Example 41 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class ClaimAdminService method upateClaimMapping.
/**
* @param
* @throws ClaimManagementException
*/
public void upateClaimMapping(ClaimMappingDTO claimMappingDTO) throws ClaimManagementException {
/*Convert the simple structure of ClaimMapping received, to the complex structure
of ClaimMapping which is used in the back end. */
ClaimMapping claimMapping = convertClaimMappingDTOToClaimMapping(claimMappingDTO);
ClaimManagerHandler.getInstance().updateClaimMapping(claimMapping);
}
Also used :
ClaimMapping(org.wso2.carbon.user.api.ClaimMapping)
Example 42 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class UserRealmProxy method getUserRealmInfo.
public UserRealmInfo getUserRealmInfo() throws UserAdminException {
UserRealmInfo userRealmInfo = new UserRealmInfo();
String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
try {
RealmConfiguration realmConfig = realm.getRealmConfiguration();
if (realm.getAuthorizationManager().isUserAuthorized(userName, "/permission/admin/manage/identity", CarbonConstants.UI_PERMISSION_ACTION) || realm.getAuthorizationManager().isUserAuthorized(userName, "/permission/admin/manage/identity/usermgt/users", CarbonConstants.UI_PERMISSION_ACTION) || realm.getAuthorizationManager().isUserAuthorized(userName, "/permission/admin/manage/identity/usermgt/passwords", CarbonConstants.UI_PERMISSION_ACTION) || realm.getAuthorizationManager().isUserAuthorized(userName, "/permission/admin/manage/identity/usermgt/view", CarbonConstants.UI_PERMISSION_ACTION) || realm.getAuthorizationManager().isUserAuthorized(userName, "/permission/admin/manage/identity/rolemgt/view", CarbonConstants.UI_PERMISSION_ACTION)) {
userRealmInfo.setAdminRole(realmConfig.getAdminRoleName());
userRealmInfo.setAdminUser(realmConfig.getAdminUserName());
userRealmInfo.setEveryOneRole(realmConfig.getEveryOneRoleName());
ClaimMapping[] defaultClaims = realm.getClaimManager().getAllClaimMappings(UserCoreConstants.DEFAULT_CARBON_DIALECT);
if (ArrayUtils.isNotEmpty(defaultClaims)) {
Arrays.sort(defaultClaims, new ClaimMappingsComparator());
}
List<String> fullClaimList = new ArrayList<String>();
List<String> requiredClaimsList = new ArrayList<String>();
List<String> defaultClaimList = new ArrayList<String>();
for (ClaimMapping claimMapping : defaultClaims) {
Claim claim = claimMapping.getClaim();
fullClaimList.add(claim.getClaimUri());
if (claim.isRequired()) {
requiredClaimsList.add(claim.getClaimUri());
}
if (claim.isSupportedByDefault()) {
defaultClaimList.add(claim.getClaimUri());
}
}
userRealmInfo.setUserClaims(fullClaimList.toArray(new String[fullClaimList.size()]));
userRealmInfo.setRequiredUserClaims(requiredClaimsList.toArray(new String[requiredClaimsList.size()]));
userRealmInfo.setDefaultUserClaims(defaultClaimList.toArray(new String[defaultClaimList.size()]));
}
List<UserStoreInfo> storeInfoList = new ArrayList<UserStoreInfo>();
List<String> domainNames = new ArrayList<String>();
RealmConfiguration secondaryConfig = realmConfig;
UserStoreManager secondaryManager = realm.getUserStoreManager();
while (true) {
secondaryConfig = secondaryManager.getRealmConfiguration();
UserStoreInfo userStoreInfo = getUserStoreInfo(secondaryConfig, secondaryManager);
if (secondaryConfig.isPrimary()) {
userRealmInfo.setPrimaryUserStoreInfo(userStoreInfo);
}
storeInfoList.add(userStoreInfo);
userRealmInfo.setBulkImportSupported(secondaryManager.isBulkImportSupported());
String domainName = secondaryConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
if (domainName != null && domainName.trim().length() > 0) {
domainNames.add(domainName.toUpperCase());
}
secondaryManager = secondaryManager.getSecondaryUserStoreManager();
if (secondaryManager == null) {
break;
}
}
if (storeInfoList.size() > 1) {
userRealmInfo.setMultipleUserStore(true);
}
userRealmInfo.setUserStoresInfo(storeInfoList.toArray(new UserStoreInfo[storeInfoList.size()]));
userRealmInfo.setDomainNames(domainNames.toArray(new String[domainNames.size()]));
String itemsPerPageString = realmConfig.getRealmProperty("MaxItemsPerUserMgtUIPage");
