use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.
the class FrameworkUtils method getCommonAuthReqWithParams.
/**
* Builds the wrapper, wrapping incoming request and information take from cache entry.
*
* @param request Original request coming to authentication framework
* @param cacheEntry Cache entry from the cache, which is added from calling servlets
* @return
*/
public static HttpServletRequest getCommonAuthReqWithParams(HttpServletRequest request, AuthenticationRequestCacheEntry cacheEntry) {
// add this functionality as a constructor
Map<String, String[]> modifiableParameters = new TreeMap<String, String[]>();
if (cacheEntry != null) {
AuthenticationRequest authenticationRequest = cacheEntry.getAuthenticationRequest();
if (!authenticationRequest.getRequestQueryParams().isEmpty()) {
modifiableParameters.putAll(authenticationRequest.getRequestQueryParams());
}
// Adding field variables to wrapper
if (authenticationRequest.getType() != null) {
modifiableParameters.put(FrameworkConstants.RequestParams.TYPE, new String[] { authenticationRequest.getType() });
}
if (authenticationRequest.getCommonAuthCallerPath() != null) {
modifiableParameters.put(FrameworkConstants.RequestParams.CALLER_PATH, new String[] { authenticationRequest.getCommonAuthCallerPath() });
}
if (authenticationRequest.getRelyingParty() != null) {
modifiableParameters.put(FrameworkConstants.RequestParams.ISSUER, new String[] { authenticationRequest.getRelyingParty() });
}
if (authenticationRequest.getTenantDomain() != null && !IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
modifiableParameters.put(FrameworkConstants.RequestParams.TENANT_DOMAIN, new String[] { authenticationRequest.getTenantDomain() });
}
modifiableParameters.put(FrameworkConstants.RequestParams.FORCE_AUTHENTICATE, new String[] { String.valueOf(authenticationRequest.getForceAuth()) });
modifiableParameters.put(FrameworkConstants.RequestParams.PASSIVE_AUTHENTICATION, new String[] { String.valueOf(authenticationRequest.getPassiveAuth()) });
if (log.isDebugEnabled()) {
StringBuilder queryStringBuilder = new StringBuilder("");
for (Map.Entry<String, String[]> entry : modifiableParameters.entrySet()) {
StringBuilder paramValueBuilder = new StringBuilder("");
String[] paramValueArr = entry.getValue();
if (paramValueArr != null) {
for (String paramValue : paramValueArr) {
paramValueBuilder.append("{").append(paramValue).append("}");
}
}
queryStringBuilder.append("\n").append(entry.getKey() + "=" + paramValueBuilder.toString());
}
log.debug("\nInbound Request parameters: " + queryStringBuilder.toString());
}
return new AuthenticationFrameworkWrapper(request, modifiableParameters, authenticationRequest.getRequestHeaders());
}
return request;
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.
the class IdentityProcessor method buildResponseForFrameworkLogout.
