use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildClaimConfiguration.
/**
* @param fedIdp
* @param paramMap
* @throws IdentityApplicationManagementException
*/
private static void buildClaimConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap, List<String> idpClaims, ClaimMapping[] currentClaimMapping) throws IdentityApplicationManagementException {
ClaimConfig claimConfiguration = new ClaimConfig();
if (idpClaims != null && idpClaims.size() > 0) {
List<Claim> idPClaimList = new ArrayList<Claim>();
for (Iterator<String> iterator = idpClaims.iterator(); iterator.hasNext(); ) {
String claimUri = iterator.next();
Claim idpClaim = new Claim();
idpClaim.setClaimUri(claimUri);
idPClaimList.add(idpClaim);
}
claimConfiguration.setIdpClaims(idPClaimList.toArray(new Claim[idPClaimList.size()]));
}
claimConfiguration.setUserClaimURI(paramMap.get("user_id_claim_dropdown"));
claimConfiguration.setRoleClaimURI(paramMap.get("role_claim_dropdown"));
ClaimConfig claimConfigurationUpdated = claimMappingFromUI(claimConfiguration, paramMap);
fedIdp.setClaimConfig(claimConfigurationUpdated);
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class UserStoreBasedIdentityDataStore method load.
/**
* This method loads identity and security questions from the user stores
*/
@Override
public UserIdentityClaimsDO load(String userName, UserStoreManager userStoreManager) {
UserIdentityClaimsDO userIdentityDTO = super.load(userName, userStoreManager);
if (userIdentityDTO != null) {
return userIdentityDTO;
}
// which happen calling getUserClaimValues()
if (TRUE_STRING.equals(userStoreInvoked.get())) {
if (log.isDebugEnabled()) {
log.debug("UserStoreBasedIdentityDataStore.load() already been called in the stack." + "Hence returning without processing load() again.");
}
return null;
} else {
if (log.isDebugEnabled()) {
log.debug("Set flag to indicate method UserStoreBasedIdentityDataStore.load() been called");
}
userStoreInvoked.set(TRUE_STRING);
}
Map<String, String> userDataMap = new HashMap<String, String>();
try {
// reading all claims of the user
Claim[] claims = ((AbstractUserStoreManager) userStoreManager).getUserClaimValues(userName, null);
// select the security questions and identity claims
if (claims != null) {
for (Claim claim : claims) {
String claimUri = claim.getClaimUri();
if (claimUri.contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI) || claimUri.contains(UserCoreConstants.ClaimTypeURIs.CHALLENGE_QUESTION_URI)) {
if (log.isDebugEnabled()) {
log.debug("Adding UserIdentityClaim : " + claimUri + " with the value : " + claim.getValue());
}
userDataMap.put(claimUri, claim.getValue());
}
}
} else {
// null is returned when the user doesn't exist
return null;
}
} catch (UserStoreException e) {
if (!e.getMessage().startsWith(IdentityCoreConstants.USER_NOT_FOUND)) {
log.error("Error while reading identity user data from user store", e);
} else if (log.isDebugEnabled()) {
String message = null;
if (userStoreManager instanceof AbstractUserStoreManager) {
String domain = ((AbstractUserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
if (domain != null) {
message = "User: " + userName + " does not exist in " + domain;
}
}
if (message == null) {
message = "User: " + userName + " does not exist";
}
log.debug(message);
}
return null;
} finally {
// reset to initial value
if (log.isDebugEnabled()) {
log.debug("Reset flag to indicate method UserStoreBasedIdentityDataStore.load() being completing");
}
userStoreInvoked.set(FALSE_STRING);
}
userIdentityDTO = new UserIdentityClaimsDO(userName, userDataMap);
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
userIdentityDTO.setTenantId(tenantId);
org.wso2.carbon.user.core.UserStoreManager store = (org.wso2.carbon.user.core.UserStoreManager) userStoreManager;
String domainName = store.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
try {
super.store(userIdentityDTO, userStoreManager);
} catch (IdentityException e) {
log.error("Error while reading user identity data", e);
}
return userIdentityDTO;
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementDAO method getLocalIdPDefaultClaimValues.
