Search in sources :

Example 26 with AuthenticationResult

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleAuthenticationResponse.

private Response handleAuthenticationResponse(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException, ConsentHandlingFailedException {
    if (LoggerUtils.isDiagnosticLogsEnabled()) {
        Map<String, Object> requestParams = new HashMap<>();
        if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) {
            oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> {
                if (ArrayUtils.isNotEmpty(value)) {
                    requestParams.put(key, Arrays.asList(value));
                }
            });
        }
        LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, requestParams, OAuthConstants.LogConstants.SUCCESS, "Received authentication response from Framework.", "receive-authn-response", null);
    }
    updateAuthTimeInSessionDataCacheEntry(oAuthMessage);
    addSessionDataKeyToSessionDataCacheEntry(oAuthMessage);
    OAuth2Parameters oauth2Params = getOauth2Params(oAuthMessage);
    String tenantDomain = EndpointUtil.getSPTenantDomainFromClientId(oauth2Params.getClientId());
    setSPAttributeToRequest(oAuthMessage.getRequest(), oauth2Params.getApplicationName(), tenantDomain);
    String sessionDataKeyFromLogin = getSessionDataKeyFromLogin(oAuthMessage);
    AuthenticationResult authnResult = getAuthenticationResult(oAuthMessage, sessionDataKeyFromLogin);
    if (isAuthnResultFound(authnResult)) {
        removeAuthenticationResult(oAuthMessage, sessionDataKeyFromLogin);
        if (authnResult.isAuthenticated()) {
            String userIdentifier = null;
            if (authnResult.getSubject() != null) {
                try {
                    userIdentifier = authnResult.getSubject().getUserId();
                } catch (UserIdNotFoundException e) {
                    if (StringUtils.isNotBlank(authnResult.getSubject().getAuthenticatedSubjectIdentifier())) {
                        userIdentifier = authnResult.getSubject().getAuthenticatedSubjectIdentifier().replaceAll(".", "*");
                    }
                }
            }
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                Map<String, Object> params = new HashMap<>();
                params.put("clientId", oAuthMessage.getClientId());
                if (userIdentifier != null) {
                    params.put("authenticatedUser", userIdentifier);
                }
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Authentication is successful.", "validate-authn-status", null);
            }
            return handleSuccessfulAuthentication(oAuthMessage, oauth2Params, authnResult);
        } else {
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                Map<String, Object> params = new HashMap<>();
                params.put("clientId", oAuthMessage.getClientId());
                LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Authentication failed.", "validate-authn-status", null);
            }
            return handleFailedAuthentication(oAuthMessage, oauth2Params, authnResult);
        }
    } else {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            params.put("clientId", oAuthMessage.getClientId());
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "Authentication status is empty.", "validate-authn-status", null);
        }
        return handleEmptyAuthenticationResult(oAuthMessage);
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException) AuthenticationResult(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult)

Example 27 with AuthenticationResult

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project identity-governance by wso2-extensions.

the class RegexResolver method authenticateWithIdentifier.

@Override
public AuthenticationResult authenticateWithIdentifier(String loginAttributeValue, List<String> allowedAttributes, Object credential, String tenantDomain) {
    AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.FAIL);
    ClaimManager claimManager;
    try {
        if (allowedAttributes == null) {
            return authenticationResult;
        }
        UserRealm userRealm = UserResolverUtil.getUserRealm(tenantDomain);
        UniqueIDUserStoreManager userStoreManager = UserResolverUtil.getUserStoreManager(tenantDomain);
        claimManager = userRealm.getClaimManager();
        for (String claimURI : allowedAttributes) {
            Claim claim = claimManager.getClaim(claimURI);
            if (claim == null) {
                continue;
            }
            String regex = claim.getRegEx();
            if (StringUtils.isBlank(regex)) {
                continue;
            }
            Pattern pattern = Pattern.compile(regex);
            if (pattern.matcher(loginAttributeValue).matches()) {
                authenticationResult = userStoreManager.authenticateWithID(claimURI, loginAttributeValue, credential, StringUtils.EMPTY);
                if (AuthenticationResult.AuthenticationStatus.SUCCESS.equals(authenticationResult.getAuthenticationStatus())) {
                    break;
                }
            }
        }
        /*
            If allowed attributes has only username claim, get authenticationResult even if
            the username claim has no configured regex pattern.
             */
        if (allowedAttributes.size() == 1 && allowedAttributes.contains(UserCoreClaimConstants.USERNAME_CLAIM_URI)) {
            authenticationResult = userStoreManager.authenticateWithID(UserCoreClaimConstants.USERNAME_CLAIM_URI, loginAttributeValue, credential, StringUtils.EMPTY);
        }
    } catch (UserStoreException e) {
        log.error("Error occurred while resolving authenticationResult", e);
    }
    return authenticationResult;
}
Also used : ClaimManager(org.wso2.carbon.user.api.ClaimManager) Pattern(java.util.regex.Pattern) UserRealm(org.wso2.carbon.user.core.UserRealm) UniqueIDUserStoreManager(org.wso2.carbon.user.core.UniqueIDUserStoreManager) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Claim(org.wso2.carbon.user.api.Claim) AuthenticationResult(org.wso2.carbon.user.core.common.AuthenticationResult)

