Search in sources :

Example 6 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class IdentityProviderManager method buildSAMLProperties.

private FederatedAuthenticatorConfig buildSAMLProperties(IdentityProvider identityProvider, String tenantDomain) throws IdentityProviderManagementException {
    String samlSSOUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SSO_IDP_URL), tenantDomain, IdPManagementConstants.SAMLSSO, true);
    String samlLogoutUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SSO_IDP_URL), tenantDomain, IdPManagementConstants.SAMLSSO, true);
    String samlECPUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SAML_ECP_URL), tenantDomain, IdPManagementConstants.SAML_ECP_URL, true);
    String samlArtifactUrl = buildSAMLUrl(IdentityUtil.getProperty(IdentityConstants.ServerConfig.SSO_ARTIFACT_URL), tenantDomain, IdPManagementConstants.SSO_ARTIFACT_URL, false);
    FederatedAuthenticatorConfig samlFederatedAuthConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.SAML2SSO.NAME);
    if (samlFederatedAuthConfig == null) {
        samlFederatedAuthConfig = new FederatedAuthenticatorConfig();
        samlFederatedAuthConfig.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.NAME);
    }
    List<Property> propertiesList = new ArrayList<>();
    Property samlSSOUrlProperty = resolveFedAuthnProperty(samlSSOUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL);
    propertiesList.add(samlSSOUrlProperty);
    Property samlLogoutUrlProperty = resolveFedAuthnProperty(samlLogoutUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL);
    propertiesList.add(samlLogoutUrlProperty);
    Property samlECPUrlProperty = resolveFedAuthnProperty(samlECPUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.ECP_URL);
    propertiesList.add(samlECPUrlProperty);
    Property samlArtifactUrlProperty = resolveFedAuthnProperty(samlArtifactUrl, samlFederatedAuthConfig, IdentityApplicationConstants.Authenticator.SAML2SSO.ARTIFACT_RESOLVE_URL);
    propertiesList.add(samlArtifactUrlProperty);
    Property idPEntityIdProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID);
    if (idPEntityIdProperty == null) {
        idPEntityIdProperty = new Property();
        idPEntityIdProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID);
        idPEntityIdProperty.setValue(IdPManagementUtil.getResidentIdPEntityId());
    }
    propertiesList.add(idPEntityIdProperty);
    if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
        // Add SSO URL as a destination URL if not already available.
        addSSOUrlAsDestinationUrl(samlFederatedAuthConfig, samlSSOUrl, propertiesList);
    }
    for (Property property : samlFederatedAuthConfig.getProperties()) {
        if (property != null && !IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.SAML2SSO.ECP_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID.equals(property.getName())) {
            propertiesList.add(property);
        }
    }
    Property samlMetadataValidityPeriodProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_VALIDITY_PERIOD);
    if (samlMetadataValidityPeriodProperty == null) {
        samlMetadataValidityPeriodProperty = new Property();
        samlMetadataValidityPeriodProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_VALIDITY_PERIOD);
        samlMetadataValidityPeriodProperty.setValue(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_VALIDITY_PERIOD_DEFAULT);
    }
    propertiesList.add(samlMetadataValidityPeriodProperty);
    Property samlMetadataSigningEnabledProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_SIGNING_ENABLED);
    if (samlMetadataSigningEnabledProperty == null) {
        samlMetadataSigningEnabledProperty = new Property();
        samlMetadataSigningEnabledProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_SIGNING_ENABLED);
        samlMetadataSigningEnabledProperty.setValue(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_SIGNING_ENABLED_DEFAULT);
    }
    propertiesList.add(samlMetadataSigningEnabledProperty);
    Property samlAuthnRequestSigningProperty = IdentityApplicationManagementUtil.getProperty(samlFederatedAuthConfig.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_AUTHN_REQUESTS_SIGNING_ENABLED);
    if (samlAuthnRequestSigningProperty == null) {
        samlAuthnRequestSigningProperty = new Property();
        samlAuthnRequestSigningProperty.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_AUTHN_REQUESTS_SIGNING_ENABLED);
        samlAuthnRequestSigningProperty.setValue(IdentityApplicationConstants.Authenticator.SAML2SSO.SAML_METADATA_AUTHN_REQUESTS_SIGNING_DEFAULT);
    }
    propertiesList.add(samlAuthnRequestSigningProperty);
    samlFederatedAuthConfig.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    return samlFederatedAuthConfig;
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) ArrayList(java.util.ArrayList) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 7 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class IdentityProviderManager method handleMetadata.

