use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class SAML2BearerGrantHandlerTest method buildAuthnReqDTO.
private SAMLSSOAuthnReqDTO buildAuthnReqDTO(Map<String, String> attributes, String nameIDFormat, String issuer, String subjectName) {
SAMLSSOAuthnReqDTO authnReqDTO = new SAMLSSOAuthnReqDTO();
authnReqDTO.setUser(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(subjectName));
authnReqDTO.setNameIDFormat(nameIDFormat);
authnReqDTO.setIssuer(issuer);
Map<ClaimMapping, String> userAttributes = new HashMap<>();
for (Map.Entry<String, String> entry : attributes.entrySet()) {
userAttributes.put(buildClaimMapping(entry.getKey()), entry.getValue());
}
authnReqDTO.getUser().setUserAttributes(userAttributes);
return authnReqDTO;
}
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCClaimsCallbackHandlerTest method testHandleCustomClaimsWithOAuthTokenReqMsgCtxtAddressClaim.
@Test
public void testHandleCustomClaimsWithOAuthTokenReqMsgCtxtAddressClaim() throws Exception {
JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
OAuthTokenReqMessageContext requestMsgCtx = getTokenReqMessageContextForLocalUser();
ClaimMapping[] claimMappings = new ClaimMapping[] { ClaimMapping.build(LOCAL_COUNTRY_CLAIM_URI, ADDRESS, "", true), ClaimMapping.build(LOCAL_STREET_CLAIM_URI, STREET, "", true), ClaimMapping.build(LOCAL_PROVINCE_CLAIM_URI, PROVINCE, "", true), ClaimMapping.build(LOCAL_ADDRESS_CLAIM_URI, ADDRESS, "", true) };
ServiceProvider serviceProvider = getSpWithRequestedClaimsMappings(claimMappings);
mockApplicationManagementService(serviceProvider);
Map<String, String> userClaims = new HashMap<>();
userClaims.put(LOCAL_COUNTRY_CLAIM_URI, "Sri Lanka");
userClaims.put(LOCAL_STREET_CLAIM_URI, "Lily Avenue");
userClaims.put(LOCAL_PROVINCE_CLAIM_URI, "Western");
userClaims.put(LOCAL_ADDRESS_CLAIM_URI, "matara");
UserRealm userRealm = getUserRealmWithUserClaims(userClaims);
mockUserRealm(requestMsgCtx.getAuthorizedUser().toString(), userRealm);
mockClaimHandler();
JWTClaimsSet jwtClaimsSet = getJwtClaimSet(jwtClaimsSetBuilder, requestMsgCtx);
assertNotNull(jwtClaimsSet);
assertNotNull(jwtClaimsSet.getClaim(ADDRESS));
}
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class ClaimsUtil method handleClaimMapping.
/**
* Handle claims from identity provider based on claim configurations.
*
* @param identityProvider Identity Provider
* @param attributes Relevant Claims coming from IDP
* @param tenantDomain Tenant Domain.
* @param tokenReqMsgCtx Token request message context.
* @return mapped local claims.
* @throws IdentityException
* @throws IdentityApplicationManagementException
*/
public static Map<String, String> handleClaimMapping(IdentityProvider identityProvider, Map<String, String> attributes, String tenantDomain, OAuthTokenReqMessageContext tokenReqMsgCtx) throws IdentityException, IdentityApplicationManagementException {
boolean proxyUserAttributes = !OAuthServerConfiguration.getInstance().isConvertOriginalClaimsFromAssertionsToOIDCDialect();
if (proxyUserAttributes) {
setHasNonOIDCClaimsProperty(tokenReqMsgCtx);
return attributes;
}
ClaimMapping[] idPClaimMappings = identityProvider.getClaimConfig().getClaimMappings();
Map<String, String> claimsAfterIdpMapping;
Map<String, String> claimsAfterSPMapping = new HashMap<>();
ServiceProvider serviceProvider = getServiceProvider(tokenReqMsgCtx);
if (ArrayUtils.isNotEmpty(idPClaimMappings)) {
if (log.isDebugEnabled()) {
log.debug("Claim mappings exist for identity provider " + identityProvider.getIdentityProviderName());
}
claimsAfterIdpMapping = handleClaimsForIDP(attributes, tenantDomain, identityProvider, false, idPClaimMappings);
if (isUserClaimsInTokenLoggable()) {
if (log.isDebugEnabled()) {
log.debug("Claims of user : " + tokenReqMsgCtx.getAuthorizedUser() + " after IDP " + " claim mapping " + claimsAfterIdpMapping.toString());
}
}
if (isSPRequestedClaimsExist(tokenReqMsgCtx)) {
claimsAfterSPMapping = ClaimsUtil.convertClaimsToOIDCDialect(tokenReqMsgCtx, claimsAfterIdpMapping);
claimsAfterSPMapping = handleUnMappedClaims(tokenReqMsgCtx, attributes, claimsAfterSPMapping, idPClaimMappings);
} else {
if (isUserClaimsInTokenLoggable()) {
if (log.isDebugEnabled()) {
log.debug("IDP claims exists, SP claims does not exist, for the identity provider " + identityProvider.getIdentityProviderName() + ", service provider " + serviceProvider.getApplicationName() + ", hence cannot do claim mapping");
}
}
}
} else {
claimsAfterIdpMapping = attributes;
if (isUserClaimsInTokenLoggable()) {
if (log.isDebugEnabled()) {
log.debug("IDP claims do not exist for, identity provider, " + identityProvider.getIdentityProviderName() + ", hence directly copying custom claims, " + claimsAfterIdpMapping.toString());
}
}
if (isSPRequestedClaimsExist(tokenReqMsgCtx)) {
claimsAfterSPMapping = ClaimsUtil.convertClaimsToOIDCDialect(tokenReqMsgCtx, claimsAfterIdpMapping);
if (isUserClaimsInTokenLoggable()) {
if (log.isDebugEnabled()) {
log.debug("IDP claims do not exist but SP Claim mappings exists for, identity provider, " + identityProvider.getIdentityProviderName() + ", and Service Provider, " + serviceProvider.getApplicationName() + ", claims after SP mapping, " + claimsAfterSPMapping.toString());
}
}
claimsAfterSPMapping = handleUnMappedClaims(tokenReqMsgCtx, attributes, claimsAfterSPMapping, idPClaimMappings);
} else {
setHasNonOIDCClaimsProperty(tokenReqMsgCtx);
claimsAfterSPMapping = attributes;
if (isUserClaimsInTokenLoggable()) {
if (log.isDebugEnabled()) {
log.debug("IDP claims and SP Claim mappings do not exists for, identity provider, " + identityProvider.getIdentityProviderName() + ", and Service Provider, " + serviceProvider.getApplicationName() + ", hence claims are proxied, " + claimsAfterSPMapping.toString());
}
}
}
}
return claimsAfterSPMapping;
}
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class ClaimsUtil method addMissingClaims.
