use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleAuthenticationResponse.
private Response handleAuthenticationResponse(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException, ConsentHandlingFailedException {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> requestParams = new HashMap<>();
if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) {
oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> {
if (ArrayUtils.isNotEmpty(value)) {
requestParams.put(key, Arrays.asList(value));
}
});
}
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, requestParams, OAuthConstants.LogConstants.SUCCESS, "Received authentication response from Framework.", "receive-authn-response", null);
}
updateAuthTimeInSessionDataCacheEntry(oAuthMessage);
addSessionDataKeyToSessionDataCacheEntry(oAuthMessage);
OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
String tenantDomain = EndpointUtil.getSPTenantDomainFromClientId(oauth2Params.getClientId());
setSPAttributeToRequest(oAuthMessage.getRequest(), oauth2Params.getApplicationName(), tenantDomain);
String sessionDataKeyFromLogin = getSessionDataKeyFromLogin(oAuthMessage);
AuthenticationResult authnResult = getAuthenticationResult(oAuthMessage, sessionDataKeyFromLogin);
if (isAuthnResultFound(authnResult)) {
removeAuthenticationResult(oAuthMessage, sessionDataKeyFromLogin);
if (authnResult.isAuthenticated()) {
String userIdentifier = null;
if (authnResult.getSubject() != null) {
try {
userIdentifier = authnResult.getSubject().getUserId();
} catch (UserIdNotFoundException e) {
if (StringUtils.isNotBlank(authnResult.getSubject().getAuthenticatedSubjectIdentifier())) {
userIdentifier = authnResult.getSubject().getAuthenticatedSubjectIdentifier().replaceAll(".", "*");
}
}
}
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
if (userIdentifier != null) {
params.put("authenticatedUser", userIdentifier);
}
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Authentication is successful.", "validate-authn-status", null);
}
return handleSuccessfulAuthentication(oAuthMessage, oauth2Params, authnResult);
} else {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Authentication failed.", "validate-authn-status", null);
}
return handleFailedAuthentication(oAuthMessage, oauth2Params, authnResult);
}
} else {
if (LoggerUtils.isDiagnosticLogsEnabled()) {
Map<String, Object> params = new HashMap<>();
params.put("clientId", oAuthMessage.getClientId());
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Authentication status is empty.", "validate-authn-status", null);
}
return handleEmptyAuthenticationResult(oAuthMessage);
}
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project identity-governance by wso2-extensions.
the class RegexResolver method authenticateWithIdentifier.
@Override
public AuthenticationResult authenticateWithIdentifier(String loginAttributeValue, List<String> allowedAttributes, Object credential, String tenantDomain) {
AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.FAIL);
ClaimManager claimManager;
try {
if (allowedAttributes == null) {
return authenticationResult;
}
UserRealm userRealm = UserResolverUtil.getUserRealm(tenantDomain);
UniqueIDUserStoreManager userStoreManager = UserResolverUtil.getUserStoreManager(tenantDomain);
claimManager = userRealm.getClaimManager();
for (String claimURI : allowedAttributes) {
Claim claim = claimManager.getClaim(claimURI);
if (claim == null) {
continue;
}
String regex = claim.getRegEx();
if (StringUtils.isBlank(regex)) {
continue;
}
Pattern pattern = Pattern.compile(regex);
if (pattern.matcher(loginAttributeValue).matches()) {
authenticationResult = userStoreManager.authenticateWithID(claimURI, loginAttributeValue, credential, StringUtils.EMPTY);
if (AuthenticationResult.AuthenticationStatus.SUCCESS.equals(authenticationResult.getAuthenticationStatus())) {
break;
}
}
}
/*
If allowed attributes has only username claim, get authenticationResult even if
the username claim has no configured regex pattern.
*/
if (allowedAttributes.size() == 1 && allowedAttributes.contains(UserCoreClaimConstants.USERNAME_CLAIM_URI)) {
authenticationResult = userStoreManager.authenticateWithID(UserCoreClaimConstants.USERNAME_CLAIM_URI, loginAttributeValue, credential, StringUtils.EMPTY);
}
} catch (UserStoreException e) {
log.error("Error occurred while resolving authenticationResult", e);
}
return authenticationResult;
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project identity-governance by wso2-extensions.
the class MultiAttributeLoginServiceServiceImpl method authenticateWithIdentifier.
/**
* This method is used to authenticate user using multi attribute login identifier.
*
* @param loginIdentifierValue User entered login identifier.
* @param credential User credential.
* @param tenantDomain User tenant domain.
* @return AuthenticationResult.
*/
@Override
public AuthenticationResult authenticateWithIdentifier(String loginIdentifierValue, Object credential, String tenantDomain) {
AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.FAIL);
if (StringUtils.isNotBlank(loginIdentifierValue) && StringUtils.isNotBlank(tenantDomain)) {
List<String> allowedAttributes = getAllowedClaimsForTenant(tenantDomain);
authenticationResult = MultiAttributeLoginDataHolder.getInstance().getMultiAttributeLoginResolver().authenticateWithIdentifier(loginIdentifierValue, allowedAttributes, credential, tenantDomain);
}
return authenticationResult;
}
use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project product-is by wso2.
the class UUIDUserStoreManagerService method getAuthenticationResultDTOFromAuthenticationResult.
private AuthenticationResultDTO getAuthenticationResultDTOFromAuthenticationResult(AuthenticationResult authenticationResult) {
AuthenticationResultDTO authenticationResultDTO = new AuthenticationResultDTO();
authenticationResultDTO.setAuthenticatedSubjectIdentifier(authenticationResult.getAuthenticatedSubjectIdentifier());
authenticationResultDTO.setAuthenticatedUser(getUserDTO(authenticationResult.getAuthenticatedUser().orElse(new User())));
authenticationResultDTO.setAuthenticationStatus(getAuthenticationStatusDTOFromAuthenticationStatus(authenticationResult.getAuthenticationStatus()));
authenticationResultDTO.setFailureReason(getFailureReasonDTOFromFailureReason(authenticationResult.getFailureReason().orElse(new FailureReason())));
return authenticationResultDTO;
}
Aggregations