use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class Utils method getClaimsFromUserStoreManager.
public static Map<String, String> getClaimsFromUserStoreManager(String userName, int tenantId, String[] claims) throws IdentityException {
Map<String, String> claimValues = new HashMap<>();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
RealmService realmService = IdentityMgtServiceComponent.getRealmService();
try {
if (realmService.getTenantUserRealm(tenantId) != null) {
userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) realmService.getTenantUserRealm(tenantId).getUserStoreManager();
}
} catch (UserStoreException e) {
throw IdentityException.error("Error retrieving the user store manager for tenant id : " + tenantId, e);
}
try {
if (userStoreManager != null) {
claimValues = userStoreManager.getUserClaimValues(userName, claims, UserCoreConstants.DEFAULT_PROFILE);
}
} catch (Exception e) {
throw IdentityException.error("Unable to retrieve the claim for user : " + userName, e);
}
return claimValues;
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdentityProviderManager method getMappedLocalClaims.
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique Name of the IdP to which the given IdP claim URIs need to be mapped
* @param tenantDomain The tenant domain of whose local claim URIs to be mapped
* @param idPClaimURIs IdP claim URIs which need to be mapped to tenant's local claim URIs
* @throws IdentityProviderManagementException Error when getting claim mappings
*/
@Override
public Set<ClaimMapping> getMappedLocalClaims(String idPName, String tenantDomain, List<String> idPClaimURIs) throws IdentityProviderManagementException {
int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
if (StringUtils.isEmpty(idPName)) {
String msg = "Invalid argument: Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);
if (identityProvider == null) {
identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
}
if (identityProvider == null) {
identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
}
ClaimConfig claimConfiguration = identityProvider.getClaimConfig();
if (claimConfiguration != null) {
ClaimMapping[] claimMappings = claimConfiguration.getClaimMappings();
if (claimMappings != null && claimMappings.length > 0 && idPClaimURIs != null) {
Set<ClaimMapping> returnSet = new HashSet<ClaimMapping>();
for (String idpClaim : idPClaimURIs) {
for (ClaimMapping claimMapping : claimMappings) {
if (claimMapping.getRemoteClaim().getClaimUri().equals(idpClaim)) {
returnSet.add(claimMapping);
break;
}
}
}
return returnSet;
}
}
return new HashSet<ClaimMapping>();
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementDAO method populateRequiredAttributesForIdentityProviderList.
/**
* @param resultSet ResultSet.
* @param dbConnection Database Connection.
* @param requiredAttributes Required attributes which needs to be return.
* @param tenantId Tenant Id of the identity provider.
* @param identityProvider Identity Provider Object.
* @throws SQLException
* @throws IdentityProviderManagementServerException
*/
private void populateRequiredAttributesForIdentityProviderList(ResultSet resultSet, Connection dbConnection, List<String> requiredAttributes, int tenantId, IdentityProvider identityProvider) throws SQLException, IdentityProviderManagementServerException {
int idpId = Integer.parseInt(identityProvider.getId());
String idPName = identityProvider.getIdentityProviderName();
try {
if (CollectionUtils.isNotEmpty(requiredAttributes)) {
for (String attribute : requiredAttributes) {
switch(attribute) {
case IdPManagementConstants.IDP_IS_PRIMARY:
if ((IdPManagementConstants.IS_TRUE_VALUE).equals(resultSet.getString("IS_PRIMARY"))) {
identityProvider.setPrimary(true);
} else {
identityProvider.setPrimary(false);
}
break;
case IdPManagementConstants.IDP_HOME_REALM_ID:
identityProvider.setHomeRealmId(resultSet.getString("HOME_REALM_ID"));
break;
case IdPManagementConstants.IDP_IS_FEDERATION_HUB:
if ((IdPManagementConstants.IS_TRUE_VALUE).equals(resultSet.getString("IS_FEDERATION_HUB"))) {
identityProvider.setFederationHub(false);
}
break;
case IdPManagementConstants.IDP_CERTIFICATE:
identityProvider.setCertificate(getBlobValue(resultSet.getBinaryStream("CERTIFICATE")));
break;
case IdPManagementConstants.IDP_ALIAS:
identityProvider.setAlias(resultSet.getString("ALIAS"));
break;
case IdPManagementConstants.IDP_CLAIMS:
if (identityProvider.getClaimConfig() == null) {
identityProvider.setClaimConfig(new ClaimConfig());
}
if (IdPManagementConstants.IS_TRUE_VALUE.equals(resultSet.getString("IS_LOCAL_CLAIM_DIALECT"))) {
identityProvider.getClaimConfig().setLocalClaimDialect(true);
} else {
identityProvider.getClaimConfig().setLocalClaimDialect(false);
}
String userClaimUri = resultSet.getString("USER_CLAIM_URI");
String roleClaimUri = resultSet.getString("ROLE_CLAIM_URI");
if (identityProvider.getClaimConfig().isLocalClaimDialect()) {
identityProvider.setClaimConfig(getLocalIdPDefaultClaimValues(dbConnection, idPName, userClaimUri, roleClaimUri, idpId, tenantId));
} else {
// Get claim configuration.
