Search in sources :

Example 6 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class EndpointUtil method buildAuthenticationRequestCacheEntry.

private static AuthenticationRequestCacheEntry buildAuthenticationRequestCacheEntry(String clientId, boolean forceAuthenticate, boolean checkAuthentication, Map<String, String[]> reqParams) throws IdentityOAuth2Exception, URLBuilderException {
    AuthenticationRequest authenticationRequest = new AuthenticationRequest();
    int tenantId = OAuth2Util.getClientTenatId();
    // Build the authentication request context.
    String commonAuthCallerPath = ServiceURLBuilder.create().addPath(OAUTH2_AUTHORIZE).build().getRelativeInternalURL();
    authenticationRequest.setCommonAuthCallerPath(commonAuthCallerPath);
    authenticationRequest.setForceAuth(forceAuthenticate);
    authenticationRequest.setPassiveAuth(checkAuthentication);
    authenticationRequest.setRelyingParty(clientId);
    authenticationRequest.setTenantDomain(OAuth2Util.getTenantDomain(tenantId));
    authenticationRequest.setRequestQueryParams(reqParams);
    // Build an AuthenticationRequestCacheEntry which wraps AuthenticationRequestContext
    return new AuthenticationRequestCacheEntry(authenticationRequest);
}
Also used : AuthenticationRequest(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest) AuthenticationRequestCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry)

Example 7 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthResponseHandler method createAuthResponse.

/**
 * Creates CIBA AuthenticationResponse.
 *
 * @param cibaAuthCodeResponse CIBA Authentication Request Data Transfer Object.
 * @return Response for AuthenticationRequest.
 */
public Response createAuthResponse(@Context HttpServletResponse response, CibaAuthCodeResponse cibaAuthCodeResponse) {
    // Set the ExpiryTime.
    long expiresIn = cibaAuthCodeResponse.getExpiresIn();
    if (log.isDebugEnabled()) {
        log.debug("Setting ExpiryTime for the response to the  request made by client with clientID : " + cibaAuthCodeResponse.getClientId() + ".");
    }
    // Create authentication response.
    response.setContentType(MediaType.APPLICATION_JSON);
    // Creating authentication response for the request.
    JSONObject cibaAuthResponse = new JSONObject();
    cibaAuthResponse.put(CibaConstants.AUTH_REQ_ID, cibaAuthCodeResponse.getAuthReqId());
    cibaAuthResponse.put(CibaConstants.EXPIRES_IN, expiresIn);
    cibaAuthResponse.put(CibaConstants.INTERVAL, CibaConstants.INTERVAL_DEFAULT_VALUE_IN_SEC);
    if (log.isDebugEnabled()) {
        log.debug("Creating CIBA Authentication response to the request made by client with clientID : " + cibaAuthCodeResponse.getClientId() + ".");
    }
    Response.ResponseBuilder respBuilder = Response.status(HttpServletResponse.SC_OK);
    if (log.isDebugEnabled()) {
        log.debug("Returning CIBA Authentication Response for the request made by client with clientID : " + cibaAuthCodeResponse.getClientId() + ".");
    }
    return respBuilder.entity(cibaAuthResponse.toString()).build();
}
Also used : Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) CibaAuthCodeResponse(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse) JSONObject(net.minidev.json.JSONObject)

Example 8 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthResponseHandler method handleServerError.

/**
 * Handles server exception.
 *
 * @param cibaAuthFailureException Authentication Failure Exception.
 * @return Response for AuthenticationRequest.
 */
private Response handleServerError(CibaAuthFailureException cibaAuthFailureException) {
    // Creating error response for the request.
    JSONObject cibaErrorResponse = new JSONObject();
    cibaErrorResponse.put(ERROR, cibaAuthFailureException.getErrorCode());
    cibaErrorResponse.put(ERROR_DESCRIPRION, cibaAuthFailureException.getMessage());
    if (cibaAuthFailureException.getCause() != null) {
        log.error(cibaAuthFailureException);
    }
    Response.ResponseBuilder respBuilder = Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    return respBuilder.entity(cibaErrorResponse.toString()).build();
}
Also used : Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) CibaAuthCodeResponse(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse) JSONObject(net.minidev.json.JSONObject)

Example 9 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthRequestValidator method prepareAuthCodeRequest.