/**
* @param dbConnection
* @param idPName
* @param userClaimUri
* @param roleClaimUri
* @param idpId
* @param tenantId
* @return
* @throws SQLException
*/
private ClaimConfig getLocalIdPDefaultClaimValues(Connection dbConnection, String idPName, String userClaimUri, String roleClaimUri, int idpId, int tenantId) throws SQLException {
PreparedStatement prepStmt = null;
ResultSet rs = null;
String sqlStmt;
ClaimConfig claimConfig = new ClaimConfig();
try {
claimConfig.setLocalClaimDialect(true);
claimConfig.setRoleClaimURI(roleClaimUri);
claimConfig.setUserClaimURI(userClaimUri);
sqlStmt = IdPManagementConstants.SQLQueries.GET_LOCAL_IDP_DEFAULT_CLAIM_VALUES_SQL;
prepStmt = dbConnection.prepareStatement(sqlStmt);
prepStmt.setInt(1, idpId);
prepStmt.setInt(2, tenantId);
List<ClaimMapping> claimMappings = new ArrayList<ClaimMapping>();
rs = prepStmt.executeQuery();
while (rs.next()) {
ClaimMapping claimMapping = new ClaimMapping();
// empty claim.
Claim remoteClaim = new Claim();
Claim localClaim = new Claim();
localClaim.setClaimUri(rs.getString("CLAIM_URI"));
claimMapping.setLocalClaim(localClaim);
claimMapping.setRemoteClaim(remoteClaim);
claimMapping.setDefaultValue(rs.getString("DEFAULT_VALUE"));
if ((IdPManagementConstants.IS_TRUE_VALUE).equals(rs.getString("IS_REQUESTED"))) {
claimMapping.setRequested(true);
} else if (rs.getString("IS_REQUESTED").equals(IdPManagementConstants.IS_TRUE_VALUE)) {
claimMapping.setRequested(false);
}
claimMappings.add(claimMapping);
}
claimConfig.setClaimMappings(claimMappings.toArray(new ClaimMapping[claimMappings.size()]));
return claimConfig;
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs, prepStmt);
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementDAO method addIdPWithResourceId.
/**
* Add IDP.
*
* @param identityProvider Identity provider information.
* @param tenantId Tenant ID.
* @return Resource ID of created IDP.
* @throws IdentityProviderManagementException
*/
public String addIdPWithResourceId(IdentityProvider identityProvider, int tenantId) throws IdentityProviderManagementException {
Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true);
PreparedStatement prepStmt = null;
try {
if (identityProvider.isPrimary()) {
// this is going to be the primary. Switch off any other primary set up in the
// system.
switchOffPrimary(dbConnection, tenantId);
}
// SP_TENANT_ID, SP_IDP_NAME, SP_IDP_PRIMARY, SP_IDP_HOME_REALM_ID, SP_IDP_CERTIFICATE,
// SP_IDP_TOKEN_EP_ALIAS,
// SP_IDP_INBOUND_PROVISIONING_ENABLED,SP_IDP_INBOUND_PROVISIONING_USER_STORE_ID,
// SP_IDP_USER_CLAIM_URI,SP_IDP_ROLE_CLAIM_URI,SP_IDP_DEFAULT_AUTHENTICATOR_NAME,
// SP_IDP_DEFAULT_PRO_CONNECTOR_NAME
String sqlStmt = IdPManagementConstants.SQLQueries.ADD_IDP_SQL;
prepStmt = dbConnection.prepareStatement(sqlStmt);
prepStmt.setInt(1, tenantId);
prepStmt.setString(2, identityProvider.getIdentityProviderName());
if (identityProvider.isPrimary()) {
prepStmt.setString(3, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(3, IdPManagementConstants.IS_FALSE_VALUE);
}
prepStmt.setString(4, identityProvider.getHomeRealmId());
if (ArrayUtils.isNotEmpty(identityProvider.getCertificateInfoArray())) {
try {
// Check whether certificate decoding and certificate generation fails or not.
IdentityApplicationManagementUtil.getCertDataArray(identityProvider.getCertificateInfoArray());
} catch (CertificateException ex) {
throw new IdentityProviderManagementClientException("Malformed Public Certificate file has been " + "provided.", ex);
}
}
JSONArray certificateInfoJsonArray = new JSONArray(identityProvider.getCertificateInfoArray());
setBlobValue(certificateInfoJsonArray.toString(), prepStmt, 5);
prepStmt.setString(6, identityProvider.getAlias());
if (identityProvider.getJustInTimeProvisioningConfig() != null) {
// provisioned locally.
if (identityProvider.getJustInTimeProvisioningConfig().isProvisioningEnabled()) {
prepStmt.setString(7, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(7, IdPManagementConstants.IS_FALSE_VALUE);
}
// user will be provisioned to the configured user store.
prepStmt.setString(8, identityProvider.getJustInTimeProvisioningConfig().getProvisioningUserStore());
} else {
prepStmt.setString(7, IdPManagementConstants.IS_FALSE_VALUE);
prepStmt.setString(8, null);
}
if (identityProvider.getClaimConfig() != null) {
// this is how we find the subject name from the authentication response.