/**
* Get IdentityResponseBuilder for framework logout
*
* @param context IdentityMessageContext
* @return IdentityResponseBuilder
*/
protected FrameworkLogoutResponse.FrameworkLogoutResponseBuilder buildResponseForFrameworkLogout(IdentityMessageContext context) {
IdentityRequest identityRequest = context.getRequest();
Map<String, String[]> parameterMap = identityRequest.getParameterMap();
AuthenticationRequest authenticationRequest = new AuthenticationRequest();
authenticationRequest.appendRequestQueryParams(parameterMap);
Set<Map.Entry<String, String>> headers = new HashMap(identityRequest.getHeaderMap()).entrySet();
for (Map.Entry<String, String> header : headers) {
authenticationRequest.addHeader(header.getKey(), header.getValue());
}
authenticationRequest.setTenantDomain(identityRequest.getTenantDomain());
authenticationRequest.setRelyingParty(getRelyingPartyId(context));
authenticationRequest.setType(getType(context));
try {
authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getTenantQualifiedCallbackPath(context), StandardCharsets.UTF_8.name()));
} catch (UnsupportedEncodingException e) {
throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path " + getTenantQualifiedCallbackPath(context), e);
}
authenticationRequest.addRequestQueryParam(FrameworkConstants.RequestParams.LOGOUT, new String[] { "true" });
AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
String sessionDataKey = UUIDGenerator.generateUUID();
authRequest.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
InboundUtil.addContextToCache(sessionDataKey, context);
FrameworkLogoutResponse.FrameworkLogoutResponseBuilder responseBuilder = new FrameworkLogoutResponse.FrameworkLogoutResponseBuilder(context);
responseBuilder.setAuthName(getType(context));
responseBuilder.setContextKey(sessionDataKey);
responseBuilder.setCallbackPath(getTenantQualifiedCallbackPath(context));
responseBuilder.setRelyingParty(getRelyingPartyId(context));
// type parameter is using since framework checking it, but future it'll use AUTH_NAME
responseBuilder.setAuthType(getType(context));
String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
responseBuilder.setRedirectURL(commonAuthURL);
return responseBuilder;
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class CibaAuthResponseHandler method handleClientException.
/**
* Handles client exception.
*
* @param cibaAuthFailureException Authentication Failure Exception.
* @return Response for AuthenticationRequest.
*/
private Response handleClientException(CibaAuthFailureException cibaAuthFailureException) {
String errorCode = cibaAuthFailureException.getErrorCode();
JSONObject cibaErrorResponse = new JSONObject();
cibaErrorResponse.put(ERROR, cibaAuthFailureException.getErrorCode());
cibaErrorResponse.put(ERROR_DESCRIPRION, cibaAuthFailureException.getMessage());
Response.ResponseBuilder respBuilder;
if (errorCode.equals(OAuth2ErrorCodes.INVALID_CLIENT)) {
// Creating error response for the request.
respBuilder = Response.status(HttpServletResponse.SC_UNAUTHORIZED);
} else {
respBuilder = Response.status(HttpServletResponse.SC_BAD_REQUEST);
}
return respBuilder.entity(cibaErrorResponse.toString()).build();
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project carbon-identity-framework by wso2.
the class IdentityProcessor method buildResponseForFrameworkLogin.
/**
* Get IdentityResponseBuilder for framework login
*
* @param context IdentityMessageContext
* @return IdentityResponseBuilder
*/
protected FrameworkLoginResponse.FrameworkLoginResponseBuilder buildResponseForFrameworkLogin(IdentityMessageContext context) {
IdentityRequest identityRequest = context.getRequest();
Map<String, String[]> parameterMap = identityRequest.getParameterMap();
AuthenticationRequest authenticationRequest = new AuthenticationRequest();
authenticationRequest.appendRequestQueryParams(parameterMap);
Set<Map.Entry<String, String>> headers = new HashMap(identityRequest.getHeaderMap()).entrySet();
for (Map.Entry<String, String> header : headers) {
authenticationRequest.addHeader(header.getKey(), header.getValue());
}
authenticationRequest.setTenantDomain(identityRequest.getTenantDomain());
authenticationRequest.setRelyingParty(getRelyingPartyId(context));
authenticationRequest.setType(getType(context));
authenticationRequest.setPassiveAuth(Boolean.parseBoolean(String.valueOf(context.getParameter(InboundConstants.PASSIVE_AUTH))));
authenticationRequest.setForceAuth(Boolean.parseBoolean(String.valueOf(context.getParameter(InboundConstants.FORCE_AUTH))));
try {
authenticationRequest.setCommonAuthCallerPath(URLEncoder.encode(getTenantQualifiedCallbackPath(context), StandardCharsets.UTF_8.name()));
} catch (UnsupportedEncodingException e) {
throw FrameworkRuntimeException.error("Error occurred while URL encoding callback path " + getTenantQualifiedCallbackPath(context), e);
}
AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
String sessionDataKey = UUIDGenerator.generateUUID();
authRequest.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
InboundUtil.addContextToCache(sessionDataKey, context);
FrameworkLoginResponse.FrameworkLoginResponseBuilder responseBuilder = new FrameworkLoginResponse.FrameworkLoginResponseBuilder(context);
responseBuilder.setAuthName(getType(context));
responseBuilder.setContextKey(sessionDataKey);
responseBuilder.setCallbackPath(getTenantQualifiedCallbackPath(context));
responseBuilder.setRelyingParty(getRelyingPartyId(context));
// type parameter is using since framework checking it, but future it'll use AUTH_NAME
responseBuilder.setAuthType(getType(context));
String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, true, true);
responseBuilder.setRedirectURL(commonAuthURL);
return responseBuilder;
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.
