use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class IdentityProviderManager method buildSAMLProperties.
private FederatedAuthenticatorConfig buildSAMLProperties(IdentityProvider identityProvider, String tenantDomain) throws IdentityProviderManagementException {
String samlSSOUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SSO_IDP_URL), tenantDomain, IdPManagementConstants.SAMLSSO, true);
String samlLogoutUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SSO_IDP_URL), tenantDomain, IdPManagementConstants.SAMLSSO, true);
String samlECPUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SAML_ECP_URL), tenantDomain, IdPManagementConstants.SAML_ECP_URL, true);
String samlArtifactUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SSO_ARTIFACT_URL), tenantDomain, IdPManagementConstants.SSO_ARTIFACT_URL, false);
FederatedAuthenticatorConfig samlFederatedAuthConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.SAML2SSO.NAME);
if (samlFederatedAuthConfig == null) {
samlFederatedAuthConfig = new FederatedAuthenticatorConfig();
samlFederatedAuthConfig.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.NAME);
}
List<Property> propertiesList = new ArrayList<>();
Property samlSSOUrlProperty = resolveFedAuthnProperty(samlSSOUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL);
propertiesList.add(samlSSOUrlProperty);
Property samlLogoutUrlProperty = resolveFedAuthnProperty(samlLogoutUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL);
propertiesList.add(samlLogoutUrlProperty);
Property samlECPUrlProperty = resolveFedAuthnProperty(samlECPUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.ECP_URL);
propertiesList.add(samlECPUrlProperty);
Property samlArtifactUrlProperty = resolveFedAuthnProperty(samlArtifactUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.ARTIFACT_RESOLVE_URL);
propertiesList.add(samlArtifactUrlProperty);
Property idPEntityIdProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID);
if (idPEntityIdProperty == null) {
idPEntityIdProperty = new Property();
idPEntityIdProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID);
idPEntityIdProperty.setValue(IdPManagementUtil.getResidentIdPEntityId());
}
propertiesList.add(idPEntityIdProperty);
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
// Add SSO URL as a destination URL if not already available.
addSSOUrlAsDestinationUrl(samlFederatedAuthConfig, samlSSOUrl, propertiesList);
}
for (Property property : samlFederatedAuthConfig.getProperties()) {
if (property != null && !IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.SAML2SSO.ECP_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID.equals(property.getName())) {
propertiesList.add(property);
}
}
Property samlMetadataValidityPeriodProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_VALIDITY_PERIOD);
if (samlMetadataValidityPeriodProperty == null) {
samlMetadataValidityPeriodProperty = new Property();
samlMetadataValidityPeriodProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_VALIDITY_PERIOD);
samlMetadataValidityPeriodProperty.setValue(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_VALIDITY_PERIOD_DEFAULT);
}
propertiesList.add(samlMetadataValidityPeriodProperty);
Property samlMetadataSigningEnabledProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_SIGNING_ENABLED);
if (samlMetadataSigningEnabledProperty == null) {
samlMetadataSigningEnabledProperty = new Property();
samlMetadataSigningEnabledProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_SIGNING_ENABLED);
samlMetadataSigningEnabledProperty.setValue(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_SIGNING_ENABLED_DEFAULT);
}
propertiesList.add(samlMetadataSigningEnabledProperty);
Property samlAuthnRequestSigningProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_AUTHN_REQUESTS_SIGNING_ENABLED);
if (samlAuthnRequestSigningProperty == null) {
samlAuthnRequestSigningProperty = new Property();
samlAuthnRequestSigningProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_AUTHN_REQUESTS_SIGNING_ENABLED);
samlAuthnRequestSigningProperty.setValue(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_AUTHN_REQUESTS_SIGNING_DEFAULT);
}
propertiesList.add(samlAuthnRequestSigningProperty);
samlFederatedAuthConfig.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
return samlFederatedAuthConfig;
}
use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class IdentityProviderManager method handleMetadata.
