Search in sources :

Example 31 with AuthenticationStep

use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.

the class UIBasedConfigurationLoader method getSequence.

/**
 * Loads the sequence in the way previous loading mechanism used to work.
 * Please do not use this for any new development.
 *
 * @param serviceProvider
 * @param tenantDomain
 * @param authenticationSteps
 * @return
 * @throws FrameworkException
 */
public SequenceConfig getSequence(ServiceProvider serviceProvider, String tenantDomain, AuthenticationStep[] authenticationSteps) throws FrameworkException {
    if (serviceProvider == null) {
        throw new FrameworkException("ServiceProvider cannot be null");
    }
    SequenceConfig sequenceConfig = new SequenceConfig();
    sequenceConfig.setApplicationId(serviceProvider.getApplicationName());
    sequenceConfig.setApplicationConfig(new ApplicationConfig(serviceProvider));
    // setting request path authenticators
    loadRequestPathAuthenticators(sequenceConfig, serviceProvider);
    int stepOrder = 0;
    if (authenticationSteps == null) {
        return sequenceConfig;
    }
    // for each configured step
    for (AuthenticationStep authenticationStep : authenticationSteps) {
        try {
            stepOrder = authenticationStep.getStepOrder();
        } catch (NumberFormatException e) {
            stepOrder++;
        }
        // create a step configuration object
        StepConfig stepConfig = createStepConfigurationObject(stepOrder, authenticationStep);
        // loading Federated Authenticators
        loadFederatedAuthenticators(authenticationStep, stepConfig, tenantDomain);
        // loading local authenticators
        loadLocalAuthenticators(authenticationStep, stepConfig);
        sequenceConfig.getStepMap().put(stepOrder, stepConfig);
    }
    return sequenceConfig;
}
Also used : FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)

Example 32 with AuthenticationStep

use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.

the class ApplicationIdentityProviderMgtListener method updateApplicationWithMultiStepFederatedAuthenticator.

/**
 * Check whether the selected authenticator in multi step authentication,
 * is enabled in the updated identity provider.
 *
 * @param identityProvider
 * @param authSteps
 * @throws IdentityProviderManagementException
 */
private void updateApplicationWithMultiStepFederatedAuthenticator(IdentityProvider identityProvider, AuthenticationStep[] authSteps) throws IdentityProviderManagementException {
    FederatedAuthenticatorConfig[] idpFederatedConfig = identityProvider.getFederatedAuthenticatorConfigs();
    for (AuthenticationStep authStep : authSteps) {
        IdentityProvider[] federatedIdentityProviders = authStep.getFederatedIdentityProviders();
        for (IdentityProvider federatedIdp : federatedIdentityProviders) {
            if (StringUtils.equals(federatedIdp.getIdentityProviderName(), identityProvider.getIdentityProviderName())) {
                FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = federatedIdp.getFederatedAuthenticatorConfigs();
                String federatedConfigOption = federatedAuthenticatorConfigs[0].getName();
                for (FederatedAuthenticatorConfig config : idpFederatedConfig) {
                    if (StringUtils.equals(config.getName(), federatedConfigOption) && !config.isEnabled()) {
                        throw new IdentityProviderManagementException(config.getName() + " is referred by service providers.");
                    }
                }
            }
        }
    }
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 33 with AuthenticationStep

use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.

the class ApplicationIdentityProviderMgtListener method doPreUpdateIdP.

