Search in sources :

Example 1 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.

the class FrameworkUtils method getCommonAuthReqWithParams.

/**
 * Builds the wrapper, wrapping incoming request and information take from cache entry.
 *
 * @param request    Original request coming to authentication framework
 * @param cacheEntry Cache entry from the cache, which is added from calling servlets
 * @return
 */
public static HttpServletRequest getCommonAuthReqWithParams(HttpServletRequest request, AuthenticationRequestCacheEntry cacheEntry) {
    // add this functionality as a constructor
    Map<String, String[]> modifiableParameters = new TreeMap<String, String[]>();
    if (cacheEntry != null) {
        AuthenticationRequest authenticationRequest = cacheEntry.getAuthenticationRequest();
        if (!authenticationRequest.getRequestQueryParams().isEmpty()) {
            modifiableParameters.putAll(authenticationRequest.getRequestQueryParams());
        }
        // Adding field variables to wrapper
        if (authenticationRequest.getType() != null) {
            modifiableParameters.put(FrameworkConstants.RequestParams.TYPE, new String[] { authenticationRequest.getType() });
        }
        if (authenticationRequest.getCommonAuthCallerPath() != null) {
            modifiableParameters.put(FrameworkConstants.RequestParams.CALLER_PATH, new String[] { authenticationRequest.getCommonAuthCallerPath() });
        }
        if (authenticationRequest.getRelyingParty() != null) {
            modifiableParameters.put(FrameworkConstants.RequestParams.ISSUER, new String[] { authenticationRequest.getRelyingParty() });
        }
        if (authenticationRequest.getTenantDomain() != null && !IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
            modifiableParameters.put(FrameworkConstants.RequestParams.TENANT_DOMAIN, new String[] { authenticationRequest.getTenantDomain() });
        }
        modifiableParameters.put(FrameworkConstants.RequestParams.FORCE_AUTHENTICATE, new String[] { String.valueOf(authenticationRequest.getForceAuth()) });
        modifiableParameters.put(FrameworkConstants.RequestParams.PASSIVE_AUTHENTICATION, new String[] { String.valueOf(authenticationRequest.getPassiveAuth()) });
        if (log.isDebugEnabled()) {
            StringBuilder queryStringBuilder = new StringBuilder("");
            for (Map.Entry<String, String[]> entry : modifiableParameters.entrySet()) {
                StringBuilder paramValueBuilder = new StringBuilder("");
                String[] paramValueArr = entry.getValue();
                if (paramValueArr != null) {
                    for (String paramValue : paramValueArr) {
                        paramValueBuilder.append("{").append(paramValue).append("}");
                    }
                }
                queryStringBuilder.append("\n").append(entry.getKey() + "=" + paramValueBuilder.toString());
            }
            log.debug("\nInbound Request parameters: " + queryStringBuilder.toString());
        }
        return new AuthenticationFrameworkWrapper(request, modifiableParameters, authenticationRequest.getRequestHeaders());
    }
    return request;
}
Also used : TreeMap(java.util.TreeMap) AuthenticationRequest(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest) Map(java.util.Map) TreeMap(java.util.TreeMap) HashMap(java.util.HashMap) AuthenticationFrameworkWrapper(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationFrameworkWrapper)

Example 2 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.

the class IdentityProcessor method buildResponseForFrameworkLogout.

/**
 * Get IdentityResponseBuilder for framework logout
 *
 * @param context IdentityMessageContext
 * @return IdentityResponseBuilder
 */
protected FrameworkLogoutResponse.FrameworkLogoutResponseBuilder buildResponseForFrameworkLogout(IdentityMessageContext context) {
    IdentityRequest identityRequest = context.getRequest();
    Map<String, String[]> parameterMap = identityRequest.getParameterMap();
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    authenticationRequest.appendRequestQueryParams(parameterMap);
    Set<Map.Entry<String, String>> headers = new HashMap(identityRequest.getHeaderMap()).entrySet();
    for (Map.Entry<String, String> header : headers) {
        authenticationRequest.addHeader(header.getKey(), header.getValue());
    }
    authenticationRequest.setTenantDomain(identityRequest.getTenantDomain());
    authenticationRequest.setRelyingParty(getRelyingPartyId(context));
    authenticationRequest.setType(getType(context));
    try {
        authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getTenantQualifiedCallbackPath(context), StandardCharsets.UTF_8.name()));
    } catch (UnsupportedEncodingException e) {
        throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path " + getTenantQualifiedCallbackPath(context), e);
    }
    authenticationRequest.addRequestQueryParam(FrameworkConstants.RequestParams.LOGOUT, new String[] { "true" });
    AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
    String sessionDataKey = UUIDGenerator.generateUUID();
    authRequest.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
    FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
    InboundUtil.addContextToCache(sessionDataKey, context);
    FrameworkLogoutResponse.FrameworkLogoutResponseBuilder responseBuilder = new FrameworkLogoutResponse.FrameworkLogoutResponseBuilder(context);
    responseBuilder.setAuthName(getType(context));
    responseBuilder.setContextKey(sessionDataKey);
    responseBuilder.setCallbackPath(getTenantQualifiedCallbackPath(context));
    responseBuilder.setRelyingParty(getRelyingPartyId(context));
    // type parameter is using since framework checking it, but future it'll use AUTH_NAME
    responseBuilder.setAuthType(getType(context));
    String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
    responseBuilder.setRedirectURL(commonAuthURL);
    return responseBuilder;
}
Also used : HashMap(java.util.HashMap) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry) AuthenticationResultCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry) AuthenticationRequest(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest) HashMap(java.util.HashMap) Map(java.util.Map)