identityProvider.setClaimConfig(getIdPClaimConfiguration(dbConnection, idPName, userClaimUri, roleClaimUri, idpId, tenantId));
}
break;
case IdPManagementConstants.IDP_ROLES:
identityProvider.setProvisioningRole(resultSet.getString("PROVISIONING_ROLE"));
// Get permission and role configuration.
identityProvider.setPermissionAndRoleConfig(getPermissionsAndRoleConfiguration(dbConnection, idPName, idpId, tenantId));
break;
case IdPManagementConstants.IDP_FEDERATED_AUTHENTICATORS:
String defaultAuthenticatorName = resultSet.getString("DEFAULT_AUTHENTICATOR_NAME");
// Get federated authenticators.
identityProvider.setFederatedAuthenticatorConfigs(getFederatedAuthenticatorConfigs(dbConnection, idPName, identityProvider, tenantId));
if (defaultAuthenticatorName != null && identityProvider.getFederatedAuthenticatorConfigs() != null) {
identityProvider.setDefaultAuthenticatorConfig(IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), defaultAuthenticatorName));
}
break;
case IdPManagementConstants.IDP_PROVISIONING:
JustInTimeProvisioningConfig jitProConfig = new JustInTimeProvisioningConfig();
if ((IdPManagementConstants.IS_TRUE_VALUE).equals(resultSet.getString("INBOUND_PROV_ENABLED"))) {
jitProConfig.setProvisioningEnabled(true);
} else {
jitProConfig.setProvisioningEnabled(false);
}
jitProConfig.setProvisioningUserStore(resultSet.getString("INBOUND_PROV_USER_STORE_ID"));
identityProvider.setJustInTimeProvisioningConfig(jitProConfig);
String defaultProvisioningConnectorConfigName = resultSet.getString("DEFAULT_PRO_CONNECTOR_NAME");
if (defaultProvisioningConnectorConfigName != null) {
ProvisioningConnectorConfig defaultProConnector = new ProvisioningConnectorConfig();
defaultProConnector.setName(defaultProvisioningConnectorConfigName);
identityProvider.setDefaultProvisioningConnectorConfig(defaultProConnector);
}
// Get provisioning connectors.
identityProvider.setProvisioningConnectorConfigs(getProvisioningConnectorConfigs(dbConnection, idPName, idpId, tenantId));
break;
}
}
}
} catch (IdentityProviderManagementException e) {
throw new IdentityProviderManagementServerException("Error occurred while performing required " + "attribute filter", e);
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildFederatedIdentityProvider.
/**
* Build a federated identity provider.
*
* @param request HttpServletRequest
* @param oldIdpName This value will be populated if there is an old IDP.
* @return IdentityProvider
* @throws Exception
*/
public static IdentityProvider buildFederatedIdentityProvider(HttpServletRequest request, StringBuilder oldIdpName) throws Exception {
IdentityProvider fedIdp = new IdentityProvider();
if (ServletFileUpload.isMultipartContent(request)) {
ServletRequestContext servletContext = new ServletRequestContext(request);
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
List items = upload.parseRequest(servletContext);
Map<String, String> paramMap = new HashMap<>();
List<String> idpClaims = new ArrayList<>();
List<String> idpRoles = new ArrayList<>();
List<String> customAuthenticatorNames = new ArrayList<>();
List<String> proConnectorNames = new ArrayList<>();
Map<String, List<Property>> customAuthenticatorProperties = new HashMap<>();
Map<String, List<Property>> customProProperties = new HashMap<>();
String idpUUID = StringUtils.EMPTY;
StringBuilder deletedCertificateValue = new StringBuilder();
for (Object item : items) {
DiskFileItem diskFileItem = (DiskFileItem) item;
if (diskFileItem != null) {
byte[] value = diskFileItem.get();
String key = diskFileItem.getFieldName();
if (StringUtils.equals(key, "idpUUID")) {
idpUUID = diskFileItem.getString();
}
if (IdPManagementUIUtil.META_DATA_SAML.equals(key)) {
if (StringUtils.isNotEmpty(diskFileItem.getName()) && !diskFileItem.getName().trim().endsWith(".xml")) {
throw new CarbonException("File not supported!");
} else {
paramMap.put(key, Base64.encode(value));
}
}
if ("certFile".equals(key)) {
paramMap.put(key, Base64.encode(value));
} else if (key.startsWith(IdentityApplicationConstants.CERTIFICATE_VAL)) {
deletedCertificateValue.append(new String(value, StandardCharsets.UTF_8));
} else if ("google_prov_private_key".equals(key)) {
paramMap.put(key, Base64.encode(value));
} else if (key.startsWith("claimrowname_")) {