/**
 * Extracts validated parameters from request and prepare a DTO.
 *
 * @param request CIBA Authentication Request as a String.
 * @throws CibaAuthFailureException CIBA Authentication Failed Exception.
 */
public CibaAuthCodeRequest prepareAuthCodeRequest(String request) throws CibaAuthFailureException {
    CibaAuthCodeRequest cibaAuthCodeRequest = new CibaAuthCodeRequest();
    try {
        SignedJWT signedJWT = SignedJWT.parse(request);
        JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
        // Set the clientID since properly validated.
        cibaAuthCodeRequest.setIssuer(claimsSet.getIssuer());
        List<String> aud = claimsSet.getAudience();
        // Adding issuer of the request to AuthenticationRequest after validation.
        cibaAuthCodeRequest.setAudience(aud.toArray(new String[aud.size()]));
        // Adding user_hint to the CIBA authentication request after successful validation.
        if (claimsSet.getClaim(Constants.LOGIN_HINT) != null) {
            // Since we have multiple parameters for user hints we need this check.
            cibaAuthCodeRequest.setUserHint(String.valueOf(claimsSet.getClaim(Constants.LOGIN_HINT)));
        } else {
            if (claimsSet.getClaim(Constants.ID_TOKEN_HINT) != null) {
                cibaAuthCodeRequest.setUserHint(getUserfromIDToken(String.valueOf(claimsSet.getClaim(Constants.ID_TOKEN_HINT))));
            }
        }
        // Set the validated value to JWT.
        cibaAuthCodeRequest.setJwtId(claimsSet.getJWTID());
        // Setting the validated expiredTime of the AuthenticationRequest.
        cibaAuthCodeRequest.setExpiredTime(claimsSet.getExpirationTime().getTime());
        // Setting the validated IssuedTime.
        cibaAuthCodeRequest.setIssuedTime(claimsSet.getIssueTime().getTime());
        // Setting the validated NBF after validation of the AuthenticationRequest.
        cibaAuthCodeRequest.setNotBeforeTime(claimsSet.getNotBeforeTime().getTime());
        // Setting the scope of the AuthenticationRequest.
        cibaAuthCodeRequest.setScopes(OAuth2Util.buildScopeArray(claimsSet.getStringClaim(Constants.SCOPE)));
        // Setting scope to CIBA AuthenticationRequest after validation.
        cibaAuthCodeRequest.setAcrValues(buildACRArray(claimsSet.getStringClaim(Constants.ACR_VALUES)));
        // Setting binding_message to AuthenticationRequest after successful validation.
        cibaAuthCodeRequest.setBindingMessage(claimsSet.getStringClaim(CibaConstants.BINDING_MESSAGE));
        // Setting transaction_context to AuthenticationRequest after successful validation.
        JSONObject transactionContext = claimsSet.getJSONObjectClaim(CibaConstants.TRANSACTION_CONTEXT);
        if (transactionContext != null) {
            cibaAuthCodeRequest.setTransactionContext(transactionContext.toJSONString());
        }
        // Setting requested_expiry to AuthenticationRequest after successful validation.
        if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) != null) {
            if (claimsSet.getClaim(CibaConstants.REQUESTED_EXPIRY) instanceof String) {
                cibaAuthCodeRequest.setRequestedExpiry(Long.parseLong(claimsSet.getStringClaim(CibaConstants.REQUESTED_EXPIRY)));
            } else {
                cibaAuthCodeRequest.setRequestedExpiry(claimsSet.getLongClaim(CibaConstants.REQUESTED_EXPIRY));
            }
        } else {
            cibaAuthCodeRequest.setRequestedExpiry(0);
        }
    } catch (ParseException e) {
        throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, "Error when processing request parameters.", e);
    }
    return cibaAuthCodeRequest;
}
Also used : CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) JSONObject(net.minidev.json.JSONObject) CibaAuthCodeRequest(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeRequest) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException)

Example 10 with AuthenticationRequest

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest in project identity-inbound-auth-oauth by wso2-extensions.

the class CibaAuthServiceImpl method buildAuthCodeResponse.