/**
 * If metadata file is available, creates a new FederatedAuthenticatorConfig from that
 *
 * @param identityProvider
 * @throws IdentityProviderManagementException
 */
private void handleMetadata(int tenantId, IdentityProvider identityProvider) throws IdentityProviderManagementException {
    if (IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().isEmpty()) {
        throw new IdentityProviderManagementException("Metadata Converter is not set");
    }
    FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = identityProvider.getFederatedAuthenticatorConfigs();
    for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : federatedAuthenticatorConfigs) {
        Property[] properties = federatedAuthenticatorConfig.getProperties();
        if (ArrayUtils.isNotEmpty(properties)) {
            for (Property property : properties) {
                if (property != null) {
                    if (StringUtils.isNotBlank(property.getName()) && property.getName().contains(IdPManagementConstants.META_DATA)) {
                        for (MetadataConverter metadataConverter : IdpMgtServiceComponentHolder.getInstance().getMetadataConverters()) {
                            if (metadataConverter.canHandle(property)) {
                                try {
                                    if (isMetadataFileExist(identityProvider.getIdentityProviderName(), property.getValue())) {
                                        try {
                                            metadataConverter.saveMetadataString(tenantId, identityProvider.getIdentityProviderName(), federatedAuthenticatorConfig.getName(), property.getValue());
                                        } catch (IdentityProviderManagementException e) {
                                            String data = "Couldn't save metadata in registry.SAML2SSOMetadataConverter" + " is not set. ";
                                            throw IdPManagementUtil.handleServerException(IdPManagementConstants.ErrorMessage.ERROR_CODE_ADD_IDP, data);
                                        }
                                    }
                                    StringBuilder certificate = new StringBuilder();
                                    try {
                                        FederatedAuthenticatorConfig metaFederated = metadataConverter.getFederatedAuthenticatorConfig(properties, certificate);
                                        String spName = "";
                                        for (Property value : properties) {
                                            if (value != null && IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID.equals(value.getName())) {
                                                spName = value.getValue();
                                            }
                                        }
                                        if (spName.equals("")) {
                                            throw new IdentityProviderManagementException("SP name can't be empty");
                                        }
                                        if (metaFederated != null && ArrayUtils.isNotEmpty(metaFederated.getProperties())) {
                                            for (int y = 0; y < metaFederated.getProperties().length; y++) {
                                                if (metaFederated.getProperties()[y] != null && IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID.equals(metaFederated.getProperties()[y].getName())) {
                                                    metaFederated.getProperties()[y].setValue(spName);
                                                    break;
                                                }
                                            }
                                        }
                                        if (metaFederated != null && ArrayUtils.isNotEmpty(metaFederated.getProperties())) {
                                            federatedAuthenticatorConfig.setProperties(metaFederated.getProperties());
                                        } else {
                                            throw new IdentityProviderManagementException("Error setting metadata using file");
                                        }
                                    } catch (IdentityProviderManagementException ex) {
                                        throw new IdentityProviderManagementException("Error converting metadata", ex);
                                    }
                                    if (certificate.toString().length() > 0) {
                                        identityProvider.setCertificate(certificate.toString());
                                    }
                                } catch (XMLStreamException e) {
                                    throw new IdentityProviderManagementException("Error while configuring metadata", e);
                                }
                                break;
                            }
                        }
                    }
                }
            }
        }
    }
}
Also used : XMLStreamException(javax.xml.stream.XMLStreamException) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) MetadataConverter(org.wso2.carbon.idp.mgt.util.MetadataConverter) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 8 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class FileBasedIdPMgtDAO method getIdPByAuthenticatorPropertyValue.