String strValue = new String(value, StandardCharsets.UTF_8);
idpClaims.add(strValue);
paramMap.put(key, strValue);
} else if (key.startsWith("rolerowname_")) {
String strValue = new String(value, StandardCharsets.UTF_8);
idpRoles.add(strValue);
paramMap.put(key, strValue);
} else if (key.startsWith("custom_auth_name")) {
customAuthenticatorNames.add(new String(value, StandardCharsets.UTF_8));
} else if (key.startsWith("custom_pro_name")) {
proConnectorNames.add(new String(value, StandardCharsets.UTF_8));
} else if (key.startsWith("cust_auth_prop_")) {
int length = "cust_auth_prop_".length();
String authPropString = new String(key).substring(length);
if (authPropString.indexOf("#") > 0) {
String authName = authPropString.substring(0, authPropString.indexOf("#"));
String propName = authPropString.substring(authPropString.indexOf("#") + 1);
String propVal = new String(value, StandardCharsets.UTF_8);
Property prop = new Property();
prop.setName(propName);
prop.setValue(propVal);
List<Property> propList = null;
if (customAuthenticatorProperties.get(authName) == null) {
customAuthenticatorProperties.put(authName, new ArrayList<Property>());
}
propList = customAuthenticatorProperties.get(authName);
propList.add(prop);
customAuthenticatorProperties.put(authName, propList);
}
} else if (key.startsWith("cust_pro_prop_")) {
int length = "cust_pro_prop_".length();
String provPropString = new String(key).substring(length);
if (provPropString.indexOf("#") > 0) {
String proConName = provPropString.substring(0, provPropString.indexOf("#"));
String propName = provPropString.substring(provPropString.indexOf("#") + 1);
String propVal = new String(value, StandardCharsets.UTF_8);
Property prop = new Property();
prop.setName(propName);
prop.setValue(propVal);
List<Property> propList = null;
if (customProProperties.get(proConName) == null) {
customProProperties.put(proConName, new ArrayList<Property>());
}
propList = customProProperties.get(proConName);
propList.add(prop);
customProProperties.put(proConName, propList);
}
} else {
paramMap.put(key, new String(value, StandardCharsets.UTF_8));
}
String updatedValue = paramMap.get(key);
if (updatedValue != null && updatedValue.trim().length() == 0) {
paramMap.put(key, null);
}
}
}
paramMap.put(IdentityApplicationConstants.CERTIFICATE_VAL, deletedCertificateValue.toString());
IdentityProvider oldIdentityProvider = (IdentityProvider) request.getSession().getAttribute(idpUUID);
if (oldIdentityProvider != null) {
if (oldIdpName == null) {
oldIdpName = new StringBuilder();
}
oldIdpName.append(oldIdentityProvider.getIdentityProviderName());
}
if (oldIdentityProvider != null && oldIdentityProvider.getCertificate() != null) {
if (oldIdentityProvider.getCertificateInfoArray() != null && oldIdentityProvider.getCertificateInfoArray().length > 1) {
if (log.isDebugEnabled()) {
log.debug("Number of old certificate for the identity provider " + oldIdentityProvider.getDisplayName() + " is " + oldIdentityProvider.getCertificateInfoArray().length);
}
StringBuilder multipleCertificate = new StringBuilder();
for (CertificateInfo certificateInfo : oldIdentityProvider.getCertificateInfoArray()) {
multipleCertificate.append(new String(Base64.decode(certificateInfo.getCertValue()), StandardCharsets.UTF_8));
}
paramMap.put(IdentityApplicationConstants.OLD_CERT_FILE, Base64.encode(multipleCertificate.toString().getBytes(StandardCharsets.UTF_8)));
} else {
if (log.isDebugEnabled()) {
log.debug("Only one certificate has been found as old certificate.");
}
paramMap.put(IdentityApplicationConstants.OLD_CERT_FILE, oldIdentityProvider.getCertificate());
}
}
if (oldIdentityProvider != null && oldIdentityProvider.getProvisioningConnectorConfigs() != null) {
ProvisioningConnectorConfig[] provisioningConnectorConfig = oldIdentityProvider.getProvisioningConnectorConfigs();
for (ProvisioningConnectorConfig provisioningConnector : provisioningConnectorConfig) {
if (("googleapps").equals(provisioningConnector.getName())) {
Property[] googleProperties = provisioningConnector.getProvisioningProperties();
for (Property property : googleProperties) {
if (property.getName().equals("google_prov_private_key")) {
paramMap.put("old_google_prov_private_key", property.getValue());
}
}
}
}
}
// build identity provider basic information.