Example 3 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthResponseHandler method handleClientException.

/**
 * Handles client exception.
 *
 * @param cibaAuthFailureException Authentication Failure Exception.
 * @return Response for AuthenticationRequest.
 */
private Response handleClientException(CibaAuthFailureException cibaAuthFailureException) {
    String errorCode = cibaAuthFailureException.getErrorCode();
    JSONObject cibaErrorResponse = new JSONObject();
    cibaErrorResponse.put(ERROR, cibaAuthFailureException.getErrorCode());
    cibaErrorResponse.put(ERROR_DESCRIPRION, cibaAuthFailureException.getMessage());
    Response.ResponseBuilder respBuilder;
    if (errorCode.equals(OAuth2ErrorCodes.INVALID_CLIENT)) {
        // Creating error response for the request.
        respBuilder = Response.status(HttpServletResponse.SC_UNAUTHORIZED);
    } else {
        respBuilder = Response.status(HttpServletResponse.SC_BAD_REQUEST);
    }
    return respBuilder.entity(cibaErrorResponse.toString()).build();
}
Also used : Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) CibaAuthCodeResponse(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse) JSONObject(net.minidev.json.JSONObject)

Example 4 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.

the class IdentityProcessor method buildResponseForFrameworkLogin.

/**
 * Get IdentityResponseBuilder for framework login
 *
 * @param context IdentityMessageContext
 * @return IdentityResponseBuilder
 */
protected FrameworkLoginResponse.FrameworkLoginResponseBuilder buildResponseForFrameworkLogin(IdentityMessageContext context) {
    IdentityRequest identityRequest = context.getRequest();
    Map<String, String[]> parameterMap = identityRequest.getParameterMap();
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    authenticationRequest.appendRequestQueryParams(parameterMap);
    Set<Map.Entry<String, String>> headers = new HashMap(identityRequest.getHeaderMap()).entrySet();
    for (Map.Entry<String, String> header : headers) {
        authenticationRequest.addHeader(header.getKey(), header.getValue());
    }
    authenticationRequest.setTenantDomain(identityRequest.getTenantDomain());
    authenticationRequest.setRelyingParty(getRelyingPartyId(context));
    authenticationRequest.setType(getType(context));
    authenticationRequest.setPassiveAuth(Boolean.parseBoolean(String.valueOf(context.getParameter(InboundConstants.PASSIVE_AUTH))));
    authenticationRequest.setForceAuth(Boolean.parseBoolean(String.valueOf(context.getParameter(InboundConstants.FORCE_AUTH))));
    try {
        authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getTenantQualifiedCallbackPath(context), StandardCharsets.UTF_8.name()));
    } catch (UnsupportedEncodingException e) {
        throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path " + getTenantQualifiedCallbackPath(context), e);
    }
    AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
    String sessionDataKey = UUIDGenerator.generateUUID();
    authRequest.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
    FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
    InboundUtil.addContextToCache(sessionDataKey, context);
    FrameworkLoginResponse.FrameworkLoginResponseBuilder responseBuilder = new FrameworkLoginResponse.FrameworkLoginResponseBuilder(context);
    responseBuilder.setAuthName(getType(context));
    responseBuilder.setContextKey(sessionDataKey);
    responseBuilder.setCallbackPath(getTenantQualifiedCallbackPath(context));
    responseBuilder.setRelyingParty(getRelyingPartyId(context));
    // type parameter is using since framework checking it, but future it'll use AUTH_NAME
    responseBuilder.setAuthType(getType(context));
    String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
    responseBuilder.setRedirectURL(commonAuthURL);
    return responseBuilder;
}
Also used : HashMap(java.util.HashMap) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry) AuthenticationResultCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry) AuthenticationRequest(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest) HashMap(java.util.HashMap) Map(java.util.Map)

