Search in sources :

Example 1 with SSOConsentServiceException

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method handlePreConsent.

protected PostAuthnHandlerFlowStatus handlePreConsent(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
    String spName = context.getSequenceConfig().getApplicationConfig().getApplicationName();
    Map<String, String> claimMappings = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
    // Should be removed once the issue is fixed
    if (SP_NAME_DEFAULT.equalsIgnoreCase(spName)) {
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    }
    AuthenticatedUser authenticatedUser = getAuthenticatedUser(context);
    ServiceProvider serviceProvider = getServiceProvider(context);
    try {
        ConsentClaimsData consentClaimsData = getSSOConsentService().getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser);
        if (isDebugEnabled()) {
            String message = String.format("Retrieving required consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
            logDebug(message);
        }
        removeClaimsWithoutConsent(context, consentClaimsData);
        // Remove the claims which dont have values given by the user.
        consentClaimsData.setRequestedClaims(removeConsentRequestedNullUserAttributes(consentClaimsData.getRequestedClaims(), authenticatedUser.getUserAttributes(), claimMappings));
        if (hasConsentForRequiredClaims(consentClaimsData)) {
            if (isDebugEnabled()) {
                String message = String.format("Required consent data is empty for user: %s for service " + "provider: %s in tenant domain: %s. Post authentication completed.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
                logDebug(message);
            }
            return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
        } else {
            String mandatoryLocalClaims = buildConsentClaimString(consentClaimsData.getMandatoryClaims());
            String requestedLocalClaims = buildConsentClaimString(consentClaimsData.getRequestedClaims());
            if (isDebugEnabled()) {
                String message = "Require consent for mandatory claims: %s, requested claims: %s, from user: %s " + "for service provider: %s in tenant domain: %s.";
                message = String.format(message, consentClaimsData.getMandatoryClaims(), consentClaimsData.getRequestedClaims(), authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
                logDebug(message);
            }
            redirectToConsentPage(response, context, requestedLocalClaims, mandatoryLocalClaims);
            setConsentPoppedUpState(context);
            context.addParameter(CONSENT_CLAIM_META_DATA, consentClaimsData);
            return PostAuthnHandlerFlowStatus.INCOMPLETE;
        }
    } catch (SSOConsentDisabledException e) {
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    } catch (SSOConsentServiceException e) {
        String error = String.format("Error occurred while retrieving consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
        throw new PostAuthenticationFailedException("Authentication failed. Error occurred while processing user " + "consent.", error, e);
    }
}
Also used : SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString) PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)

Example 2 with SSOConsentServiceException

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method removeDisapprovedClaims.

private void removeDisapprovedClaims(AuthenticationContext context, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException, PostAuthenticationFailedException {
    String spStandardDialect = getStandardDialect(context);
    List<String> claimWithConsent = getClaimsFromMetaData(getSSOConsentService().getClaimsWithConsents(getServiceProvider(context), authenticatedUser));
    List<String> disapprovedClaims = getClaimsWithoutConsent(claimWithConsent, context);
    if (isDebugEnabled()) {
        String message = "Removing disapproved claims: %s in the dialect: %s by user: %s for service provider: %s" + " in tenant domain: %s.";
        ServiceProvider serviceProvider = getServiceProvider(context);
        message = String.format(message, disapprovedClaims, defaultString(spStandardDialect), getAuthenticatedUser(context).getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
        logDebug(message);
    }
    removeUserClaimsFromContext(context, disapprovedClaims, spStandardDialect);
}
Also used : ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)

Example 3 with SSOConsentServiceException

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getConsentRequiredClaimData.

