use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method getSequence.
/**
* Loads the sequence in the way previous loading mechanism used to work.
* Please do not use this for any new development.
*
* @param serviceProvider
* @param tenantDomain
* @param authenticationSteps
* @return
* @throws FrameworkException
*/
public SequenceConfig getSequence(ServiceProvider serviceProvider, String tenantDomain, AuthenticationStep[] authenticationSteps) throws FrameworkException {
if (serviceProvider == null) {
throw new FrameworkException("ServiceProvider cannot be null");
}
SequenceConfig sequenceConfig = new SequenceConfig();
sequenceConfig.setApplicationId(serviceProvider.getApplicationName());
sequenceConfig.setApplicationConfig(new ApplicationConfig(serviceProvider));
// setting request path authenticators
loadRequestPathAuthenticators(sequenceConfig, serviceProvider);
int stepOrder = 0;
if (authenticationSteps == null) {
return sequenceConfig;
}
// for each configured step
for (AuthenticationStep authenticationStep : authenticationSteps) {
try {
stepOrder = authenticationStep.getStepOrder();
} catch (NumberFormatException e) {
stepOrder++;
}
// create a step configuration object
StepConfig stepConfig = createStepConfigurationObject(stepOrder, authenticationStep);
// loading Federated Authenticators
loadFederatedAuthenticators(authenticationStep, stepConfig, tenantDomain);
// loading local authenticators
loadLocalAuthenticators(authenticationStep, stepConfig);
sequenceConfig.getStepMap().put(stepOrder, stepConfig);
}
return sequenceConfig;
}
use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.
the class ApplicationIdentityProviderMgtListener method updateApplicationWithMultiStepFederatedAuthenticator.
/**
* Check whether the selected authenticator in multi step authentication,
* is enabled in the updated identity provider.
*
* @param identityProvider
* @param authSteps
* @throws IdentityProviderManagementException
*/
private void updateApplicationWithMultiStepFederatedAuthenticator(IdentityProvider identityProvider, AuthenticationStep[] authSteps) throws IdentityProviderManagementException {
FederatedAuthenticatorConfig[] idpFederatedConfig = identityProvider.getFederatedAuthenticatorConfigs();
for (AuthenticationStep authStep : authSteps) {
IdentityProvider[] federatedIdentityProviders = authStep.getFederatedIdentityProviders();
for (IdentityProvider federatedIdp : federatedIdentityProviders) {
if (StringUtils.equals(federatedIdp.getIdentityProviderName(), identityProvider.getIdentityProviderName())) {
FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = federatedIdp.getFederatedAuthenticatorConfigs();
String federatedConfigOption = federatedAuthenticatorConfigs[0].getName();
for (FederatedAuthenticatorConfig config : idpFederatedConfig) {
if (StringUtils.equals(config.getName(), federatedConfigOption) && !config.isEnabled()) {
throw new IdentityProviderManagementException(config.getName() + " is referred by service providers.");
}
}
}
}
}
}
use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.
the class ApplicationIdentityProviderMgtListener method doPreUpdateIdP.
@Override
public boolean doPreUpdateIdP(String oldIdPName, IdentityProvider identityProvider, String tenantDomain) throws IdentityProviderManagementException {
try {
IdentityServiceProviderCache.getInstance().clear(tenantDomain);
IdentityProviderManager identityProviderManager = IdentityProviderManager.getInstance();
ConnectedAppsResult connectedApplications;
String idpId = identityProviderManager.getIdPByName(oldIdPName, tenantDomain).getResourceId();
if (identityProvider.getResourceId() == null && idpId != null) {
identityProvider.setResourceId(idpId);
}
int offset = 0;
do {
connectedApplications = identityProviderManager.getConnectedApplications(idpId, null, offset, tenantDomain);
List<ServiceProvider> serviceProvidersList = new ArrayList<>();
for (String appResourceId : connectedApplications.getApps()) {
ServiceProvider serviceProvider = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplicationByResourceId(appResourceId, tenantDomain);
serviceProvidersList.add(serviceProvider);
}
for (ServiceProvider serviceProvider : serviceProvidersList) {
LocalAndOutboundAuthenticationConfig localAndOutboundAuthConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
AuthenticationStep[] authSteps = localAndOutboundAuthConfig.getAuthenticationSteps();
OutboundProvisioningConfig outboundProvisioningConfig = serviceProvider.getOutboundProvisioningConfig();
IdentityProvider[] provisioningIdps = outboundProvisioningConfig.getProvisioningIdentityProviders();
// Check whether the identity provider is referred in a service provider
validateIdpDisable(identityProvider, authSteps, provisioningIdps);
// Validating Applications with Federated Authenticators configured.