Example 5 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCLogoutServlet method sendToFrameworkForLogout.

private void sendToFrameworkForLogout(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    try {
        triggerLogoutHandlersForPreLogout(request, response);
    } catch (OIDCSessionManagementException e) {
        log.error("Error executing logout handlers on pre logout.");
        if (log.isDebugEnabled()) {
            log.debug("Error executing logout handlers on pre logout.", e);
        }
        response.sendRedirect(getRedirectURL(getErrorPageURL(OAuth2ErrorCodes.SERVER_ERROR, "User logout failed."), request));
    }
    // Generate a SessionDataKey. Authentication framework expects this parameter
    String sessionDataKey = UUID.randomUUID().toString();
    String opBrowserStateCookieValue = OIDCSessionManagementUtil.getOPBrowserStateCookie(request).getValue();
    // Add all parameters to authentication context before sending to authentication framework
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    Map<String, String[]> map = new HashMap<>();
    map.put(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM, new String[] { sessionDataKey });
    authenticationRequest.setRequestQueryParams(map);
    authenticationRequest.addRequestQueryParam(FrameworkConstants.RequestParams.LOGOUT, new String[] { "true" });
    try {
        authenticationRequest.setCommonAuthCallerPath(ServiceURLBuilder.create().addPath(OIDC_LOGOUT_ENDPOINT).build().getRelativeInternalURL());
    } catch (URLBuilderException e) {
        log.error("Error building commonauth caller path to send logout request to framework.", e);
        response.sendRedirect(getRedirectURL(getErrorPageURL(OAuth2ErrorCodes.SERVER_ERROR, "User logout failed."), request));
    }
    authenticationRequest.setPost(true);
    OIDCSessionDataCacheEntry cacheEntry = getSessionDataFromCache(opBrowserStateCookieValue);
    if (cacheEntry != null) {
        authenticationRequest.setRelyingParty(cacheEntry.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_CLIENT_ID_PARAM));
        authenticationRequest.setTenantDomain(cacheEntry.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_TENANT_DOMAIN_PARAM));
        addOPBSCookieValueToCacheEntry(opBrowserStateCookieValue, cacheEntry);
        addSessionDataToCache(sessionDataKey, cacheEntry);
    }
    // Add headers to AuthenticationRequestContext
    for (Enumeration e = request.getHeaderNames(); e.hasMoreElements(); ) {
        String headerName = e.nextElement().toString();
        authenticationRequest.addHeader(headerName, request.getHeader(headerName));
    }
    AuthenticationRequestCacheEntry authenticationRequestCacheEntry = new AuthenticationRequestCacheEntry(authenticationRequest);
    addAuthenticationRequestToRequest(request, authenticationRequestCacheEntry);
    OIDCSessionManagementUtil.removeOPBrowserStateCookie(request, response);
    sendRequestToFramework(request, response, sessionDataKey, FrameworkConstants.RequestType.CLAIM_TYPE_OIDC);
}
Also used : URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException) Enumeration(java.util.Enumeration) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) OIDCSessionDataCacheEntry(org.wso2.carbon.identity.oidc.session.cache.OIDCSessionDataCacheEntry) AuthenticationRequest(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest) OIDCSessionManagementException(org.wso2.carbon.identity.oidc.session.OIDCSessionManagementException) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry)

Aggregations

AuthenticationRequest (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest)5 HashMap (java.util.HashMap)4 JSONObject (net.minidev.json.JSONObject)4 AuthenticationRequestCacheEntry (org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry)4 CibaAuthCodeResponse (org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse)4 Map (java.util.Map)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Response (javax.ws.rs.core.Response)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 AuthenticationResultCacheEntry (org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 ParseException (java.text.ParseException)1 Enumeration (java.util.Enumeration)1 TreeMap (java.util.TreeMap)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 AuthenticationFrameworkWrapper (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationFrameworkWrapper)1 URLBuilderException (org.wso2.carbon.identity.core.URLBuilderException)1 CibaClientException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaClientException)1 CibaCoreException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException)1