public IdentityProvider getIdPByAuthenticatorPropertyValue(String property, String value, String tenantDomain, String authenticatorName) {
    Map<String, IdentityProvider> identityProviders = IdPManagementServiceComponent.getFileBasedIdPs();
    for (Entry<String, IdentityProvider> entry : identityProviders.entrySet()) {
        FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = entry.getValue().getFederatedAuthenticatorConfigs();
        // Get SAML2 Web SSO authenticator
        FederatedAuthenticatorConfig samlAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(federatedAuthenticatorConfigs, authenticatorName);
        if (samlAuthenticatorConfig != null) {
            Property samlProperty = IdentityApplicationManagementUtil.getProperty(samlAuthenticatorConfig.getProperties(), property);
            if (samlProperty != null) {
                if (value.equalsIgnoreCase(samlProperty.getValue())) {
                    return entry.getValue();
                }
            }
        }
    }
    return null;
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) Property(org.wso2.carbon.identity.application.common.model.Property) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)

Example 9 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class IdPManagementUIUtil method buildOpenIDConnectAuthenticationConfiguration.

/**
 * @param fedIdp
 * @param paramMap
 * @throws IdentityApplicationManagementException
 */
private static void buildOpenIDConnectAuthenticationConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap) throws IdentityApplicationManagementException {
    FederatedAuthenticatorConfig oidcAuthnConfig = new FederatedAuthenticatorConfig();
    oidcAuthnConfig.setName("OpenIDConnectAuthenticator");
    oidcAuthnConfig.setDisplayName("openidconnect");
    if ("on".equals(paramMap.get("oidcEnabled"))) {
        oidcAuthnConfig.setEnabled(true);
    }
    if ("on".equals(paramMap.get("oidcDefault"))) {
        fedIdp.setDefaultAuthenticatorConfig(oidcAuthnConfig);
    }
    Property[] properties = new Property[10];
    Property property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.Facebook.CLIENT_ID);
    property.setValue(paramMap.get("clientId"));
    properties[0] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_AUTHZ_URL);
    property.setValue(paramMap.get("authzUrl"));
    properties[1] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL);
    property.setValue(paramMap.get("tokenUrl"));
    properties[2] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.CLIENT_SECRET);
    property.setValue(paramMap.get("clientSecret"));
    property.setConfidential(true);
    properties[3] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.IS_USER_ID_IN_CLAIMS);
    properties[4] = property;
    if ("1".equals(paramMap.get("oidc_user_id_location"))) {
        property.setValue("true");
        ;
    } else {
        property.setValue("false");
    }
    property = new Property();
    property.setName("commonAuthQueryParams");
    if (paramMap.get("oidcQueryParam") != null && paramMap.get("oidcQueryParam").trim().length() > 0) {
        property.setValue(paramMap.get("oidcQueryParam"));
    }
    properties[5] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.CALLBACK_URL);
    property.setValue(paramMap.get("callbackUrl"));
    properties[6] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.USER_INFO_URL);
    property.setValue(paramMap.get("userInfoEndpoint"));
    properties[7] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.OIDC_LOGOUT_URL);
    property.setValue(paramMap.get("logoutUrlOIDC"));
    properties[8] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.OIDC.IS_BASIC_AUTH_ENABLED);
    if (paramMap.get("oidcBasicAuthEnabled") != null && "on".equals(paramMap.get("oidcBasicAuthEnabled"))) {
        property.setValue("true");
    } else {
        property.setValue("false");
    }
    properties[9] = property;
    oidcAuthnConfig.setProperties(properties);
    FederatedAuthenticatorConfig[] authenticators = fedIdp.getFederatedAuthenticatorConfigs();
    if (paramMap.get("authzUrl") != null && !"".equals(paramMap.get("authzUrl")) && paramMap.get("tokenUrl") != null && !"".equals(paramMap.get("tokenUrl")) && paramMap.get("clientId") != null && !"".equals(paramMap.get("clientId")) && paramMap.get("clientSecret") != null && !"".equals(paramMap.get("clientSecret"))) {
        if (authenticators == null || authenticators.length == 0) {
            fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { oidcAuthnConfig });
        } else {
            fedIdp.setFederatedAuthenticatorConfigs(concatArrays(new FederatedAuthenticatorConfig[] { oidcAuthnConfig }, authenticators));
        }
    }
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig) Property(org.wso2.carbon.identity.application.common.model.idp.xsd.Property) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProviderProperty)

Example 10 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class IdPManagementUIUtil method buildPassiveSTSAuthenticationConfiguration.