int itemsPerPage = 15;
try {
itemsPerPage = Integer.parseInt(itemsPerPageString);
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Error parsing number of items per page, using default value", e);
}
}
userRealmInfo.setMaxItemsPerUIPage(itemsPerPage);
String maxPageInCacheString = realmConfig.getRealmProperty("MaxUserMgtUIPagesInCache");
int maxPagesInCache = 6;
try {
maxPagesInCache = Integer.parseInt(maxPageInCacheString);
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Error parsing number of maximum pages in cache, using default value", e);
}
}
userRealmInfo.setMaxUIPagesInCache(maxPagesInCache);
String enableUIPageCacheString = realmConfig.getRealmProperty("EnableUserMgtUIPageCache");
boolean enableUIPageCache = true;
if (FALSE.equals(enableUIPageCacheString)) {
enableUIPageCache = false;
}
userRealmInfo.setEnableUIPageCache(enableUIPageCache);
} catch (Exception e) {
// previously logged so logging not needed
throw new UserAdminException(e.getMessage(), e);
}
return userRealmInfo;
}
Also used :
UserStoreInfo(org.wso2.carbon.user.mgt.common.UserStoreInfo)
ArrayList(java.util.ArrayList)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserStoreManager(org.wso2.carbon.user.core.UserStoreManager)
JDBCUserStoreManager(org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager)
UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException)
UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
RealmConfiguration(org.wso2.carbon.user.api.RealmConfiguration)
ClaimMapping(org.wso2.carbon.user.api.ClaimMapping)
UserRealmInfo(org.wso2.carbon.user.mgt.common.UserRealmInfo)
Claim(org.wso2.carbon.user.api.Claim)
Example 43 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class DefaultRequestCoordinator method initializeFlow.
/**
* Handles the initial request (from the calling servlet)
*
* @param request
* @param response
* @throws ServletException
* @throws IOException
* @throws
*/
protected AuthenticationContext initializeFlow(HttpServletRequest request, HttpServletResponse response) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Initializing the flow");
}
// "sessionDataKey" - calling servlet maintains its state information
// using this
String callerSessionDataKey = request.getParameter(FrameworkConstants.SESSION_DATA_KEY);
// "commonAuthCallerPath" - path of the calling servlet. This is the url
// response should be sent to
String callerPath = getCallerPath(request);
// "type" - type of the request. e.g. samlsso, openid, oauth, passivests
String requestType = request.getParameter(FrameworkConstants.RequestParams.TYPE);
// "relyingParty"
String relyingParty = request.getParameter(FrameworkConstants.RequestParams.ISSUER);
// tenant domain
String tenantDomain = getTenantDomain(request);
String loginDomain = request.getParameter(FrameworkConstants.RequestParams.LOGIN_TENANT_DOMAIN);
String userDomain = request.getParameter(FrameworkConstants.RequestParams.USER_TENANT_DOMAIN_HINT);
// Store the request data sent by the caller
AuthenticationContext context = new AuthenticationContext();
context.setCallerSessionKey(callerSessionDataKey);
context.setRequestType(requestType);
context.setRelyingParty(relyingParty);
context.setTenantDomain(tenantDomain);
context.setLoginTenantDomain(loginDomain);
context.setUserTenantDomainHint(userDomain);
if (IdentityTenantUtil.isTenantedSessionsEnabled()) {
String loginTenantDomain = context.getLoginTenantDomain();
if (!callerPath.startsWith(FrameworkConstants.TENANT_CONTEXT_PREFIX + loginTenantDomain + "/")) {
callerPath = FrameworkConstants.TENANT_CONTEXT_PREFIX + loginTenantDomain + callerPath;
}
}
context.setCallerPath(callerPath);
// generate a new key to hold the context data object
String contextId = UUIDGenerator.generateUUID();
context.setContextIdentifier(contextId);
if (log.isDebugEnabled()) {
log.debug("Framework contextId: " + contextId);
}
// if this a logout request from the calling servlet
if (request.getParameter(FrameworkConstants.RequestParams.LOGOUT) != null) {
if (log.isDebugEnabled()) {
log.debug("Starting a logout flow");
}
