Example 46 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getUserIdClaimUriInLocalDialect.
private String getUserIdClaimUriInLocalDialect(ExternalIdPConfig idPConfig) {
// get external identity provider user id claim URI.
String userIdClaimUri = idPConfig.getUserIdClaimUri();
if (StringUtils.isBlank(userIdClaimUri)) {
return null;
}
boolean useDefaultLocalIdpDialect = idPConfig.useDefaultLocalIdpDialect();
if (useDefaultLocalIdpDialect) {
return userIdClaimUri;
} else {
ClaimMapping[] claimMappings = idPConfig.getClaimMappings();
if (!ArrayUtils.isEmpty(claimMappings)) {
for (ClaimMapping claimMapping : claimMappings) {
if (userIdClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
return claimMapping.getLocalClaim().getClaimUri();
}
}
}
}
return null;
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
Example 47 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class PostAuthAssociationHandler method setAssociatedLocalUserToContext.
/**
* To set the associated local user in automation context and to add the relevant claims.
*
* @param associatedLocalUserName Associated Local username.
* @param context Authentication context.
* @param stepConfig Configuration related with current authentication step.
* @throws PostAuthenticationFailedException Post Authentication failed exception.
*/
private void setAssociatedLocalUserToContext(String associatedLocalUserName, AuthenticationContext context, StepConfig stepConfig) throws PostAuthenticationFailedException {
SequenceConfig sequenceConfig = context.getSequenceConfig();
UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(associatedLocalUserName));
String fullQualifiedAssociatedUserId = FrameworkUtils.prependUserStoreDomainToName(associatedLocalUserName + UserCoreConstants.TENANT_DOMAIN_COMBINER + context.getTenantDomain());
sequenceConfig.setAuthenticatedUser(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(fullQualifiedAssociatedUserId));
sequenceConfig.getApplicationConfig().setMappedSubjectIDSelected(true);
Map<String, String> mappedAttrs = handleClaimMappings(stepConfig, context);
handleRoleMapping(context, sequenceConfig, mappedAttrs);
Map<ClaimMapping, String> authenticatedUserAttributes = getClaimMapping(context, mappedAttrs);
if (MapUtils.isNotEmpty(authenticatedUserAttributes)) {
sequenceConfig.getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
if (log.isDebugEnabled()) {
log.debug("Local claims from the local user: " + associatedLocalUserName + ", set as " + "user attributed for the federated scenario");
}
}
// in this case associatedID is a local user name - belongs to a tenant in IS.
String tenantDomain = MultitenantUtils.getTenantDomain(associatedLocalUserName);
Map<String, Object> authProperties = context.getProperties();
if (authProperties == null) {
authProperties = new HashMap<>();
context.setProperties(authProperties);
}
authProperties.put(USER_TENANT_DOMAIN, tenantDomain);
if (log.isDebugEnabled()) {
log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
log.debug("Authenticated User Tenant Domain: " + tenantDomain);
}
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)
Example 48 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class PostAuthnMissingClaimHandler method handlePostAuthenticationForMissingClaimsResponse.
protected void handlePostAuthenticationForMissingClaimsResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
if (log.isDebugEnabled()) {
log.debug("Starting to process the response with missing claims");
}
Map<String, String> claims = new HashMap<String, String>();
Map<String, String> claimsForContext = new HashMap<String, String>();
Map<String, String[]> requestParams = request.getParameterMap();
boolean persistClaims = false;
AuthenticatedUser user = context.getSequenceConfig().getAuthenticatedUser();
Map<String, String> carbonToSPClaimMapping = new HashMap<>();
Object spToCarbonClaimMappingObject = context.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
if (spToCarbonClaimMappingObject instanceof Map) {
Map<String, String> spToCarbonClaimMapping = (Map<String, String>) spToCarbonClaimMappingObject;
for (Map.Entry<String, String> entry : spToCarbonClaimMapping.entrySet()) {
carbonToSPClaimMapping.put(entry.getValue(), entry.getKey());
}
}
boolean doMandatoryClaimsExist = false;
for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
doMandatoryClaimsExist = true;
break;
}
}
if (!doMandatoryClaimsExist) {
// Check whether mandatory claims exist in the request. If not throw error.
