Examples with AuthenticationRequest org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest used on opensource projects

Example 1 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.

the class FrameworkUtils method getCommonAuthReqWithParams.

/**
 * Builds the wrapper, wrapping incoming request and information take from cache entry.
 *
 * @param request    Original request coming to authentication framework
 * @param cacheEntry Cache entry from the cache, which is added from calling servlets
 * @return
 */
public static HttpServletRequest getCommonAuthReqWithParams(HttpServletRequest request, AuthenticationRequestCacheEntry cacheEntry) {
    // add this functionality as a constructor
    Map<String, String[]> modifiableParameters = new TreeMap<String, String[]>();
    if (cacheEntry != null) {
        AuthenticationRequest authenticationRequest = cacheEntry.getAuthenticationRequest();
        if (!authenticationRequest.getRequestQueryParams().isEmpty()) {
            modifiableParameters.putAll(authenticationRequest.getRequestQueryParams());
        }
        // Adding field variables to wrapper
        if (authenticationRequest.getType() != null) {
            modifiableParameters.put(FrameworkConstants.RequestParams.TYPE, new String[] { authenticationRequest.getType() });
        }
        if (authenticationRequest.getCommonAuthCallerPath() != null) {
            modifiableParameters.put(FrameworkConstants.RequestParams.CALLER_PATH, new String[] { authenticationRequest.getCommonAuthCallerPath() });
        }
        if (authenticationRequest.getRelyingParty() != null) {
            modifiableParameters.put(FrameworkConstants.RequestParams.ISSUER, new String[] { authenticationRequest.getRelyingParty() });
        }
        if (authenticationRequest.getTenantDomain() != null && !IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
            modifiableParameters.put(FrameworkConstants.RequestParams.TENANT_DOMAIN, new String[] { authenticationRequest.getTenantDomain() });
        }
        modifiableParameters.put(FrameworkConstants.RequestParams.FORCE_AUTHENTICATE, new String[] { String.valueOf(authenticationRequest.getForceAuth()) });
        modifiableParameters.put(FrameworkConstants.RequestParams.PASSIVE_AUTHENTICATION, new String[] { String.valueOf(authenticationRequest.getPassiveAuth()) });
        if (log.isDebugEnabled()) {
            StringBuilder queryStringBuilder = new StringBuilder("");
            for (Map.Entry<String, String[]> entry : modifiableParameters.entrySet()) {
                StringBuilder paramValueBuilder = new StringBuilder("");
                String[] paramValueArr = entry.getValue();
                if (paramValueArr != null) {
                    for (String paramValue : paramValueArr) {
                        paramValueBuilder.append("{").append(paramValue).append("}");
                    }
                }
                queryStringBuilder.append("\n").append(entry.getKey() + "=" + paramValueBuilder.toString());
            }
            log.debug("\nInbound Request parameters: " + queryStringBuilder.toString());
        }
        return new AuthenticationFrameworkWrapper(request, modifiableParameters, authenticationRequest.getRequestHeaders());
    }
    return request;
}

Example 2 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.

the class IdentityProcessor method buildResponseForFrameworkLogout.