buildBasicInformation(fedIdp, paramMap);
// build out-bound authentication configuration.
buildOutboundAuthenticationConfiguration(fedIdp, paramMap);
// build custom authenticator configuration.
buildCustomAuthenticationConfiguration(fedIdp, customAuthenticatorNames, customAuthenticatorProperties, paramMap);
// build claim configuration.
if (oldIdentityProvider != null && oldIdentityProvider.getClaimConfig().getClaimMappings() != null) {
buildClaimConfiguration(fedIdp, paramMap, idpClaims, oldIdentityProvider.getClaimConfig().getClaimMappings());
} else {
buildClaimConfiguration(fedIdp, paramMap, idpClaims, null);
}
// build role configuration.
if (oldIdentityProvider != null && oldIdentityProvider.getPermissionAndRoleConfig() != null && oldIdentityProvider.getPermissionAndRoleConfig().getRoleMappings() != null) {
buildRoleConfiguration(fedIdp, paramMap, idpRoles, oldIdentityProvider.getPermissionAndRoleConfig().getRoleMappings());
} else {
buildRoleConfiguration(fedIdp, paramMap, idpRoles, null);
}
// build in-bound provisioning configuration.
buildInboundProvisioningConfiguration(fedIdp, paramMap);
// build out-bound provisioning configuration.
buildOutboundProvisioningConfiguration(fedIdp, paramMap);
// build custom provisioning connectors.
buildCustomProvisioningConfiguration(fedIdp, proConnectorNames, customProProperties, paramMap);
} else {
throw new Exception("Invalid Content Type: Not multipart/form-data");
}
return fedIdp;
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildInboundProvisioningConfiguration.
/**
* @param fedIdp
* @param paramMap
* @throws IdentityApplicationManagementException
*/
private static void buildInboundProvisioningConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap) throws IdentityApplicationManagementException {
String modifyUserNamePassword = "prompt_username_password_consent";
String modifyPassword = "prompt_password_consent";
String doNotPrompt = "do_not_prompt";
String jitTypeGroup = "choose_jit_type_group";
String provisioning = paramMap.get("provisioning");
JustInTimeProvisioningConfig jitProvisioningConfiguration = new JustInTimeProvisioningConfig();
if ("provision_disabled".equals(provisioning)) {
jitProvisioningConfiguration.setProvisioningEnabled(false);
jitProvisioningConfiguration.setPasswordProvisioningEnabled(false);
jitProvisioningConfiguration.setModifyUserNameAllowed(false);
jitProvisioningConfiguration.setPromptConsent(false);
} else if ("provision_static".equals(provisioning) || "provision_dynamic".equals(provisioning)) {
jitProvisioningConfiguration.setProvisioningEnabled(true);
if (modifyUserNamePassword.equals(paramMap.get(jitTypeGroup))) {
jitProvisioningConfiguration.setPasswordProvisioningEnabled(true);
jitProvisioningConfiguration.setModifyUserNameAllowed(true);
jitProvisioningConfiguration.setPromptConsent(true);
} else if (modifyPassword.equals(paramMap.get(jitTypeGroup))) {
jitProvisioningConfiguration.setPasswordProvisioningEnabled(true);
jitProvisioningConfiguration.setModifyUserNameAllowed(false);
jitProvisioningConfiguration.setPromptConsent(true);
} else {
jitProvisioningConfiguration.setPasswordProvisioningEnabled(false);
jitProvisioningConfiguration.setModifyUserNameAllowed(false);
if (doNotPrompt.equals(paramMap.get(jitTypeGroup))) {
jitProvisioningConfiguration.setPromptConsent(false);
} else {
jitProvisioningConfiguration.setPromptConsent(true);
}
}
}
jitProvisioningConfiguration.setProvisioningUserStore(paramMap.get("provision_static_dropdown"));
if (paramMap.get("provision_dynamic_dropdown") != null) {
if (!"--- Select Claim URI ---".equals(paramMap.get("provision_dynamic_dropdown"))) {
jitProvisioningConfiguration.setProvisioningUserStore(paramMap.get("provision_dynamic_dropdown"));
}
}
fedIdp.setJustInTimeProvisioningConfig(jitProvisioningConfiguration);
}
Aggregations