// this claim URI is in identity provider's own dialect.
prepStmt.setString(9, identityProvider.getClaimConfig().getUserClaimURI());
// this is how we find the role name from the authentication response.
// this claim URI is in identity provider's own dialect.
prepStmt.setString(10, identityProvider.getClaimConfig().getRoleClaimURI());
} else {
prepStmt.setString(9, null);
prepStmt.setString(10, null);
}
if (identityProvider.getDefaultAuthenticatorConfig() != null) {
prepStmt.setString(11, identityProvider.getDefaultAuthenticatorConfig().getName());
} else {
prepStmt.setString(11, null);
}
if (identityProvider.getDefaultProvisioningConnectorConfig() != null) {
prepStmt.setString(12, identityProvider.getDefaultProvisioningConnectorConfig().getName());
} else {
prepStmt.setString(12, null);
}
prepStmt.setString(13, identityProvider.getIdentityProviderDescription());
if (identityProvider.isFederationHub()) {
prepStmt.setString(14, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(14, IdPManagementConstants.IS_FALSE_VALUE);
}
if (identityProvider.getClaimConfig() != null && identityProvider.getClaimConfig().isLocalClaimDialect()) {
prepStmt.setString(15, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(15, IdPManagementConstants.IS_FALSE_VALUE);
}
prepStmt.setString(16, identityProvider.getProvisioningRole());
// enabled by default
prepStmt.setString(17, IdPManagementConstants.IS_TRUE_VALUE);
prepStmt.setString(18, identityProvider.getDisplayName());
prepStmt.setString(19, identityProvider.getImageUrl());
String resourceId = UUID.randomUUID().toString();
prepStmt.setString(20, resourceId);
prepStmt.executeUpdate();
prepStmt.clearParameters();
// get newly added Identity provider.
IdentityProvider createdIDP = getIDPbyResourceId(dbConnection, resourceId, tenantId, IdentityTenantUtil.getTenantDomain(tenantId));
// get the id of the just added identity provider.
int idPId = Integer.parseInt(createdIDP.getId());
if (idPId <= 0) {
String msg = "Error adding Identity Provider for tenant " + tenantId;
throw new IdentityProviderManagementException(msg);
}
// add provisioning connectors.
if (identityProvider.getProvisioningConnectorConfigs() != null && identityProvider.getProvisioningConnectorConfigs().length > 0) {
addProvisioningConnectorConfigs(identityProvider.getProvisioningConnectorConfigs(), dbConnection, idPId, tenantId);
}
// add federated authenticators.
addFederatedAuthenticatorConfigs(identityProvider.getFederatedAuthenticatorConfigs(), dbConnection, idPId, tenantId);
// add role configuration.
if (identityProvider.getPermissionAndRoleConfig() != null) {
if (identityProvider.getPermissionAndRoleConfig().getIdpRoles() != null && identityProvider.getPermissionAndRoleConfig().getIdpRoles().length > 0) {
// add roles.
addIdPRoles(dbConnection, idPId, tenantId, identityProvider.getPermissionAndRoleConfig().getIdpRoles());
if (identityProvider.getPermissionAndRoleConfig().getRoleMappings() != null && identityProvider.getPermissionAndRoleConfig().getRoleMappings().length > 0) {
// add role mappings.
addIdPRoleMappings(dbConnection, idPId, tenantId, identityProvider.getPermissionAndRoleConfig().getRoleMappings());
}
}
}
// add claim configuration.
if (identityProvider.getClaimConfig() != null && identityProvider.getClaimConfig().getClaimMappings() != null && identityProvider.getClaimConfig().getClaimMappings().length > 0) {
if (identityProvider.getClaimConfig().isLocalClaimDialect()) {
// identity provider is using local claim dialect - we do not need to add
// claims.