@Override
public boolean doPreUpdateIdP(String oldIdPName, IdentityProvider identityProvider, String tenantDomain) throws IdentityProviderManagementException {
    try {
        IdentityServiceProviderCache.getInstance().clear(tenantDomain);
        IdentityProviderManager identityProviderManager = IdentityProviderManager.getInstance();
        ConnectedAppsResult connectedApplications;
        String idpId = identityProviderManager.getIdPByName(oldIdPName, tenantDomain).getResourceId();
        if (identityProvider.getResourceId() == null && idpId != null) {
            identityProvider.setResourceId(idpId);
        }
        int offset = 0;
        do {
            connectedApplications = identityProviderManager.getConnectedApplications(idpId, null, offset, tenantDomain);
            List<ServiceProvider> serviceProvidersList = new ArrayList<>();
            for (String appResourceId : connectedApplications.getApps()) {
                ServiceProvider serviceProvider = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplicationByResourceId(appResourceId, tenantDomain);
                serviceProvidersList.add(serviceProvider);
            }
            for (ServiceProvider serviceProvider : serviceProvidersList) {
                LocalAndOutboundAuthenticationConfig localAndOutboundAuthConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
                AuthenticationStep[] authSteps = localAndOutboundAuthConfig.getAuthenticationSteps();
                OutboundProvisioningConfig outboundProvisioningConfig = serviceProvider.getOutboundProvisioningConfig();
                IdentityProvider[] provisioningIdps = outboundProvisioningConfig.getProvisioningIdentityProviders();
                // Check whether the identity provider is referred in a service provider
                validateIdpDisable(identityProvider, authSteps, provisioningIdps);
                // Validating Applications with Federated Authenticators configured.
                updateApplicationWithFederatedAuthenticators(identityProvider, tenantDomain, serviceProvider, localAndOutboundAuthConfig, authSteps);
                // Validating Applications with Outbound Provisioning Connectors configured.
                updateApplicationWithProvisioningConnectors(identityProvider, provisioningIdps);
                // Clear application caches if IDP name is updated.
                if (!StringUtils.equals(oldIdPName, identityProvider.getIdentityProviderName())) {
                    CacheBackedApplicationDAO.clearAllAppCache(serviceProvider, tenantDomain);
                }
            }
            offset = connectedApplications.getOffSet() + connectedApplications.getLimit();
        } while (connectedApplications.getTotalAppCount() > offset);
    } catch (IdentityApplicationManagementException e) {
        throw new IdentityProviderManagementException("Error when updating default authenticator of service providers", e);
    }
    return true;
}
Also used : ConnectedAppsResult(org.wso2.carbon.idp.mgt.model.ConnectedAppsResult) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) ArrayList(java.util.ArrayList) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) OutboundProvisioningConfig(org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) IdentityProviderManager(org.wso2.carbon.idp.mgt.IdentityProviderManager) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 34 with AuthenticationStep

use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.

the class ApplicationMgtAuditLogger method buildData.