/**
* If metadata file is available, creates a new FederatedAuthenticatorConfig from that
*
* @param identityProvider
* @throws IdentityProviderManagementException
*/
private void handleMetadata(int tenantId, IdentityProvider identityProvider) throws IdentityProviderManagementException {
if (IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().isEmpty()) {
throw new IdentityProviderManagementException("Metadata Converter is not set");
}
FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = identityProvider.getFederatedAuthenticatorConfigs();
for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : federatedAuthenticatorConfigs) {
Property[] properties = federatedAuthenticatorConfig.getProperties();
if (ArrayUtils.isNotEmpty(properties)) {
for (Property property : properties) {
if (property != null) {
if (StringUtils.isNotBlank(property.getName()) && property.getName().contains(IdPManagementConstants.META_DATA)) {
for (MetadataConverter metadataConverter : IdpMgtServiceComponentHolder.getInstance().getMetadataConverters()) {
if (metadataConverter.canHandle(property)) {
try {
if (isMetadataFileExist(identityProvider.getIdentityProviderName(), property.getValue())) {
try {
metadataConverter.saveMetadataString(tenantId, identityProvider.getIdentityProviderName(), federatedAuthenticatorConfig.getName(), property.getValue());
} catch (IdentityProviderManagementException e) {
String data = "Couldn't save metadata in registry.SAML2SSOMetadataConverter" + " is not set. ";
throw IdPManagementUtil.handleServerException(IdPManagementConstants.ErrorMessage.ERROR_CODE_ADD_IDP, data);
}
}
StringBuilder certificate = new StringBuilder();
try {
FederatedAuthenticatorConfig metaFederated = metadataConverter.getFederatedAuthenticatorConfig(properties, certificate);
String spName = "";
for (Property value : properties) {
if (value != null && IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID.equals(value.getName())) {
spName = value.getValue();
}
}
if (spName.equals("")) {
throw new IdentityProviderManagementException("SP name can't be empty");
}
if (metaFederated != null && ArrayUtils.isNotEmpty(metaFederated.getProperties())) {
for (int y = 0; y < metaFederated.getProperties().length; y++) {
if (metaFederated.getProperties()[y] != null && IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID.equals(metaFederated.getProperties()[y].getName())) {
metaFederated.getProperties()[y].setValue(spName);
break;
}
}
}
if (metaFederated != null && ArrayUtils.isNotEmpty(metaFederated.getProperties())) {
federatedAuthenticatorConfig.setProperties(metaFederated.getProperties());
} else {
throw new IdentityProviderManagementException("Error setting metadata using file");
}
} catch (IdentityProviderManagementException ex) {
throw new IdentityProviderManagementException("Error converting metadata", ex);
}
if (certificate.toString().length() > 0) {
identityProvider.setCertificate(certificate.toString());
}
} catch (XMLStreamException e) {
throw new IdentityProviderManagementException("Error while configuring metadata", e);
}
break;
}
}
}
}
}
}
}
}
use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class FileBasedIdPMgtDAO method getIdPByAuthenticatorPropertyValue.
public IdentityProvider getIdPByAuthenticatorPropertyValue(String property, String value, String tenantDomain, String authenticatorName) {
Map<String, IdentityProvider> identityProviders = IdPManagementServiceComponent.getFileBasedIdPs();
for (Entry<String, IdentityProvider> entry : identityProviders.entrySet()) {
FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = entry.getValue().getFederatedAuthenticatorConfigs();
// Get SAML2 Web SSO authenticator
FederatedAuthenticatorConfig samlAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(federatedAuthenticatorConfigs, authenticatorName);
if (samlAuthenticatorConfig != null) {
Property samlProperty = IdentityApplicationManagementUtil.getProperty(samlAuthenticatorConfig.getProperties(), property);
if (samlProperty != null) {
if (value.equalsIgnoreCase(samlProperty.getValue())) {
return entry.getValue();
}
}
}
}
return null;
}
use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildOpenIDConnectAuthenticationConfiguration.