context.setLogoutRequest(true);
if (context.getRelyingParty() == null || context.getRelyingParty().trim().length() == 0) {
if (log.isDebugEnabled()) {
log.debug("relyingParty param is null. This is a possible logout scenario.");
}
Cookie cookie = FrameworkUtils.getAuthCookie(request);
String sessionContextKey = null;
if (cookie != null) {
sessionContextKey = DigestUtils.sha256Hex(cookie.getValue());
} else {
sessionContextKey = request.getParameter(SESSION_ID);
}
context.setSessionIdentifier(sessionContextKey);
return context;
}
} else {
if (log.isDebugEnabled()) {
log.debug("Starting an authentication flow");
}
}
List<ClaimMapping> requestedClaimsInRequest = (List<ClaimMapping>) request.getAttribute(REQUESTED_ATTRIBUTES);
context.setProperty(FrameworkConstants.SP_REQUESTED_CLAIMS_IN_REQUEST, requestedClaimsInRequest);
associateTransientRequestData(request, response, context);
findPreviousAuthenticatedSession(request, context);
buildOutboundQueryString(request, context);
return context;
}
Also used :
Cookie(javax.servlet.http.Cookie)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 44 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method getLocalClaimValuesOfIDPInNonAttributeSelectionStep.
/**
* Uses to get local claim values of an authenticated user from an IDP in non attribute selection steps.
*
* @param context Authentication Context.
* @param stepConfig Current step configuration.
* @param externalIdPConfig Identity providers config.
* @return Mapped federated user values to local claims.
* @throws PostAuthenticationFailedException Post Authentication failed exception.
*/
private Map<String, String> getLocalClaimValuesOfIDPInNonAttributeSelectionStep(AuthenticationContext context, StepConfig stepConfig, ExternalIdPConfig externalIdPConfig) throws PostAuthenticationFailedException {
boolean useDefaultIdpDialect = externalIdPConfig.useDefaultLocalIdpDialect();
ApplicationAuthenticator authenticator = stepConfig.getAuthenticatedAutenticator().getApplicationAuthenticator();
String idPStandardDialect = authenticator.getClaimDialectURI();
Map<ClaimMapping, String> extAttrs = stepConfig.getAuthenticatedUser().getUserAttributes();
Map<String, String> originalExternalAttributeValueMap = FrameworkUtils.getClaimMappings(extAttrs, false);
Map<String, String> claimMapping = new HashMap<>();
Map<String, String> localClaimValues = new HashMap<>();
if (useDefaultIdpDialect && StringUtils.isNotBlank(idPStandardDialect)) {
try {
claimMapping = ClaimMetadataHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(idPStandardDialect, originalExternalAttributeValueMap.keySet(), context.getTenantDomain(), true);
} catch (ClaimMetadataException e) {
throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_HANDLING_CLAIM_MAPPINGS.getCode(), ErrorMessages.ERROR_WHILE_HANDLING_CLAIM_MAPPINGS.getMessage(), e);
}
} else {
ClaimMapping[] customClaimMapping = context.getExternalIdP().getClaimMappings();
for (ClaimMapping externalClaim : customClaimMapping) {
if (originalExternalAttributeValueMap.containsKey(externalClaim.getRemoteClaim().getClaimUri())) {
claimMapping.put(externalClaim.getLocalClaim().getClaimUri(), externalClaim.getRemoteClaim().getClaimUri());
}
}
}
if (claimMapping != null && claimMapping.size() > 0) {
for (Map.Entry<String, String> entry : claimMapping.entrySet()) {
if (originalExternalAttributeValueMap.containsKey(entry.getValue()) && originalExternalAttributeValueMap.get(entry.getValue()) != null) {
localClaimValues.put(entry.getKey(), originalExternalAttributeValueMap.get(entry.getValue()));
}
}
}
return localClaimValues;
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)
ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)
HashMap(java.util.HashMap)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 45 with ClaimMapping
use of org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandler method handleRequestFlow.
/**
* To handle the request flow of the post authentication handler.
*
* @param response HttpServlet response.
* @param context Authentication context
* @return Status of this post authentication handler flow.