private String buildData(ServiceProvider serviceProvider) {
    if (serviceProvider == null) {
        return StringUtils.EMPTY;
    }
    StringBuilder data = new StringBuilder();
    data.append("Name:").append(serviceProvider.getApplicationName()).append(", ");
    data.append("Description:").append(serviceProvider.getDescription()).append(", ");
    data.append("Resource ID:").append(serviceProvider.getApplicationResourceId()).append(", ");
    data.append("Access URL:").append(serviceProvider.getAccessUrl()).append(", ");
    data.append("Is Discoverable:").append(serviceProvider.isDiscoverable()).append(", ");
    data.append("Is SaaS:").append(serviceProvider.isSaasApp()).append(", ");
    if (serviceProvider.getInboundAuthenticationConfig() != null && ArrayUtils.isNotEmpty(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs())) {
        InboundAuthenticationRequestConfig[] requestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
        data.append("Inbound Authentication Configs:").append("[");
        for (InboundAuthenticationRequestConfig requestConfig : requestConfigs) {
            data.append("{");
            data.append("Auth Key:").append(requestConfig.getInboundAuthKey()).append(", ");
            data.append("Auth Type:").append(requestConfig.getInboundAuthType()).append(", ");
            data.append("Config Type:").append(requestConfig.getInboundConfigType()).append(", ");
            data.append("Inbound configuration:").append(requestConfig.getInboundConfiguration());
            Property[] properties = requestConfig.getProperties();
            if (ArrayUtils.isNotEmpty(properties)) {
                data.append("Properties:").append("[");
                String joiner = "";
                for (Property property : properties) {
                    data.append(joiner);
                    joiner = ", ";
                    data.append("{");
                    data.append(property.getName()).append(":");
                    data.append(property.getValue());
                    data.append("}");
                }
                data.append("]");
            }
            data.append("}");
        }
        data.append("]");
    }
    if (serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null) {
        data.append(", Local and Outbound Configuration:{");
        data.append("Auth Type:").append(serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType());
        AuthenticationStep[] authSteps = serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps();
        if (ArrayUtils.isNotEmpty(authSteps)) {
            data.append(", Authentication Steps:[");
            for (AuthenticationStep authStep : authSteps) {
                data.append("{");
                data.append("Step Order:").append(authStep.getStepOrder()).append(", ");
                LocalAuthenticatorConfig[] localConfigs = authStep.getLocalAuthenticatorConfigs();
                if (ArrayUtils.isNotEmpty(localConfigs)) {
                    data.append(", Local Authenticators:[");
                    String joiner = "";
                    for (LocalAuthenticatorConfig localConfig : localConfigs) {
                        data.append(joiner);
                        joiner = ", ";
                        data.append(localConfig.getName());
                    }
                    data.append("]");
                }
                IdentityProvider[] fedIDPs = authStep.getFederatedIdentityProviders();
                if (ArrayUtils.isNotEmpty(fedIDPs)) {
                    data.append("Federated Authenticators:[");
                    String joiner = "";
                    for (IdentityProvider provider : fedIDPs) {
                        data.append(joiner);
                        joiner = ", ";
                        data.append("{IDP:").append(provider.getIdentityProviderName()).append(",");
                        if (provider.getDefaultAuthenticatorConfig() != null) {
                            data.append("Authenticator:").append(provider.getDefaultAuthenticatorConfig().getName()).append("}");
                        }
                    }
                    data.append("]");
                }
                data.append("}");
            }
            data.append("]");
        }
        data.append("}");
    }
    if (serviceProvider.getClaimConfig() != null) {
        data.append(", Claim Configuration:{");
        ClaimConfig claimConfig = serviceProvider.getClaimConfig();
        data.append("User Claim URI:").append(claimConfig.getUserClaimURI()).append(", ");
        data.append("Role Claim URI:").append(claimConfig.getRoleClaimURI());
        ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
        if (ArrayUtils.isNotEmpty(claimMappings)) {
            data.append(", Claim Mappings: [");
            String joiner = "";
            for (ClaimMapping mapping : claimMappings) {
                data.append("{");
                data.append(joiner);
                joiner = ", ";
                if (mapping.getLocalClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
                    data.append("Local Claim:").append(mapping.getLocalClaim().getClaimUri());
                }
                if (mapping.getRemoteClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
                    data.append(", ").append("Remote Claim:").append(mapping.getRemoteClaim().getClaimUri());
                }
                data.append("}");
            }
            data.append("]");
        }
        data.append("}");
    }
    if (serviceProvider.getPermissionAndRoleConfig() != null) {
        RoleMapping[] roleMappings = serviceProvider.getPermissionAndRoleConfig().getRoleMappings();
        if (ArrayUtils.isNotEmpty(roleMappings)) {
            data.append(", Role Mappings:[");
            for (RoleMapping mapping : roleMappings) {
                data.append("{");
                if (mapping.getLocalRole() != null && StringUtils.isNotBlank(mapping.getLocalRole().getLocalRoleName())) {
                    data.append("Local Role:").append(mapping.getLocalRole().getLocalRoleName());
                }
                if (StringUtils.isNotBlank(mapping.getRemoteRole())) {
                    data.append(", Remote Role:").append(mapping.getRemoteRole());
                }
                data.append("}");
            }
            data.append("]");
        }
    }
    if (serviceProvider.getInboundProvisioningConfig() != null) {
        data.append(", Inbound Provisioning Configuration:{");
        data.append("Provisioning Userstore:").append(serviceProvider.getInboundProvisioningConfig().getProvisioningUserStore()).append(", ");
        data.append("Is Dumb Mode:").append(serviceProvider.getInboundProvisioningConfig().isDumbMode());
        data.append("}");
    }
    if (serviceProvider.getOutboundProvisioningConfig() != null) {
        data.append(", Outbound Provisioning Configuration:{");
        String[] provisionRoles = serviceProvider.getOutboundProvisioningConfig().getProvisionByRoleList();
        if (ArrayUtils.isNotEmpty(provisionRoles)) {
            data.append("Provisioning Roles:[");
            String joiner = "";
            for (String role : provisionRoles) {
                data.append(joiner);
                joiner = ", ";
                data.append(role);
            }
            data.append("]");
        }
        IdentityProvider[] provisionIdPs = serviceProvider.getOutboundProvisioningConfig().getProvisioningIdentityProviders();
        if (ArrayUtils.isNotEmpty(provisionIdPs)) {
            data.append("Provisioning IDPs:[");
            String joiner = "";
            for (IdentityProvider provider : provisionIdPs) {
                data.append(joiner);
                joiner = ", ";
                data.append(provider.getIdentityProviderName());
            }
            data.append("]");
        }
        data.append("}");
    }
    if (ArrayUtils.isNotEmpty(serviceProvider.getSpProperties())) {
        data.append(", Service Provider Properties:[");
        ServiceProviderProperty[] spProperties = serviceProvider.getSpProperties();
        String joiner = "";
        for (ServiceProviderProperty spProperty : spProperties) {
            data.append(joiner);
            joiner = ", ";
            data.append("{").append(spProperty.getName()).append(":").append(spProperty.getValue()).append("}");
        }
        data.append("]");
    }
    return data.toString();
}
Also used : LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty) Property(org.wso2.carbon.identity.application.common.model.Property) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)

Example 35 with AuthenticationStep

use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project product-is by wso2.

the class SAMLFederationDynamicQueryParametersTestCase method testCreateServiceProviderWithSAMLConfigsAndSAMLFedIdp.