/**
* @param fedIdp
* @param paramMap
* @throws IdentityApplicationManagementException
*/
private static void buildOpenIDConnectAuthenticationConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap) throws IdentityApplicationManagementException {
FederatedAuthenticatorConfig oidcAuthnConfig = new FederatedAuthenticatorConfig();
oidcAuthnConfig.setName("OpenIDConnectAuthenticator");
oidcAuthnConfig.setDisplayName("openidconnect");
if ("on".equals(paramMap.get("oidcEnabled"))) {
oidcAuthnConfig.setEnabled(true);
}
if ("on".equals(paramMap.get("oidcDefault"))) {
fedIdp.setDefaultAuthenticatorConfig(oidcAuthnConfig);
}
Property[] properties = new Property[10];
Property property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.Facebook.CLIENT_ID);
property.setValue(paramMap.get("clientId"));
properties[0] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_AUTHZ_URL);
property.setValue(paramMap.get("authzUrl"));
properties[1] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL);
property.setValue(paramMap.get("tokenUrl"));
properties[2] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.CLIENT_SECRET);
property.setValue(paramMap.get("clientSecret"));
property.setConfidential(true);
properties[3] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.IS_USER_ID_IN_CLAIMS);
properties[4] = property;
if ("1".equals(paramMap.get("oidc_user_id_location"))) {
property.setValue("true");
;
} else {
property.setValue("false");
}
property = new Property();
property.setName("commonAuthQueryParams");
if (paramMap.get("oidcQueryParam") != null && paramMap.get("oidcQueryParam").trim().length() > 0) {
property.setValue(paramMap.get("oidcQueryParam"));
}
properties[5] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.CALLBACK_URL);
property.setValue(paramMap.get("callbackUrl"));
properties[6] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.USER_INFO_URL);
property.setValue(paramMap.get("userInfoEndpoint"));
properties[7] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.OIDC_LOGOUT_URL);
property.setValue(paramMap.get("logoutUrlOIDC"));
properties[8] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.OIDC.IS_BASIC_AUTH_ENABLED);
if (paramMap.get("oidcBasicAuthEnabled") != null && "on".equals(paramMap.get("oidcBasicAuthEnabled"))) {
property.setValue("true");
} else {
property.setValue("false");
}
properties[9] = property;
oidcAuthnConfig.setProperties(properties);
FederatedAuthenticatorConfig[] authenticators = fedIdp.getFederatedAuthenticatorConfigs();
if (paramMap.get("authzUrl") != null && !"".equals(paramMap.get("authzUrl")) && paramMap.get("tokenUrl") != null && !"".equals(paramMap.get("tokenUrl")) && paramMap.get("clientId") != null && !"".equals(paramMap.get("clientId")) && paramMap.get("clientSecret") != null && !"".equals(paramMap.get("clientSecret"))) {
if (authenticators == null || authenticators.length == 0) {
fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { oidcAuthnConfig });
} else {
fedIdp.setFederatedAuthenticatorConfigs(concatArrays(new FederatedAuthenticatorConfig[] { oidcAuthnConfig }, authenticators));
}
}
}
use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildPassiveSTSAuthenticationConfiguration.
/**
* @param fedIdp
* @param paramMap
* @throws IdentityApplicationManagementException
*/
private static void buildPassiveSTSAuthenticationConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap) throws IdentityApplicationManagementException {
FederatedAuthenticatorConfig passiveSTSAuthnConfig = new FederatedAuthenticatorConfig();
passiveSTSAuthnConfig.setName("PassiveSTSAuthenticator");
passiveSTSAuthnConfig.setDisplayName("passivests");
if ("on".equals(paramMap.get("passiveSTSEnabled"))) {
passiveSTSAuthnConfig.setEnabled(true);
}
if ("on".equals(paramMap.get("passiveSTSDefault"))) {
fedIdp.setDefaultAuthenticatorConfig(passiveSTSAuthnConfig);
}
Property[] properties = new Property[6];
Property property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.REALM_ID);
property.setValue(paramMap.get("passiveSTSRealm"));
properties[0] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL);
property.setValue(paramMap.get("passiveSTSUrl"));
properties[1] = property;
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IS_USER_ID_IN_CLAIMS);
properties[2] = property;
if ("1".equals(paramMap.get("passive_sts_user_id_location"))) {
property.setValue("true");
;
} else {
property.setValue("false");
}
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IS_ENABLE_ASSERTION_SIGNATURE_VALIDATION);
properties[3] = property;
if ("on".equals(paramMap.get("isEnablePassiveSTSAssertionSignatureValidation"))) {
property.setValue("true");
} else {
property.setValue("false");
}
property = new Property();
property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IS_ENABLE_ASSERTION_AUDIENCE_VALIDATION);
properties[4] = property;
if ("on".equals(paramMap.get("isEnablePassiveSTSAssertionAudienceValidation"))) {
property.setValue("true");
} else {
property.setValue("false");
}
property = new Property();
property.setName("commonAuthQueryParams");
if (paramMap.get("passiveSTSQueryParam") != null && paramMap.get("passiveSTSQueryParam").trim().length() > 0) {
property.setValue(paramMap.get("passiveSTSQueryParam"));
}
properties[5] = property;
passiveSTSAuthnConfig.setProperties(properties);
FederatedAuthenticatorConfig[] authenticators = fedIdp.getFederatedAuthenticatorConfigs();
if (paramMap.get("passiveSTSUrl") != null && !"".equals(paramMap.get("passiveSTSUrl"))) {
if (authenticators == null || authenticators.length == 0) {
fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { passiveSTSAuthnConfig });
} else {
fedIdp.setFederatedAuthenticatorConfigs(concatArrays(new FederatedAuthenticatorConfig[] { passiveSTSAuthnConfig }, authenticators));
}
}
}
Aggregations