throw new PostAuthenticationFailedException("Mandatory missing claims are not found", "Mandatory missing " + "claims are not found in the request for the session with context identifier: " + context.getContextIdentifier());
}
List<String> missingClaims = new ArrayList<>();
for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
String localClaimURI = entry.getKey().substring(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX.length());
if (StringUtils.isBlank(entry.getValue()[0])) {
missingClaims.add(localClaimURI);
continue;
}
claims.put(localClaimURI, entry.getValue()[0]);
if (spToCarbonClaimMappingObject != null) {
String spClaimURI = carbonToSPClaimMapping.get(localClaimURI);
claimsForContext.put(spClaimURI, entry.getValue()[0]);
} else {
claimsForContext.put(localClaimURI, entry.getValue()[0]);
}
}
}
if (CollectionUtils.isNotEmpty(missingClaims)) {
String missingClaimURIs = StringUtils.join(missingClaims, ",");
if (log.isDebugEnabled()) {
log.debug("Claim values for the mandatory claims: " + missingClaimURIs + " are empty");
}
throw new PostAuthenticationFailedException("Mandatory claim is not found", "Claim " + "values for the claim URIs: " + missingClaimURIs + " are empty");
}
Map<ClaimMapping, String> authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(claimsForContext);
authenticatedUserAttributes.putAll(user.getUserAttributes());
for (Map.Entry<Integer, StepConfig> entry : context.getSequenceConfig().getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
if (stepConfig.isSubjectAttributeStep()) {
if (stepConfig.getAuthenticatedUser() != null) {
user = stepConfig.getAuthenticatedUser();
}
if (!user.isFederatedUser()) {
persistClaims = true;
} else {
String associatedID;
String subject = user.getAuthenticatedSubjectIdentifier();
try {
FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
associatedID = federatedAssociationManager.getUserForFederatedAssociation(context.getTenantDomain(), stepConfig.getAuthenticatedIdP(), subject);
if (StringUtils.isNotBlank(associatedID)) {
String fullQualifiedAssociatedUserId = FrameworkUtils.prependUserStoreDomainToName(associatedID + UserCoreConstants.TENANT_DOMAIN_COMBINER + context.getTenantDomain());
UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(associatedID));
user = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(fullQualifiedAssociatedUserId);
persistClaims = true;
}
} catch (FederatedAssociationManagerException | FrameworkException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while getting association for " + subject, e);
}
}
break;
}
}
if (persistClaims) {
if (log.isDebugEnabled()) {
log.debug("Local user mapping found. Claims will be persisted");
}
try {
Map<String, String> claimMapping = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
Map<String, String> localIdpClaims = new HashMap<>();
for (Map.Entry<String, String> entry : claims.entrySet()) {
String localClaim = claimMapping.get(entry.getKey());
localIdpClaims.put(localClaim, entry.getValue());
}
if (log.isDebugEnabled()) {
log.debug("Updating user profile of user : " + user.getLoggableUserId());
}
UserRealm realm = getUserRealm(user.getTenantDomain());
AbstractUserStoreManager userStoreManager = (AbstractUserStoreManager) realm.getUserStoreManager();
userStoreManager.setUserClaimValuesWithID(user.getUserId(), localIdpClaims, null);
} catch (UserStoreException e) {
if (e instanceof UserStoreClientException) {
context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR, e.getMessage());
if (StringUtils.isNotBlank(e.getErrorCode())) {
context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE, e.getErrorCode());
}
/*
When the attribute update is disabled for JIT provisioned users, the mandatory claim update
request will be identified through the error code and handled it.