/**
 * Get IdentityResponseBuilder for framework logout
 *
 * @param context IdentityMessageContext
 * @return IdentityResponseBuilder
 */
protected FrameworkLogoutResponse.FrameworkLogoutResponseBuilder buildResponseForFrameworkLogout(IdentityMessageContext context) {
    IdentityRequest identityRequest = context.getRequest();
    Map<String, String[]> parameterMap = identityRequest.getParameterMap();
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    authenticationRequest.appendRequestQueryParams(parameterMap);
    Set<Map.Entry<String, String>> headers = new HashMap(identityRequest.getHeaderMap()).entrySet();
    for (Map.Entry<String, String> header : headers) {
        authenticationRequest.addHeader(header.getKey(), header.getValue());
    }
    authenticationRequest.setTenantDomain(identityRequest.getTenantDomain());
    authenticationRequest.setRelyingParty(getRelyingPartyId(context));
    authenticationRequest.setType(getType(context));
    try {
        authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getTenantQualifiedCallbackPath(context), StandardCharsets.UTF_8.name()));
    } catch (UnsupportedEncodingException e) {
        throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path " + getTenantQualifiedCallbackPath(context), e);
    }
    authenticationRequest.addRequestQueryParam(FrameworkConstants.RequestParams.LOGOUT, new String[] { "true" });
    AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
    String sessionDataKey = UUIDGenerator.generateUUID();
    authRequest.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
    FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
    InboundUtil.addContextToCache(sessionDataKey, context);
    FrameworkLogoutResponse.FrameworkLogoutResponseBuilder responseBuilder = new FrameworkLogoutResponse.FrameworkLogoutResponseBuilder(context);
    responseBuilder.setAuthName(getType(context));
    responseBuilder.setContextKey(sessionDataKey);
    responseBuilder.setCallbackPath(getTenantQualifiedCallbackPath(context));
    responseBuilder.setRelyingParty(getRelyingPartyId(context));
    // type parameter is using since framework checking it, but future it'll use AUTH_NAME
    responseBuilder.setAuthType(getType(context));
    String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
    responseBuilder.setRedirectURL(commonAuthURL);
    return responseBuilder;
}

Example 3 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthResponseHandler method handleClientException.

/**
 * Handles client exception.
 *
 * @param cibaAuthFailureException Authentication Failure Exception.
 * @return Response for AuthenticationRequest.
 */
private Response handleClientException(CibaAuthFailureException cibaAuthFailureException) {
    String errorCode = cibaAuthFailureException.getErrorCode();
    JSONObject cibaErrorResponse = new JSONObject();
    cibaErrorResponse.put(ERROR, cibaAuthFailureException.getErrorCode());
    cibaErrorResponse.put(ERROR_DESCRIPRION, cibaAuthFailureException.getMessage());
    Response.ResponseBuilder respBuilder;
    if (errorCode.equals(OAuth2ErrorCodes.INVALID_CLIENT)) {
        // Creating error response for the request.
        respBuilder = Response.status(HttpServletResponse.SC_UNAUTHORIZED);
    } else {
        respBuilder = Response.status(HttpServletResponse.SC_BAD_REQUEST);
    }
    return respBuilder.entity(cibaErrorResponse.toString()).build();
}

Example 4 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.

the class IdentityProcessor method buildResponseForFrameworkLogin.

/**
 * Get IdentityResponseBuilder for framework login
 *
 * @param context IdentityMessageContext
 * @return IdentityResponseBuilder
 */
protected FrameworkLoginResponse.FrameworkLoginResponseBuilder buildResponseForFrameworkLogin(IdentityMessageContext context) {
    IdentityRequest identityRequest = context.getRequest();
    Map<String, String[]> parameterMap = identityRequest.getParameterMap();
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    authenticationRequest.appendRequestQueryParams(parameterMap);
    Set<Map.Entry<String, String>> headers = new HashMap(identityRequest.getHeaderMap()).entrySet();
    for (Map.Entry<String, String> header : headers) {
        authenticationRequest.addHeader(header.getKey(), header.getValue());
    }
    authenticationRequest.setTenantDomain(identityRequest.getTenantDomain());
    authenticationRequest.setRelyingParty(getRelyingPartyId(context));
    authenticationRequest.setType(getType(context));
    authenticationRequest.setPassiveAuth(Boolean.parseBoolean(String.valueOf(context.getParameter(InboundConstants.PASSIVE_AUTH))));
    authenticationRequest.setForceAuth(Boolean.parseBoolean(String.valueOf(context.getParameter(InboundConstants.FORCE_AUTH))));
    try {
        authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getTenantQualifiedCallbackPath(context), StandardCharsets.UTF_8.name()));
    } catch (UnsupportedEncodingException e) {
        throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path " + getTenantQualifiedCallbackPath(context), e);
    }
    AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
    String sessionDataKey = UUIDGenerator.generateUUID();
    authRequest.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
    FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
    InboundUtil.addContextToCache(sessionDataKey, context);
    FrameworkLoginResponse.FrameworkLoginResponseBuilder responseBuilder = new FrameworkLoginResponse.FrameworkLoginResponseBuilder(context);
    responseBuilder.setAuthName(getType(context));
    responseBuilder.setContextKey(sessionDataKey);
    responseBuilder.setCallbackPath(getTenantQualifiedCallbackPath(context));
    responseBuilder.setRelyingParty(getRelyingPartyId(context));
    // type parameter is using since framework checking it, but future it'll use AUTH_NAME
    responseBuilder.setAuthType(getType(context));
    String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
    responseBuilder.setRedirectURL(commonAuthURL);
    return responseBuilder;
}

