use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.BASIC_AUTH_MECHANISM in project carbon-identity-framework by wso2.
the class DefaultStepHandler method handle.
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
if (context.getAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME) == null) {
context.setAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME, System.currentTimeMillis());
}
StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(context.getCurrentStep());
List<AuthenticatorConfig> authConfigList = stepConfig.getAuthenticatorList();
String authenticatorNames = FrameworkUtils.getAuthenticatorIdPMappingString(authConfigList);
String loginPage = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
String fidp = request.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
Map<String, AuthenticatedIdPData> authenticatedIdPs = context.getCurrentAuthenticatedIdPs();
// NOTE : currentAuthenticatedIdPs (if not null) always contains the previousAuthenticatedIdPs
if (MapUtils.isEmpty(authenticatedIdPs)) {
if (LOG.isDebugEnabled()) {
LOG.debug("No current authenticated IDPs in the authentication context. " + "Continuing with the previous authenticated IDPs");
}
authenticatedIdPs = context.getPreviousAuthenticatedIdPs();
}
if (LOG.isDebugEnabled()) {
if (MapUtils.isEmpty(authenticatedIdPs)) {
LOG.debug("No previous authenticated IDPs found in the authentication context.");
} else {
LOG.debug(String.format("Found authenticated IdPs. Count: %d", authenticatedIdPs.size()));
}
}
if (context.isPassiveAuthenticate() && MapUtils.isNotEmpty(context.getAuthenticatedIdPsOfApp())) {
authenticatedIdPs = context.getAuthenticatedIdPsOfApp();
}
Map<String, AuthenticatorConfig> authenticatedStepIdps = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, authenticatedIdPs);
// check passive authentication
if (context.isPassiveAuthenticate()) {
if (authenticatedStepIdps.isEmpty()) {
context.setRequestAuthenticated(false);
} else {
String authenticatedIdP = authenticatedStepIdps.entrySet().iterator().next().getKey();
AuthenticatedIdPData authenticatedIdPData = authenticatedIdPs.get(authenticatedIdP);
populateStepConfigWithAuthenticationDetails(stepConfig, authenticatedIdPData, authenticatedStepIdps.get(authenticatedIdP));
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
}
stepConfig.setCompleted(true);
return;
} else {
long authTime = 0;
String maxAgeParam = request.getParameter(FrameworkConstants.RequestParams.MAX_AGE);
if (StringUtils.isNotBlank(maxAgeParam) && StringUtils.isNotBlank(context.getSessionIdentifier())) {
String loginTenantDomain = context.getLoginTenantDomain();
long maxAge = Long.parseLong((maxAgeParam));
if (FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.UPDATED_TIMESTAMP) != null) {
authTime = Long.parseLong(FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.UPDATED_TIMESTAMP).toString());
} else {
authTime = Long.parseLong(FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.CREATED_TIMESTAMP).toString());
}
long currentTime = System.currentTimeMillis();
if (maxAge < (currentTime - authTime) / 1000) {
context.setForceAuthenticate(true);
} else {
context.setPreviousAuthTime(true);
}
}
}
if (request.getParameter(FrameworkConstants.RequestParams.USER_ABORT) != null && Boolean.parseBoolean(request.getParameter(FrameworkConstants.RequestParams.USER_ABORT))) {
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.USER_ABORT);
stepConfig.setCompleted(true);
return;
}
// if Request has fidp param and if this is the first step
if (fidp != null && stepConfig.getOrder() == 1) {
handleHomeRealmDiscovery(request, response, context);
return;
} else if (context.isReturning()) {
// if this is a request from the multi-option page
if (request.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR) != null && !request.getParameter(FrameworkConstants.RequestParams.AUTHENTICATOR).isEmpty()) {
handleRequestFromLoginPage(request, response, context);
return;
} else {
// if this is a response from external parties (e.g. federated IdPs)
handleResponse(request, response, context);
return;
}
} else if (ConfigurationFacade.getInstance().isDumbMode() && authenticatedIdPs.isEmpty()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Executing in Dumb mode");
}
try {
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
response.sendRedirect(loginPage + ("?" + context.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(authenticatorNames, "UTF-8") + "&hrd=true");
} catch (IOException e) {
throw new FrameworkException(e.getMessage(), e);
}
} else {
if (!(context.isForceAuthenticate() || stepConfig.isForced()) && !authenticatedStepIdps.isEmpty()) {
Map.Entry<String, AuthenticatorConfig> entry = authenticatedStepIdps.entrySet().iterator().next();
String idp = entry.getKey();
AuthenticatorConfig authenticatorConfig = entry.getValue();
if (context.isReAuthenticate()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Re-authenticating with " + idp + " IdP");
}
try {
context.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(idp, context.getTenantDomain()));
} catch (IdentityProviderManagementException e) {
LOG.error("Exception while getting IdP by name", e);
}
doAuthentication(request, response, context, authenticatorConfig);
return;
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Already authenticated. Skipping the step");
}
// skip the step if this is a normal request
AuthenticatedIdPData authenticatedIdPData = authenticatedIdPs.get(idp);
populateStepConfigWithAuthenticationDetails(stepConfig, authenticatedIdPData, authenticatedStepIdps.get(idp));
context.getCurrentAuthenticatedIdPs().put(idp, authenticatedIdPData);
stepConfig.setCompleted(true);
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
return;
}
} else {
// Find if step contains only a single authenticator with a single
// IdP. If yes, don't send to the multi-option page. Call directly.
boolean sendToPage = false;
boolean isAuthFlowHandlerOrBasicAuthInMultiOptionStep = false;
AuthenticatorConfig authenticatorConfig = null;
// Are there multiple authenticators?
if (authConfigList.size() > 1) {
sendToPage = true;
// redirecting to the multi option page.
for (AuthenticatorConfig config : authConfigList) {
if ((config.getApplicationAuthenticator() instanceof AuthenticationFlowHandler) || (config.getApplicationAuthenticator() instanceof LocalApplicationAuthenticator && (BASIC_AUTH_MECHANISM).equalsIgnoreCase(config.getApplicationAuthenticator().getAuthMechanism()))) {
authenticatorConfig = config;
isAuthFlowHandlerOrBasicAuthInMultiOptionStep = true;
sendToPage = false;
break;
}
}
} else {
// Are there multiple IdPs in the single authenticator?
authenticatorConfig = authConfigList.get(0);
if (authenticatorConfig.getIdpNames().size() > 1) {
sendToPage = true;
}
}
if (!sendToPage) {
// call directly
if (!authenticatorConfig.getIdpNames().isEmpty()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Step contains only a single IdP. Going to call it directly");
}
// set the IdP to be called in the context
try {
context.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(authenticatorConfig.getIdpNames().get(0), context.getTenantDomain()));
} catch (IdentityProviderManagementException e) {
LOG.error("Exception while getting IdP by name", e);
}
}
doAuthentication(request, response, context, authenticatorConfig);
/* If an authentication flow handler is redirected with incomplete status,
it will redirect to multi option page, as multi-option is available */
if ((request.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS)) == AuthenticatorFlowStatus.INCOMPLETE && isAuthFlowHandlerOrBasicAuthInMultiOptionStep) {
sendToMultiOptionPage(stepConfig, request, context, response, authenticatorNames);
}
return;
} else {
// else send to the multi option page.
sendToMultiOptionPage(stepConfig, request, context, response, authenticatorNames);
return;
}
}
}
}
Aggregations