Search in sources :

Example 1 with BASIC_AUTH_MECHANISM

use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.BASIC_AUTH_MECHANISM in project carbon-identity-framework by wso2.

the class DefaultStepHandler method handle.

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
    if (context.getAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME) == null) {
        context.setAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME, System.currentTimeMillis());
    }
    StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(context.getCurrentStep());
    List<AuthenticatorConfig> authConfigList = stepConfig.getAuthenticatorList();
    String authenticatorNames = FrameworkUtils.getAuthenticatorIdPMappingString(authConfigList);
    String loginPage = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
    String fidp = request.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
    Map<String, AuthenticatedIdPData> authenticatedIdPs = context.getCurrentAuthenticatedIdPs();
    // NOTE : currentAuthenticatedIdPs (if not null) always contains the previousAuthenticatedIdPs
    if (MapUtils.isEmpty(authenticatedIdPs)) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("No current authenticated IDPs in the authentication context. " + "Continuing with the previous authenticated IDPs");
        }
        authenticatedIdPs = context.getPreviousAuthenticatedIdPs();
    }
    if (LOG.isDebugEnabled()) {
        if (MapUtils.isEmpty(authenticatedIdPs)) {
            LOG.debug("No previous authenticated IDPs found in the authentication context.");
        } else {
            LOG.debug(String.format("Found authenticated IdPs. Count: %d", authenticatedIdPs.size()));
        }
    }
    if (context.isPassiveAuthenticate() && MapUtils.isNotEmpty(context.getAuthenticatedIdPsOfApp())) {
        authenticatedIdPs = context.getAuthenticatedIdPsOfApp();
    }
    Map<String, AuthenticatorConfig> authenticatedStepIdps = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, authenticatedIdPs);
    // check passive authentication
    if (context.isPassiveAuthenticate()) {
        if (authenticatedStepIdps.isEmpty()) {
            context.setRequestAuthenticated(false);
        } else {
            String authenticatedIdP = authenticatedStepIdps.entrySet().iterator().next().getKey();
            AuthenticatedIdPData authenticatedIdPData = authenticatedIdPs.get(authenticatedIdP);
            populateStepConfigWithAuthenticationDetails(stepConfig, authenticatedIdPData, authenticatedStepIdps.get(authenticatedIdP));
            request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
        }
        stepConfig.setCompleted(true);
        return;
    } else {
        long authTime = 0;
        String maxAgeParam = request.getParameter(FrameworkConstants.RequestParams.MAX_AGE);
        if (StringUtils.isNotBlank(maxAgeParam) && StringUtils.isNotBlank(context.getSessionIdentifier())) {
            String loginTenantDomain = context.getLoginTenantDomain();
            long maxAge = Long.parseLong((maxAgeParam));
            if (FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.UPDATED_TIMESTAMP) != null) {
                authTime = Long.parseLong(FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.UPDATED_TIMESTAMP).toString());
            } else {
                authTime = Long.parseLong(FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.CREATED_TIMESTAMP).toString());
            }
            long currentTime = System.currentTimeMillis();
            if (maxAge < (currentTime - authTime) / 1000) {
                context.setForceAuthenticate(true);
            } else {
                context.setPreviousAuthTime(true);
            }
        }
    }
    if (request.getParameter(FrameworkConstants.RequestParams.USER_ABORT) != null && Boolean.parseBoolean(request.getParameter(FrameworkConstants.RequestParams.USER_ABORT))) {
        request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.USER_ABORT);
        stepConfig.setCompleted(true);
        return;
    }
    // if Request has fidp param and if this is the first step
    if (fidp != null && stepConfig.getOrder() == 1) {
        handleHomeRealmDiscovery(request, response, context);
        return;
    } else if (context.isReturning()) {
        // if this is a request from the multi-option page
        if (request.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR) != null && !request.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR).isEmpty()) {
            handleRequestFromLoginPage(request, response, context);
            return;
        } else {
            // if this is a response from external parties (e.g. federated IdPs)
            handleResponse(request, response, context);
            return;
        }
    } else if (ConfigurationFacade.getInstance().isDumbMode() && authenticatedIdPs.isEmpty()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Executing in Dumb mode");
        }
        try {
            request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
            response.sendRedirect(loginPage + ("?" + context.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(authenticatorNames, "UTF-8") + "&hrd=true");
        } catch (IOException e) {
            throw new FrameworkException(e.getMessage(), e);
        }
    } else {
        if (!(context.isForceAuthenticate() || stepConfig.isForced()) && !authenticatedStepIdps.isEmpty()) {