updateApplicationWithFederatedAuthenticators(identityProvider, tenantDomain, serviceProvider, localAndOutboundAuthConfig, authSteps);
// Validating Applications with Outbound Provisioning Connectors configured.
updateApplicationWithProvisioningConnectors(identityProvider, provisioningIdps);
// Clear application caches if IDP name is updated.
if (!StringUtils.equals(oldIdPName, identityProvider.getIdentityProviderName())) {
CacheBackedApplicationDAO.clearAllAppCache(serviceProvider, tenantDomain);
}
}
offset = connectedApplications.getOffSet() + connectedApplications.getLimit();
} while (connectedApplications.getTotalAppCount() > offset);
} catch (IdentityApplicationManagementException e) {
throw new IdentityProviderManagementException("Error when updating default authenticator of service providers", e);
}
return true;
}
use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project carbon-identity-framework by wso2.
the class ApplicationMgtAuditLogger method buildData.
private String buildData(ServiceProvider serviceProvider) {
if (serviceProvider == null) {
return StringUtils.EMPTY;
}
StringBuilder data = new StringBuilder();
data.append("Name:").append(serviceProvider.getApplicationName()).append(", ");
data.append("Description:").append(serviceProvider.getDescription()).append(", ");
data.append("Resource ID:").append(serviceProvider.getApplicationResourceId()).append(", ");
data.append("Access URL:").append(serviceProvider.getAccessUrl()).append(", ");
data.append("Is Discoverable:").append(serviceProvider.isDiscoverable()).append(", ");
data.append("Is SaaS:").append(serviceProvider.isSaasApp()).append(", ");
if (serviceProvider.getInboundAuthenticationConfig() != null && ArrayUtils.isNotEmpty(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs())) {
InboundAuthenticationRequestConfig[] requestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
data.append("Inbound Authentication Configs:").append("[");
for (InboundAuthenticationRequestConfig requestConfig : requestConfigs) {
data.append("{");
data.append("Auth Key:").append(requestConfig.getInboundAuthKey()).append(", ");
data.append("Auth Type:").append(requestConfig.getInboundAuthType()).append(", ");
data.append("Config Type:").append(requestConfig.getInboundConfigType()).append(", ");
data.append("Inbound configuration:").append(requestConfig.getInboundConfiguration());
Property[] properties = requestConfig.getProperties();
if (ArrayUtils.isNotEmpty(properties)) {
data.append("Properties:").append("[");
String joiner = "";
for (Property property : properties) {
data.append(joiner);
joiner = ", ";
data.append("{");
data.append(property.getName()).append(":");
data.append(property.getValue());
data.append("}");
}
data.append("]");
}
data.append("}");
}
data.append("]");
}
if (serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null) {
data.append(", Local and Outbound Configuration:{");
data.append("Auth Type:").append(serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType());
AuthenticationStep[] authSteps = serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps();
if (ArrayUtils.isNotEmpty(authSteps)) {
data.append(", Authentication Steps:[");
for (AuthenticationStep authStep : authSteps) {
data.append("{");
data.append("Step Order:").append(authStep.getStepOrder()).append(", ");
LocalAuthenticatorConfig[] localConfigs = authStep.getLocalAuthenticatorConfigs();
if (ArrayUtils.isNotEmpty(localConfigs)) {
data.append(", Local Authenticators:[");
String joiner = "";
for (LocalAuthenticatorConfig localConfig : localConfigs) {
data.append(joiner);
joiner = ", ";
data.append(localConfig.getName());
}
data.append("]");
}
IdentityProvider[] fedIDPs = authStep.getFederatedIdentityProviders();
if (ArrayUtils.isNotEmpty(fedIDPs)) {