addDefaultClaimValuesForLocalIdP(dbConnection, idPId, tenantId, identityProvider.getClaimConfig().getClaimMappings());
} else {
addIdPClaims(dbConnection, idPId, tenantId, identityProvider.getClaimConfig().getIdpClaims());
addIdPClaimMappings(dbConnection, idPId, tenantId, identityProvider.getClaimConfig().getClaimMappings());
}
}
IdentityProviderProperty[] idpProperties = identityProvider.getIdpProperties();
if (IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME.equals(identityProvider.getIdentityProviderName())) {
idpProperties = filterConnectorProperties(idpProperties, IdentityTenantUtil.getTenantDomain(tenantId)).toArray(new IdentityProviderProperty[0]);
}
List<IdentityProviderProperty> identityProviderProperties = getCombinedProperties(identityProvider.getJustInTimeProvisioningConfig(), idpProperties);
identityProviderProperties.add(buildTemplateIdProperty(identityProvider));
addIdentityProviderProperties(dbConnection, idPId, identityProviderProperties, tenantId);
IdentityDatabaseUtil.commitTransaction(dbConnection);
return resourceId;
} catch (IOException e) {
throw new IdentityProviderManagementException("An error occurred while processing content stream.", e);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
throw new IdentityProviderManagementException("Error occurred while adding Identity Provider for tenant " + tenantId, e);
} catch (ConnectorException e) {
throw new IdentityProviderManagementException("An error occurred while filtering IDP properties.", e);
} finally {
IdentityDatabaseUtil.closeAllConnections(dbConnection, null, prepStmt);
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.Claim in project carbon-identity-framework by wso2.
the class IdPManagementServiceComponent method activate.
@Activate
protected void activate(ComponentContext ctxt) {
try {
BundleContext bundleCtx = ctxt.getBundleContext();
TenantManagementListener idPMgtTenantMgtListener = new TenantManagementListener();
ServiceRegistration tenantMgtListenerSR = bundleCtx.registerService(TenantMgtListener.class.getName(), idPMgtTenantMgtListener, null);
if (tenantMgtListenerSR != null) {
log.debug("Identity Provider Management - TenantMgtListener registered");
} else {
log.error("Identity Provider Management - TenantMgtListener could not be registered");
}
ServiceRegistration userOperationListenerSR = bundleCtx.registerService(UserOperationEventListener.class.getName(), new UserStoreListener(), null);
if (userOperationListenerSR != null) {
log.debug("Identity Provider Management - UserOperationEventListener registered");
} else {
log.error("Identity Provider Management - UserOperationEventListener could not be registered");
}
ServiceRegistration auditLoggerSR = bundleCtx.registerService(IdentityProviderMgtListener.class.getName(), new IDPMgtAuditLogger(), null);
if (auditLoggerSR != null) {
log.debug("Identity Provider Management - Audit Logger registered");
} else {
log.error("Identity Provider Management - Error while registering Audit Logger");
}
ServiceRegistration idPNameResolverListener = bundleCtx.registerService(IdentityProviderMgtListener.class.getName(), new IdentityProviderNameResolverListener(), null);
if (idPNameResolverListener != null) {
if (log.isDebugEnabled()) {
log.debug("Identity Provider Name Resolver Listener registered.");
}
} else {
log.error("Identity Provider Management - Error while registering Identity Provider Name Resolver " + "Listener.");
}
setIdentityProviderMgtListenerService(new IdPMgtValidationListener());
CacheBackedIdPMgtDAO dao = new CacheBackedIdPMgtDAO(new IdPManagementDAO());
if (dao.getIdPByName(null, IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME, IdentityTenantUtil.getTenantId(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME) == null) {
addSuperTenantIdp();
}
bundleCtx.registerService(IdpManager.class, IdentityProviderManager.getInstance(), null);
ServiceRegistration idpClaimMetadataMgtListener = bundleCtx.registerService(ClaimMetadataMgtListener.class.getName(), new IdentityProviderClaimMgtListener(), null);
if (idpClaimMetadataMgtListener != null) {
if (log.isDebugEnabled()) {
log.debug("Identity Provider Claim Metadata Management Listener registered.");
}
} else {
log.error("Identity Provider Management - Error while registering Identity Provider Claim Metadata " + "Management Listener.");
}
buildFileBasedIdPList();
cleanUpRemovedIdps();
log.debug("Identity Provider Management bundle is activated");
} catch (Throwable e) {
log.error("Error while activating Identity Provider Management bundle", e);
}
}
Aggregations