Example 5 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCLogoutServlet method sendToFrameworkForLogout.

private void sendToFrameworkForLogout(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    try {
        triggerLogoutHandlersForPreLogout(request, response);
    } catch (OIDCSessionManagementException e) {
        log.error("Error executing logout handlers on pre logout.");
        if (log.isDebugEnabled()) {
            log.debug("Error executing logout handlers on pre logout.", e);
        }
        response.sendRedirect(getRedirectURL(getErrorPageURL(OAuth2ErrorCodes.SERVER_ERROR, "User logout failed."), request));
    }
    // Generate a SessionDataKey. Authentication framework expects this parameter
    String sessionDataKey = UUID.randomUUID().toString();
    String opBrowserStateCookieValue = OIDCSessionManagementUtil.getOPBrowserStateCookie(request).getValue();
    // Add all parameters to authentication context before sending to authentication framework
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    Map<String, String[]> map = new HashMap<>();
    map.put(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM, new String[] { sessionDataKey });
    authenticationRequest.setRequestQueryParams(map);
    authenticationRequest.addRequestQueryParam(FrameworkConstants.RequestParams.LOGOUT, new String[] { "true" });
    try {
        authenticationRequest.setCommonAuthCallerPath(ServiceURLBuilder.create().addPath(OIDC_LOGOUT_ENDPOINT).build().getRelativeInternalURL());
    } catch (URLBuilderException e) {
        log.error("Error building commonauth caller path to send logout request to framework.", e);
        response.sendRedirect(getRedirectURL(getErrorPageURL(OAuth2ErrorCodes.SERVER_ERROR, "User logout failed."), request));
    }
    authenticationRequest.setPost(true);
    OIDCSessionDataCacheEntry cacheEntry = getSessionDataFromCache(opBrowserStateCookieValue);
    if (cacheEntry != null) {
        authenticationRequest.setRelyingParty(cacheEntry.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_CLIENT_ID_PARAM));
        authenticationRequest.setTenantDomain(cacheEntry.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_TENANT_DOMAIN_PARAM));
        addOPBSCookieValueToCacheEntry(opBrowserStateCookieValue, cacheEntry);
        addSessionDataToCache(sessionDataKey, cacheEntry);
    }
    // Add headers to AuthenticationRequestContext
    for (Enumeration e = request.getHeaderNames(); e.hasMoreElements(); ) {
        String headerName = e.nextElement().toString();
        authenticationRequest.addHeader(headerName, request.getHeader(headerName));
    }
    AuthenticationRequestCacheEntry authenticationRequestCacheEntry = new AuthenticationRequestCacheEntry(authenticationRequest);
    addAuthenticationRequestToRequest(request, authenticationRequestCacheEntry);
    OIDCSessionManagementUtil.removeOPBrowserStateCookie(request, response);
    sendRequestToFramework(request, response, sessionDataKey, FrameworkConstants.RequestType.CLAIM_TYPE_OIDC);
}