data.append("Federated Authenticators:[");
String joiner = "";
for (IdentityProvider provider : fedIDPs) {
data.append(joiner);
joiner = ", ";
data.append("{IDP:").append(provider.getIdentityProviderName()).append(",");
if (provider.getDefaultAuthenticatorConfig() != null) {
data.append("Authenticator:").append(provider.getDefaultAuthenticatorConfig().getName()).append("}");
}
}
data.append("]");
}
data.append("}");
}
data.append("]");
}
data.append("}");
}
if (serviceProvider.getClaimConfig() != null) {
data.append(", Claim Configuration:{");
ClaimConfig claimConfig = serviceProvider.getClaimConfig();
data.append("User Claim URI:").append(claimConfig.getUserClaimURI()).append(", ");
data.append("Role Claim URI:").append(claimConfig.getRoleClaimURI());
ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
if (ArrayUtils.isNotEmpty(claimMappings)) {
data.append(", Claim Mappings: [");
String joiner = "";
for (ClaimMapping mapping : claimMappings) {
data.append("{");
data.append(joiner);
joiner = ", ";
if (mapping.getLocalClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
data.append("Local Claim:").append(mapping.getLocalClaim().getClaimUri());
}
if (mapping.getRemoteClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
data.append(", ").append("Remote Claim:").append(mapping.getRemoteClaim().getClaimUri());
}
data.append("}");
}
data.append("]");
}
data.append("}");
}
if (serviceProvider.getPermissionAndRoleConfig() != null) {
RoleMapping[] roleMappings = serviceProvider.getPermissionAndRoleConfig().getRoleMappings();
if (ArrayUtils.isNotEmpty(roleMappings)) {
data.append(", Role Mappings:[");
for (RoleMapping mapping : roleMappings) {
data.append("{");
if (mapping.getLocalRole() != null && StringUtils.isNotBlank(mapping.getLocalRole().getLocalRoleName())) {
data.append("Local Role:").append(mapping.getLocalRole().getLocalRoleName());
}
if (StringUtils.isNotBlank(mapping.getRemoteRole())) {
data.append(", Remote Role:").append(mapping.getRemoteRole());
}
data.append("}");
}
data.append("]");
}
}
if (serviceProvider.getInboundProvisioningConfig() != null) {
data.append(", Inbound Provisioning Configuration:{");
data.append("Provisioning Userstore:").append(serviceProvider.getInboundProvisioningConfig().getProvisioningUserStore()).append(", ");
data.append("Is Dumb Mode:").append(serviceProvider.getInboundProvisioningConfig().isDumbMode());
data.append("}");
}
if (serviceProvider.getOutboundProvisioningConfig() != null) {
data.append(", Outbound Provisioning Configuration:{");
String[] provisionRoles = serviceProvider.getOutboundProvisioningConfig().getProvisionByRoleList();
if (ArrayUtils.isNotEmpty(provisionRoles)) {
data.append("Provisioning Roles:[");
String joiner = "";
for (String role : provisionRoles) {
data.append(joiner);
joiner = ", ";
data.append(role);
}
data.append("]");
}
IdentityProvider[] provisionIdPs = serviceProvider.getOutboundProvisioningConfig().getProvisioningIdentityProviders();
if (ArrayUtils.isNotEmpty(provisionIdPs)) {
data.append("Provisioning IDPs:[");
String joiner = "";
for (IdentityProvider provider : provisionIdPs) {
data.append(joiner);
joiner = ", ";
data.append(provider.getIdentityProviderName());
}
data.append("]");
}
data.append("}");
}
if (ArrayUtils.isNotEmpty(serviceProvider.getSpProperties())) {
data.append(", Service Provider Properties:[");
ServiceProviderProperty[] spProperties = serviceProvider.getSpProperties();
String joiner = "";
for (ServiceProviderProperty spProperty : spProperties) {
data.append(joiner);
joiner = ", ";
data.append("{").append(spProperty.getName()).append(":").append(spProperty.getValue()).append("}");
}
data.append("]");
}
return data.toString();
}
use of org.wso2.carbon.identity.application.common.model.AuthenticationStep in project product-is by wso2.