/**
 * @param fedIdp
 * @param paramMap
 * @throws IdentityApplicationManagementException
 */
private static void buildPassiveSTSAuthenticationConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap) throws IdentityApplicationManagementException {
    FederatedAuthenticatorConfig passiveSTSAuthnConfig = new FederatedAuthenticatorConfig();
    passiveSTSAuthnConfig.setName("PassiveSTSAuthenticator");
    passiveSTSAuthnConfig.setDisplayName("passivests");
    if ("on".equals(paramMap.get("passiveSTSEnabled"))) {
        passiveSTSAuthnConfig.setEnabled(true);
    }
    if ("on".equals(paramMap.get("passiveSTSDefault"))) {
        fedIdp.setDefaultAuthenticatorConfig(passiveSTSAuthnConfig);
    }
    Property[] properties = new Property[6];
    Property property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.REALM_ID);
    property.setValue(paramMap.get("passiveSTSRealm"));
    properties[0] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL);
    property.setValue(paramMap.get("passiveSTSUrl"));
    properties[1] = property;
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IS_USER_ID_IN_CLAIMS);
    properties[2] = property;
    if ("1".equals(paramMap.get("passive_sts_user_id_location"))) {
        property.setValue("true");
        ;
    } else {
        property.setValue("false");
    }
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IS_ENABLE_ASSERTION_SIGNATURE_VALIDATION);
    properties[3] = property;
    if ("on".equals(paramMap.get("isEnablePassiveSTSAssertionSignatureValidation"))) {
        property.setValue("true");
    } else {
        property.setValue("false");
    }
    property = new Property();
    property.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IS_ENABLE_ASSERTION_AUDIENCE_VALIDATION);
    properties[4] = property;
    if ("on".equals(paramMap.get("isEnablePassiveSTSAssertionAudienceValidation"))) {
        property.setValue("true");
    } else {
        property.setValue("false");
    }
    property = new Property();
    property.setName("commonAuthQueryParams");
    if (paramMap.get("passiveSTSQueryParam") != null && paramMap.get("passiveSTSQueryParam").trim().length() > 0) {
        property.setValue(paramMap.get("passiveSTSQueryParam"));
    }
    properties[5] = property;
    passiveSTSAuthnConfig.setProperties(properties);
    FederatedAuthenticatorConfig[] authenticators = fedIdp.getFederatedAuthenticatorConfigs();
    if (paramMap.get("passiveSTSUrl") != null && !"".equals(paramMap.get("passiveSTSUrl"))) {
        if (authenticators == null || authenticators.length == 0) {
            fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { passiveSTSAuthnConfig });
        } else {
            fedIdp.setFederatedAuthenticatorConfigs(concatArrays(new FederatedAuthenticatorConfig[] { passiveSTSAuthnConfig }, authenticators));
        }
    }
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig) Property(org.wso2.carbon.identity.application.common.model.idp.xsd.Property) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProviderProperty)

Aggregations

FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)60 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)36 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig)29 Property (org.wso2.carbon.identity.application.common.model.Property)28 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)25 ArrayList (java.util.ArrayList)21 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)17 IdentityProvider (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider)16 Test (org.testng.annotations.Test)14 Property (org.wso2.carbon.identity.application.common.model.idp.xsd.Property)14 HashMap (java.util.HashMap)12 ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)11 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)10 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProviderProperty)10 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)9 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)8 LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)8 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)8 Map (java.util.Map)7 DataProvider (org.testng.annotations.DataProvider)7