private ConsentClaimsData getConsentRequiredClaimData(List<String> mandatoryClaims, List<String> requestedClaims, String tenantDomain) throws SSOConsentServiceException {
    ConsentClaimsData consentClaimsData = new ConsentClaimsData();
    try {
        List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(tenantDomain);
        List<ClaimMetaData> mandatoryClaimsMetaData = new ArrayList<>();
        List<ClaimMetaData> requestedClaimsMetaData = new ArrayList<>();
        int claimId = 0;
        if (isNotEmpty(localClaims)) {
            for (LocalClaim localClaim : localClaims) {
                if (isAllRequiredClaimsChecked(mandatoryClaims, requestedClaims)) {
                    break;
                }
                String claimURI = localClaim.getClaimURI();
                if (mandatoryClaims.remove(claimURI)) {
                    ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
                    mandatoryClaimsMetaData.add(claimMetaData);
                    claimId++;
                } else if (requestedClaims.remove(claimURI)) {
                    ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
                    requestedClaimsMetaData.add(claimMetaData);
                    claimId++;
                }
            }
        }
        if (isNotEmpty(mandatoryClaims)) {
            for (String claimUri : mandatoryClaims) {
                ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
                mandatoryClaimsMetaData.add(claimMetaData);
                claimId++;
            }
        }
        if (isNotEmpty(requestedClaims)) {
            for (String claimUri : mandatoryClaims) {
                ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
                requestedClaimsMetaData.add(claimMetaData);
                claimId++;
            }
        }
        consentClaimsData.setMandatoryClaims(mandatoryClaimsMetaData);
        consentClaimsData.setRequestedClaims(requestedClaimsMetaData);
    } catch (ClaimMetadataException e) {
        throw new SSOConsentServiceException("Error while retrieving local claims", "Error occurred while " + "retrieving local claims for tenant: " + tenantDomain, e);
    }
    return consentClaimsData;
}
Also used : ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException) ArrayList(java.util.ArrayList) LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 4 with SSOConsentServiceException

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method addDefaultPurpose.

private Purpose addDefaultPurpose() throws SSOConsentServiceException {
    Purpose purpose;
    Purpose defaultPurpose = new Purpose(DEFAULT_PURPOSE, "For core functionalities of the product", DEFAULT_PURPOSE_GROUP, DEFAULT_PURPOSE_GROUP_TYPE);
    try {
        purpose = getConsentManager().addPurpose(defaultPurpose);
    } catch (ConsentManagementException e) {
        throw new SSOConsentServiceException("Consent purpose error", "Error while adding purpose: " + DEFAULT_PURPOSE, e);
    }
    return purpose;
}
Also used : ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) ConsentPurpose(org.wso2.carbon.consent.mgt.core.model.ConsentPurpose) Purpose(org.wso2.carbon.consent.mgt.core.model.Purpose)

Example 5 with SSOConsentServiceException

use of org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method addReceipt.

private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
    ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
    AddReceiptResponse receiptResponse;
    try {
        startTenantFlowWithUser(subject, subjectTenantDomain);
        receiptResponse = getConsentManager().addConsent(receiptInput);
    } catch (ConsentManagementException e) {
        throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    if (isDebugEnabled()) {
        logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
    }
}
Also used : AddReceiptResponse(org.wso2.carbon.consent.mgt.core.model.AddReceiptResponse) ReceiptInput(org.wso2.carbon.consent.mgt.core.model.ReceiptInput) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Aggregations

SSOConsentServiceException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)15 ArrayList (java.util.ArrayList)7 ConsentManagementException (org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException)7 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)6 HashMap (java.util.HashMap)5 SSOConsentDisabledException (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException)5 Receipt (org.wso2.carbon.consent.mgt.core.model.Receipt)4 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)4 ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)4 StringUtils.defaultString (org.apache.commons.lang.StringUtils.defaultString)3 ClaimMetaData (org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ClaimMetaData)3 Map (java.util.Map)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 JSONObject (org.json.JSONObject)2 ConsentPurpose (org.wso2.carbon.consent.mgt.core.model.ConsentPurpose)2 PIICategory (org.wso2.carbon.consent.mgt.core.model.PIICategory)2 PIICategoryValidity (org.wso2.carbon.consent.mgt.core.model.PIICategoryValidity)2 Purpose (org.wso2.carbon.consent.mgt.core.model.Purpose)2 PurposeCategory (org.wso2.carbon.consent.mgt.core.model.PurposeCategory)2 PostAuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)2