/**
* To add the missing claims that are missed in IDP and SP mapping.
*
* @param tokenReqMsgCtx Token request message context.
* @param userAttributes Attributes received from IDP.
* @param claimsAfterIDPandSPMapping Claims.
* @param idPClaimMappings IDP Claim mappings.
* @return Final claim map with all the claims received from the IDP.
* @throws IdentityApplicationManagementException Identity Application Management Exception.
*/
private static Map<String, String> addMissingClaims(OAuthTokenReqMessageContext tokenReqMsgCtx, Map<String, String> userAttributes, Map<String, String> claimsAfterIDPandSPMapping, ClaimMapping[] idPClaimMappings) throws IdentityApplicationManagementException {
boolean isUserClaimsLoggable = isUserClaimsInTokenLoggable();
ServiceProvider serviceProvider = getServiceProvider(tokenReqMsgCtx);
ClaimConfig serviceProviderClaimConfig = serviceProvider.getClaimConfig();
AuthenticatedUser authenticatedUser = tokenReqMsgCtx.getAuthorizedUser();
userAttributes.forEach((key, value) -> {
boolean foundMatching = false;
String localClaimUri = null;
// If IDP Claim mapping is not empty.
if (ArrayUtils.isNotEmpty(idPClaimMappings)) {
// Go through the claim mappings to identify the missed attributes in IDP level claim mapping.
for (ClaimMapping claimMapping : idPClaimMappings) {
if (claimMapping.getRemoteClaim().getClaimUri().equals(key)) {
localClaimUri = claimMapping.getLocalClaim().getClaimUri();
foundMatching = true;
break;
}
}
// If the relevant attribute is not mapped in IDP, add that.
if (!foundMatching) {
if (isUserClaimsLoggable) {
if (log.isDebugEnabled()) {
log.debug("IDP Claim mapping does not exist for " + key + ", hence adding value " + value + " for the user : " + authenticatedUser);
}
}
claimsAfterIDPandSPMapping.put(key, value);
} else {
// If the relevant attribute has mapping in IDP level, check for SP level mapping.
foundMatching = false;
ClaimMapping[] spClaimMapping = serviceProviderClaimConfig.getClaimMappings();
for (ClaimMapping claimMapping : spClaimMapping) {
if (claimMapping.getLocalClaim().getClaimUri().equals(localClaimUri) && claimMapping.isRequested()) {
foundMatching = true;
break;
}
}
// If the relevant attribute has IDP level mapping but not SP level mapping, add it.
if (!foundMatching) {
if (isUserClaimsLoggable) {
if (log.isDebugEnabled()) {
log.debug("IDP Claim mapping exist, but SP Claim mapping does not exist for " + key + ", hence adding value " + value + " for the user : " + authenticatedUser);
}
}
claimsAfterIDPandSPMapping.put(key, value);
}
}
} else {
// If the IDP level mapping is not there, all the claims coming from IDP are assumed to be local claim.
ClaimMapping[] spClaimMapping = serviceProviderClaimConfig.getClaimMappings();
for (ClaimMapping claimMapping : spClaimMapping) {
if (claimMapping.getLocalClaim().getClaimUri().equals(key) && claimMapping.isRequested()) {
foundMatching = true;
break;
}
}
// If the attribute does not have the specific mapping in SP level, add the mapping.
if (!foundMatching) {
if (isUserClaimsLoggable) {
if (log.isDebugEnabled()) {
log.debug("SP Claim mapping does not exist for " + key + ", hence adding value " + value + " for the user : " + authenticatedUser);
}
}
claimsAfterIDPandSPMapping.put(key, value);
}
}
});
if (isUserClaimsLoggable) {
if (log.isDebugEnabled()) {
log.debug("Final set of claims for the user : " + authenticatedUser + ": " + claimsAfterIDPandSPMapping.toString());
}
}
return claimsAfterIDPandSPMapping;
}
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCClaimsCallbackHandler method getUserAttributesFromCacheUsingToken.
/**
* Get user attribute cached against the access token.
*
* @param accessToken Access token
* @return User attributes cached against the access token
*/
private Map<ClaimMapping, String> getUserAttributesFromCacheUsingToken(String accessToken) {
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Retrieving user attributes cached against access token: " + accessToken);
} else {
log.debug("Retrieving user attributes cached against access token.");
}
}
AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(accessToken);
AuthorizationGrantCacheEntry cacheEntry = AuthorizationGrantCache.getInstance().getValueFromCacheByToken(cacheKey);
return cacheEntry == null ? new HashMap<>() : cacheEntry.getUserAttributes();
}
Aggregations