the class SAMLFederationDynamicQueryParametersTestCase method testCreateServiceProviderWithSAMLConfigsAndSAMLFedIdp.
@Test(groups = "wso2.is", description = "Test Service Provider creation with SAML Federated IDP Authentication", dependsOnMethods = { "testIdpWithDynamicQueryParams" })
public void testCreateServiceProviderWithSAMLConfigsAndSAMLFedIdp() throws Exception {
ServiceProvider serviceProvider = new ServiceProvider();
serviceProvider.setApplicationName(SERVICE_PROVIDER);
appMgtclient.createApplication(serviceProvider);
serviceProvider = appMgtclient.getApplication(SERVICE_PROVIDER);
Assert.assertNotNull(serviceProvider, "Service Provider creation has failed.");
// Set SAML Inbound for the service provider.
ssoConfigServiceClient.addServiceProvider(createSsoServiceProviderDTOForTravelocityApp());
InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
InboundAuthenticationRequestConfig requestConfig = new InboundAuthenticationRequestConfig();
requestConfig.setInboundAuthKey(INBOUND_AUTH_KEY);
requestConfig.setInboundAuthType(INBOUND_AUTH_TYPE);
org.wso2.carbon.identity.application.common.model.xsd.Property attributeConsumerServiceIndexProp = new org.wso2.carbon.identity.application.common.model.xsd.Property();
attributeConsumerServiceIndexProp.setName("attrConsumServiceIndex");
attributeConsumerServiceIndexProp.setValue("1239245949");
requestConfig.setProperties(new org.wso2.carbon.identity.application.common.model.xsd.Property[] { attributeConsumerServiceIndexProp });
inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(new InboundAuthenticationRequestConfig[] { requestConfig });
serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
// Add SAML IDP as authentication step.
AuthenticationStep authStep = new AuthenticationStep();
org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider idP = new org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider();
idP.setIdentityProviderName(IDENTITY_PROVIDER_NAME);
org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig saml2SSOAuthnConfig = new org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig();
saml2SSOAuthnConfig.setName("SAMLSSOAuthenticator");
saml2SSOAuthnConfig.setDisplayName("samlsso");
idP.setFederatedAuthenticatorConfigs(new org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig[] { saml2SSOAuthnConfig });
authStep.setFederatedIdentityProviders(new org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider[] { idP });
serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps(new AuthenticationStep[] { authStep });
serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationType(FEDERATED_AUTHENTICATION_TYPE);
appMgtclient.updateApplicationData(serviceProvider);
serviceProvider = appMgtclient.getApplication(SERVICE_PROVIDER);
Assert.assertNotNull(serviceProvider);
Assert.assertNotNull(serviceProvider.getInboundAuthenticationConfig());
InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
Assert.assertNotNull(inboundAuthenticationRequestConfigs);
boolean inboundAuthUpdateSuccess = false;
for (InboundAuthenticationRequestConfig config : inboundAuthenticationRequestConfigs) {
if (INBOUND_AUTH_KEY.equals(config.getInboundAuthKey()) && INBOUND_AUTH_TYPE.equals(config.getInboundAuthType())) {
inboundAuthUpdateSuccess = true;
break;
}
}
Assert.assertTrue(inboundAuthUpdateSuccess, "Failed to update service provider with SAML inbound configs.");
Assert.assertNotNull(serviceProvider.getLocalAndOutBoundAuthenticationConfig());
Assert.assertEquals(serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType(), FEDERATED_AUTHENTICATION_TYPE);
}
Aggregations