*/
if (ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.equals(e.getErrorCode())) {
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
return;
}
}
if (ErrorMessages.ERROR_CODE_READONLY_USER_STORE.getCode().equals(e.getErrorCode())) {
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
return;
}
throw new PostAuthenticationFailedException(e.getMessage(), "Error while updating claims for local user. Could not update profile", e);
} catch (UserIdNotFoundException e) {
throw new PostAuthenticationFailedException("User id not found", "User id not found for local user. Could not update profile", e);
}
}
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
Also used :
HashMap(java.util.HashMap)
UserStoreClientException(org.wso2.carbon.user.core.UserStoreClientException)
ArrayList(java.util.ArrayList)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
UserRealm(org.wso2.carbon.user.core.UserRealm)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 49 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method removeUserClaimsFromContext.
private void removeUserClaimsFromContext(AuthenticationContext context, List<String> disapprovedClaims, String spStandardDialect) {
Map<ClaimMapping, String> userAttributes = getUserAttributes(context);
Map<ClaimMapping, String> modifiedUserAttributes = new HashMap<>();
if (isDebugEnabled()) {
String message = "Removing disapproved claims: %s from context of user: %s for service provider: %s in " + "tenant domain: %s";
ServiceProvider serviceProvider = getServiceProvider(context);
message = String.format(message, disapprovedClaims, getAuthenticatedUser(context).getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
if (isStandardDialect(spStandardDialect)) {
Map<String, String> standardToCarbonClaimMappings = getSPToCarbonClaimMappings(context);
filterClaims(userAttributes, disapprovedClaims, standardToCarbonClaimMappings, modifiedUserAttributes);
} else {
// WSO2 dialect or Non standards custom claim mappings.
Map<String, String> customToLocalClaimMappings = context.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings();
filterClaims(userAttributes, disapprovedClaims, customToLocalClaimMappings, modifiedUserAttributes);
}
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(modifiedUserAttributes);
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
HashMap(java.util.HashMap)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)
Example 50 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class DefaultClaimFilter method filterRequestedClaims.
@Override
public List<ClaimMapping> filterRequestedClaims(List<ClaimMapping> spClaimMappings, List<ClaimMapping> requestedClaimsInRequest) {
List<ClaimMapping> selectedRequestedClaims = new ArrayList<>();
if (requestedClaimsFromRequest(spClaimMappings, requestedClaimsInRequest)) {
selectedRequestedClaims.addAll(requestedClaimsInRequest);
} else if (requestedClaimsFromSpConfig(spClaimMappings, requestedClaimsInRequest)) {
selectedRequestedClaims.addAll(spClaimMappings);
} else if (requestedClaimsFromSpConfigAndRequest(spClaimMappings, requestedClaimsInRequest)) {
for (ClaimMapping claimMappingInSPConfig : spClaimMappings) {
for (ClaimMapping claimMappingInRequest : requestedClaimsInRequest) {
if (claimMappingInRequest.getRemoteClaim().equals(claimMappingInSPConfig.getRemoteClaim())) {
claimMappingInRequest.setLocalClaim(claimMappingInSPConfig.getLocalClaim());
selectedRequestedClaims.add(claimMappingInRequest);
}
}
}
}
return selectedRequestedClaims;
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
ArrayList(java.util.ArrayList)
Aggregations
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)108
HashMap (java.util.HashMap)60
ArrayList (java.util.ArrayList)52
ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)27
Map (java.util.Map)26
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)24
ClaimMapping (org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping)24
ClaimMapping (org.wso2.carbon.user.api.ClaimMapping)24
Claim (org.wso2.carbon.identity.application.common.model.Claim)23
Test (org.testng.annotations.Test)22
Claim (org.wso2.carbon.identity.application.common.model.xsd.Claim)21
LocalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)21
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)20
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)20
List (java.util.List)17
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)17
UserStoreException (org.wso2.carbon.user.api.UserStoreException)17
Matchers.anyString (org.mockito.Matchers.anyString)16
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)13
ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)13
