Examples with ClaimMapping org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping used on opensource projects

Example 6 with ClaimMapping

use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-apimgt by wso2.

the class SystemScopesIssuer method getScopes.

/**
 * This method is used to retrieve the authorized scopes with respect to a token.
 *
 * @param tokReqMsgCtx token message context
 * @return authorized scopes list
 */
public List<String> getScopes(OAuthTokenReqMessageContext tokReqMsgCtx) {
    List<String> authorizedScopes = null;
    List<String> requestedScopes = new ArrayList<>(Arrays.asList(tokReqMsgCtx.getScope()));
    String clientId = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
    AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
    Map<String, String> appScopes = getAppScopes(clientId, authenticatedUser, requestedScopes);
    if (appScopes != null) {
        // If no scopes can be found in the context of the application
        if (isAppScopesEmpty(appScopes, clientId)) {
            return getAllowedScopes(requestedScopes);
        }
        String grantType = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType();
        String[] userRoles = null;
        // If GrantType is SAML20_BEARER and CHECK_ROLES_FROM_SAML_ASSERTION is true, or if GrantType is
        // JWT_BEARER and retrieveRolesFromUserStoreForScopeValidation system property is true,
        // use user roles from assertion or jwt otherwise use roles from userstore.
        String isSAML2Enabled = System.getProperty(APIConstants.SystemScopeConstants.CHECK_ROLES_FROM_SAML_ASSERTION);
        String isRetrieveRolesFromUserStoreForScopeValidation = System.getProperty(APIConstants.SystemScopeConstants.RETRIEVE_ROLES_FROM_USERSTORE_FOR_SCOPE_VALIDATION);
        if (GrantType.SAML20_BEARER.toString().equals(grantType) && Boolean.parseBoolean(isSAML2Enabled)) {
            authenticatedUser.setUserStoreDomain("FEDERATED");
            tokReqMsgCtx.setAuthorizedUser(authenticatedUser);
            Assertion assertion = (Assertion) tokReqMsgCtx.getProperty(APIConstants.SystemScopeConstants.SAML2_ASSERTION);
            userRoles = getRolesFromAssertion(assertion);
        } else if (APIConstants.SystemScopeConstants.OAUTH_JWT_BEARER_GRANT_TYPE.equals(grantType) && !(Boolean.parseBoolean(isRetrieveRolesFromUserStoreForScopeValidation))) {
            configureForJWTGrant(tokReqMsgCtx);
            Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
            if (tokReqMsgCtx.getProperty(APIConstants.SystemScopeConstants.ROLE_CLAIM) != null) {
                userRoles = getRolesFromUserAttribute(userAttributes, tokReqMsgCtx.getProperty(APIConstants.SystemScopeConstants.ROLE_CLAIM).toString());
            }
        } else {
            userRoles = getUserRoles(authenticatedUser);
        }
        authorizedScopes = getAuthorizedScopes(userRoles, requestedScopes, appScopes);
    }
    return authorizedScopes;
}

Example 7 with ClaimMapping

use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-apimgt by wso2.

the class APIAdminImpl method updateClaims.

private void updateClaims(IdentityProvider idp, Object claims) {
    if (claims != null) {
        ClaimConfig claimConfig = new ClaimConfig();
        List<ClaimMapping> claimMappings = new ArrayList<>();
        List<org.wso2.carbon.identity.application.common.model.Claim> idpClaims = new ArrayList<>();
        JsonArray claimArray = (JsonArray) claims;
        claimConfig.setLocalClaimDialect(false);
        for (JsonElement claimMappingEntry : claimArray) {
            if (claimMappingEntry instanceof JsonObject) {
                JsonElement idpClaimUri = ((JsonObject) claimMappingEntry).get("remoteClaim");
                JsonElement localClaimUri = ((JsonObject) claimMappingEntry).get("localClaim");
                ClaimMapping internalMapping = new ClaimMapping();
                org.wso2.carbon.identity.application.common.model.Claim remoteClaim = new org.wso2.carbon.identity.application.common.model.Claim();
                remoteClaim.setClaimUri(idpClaimUri.getAsString());
                org.wso2.carbon.identity.application.common.model.Claim localClaim = new org.wso2.carbon.identity.application.common.model.Claim();
                localClaim.setClaimUri(localClaimUri.getAsString());
                internalMapping.setRemoteClaim(remoteClaim);
                internalMapping.setLocalClaim(localClaim);
                claimMappings.add(internalMapping);
                idpClaims.add(remoteClaim);
            }
        }
        claimConfig.setClaimMappings(claimMappings.toArray(new ClaimMapping[0]));
        claimConfig.setIdpClaims(idpClaims.toArray(new org.wso2.carbon.identity.application.common.model.Claim[0]));
        idp.setClaimConfig(claimConfig);
    }
}

Example 8 with ClaimMapping

use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.

the class FrameworkUtils method getFederatedSubjectFromClaims.