            Map.Entry<String, AuthenticatorConfig> entry = authenticatedStepIdps.entrySet().iterator().next();
            String idp = entry.getKey();
            AuthenticatorConfig authenticatorConfig = entry.getValue();
            if (context.isReAuthenticate()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Re-authenticating with " + idp + " IdP");
                }
                try {
                    context.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(idp, context.getTenantDomain()));
                } catch (IdentityProviderManagementException e) {
                    LOG.error("Exception while getting IdP by name", e);
                }
                doAuthentication(request, response, context, authenticatorConfig);
                return;
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Already authenticated. Skipping the step");
                }
                // skip the step if this is a normal request
                AuthenticatedIdPData authenticatedIdPData = authenticatedIdPs.get(idp);
                populateStepConfigWithAuthenticationDetails(stepConfig, authenticatedIdPData, authenticatedStepIdps.get(idp));
                context.getCurrentAuthenticatedIdPs().put(idp, authenticatedIdPData);
                stepConfig.setCompleted(true);
                request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
                return;
            }
        } else {
            // Find if step contains only a single authenticator with a single
            // IdP. If yes, don't send to the multi-option page. Call directly.
            boolean sendToPage = false;
            boolean isAuthFlowHandlerOrBasicAuthInMultiOptionStep = false;
            AuthenticatorConfig authenticatorConfig = null;
            // Are there multiple authenticators?
            if (authConfigList.size() > 1) {
                sendToPage = true;
                // redirecting to the multi option page.
                for (AuthenticatorConfig config : authConfigList) {
                    if ((config.getApplicationAuthenticator() instanceof AuthenticationFlowHandler) || (config.getApplicationAuthenticator() instanceof LocalApplicationAuthenticator && (BASIC_AUTH_MECHANISM).equalsIgnoreCase(config.getApplicationAuthenticator().getAuthMechanism()))) {
                        authenticatorConfig = config;
                        isAuthFlowHandlerOrBasicAuthInMultiOptionStep = true;
                        sendToPage = false;
                        break;
                    }
                }
            } else {
                // Are there multiple IdPs in the single authenticator?
                authenticatorConfig = authConfigList.get(0);
                if (authenticatorConfig.getIdpNames().size() > 1) {
                    sendToPage = true;
                }
            }
            if (!sendToPage) {
                // call directly
                if (!authenticatorConfig.getIdpNames().isEmpty()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Step contains only a single IdP. Going to call it directly");
                    }
                    // set the IdP to be called in the context
                    try {
                        context.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(authenticatorConfig.getIdpNames().get(0), context.getTenantDomain()));
                    } catch (IdentityProviderManagementException e) {
                        LOG.error("Exception while getting IdP by name", e);
                    }
                }
                doAuthentication(request, response, context, authenticatorConfig);
                /* If an authentication flow handler is redirected with incomplete status,
                    it will redirect to multi option page, as multi-option is available */
                if ((request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS)) == AuthenticatorFlowStatus.INCOMPLETE && isAuthFlowHandlerOrBasicAuthInMultiOptionStep) {
                    sendToMultiOptionPage(stepConfig, request, context, response, authenticatorNames);
                }
                return;
            } else {
                // else send to the multi option page.
                sendToMultiOptionPage(stepConfig, request, context, response, authenticatorNames);
                return;
            }
        }
    }
}
Also used : AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) IOException(java.io.IOException) LocalApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator) AuthenticationFlowHandler(org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler) Map(java.util.Map) HashMap(java.util.HashMap) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException) AuthenticatedIdPData(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData)

Aggregations

IOException (java.io.IOException)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 AuthenticationFlowHandler (org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler)1 LocalApplicationAuthenticator (org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator)1 AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)1 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)1 FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)1 AuthenticatedIdPData (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData)1 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)1