* @throws PostAuthenticationFailedException Exception that will be thrown in case of failure.
*/
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
String retryURL = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
SequenceConfig sequenceConfig = context.getSequenceConfig();
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
// ex: Different authentication sequences evaluated by the script
continue;
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (authenticator instanceof FederatedApplicationAuthenticator) {
String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
context.setExternalIdP(externalIdPConfig);
Map<String, String> localClaimValues;
if (stepConfig.isSubjectAttributeStep()) {
localClaimValues = (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
} else {
localClaimValues = getLocalClaimValuesOfIDPInNonAttributeSelectionStep(context, stepConfig, externalIdPConfig);
}
if (localClaimValues == null || localClaimValues.size() == 0) {
Map<ClaimMapping, String> userAttributes = stepConfig.getAuthenticatedUser().getUserAttributes();
localClaimValues = FrameworkUtils.getClaimMappings(userAttributes, false);
}
if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
if (localClaimValues == null) {
localClaimValues = new HashMap<>();
}
String associatedLocalUser = getLocalUserAssociatedForFederatedIdentifier(stepConfig.getAuthenticatedIdP(), stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier(), context.getTenantDomain());
String username = associatedLocalUser;
// If associatedLocalUser is null, that means relevant association not exist already.
if (StringUtils.isEmpty(associatedLocalUser)) {
if (log.isDebugEnabled()) {
log.debug(sequenceConfig.getAuthenticatedUser().getLoggableUserId() + " coming from " + externalIdPConfig.getIdPName() + " do not have a local account, hence redirecting" + " to the UI to sign up.");
}
if (externalIdPConfig.isPromptConsentEnabled()) {
username = getUsernameFederatedUser(stepConfig, sequenceConfig, externalIdPConfigName, context, localClaimValues, externalIdPConfig);
redirectToAccountCreateUI(externalIdPConfig, context, localClaimValues, response, username, request);
// Set the property to make sure the request is a returning one.
context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
}
if (StringUtils.isEmpty(username)) {
username = getUsernameFederatedUser(stepConfig, sequenceConfig, externalIdPConfigName, context, localClaimValues, externalIdPConfig);
}
if (StringUtils.isNotBlank(associatedLocalUser)) {
// Check if the associated local account is locked.
if (isAccountLocked(username, context.getTenantDomain())) {
if (log.isDebugEnabled()) {
log.debug(String.format("The account is locked for the user: %s in the " + "tenant domain: %s ", username, context.getTenantDomain()));
}
String retryParam = "&authFailure=true&authFailureMsg=error.user.account.locked&errorCode=" + UserCoreConstants.ErrorCode.USER_IS_LOCKED;
handleAccountLockLoginFailure(retryURL, context, response, retryParam);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
// Check if the associated local account is disabled.
if (isAccountDisabled(associatedLocalUser, context.getTenantDomain())) {
if (log.isDebugEnabled()) {
log.debug(String.format("The account is disabled for the user: %s in the " + "tenant domain: %s ", username, context.getTenantDomain()));
}
String retryParam = "&authFailure=true&authFailureMsg=error.user.account.disabled&errorCode=" + IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE;
handleAccountLockLoginFailure(retryURL, context, response, retryParam);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
}
if (log.isDebugEnabled()) {
log.debug("User : " + sequenceConfig.getAuthenticatedUser().getLoggableUserId() + " coming from " + externalIdPConfig.getIdPName() + " do have a local account, with the username " + username);
}
callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues, stepConfig);
}
}
}
return SUCCESS_COMPLETED;
}
Also used :
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator)
ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator)
SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)
ExternalIdPConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)108
HashMap (java.util.HashMap)60
ArrayList (java.util.ArrayList)52
ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)27
Map (java.util.Map)26
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)24
ClaimMapping (org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping)24
ClaimMapping (org.wso2.carbon.user.api.ClaimMapping)24
Claim (org.wso2.carbon.identity.application.common.model.Claim)23
Test (org.testng.annotations.Test)22
Claim (org.wso2.carbon.identity.application.common.model.xsd.Claim)21
LocalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)21
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)20
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)20
List (java.util.List)17
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)17
UserStoreException (org.wso2.carbon.user.api.UserStoreException)17
Matchers.anyString (org.mockito.Matchers.anyString)16
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)13
ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)13