/*
     * Find the Subject identifier among federated claims
     */
public static String getFederatedSubjectFromClaims(AuthenticationContext context, String otherDialect) throws FrameworkException {
    String value;
    boolean useLocalClaimDialect = context.getExternalIdP().useDefaultLocalIdpDialect();
    String userIdClaimURI = context.getExternalIdP().getUserIdClaimUri();
    Map<ClaimMapping, String> claimMappings = context.getSubject().getUserAttributes();
    if (useLocalClaimDialect) {
        Map<String, String> extAttributesValueMap = FrameworkUtils.getClaimMappings(claimMappings, false);
        Map<String, String> mappedAttrs = null;
        try {
            mappedAttrs = ClaimMetadataHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(otherDialect, extAttributesValueMap.keySet(), context.getTenantDomain(), true);
        } catch (ClaimMetadataException e) {
            throw new FrameworkException("Error while loading claim mappings.", e);
        }
        String spUserIdClaimURI = mappedAttrs.get(userIdClaimURI);
        value = extAttributesValueMap.get(spUserIdClaimURI);
    } else {
        ClaimMapping claimMapping = new ClaimMapping();
        Claim claim = new Claim();
        claim.setClaimUri(userIdClaimURI);
        claimMapping.setRemoteClaim(claim);
        claimMapping.setLocalClaim(claim);
        value = claimMappings.get(claimMapping);
    }
    return value;
}

Example 9 with ClaimMapping

use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.

the class DefaultClaimFilterTest method testFilterRequestedClaimsFromSpConfigAndRequest.

@Test
public void testFilterRequestedClaimsFromSpConfigAndRequest() throws Exception {
    DefaultClaimFilter defaultClaimFilter = new DefaultClaimFilter();
    List<ClaimMapping> filteredClaims;
    filteredClaims = defaultClaimFilter.filterRequestedClaims(spClaimMappings, requestedClaimsInRequest);
    assertEquals(filteredClaims.size(), 0, "Error in filtering requested claims in sp config and " + "request.");
    ClaimMapping claimMapping = ClaimMapping.build(personIDLocalClaimUri, personIDRemoteClaimUri, null, true, true);
    spClaimMappings.add(claimMapping);
    filteredClaims = defaultClaimFilter.filterRequestedClaims(spClaimMappings, requestedClaimsInRequest);
    assertEquals(filteredClaims.size(), 1, "Error in filtering requested claims in sp config and " + "request.");
    assertEquals(filteredClaims.get(0).getLocalClaim().getClaimUri(), personIDLocalClaimUri, "Error in filtering requested claims in sp config and request.");
    assertEquals(filteredClaims.get(0).getRemoteClaim().getClaimUri(), personIDRemoteClaimUri, "Error in filtering requested claims in sp config and request.");
}

Example 10 with ClaimMapping

use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.

the class JsAuthenticationContextTest method testClaimAssignment.

@Test
public void testClaimAssignment() throws ScriptException {
    ClaimMapping claimMapping1 = ClaimMapping.build("", "", "", false);
    ClaimMapping claimMapping2 = ClaimMapping.build("Test.Remote.Claim.Url.2", "Test.Remote.Claim.Url.2", "", false);
    AuthenticatedUser authenticatedUser = new AuthenticatedUser();
    authenticatedUser.getUserAttributes().put(claimMapping1, "TestClaimVal1");
    authenticatedUser.getUserAttributes().put(claimMapping2, "TestClaimVal2");
    AuthenticationContext authenticationContext = new AuthenticationContext();
    setupAuthContextWithStepData(authenticationContext, authenticatedUser);
    JsAuthenticationContext jsAuthenticationContext = new JsAuthenticationContext(authenticationContext);
    Bindings bindings = scriptEngine.getBindings(ScriptContext.GLOBAL_SCOPE);
    bindings.put("context", jsAuthenticationContext);
    Object result = scriptEngine.eval("context.steps[1].subject.remoteClaims['Test.Remote.Claim.Url.1']");
    assertNull(result);
    result = scriptEngine.eval("context.steps[1].subject.remoteClaims['Test.Remote.Claim.Url.2']");
    assertEquals(result, "TestClaimVal2");
    scriptEngine.eval("context.steps[1].subject.remoteClaims['Test.Remote.Claim.Url.2'] = 'Modified2'");
    result = scriptEngine.eval("context.steps[1].subject.remoteClaims['Test.Remote.Claim.Url.2']");
    assertEquals(result, "Modified2");
}