the class OIDCLogoutServlet method sendToFrameworkForLogout.
private void sendToFrameworkForLogout(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
triggerLogoutHandlersForPreLogout(request, response);
} catch (OIDCSessionManagementException e) {
log.error("Error executing logout handlers on pre logout.");
if (log.isDebugEnabled()) {
log.debug("Error executing logout handlers on pre logout.", e);
}
response.sendRedirect(getRedirectURL(getErrorPageURL(OAuth2ErrorCodes.SERVER_ERROR, "User logout failed."), request));
}
// Generate a SessionDataKey. Authentication framework expects this parameter
String sessionDataKey = UUID.randomUUID().toString();
String opBrowserStateCookieValue = OIDCSessionManagementUtil.getOPBrowserStateCookie(request).getValue();
// Add all parameters to authentication context before sending to authentication framework
AuthenticationRequest authenticationRequest = new AuthenticationRequest();
Map<String, String[]> map = new HashMap<>();
map.put(OIDCSessionConstants.OIDC_SESSION_DATA_KEY_PARAM, new String[] { sessionDataKey });
authenticationRequest.setRequestQueryParams(map);
authenticationRequest.addRequestQueryParam(FrameworkConstants.RequestParams.LOGOUT, new String[] { "true" });
try {
authenticationRequest.setCommonAuthCallerPath(ServiceURLBuilder.create().addPath(OIDC_LOGOUT_ENDPOINT).build().getRelativeInternalURL());
} catch (URLBuilderException e) {
log.error("Error building commonauth caller path to send logout request to framework.", e);
response.sendRedirect(getRedirectURL(getErrorPageURL(OAuth2ErrorCodes.SERVER_ERROR, "User logout failed."), request));
}
authenticationRequest.setPost(true);
OIDCSessionDataCacheEntry cacheEntry = getSessionDataFromCache(opBrowserStateCookieValue);
if (cacheEntry != null) {
authenticationRequest.setRelyingParty(cacheEntry.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_CLIENT_ID_PARAM));
authenticationRequest.setTenantDomain(cacheEntry.getParamMap().get(OIDCSessionConstants.OIDC_CACHE_TENANT_DOMAIN_PARAM));
addOPBSCookieValueToCacheEntry(opBrowserStateCookieValue, cacheEntry);
addSessionDataToCache(sessionDataKey, cacheEntry);
}
// Add headers to AuthenticationRequestContext
for (Enumeration e = request.getHeaderNames(); e.hasMoreElements(); ) {
String headerName = e.nextElement().toString();
authenticationRequest.addHeader(headerName, request.getHeader(headerName));
}
AuthenticationRequestCacheEntry authenticationRequestCacheEntry = new AuthenticationRequestCacheEntry(authenticationRequest);
addAuthenticationRequestToRequest(request, authenticationRequestCacheEntry);
OIDCSessionManagementUtil.removeOPBrowserStateCookie(request, response);
sendRequestToFramework(request, response, sessionDataKey, FrameworkConstants.RequestType.CLAIM_TYPE_OIDC);
}
Aggregations