@Test(groups = "wso2.is", description = "Test Service Provider creation with SAML Federated IDP Authentication", dependsOnMethods = { "testIdpWithDynamicQueryParams" })
public void testCreateServiceProviderWithSAMLConfigsAndSAMLFedIdp() throws Exception {
    ServiceProvider serviceProvider = new ServiceProvider();
    serviceProvider.setApplicationName(SERVICE_PROVIDER);
    appMgtclient.createApplication(serviceProvider);
    serviceProvider = appMgtclient.getApplication(SERVICE_PROVIDER);
    Assert.assertNotNull(serviceProvider, "Service Provider creation has failed.");
    // Set SAML Inbound for the service provider.
    ssoConfigServiceClient.addServiceProvider(createSsoServiceProviderDTOForTravelocityApp());
    InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
    InboundAuthenticationRequestConfig requestConfig = new InboundAuthenticationRequestConfig();
    requestConfig.setInboundAuthKey(INBOUND_AUTH_KEY);
    requestConfig.setInboundAuthType(INBOUND_AUTH_TYPE);
    org.wso2.carbon.identity.application.common.model.xsd.Property attributeConsumerServiceIndexProp = new org.wso2.carbon.identity.application.common.model.xsd.Property();
    attributeConsumerServiceIndexProp.setName("attrConsumServiceIndex");
    attributeConsumerServiceIndexProp.setValue("1239245949");
    requestConfig.setProperties(new org.wso2.carbon.identity.application.common.model.xsd.Property[] { attributeConsumerServiceIndexProp });
    inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(new InboundAuthenticationRequestConfig[] { requestConfig });
    serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    // Add SAML IDP as authentication step.
    AuthenticationStep authStep = new AuthenticationStep();
    org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider idP = new org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider();
    idP.setIdentityProviderName(IDENTITY_PROVIDER_NAME);
    org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig saml2SSOAuthnConfig = new org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig();
    saml2SSOAuthnConfig.setName("SAMLSSOAuthenticator");
    saml2SSOAuthnConfig.setDisplayName("samlsso");
    idP.setFederatedAuthenticatorConfigs(new org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig[] { saml2SSOAuthnConfig });
    authStep.setFederatedIdentityProviders(new org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider[] { idP });
    serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps(new AuthenticationStep[] { authStep });
    serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationType(FEDERATED_AUTHENTICATION_TYPE);
    appMgtclient.updateApplicationData(serviceProvider);
    serviceProvider = appMgtclient.getApplication(SERVICE_PROVIDER);
    Assert.assertNotNull(serviceProvider);
    Assert.assertNotNull(serviceProvider.getInboundAuthenticationConfig());
    InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
    Assert.assertNotNull(inboundAuthenticationRequestConfigs);
    boolean inboundAuthUpdateSuccess = false;
    for (InboundAuthenticationRequestConfig config : inboundAuthenticationRequestConfigs) {
        if (INBOUND_AUTH_KEY.equals(config.getInboundAuthKey()) && INBOUND_AUTH_TYPE.equals(config.getInboundAuthType())) {
            inboundAuthUpdateSuccess = true;
            break;
        }
    }
    Assert.assertTrue(inboundAuthUpdateSuccess, "Failed to update service provider with SAML inbound configs.");
    Assert.assertNotNull(serviceProvider.getLocalAndOutBoundAuthenticationConfig());
    Assert.assertEquals(serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType(), FEDERATED_AUTHENTICATION_TYPE);
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider) ServiceProvider(org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider) Property(org.wso2.carbon.identity.application.common.model.idp.xsd.Property) Test(org.testng.annotations.Test)

Aggregations

AuthenticationStep (org.wso2.carbon.identity.application.common.model.AuthenticationStep)16 AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)15 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)13 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)9 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)8 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig)8 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)8 ArrayList (java.util.ArrayList)7 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig)7 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig)7 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig)6 IdentityProvider (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider)6 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)6 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)5 Test (org.testng.annotations.Test)4 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)4 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)4 AuthenticationScriptConfig (org.wso2.carbon.identity.application.common.model.script.AuthenticationScriptConfig)3 IOException (java.io.IOException)2 PreparedStatement (java.sql.PreparedStatement)2