(mandatoryClaimsMetaData);
consentClaimsData.setRequestedClaims(requestedClaimsMetaData);
} catch (ClaimMetadataException e) {
throw new SSOConsentServiceException("Error while retrieving local claims", "Error occurred while " + "retrieving local claims for tenant: " + tenantDomain, e);
}
return consentClaimsData;
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method addDefaultPurpose.
private Purpose addDefaultPurpose() throws SSOConsentServiceException {
Purpose purpose;
Purpose defaultPurpose = new Purpose(DEFAULT_PURPOSE, "For core functionalities of the product", DEFAULT_PURPOSE_GROUP, DEFAULT_PURPOSE_GROUP_TYPE);
try {
purpose = getConsentManager().addPurpose(defaultPurpose);
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent purpose error", "Error while adding purpose: " + DEFAULT_PURPOSE, e);
}
return purpose;
}
use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method addReceipt.
private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
AddReceiptResponse receiptResponse;
try {
startTenantFlowWithUser(subject, subjectTenantDomain);
receiptResponse = getConsentManager().addConsent(receiptInput);
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
if (isDebugEnabled()) {
logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
}
}
Aggregations