/**
 * Builds and returns CibaAuthCodeResponse.
 *
 * @param cibaAuthCodeDO      DO with information regarding authenticationRequest.
 * @param cibaAuthCodeRequest Auth Code request object.
 * @throws CibaCoreException   Exception thrown from CibaCore Component.
 * @throws CibaClientException Client exception thrown from CibaCore Component.
 */
private CibaAuthCodeResponse buildAuthCodeResponse(CibaAuthCodeRequest cibaAuthCodeRequest, CibaAuthCodeDO cibaAuthCodeDO) throws CibaCoreException, CibaClientException {
    String clientID = cibaAuthCodeRequest.getIssuer();
    try {
        CibaAuthCodeResponse cibaAuthCodeResponse = new CibaAuthCodeResponse();
        String user = cibaAuthCodeRequest.getUserHint();
        OAuthAppDO appDO = OAuth2Util.getAppInformationByClientId(clientID);
        String callbackUri = appDO.getCallbackUrl();
        cibaAuthCodeResponse.setAuthReqId(cibaAuthCodeDO.getAuthReqId());
        cibaAuthCodeResponse.setCallBackUrl(callbackUri);
        cibaAuthCodeResponse.setUserHint(user);
        cibaAuthCodeResponse.setClientId(clientID);
        cibaAuthCodeResponse.setScopes(cibaAuthCodeRequest.getScopes());
        cibaAuthCodeResponse.setExpiresIn(cibaAuthCodeDO.getExpiresIn());
        if (StringUtils.isNotBlank(cibaAuthCodeRequest.getBindingMessage())) {
            cibaAuthCodeResponse.setBindingMessage(cibaAuthCodeRequest.getBindingMessage());
        }
        if (StringUtils.isNotBlank(cibaAuthCodeRequest.getTransactionContext())) {
            cibaAuthCodeResponse.setTransactionDetails(cibaAuthCodeRequest.getTransactionContext());
        }
        if (log.isDebugEnabled()) {
            log.debug("Successful in creating AuthCodeResponse for the client: " + clientID);
        }
        return cibaAuthCodeResponse;
    } catch (IdentityOAuth2Exception e) {
        throw new CibaCoreException("Error in creating AuthCodeResponse for the client: " + clientID, e);
    } catch (InvalidOAuthClientException e) {
        throw new CibaClientException("Error in creating AuthCodeResponse for the client: " + clientID, e);
    }
}
Also used : OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) CibaClientException(org.wso2.carbon.identity.oauth.ciba.exceptions.CibaClientException) CibaAuthCodeResponse(org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse) CibaCoreException(org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException) InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)

Aggregations

AuthenticationRequest (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest)5 HashMap (java.util.HashMap)4 JSONObject (net.minidev.json.JSONObject)4 AuthenticationRequestCacheEntry (org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry)4 CibaAuthCodeResponse (org.wso2.carbon.identity.oauth.ciba.model.CibaAuthCodeResponse)4 Map (java.util.Map)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Response (javax.ws.rs.core.Response)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 AuthenticationResultCacheEntry (org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 ParseException (java.text.ParseException)1 Enumeration (java.util.Enumeration)1 TreeMap (java.util.TreeMap)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 AuthenticationFrameworkWrapper (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationFrameworkWrapper)1 URLBuilderException (org.wso2.carbon.identity.core.URLBuilderException)1 CibaClientException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaClientException)1 CibaCoreException (org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException)1