Example 28 with AuthenticationResult

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project identity-governance by wso2-extensions.

the class MultiAttributeLoginServiceServiceImpl method authenticateWithIdentifier.

/**
 * This method is used to authenticate user using multi attribute login identifier.
 *
 * @param loginIdentifierValue User entered login identifier.
 * @param credential           User credential.
 * @param tenantDomain         User tenant domain.
 * @return AuthenticationResult.
 */
@Override
public AuthenticationResult authenticateWithIdentifier(String loginIdentifierValue, Object credential, String tenantDomain) {
    AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.FAIL);
    if (StringUtils.isNotBlank(loginIdentifierValue) && StringUtils.isNotBlank(tenantDomain)) {
        List<String> allowedAttributes = getAllowedClaimsForTenant(tenantDomain);
        authenticationResult = MultiAttributeLoginDataHolder.getInstance().getMultiAttributeLoginResolver().authenticateWithIdentifier(loginIdentifierValue, allowedAttributes, credential, tenantDomain);
    }
    return authenticationResult;
}
Also used : AuthenticationResult(org.wso2.carbon.user.core.common.AuthenticationResult)

Example 29 with AuthenticationResult

use of org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult in project product-is by wso2.

the class UUIDUserStoreManagerService method getAuthenticationResultDTOFromAuthenticationResult.

private AuthenticationResultDTO getAuthenticationResultDTOFromAuthenticationResult(AuthenticationResult authenticationResult) {
    AuthenticationResultDTO authenticationResultDTO = new AuthenticationResultDTO();
    authenticationResultDTO.setAuthenticatedSubjectIdentifier(authenticationResult.getAuthenticatedSubjectIdentifier());
    authenticationResultDTO.setAuthenticatedUser(getUserDTO(authenticationResult.getAuthenticatedUser().orElse(new User())));
    authenticationResultDTO.setAuthenticationStatus(getAuthenticationStatusDTOFromAuthenticationStatus(authenticationResult.getAuthenticationStatus()));
    authenticationResultDTO.setFailureReason(getFailureReasonDTOFromFailureReason(authenticationResult.getFailureReason().orElse(new FailureReason())));
    return authenticationResultDTO;
}
Also used : User(org.wso2.carbon.user.core.common.User) AuthenticationResultDTO(org.wso2.carbon.identity.test.integration.service.dao.AuthenticationResultDTO) FailureReason(org.wso2.carbon.user.core.common.FailureReason)

Aggregations

AuthenticationResult (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult)15 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8 Test (org.testng.annotations.Test)8 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)7 AuthenticationResult (org.wso2.carbon.user.core.common.AuthenticationResult)6 AuthenticationResultCacheEntry (org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry)5 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)5 HashMap (java.util.HashMap)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4 AfterTest (org.testng.annotations.AfterTest)4 BeforeTest (org.testng.annotations.BeforeTest)4 RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)3 Response (javax.ws.rs.core.Response)3 OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)3 Matchers.anyString (org.mockito.Matchers.anyString)3 CommonAuthResponseWrapper (org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper)3 AbstractIdentityUserOperationEventListener (org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener)3 ResolvedUserResult (org.wso2.carbon.identity.multi.attribute.login.mgt.ResolvedUserResult)3