use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class JsGraphBuilder method filterOptions.
/**
* Filter out options in the step config to retain only the options provided in authentication options
*
* @param authenticationOptions Authentication options to keep
* @param stepConfig The step config to be modified
*/
protected void filterOptions(Map<String, Map<String, String>> authenticationOptions, StepConfig stepConfig) {
Map<String, Set<String>> filteredOptions = new HashMap<>();
authenticationOptions.forEach((id, option) -> {
String idp = option.get(FrameworkConstants.JSAttributes.IDP);
String authenticator = option.get(FrameworkConstants.JSAttributes.AUTHENTICATOR);
if (StringUtils.isNotBlank(authenticator) && StringUtils.isBlank(idp)) {
// If Idp is not set, but authenticator is set, idp is assumed as local
idp = FrameworkConstants.LOCAL_IDP_NAME;
}
if (StringUtils.isNotBlank(idp)) {
filteredOptions.putIfAbsent(idp, new HashSet<>());
if (StringUtils.isNotBlank(authenticator)) {
filteredOptions.get(idp).add(authenticator.toLowerCase());
}
}
});
if (log.isDebugEnabled()) {
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, Set<String>> entry : filteredOptions.entrySet()) {
sb.append('\n').append(entry.getKey()).append(" : ");
sb.append(StringUtils.join(entry.getValue(), ","));
}
log.debug("Authenticator options: " + sb.toString());
}
Set<AuthenticatorConfig> authenticatorsToRemove = new HashSet<>();
Map<String, AuthenticatorConfig> idpsToRemove = new HashMap<>();
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> authenticatorConfig.getIdps().forEach((idpName, idp) -> {
Set<String> authenticators = filteredOptions.get(idpName);
boolean removeOption = false;
if (authenticators == null) {
if (log.isDebugEnabled()) {
log.debug(String.format("Authentication options didn't include idp: %s. Hence excluding from " + "options list", idpName));
}
removeOption = true;
} else if (!authenticators.isEmpty()) {
// Both idp and authenticator present, but authenticator is given by display name due to the fact
// that it is the one available at UI. Should translate the display name to actual name, and
// keep/remove option
removeOption = true;
if (FrameworkConstants.LOCAL_IDP_NAME.equals(idpName)) {
List<LocalAuthenticatorConfig> localAuthenticators = ApplicationAuthenticatorService.getInstance().getLocalAuthenticators();
for (LocalAuthenticatorConfig localAuthenticatorConfig : localAuthenticators) {
if (authenticatorConfig.getName().equals(localAuthenticatorConfig.getName()) && authenticators.contains(localAuthenticatorConfig.getDisplayName().toLowerCase())) {
removeOption = false;
break;
}
}
if (log.isDebugEnabled()) {
if (removeOption) {
log.debug(String.format("Authenticator options don't match any entry for local" + "authenticator: %s. Hence removing the option", authenticatorConfig.getName()));
} else {
log.debug(String.format("Authenticator options contained a match for local " + "authenticator: %s. Hence keeping the option", authenticatorConfig.getName()));
}
}
} else {
for (FederatedAuthenticatorConfig federatedAuthConfig : idp.getFederatedAuthenticatorConfigs()) {
if (authenticatorConfig.getName().equals(federatedAuthConfig.getName()) && authenticators.contains(federatedAuthConfig.getDisplayName().toLowerCase())) {
removeOption = false;
break;
}
}
if (log.isDebugEnabled()) {
if (removeOption) {
log.debug(String.format("Authenticator options don't match any entry for idp: %s, " + "authenticator: %s. Hence removing the option", idpName, authenticatorConfig.getName()));
} else {
log.debug(String.format("Authenticator options contained a match for idp: %s, " + "authenticator: %s. Hence keeping the option", idpName, authenticatorConfig.getName()));
}
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("No authenticator filters for idp %s, hence keeping it as an option", idpName));
}
}
if (removeOption) {
if (authenticatorConfig.getIdps().size() > 1) {
idpsToRemove.put(idpName, authenticatorConfig);
} else {
authenticatorsToRemove.add(authenticatorConfig);
}
}
}));
if (stepConfig.getAuthenticatorList().size() > authenticatorsToRemove.size()) {
idpsToRemove.forEach((idp, authenticatorConfig) -> {
int index = stepConfig.getAuthenticatorList().indexOf(authenticatorConfig);
stepConfig.getAuthenticatorList().get(index).getIdps().remove(idp);
stepConfig.getAuthenticatorList().get(index).getIdpNames().remove(idp);
if (log.isDebugEnabled()) {
log.debug("Removed " + idp + " option from " + authenticatorConfig.getName() + " as it " + "doesn't match the provided authenticator options");
}
});
// If all idps are removed from the authenticator the authenticator should be removed.
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> {
if (authenticatorConfig.getIdps().isEmpty()) {
authenticatorsToRemove.add(authenticatorConfig);
}
});
stepConfig.getAuthenticatorList().removeAll(authenticatorsToRemove);
if (log.isDebugEnabled()) {
log.debug("Removed " + authenticatorsToRemove.size() + " options which doesn't match the " + "provided authenticator options");
}
} else {
log.warn("The filtered authenticator list is empty, hence proceeding without filtering");
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method loadFederatedAuthenticators.
protected void loadFederatedAuthenticators(AuthenticationStep authenticationStep, StepConfig stepConfig, String tenantDomain) throws FrameworkException {
IdentityProvider[] federatedIDPs = authenticationStep.getFederatedIdentityProviders();
if (federatedIDPs != null) {
// for each idp in the step
for (IdentityProvider federatedIDP : federatedIDPs) {
FederatedAuthenticatorConfig federatedAuthenticator = federatedIDP.getDefaultAuthenticatorConfig();
// retrieve the federated IDP and load
if (federatedAuthenticator == null) {
try {
federatedAuthenticator = IdentityProviderManager.getInstance().getIdPByName(federatedIDP.getIdentityProviderName(), tenantDomain).getDefaultAuthenticatorConfig();
} catch (IdentityProviderManagementException e) {
throw new FrameworkException("Failed to load the default authenticator for IDP : " + federatedIDP.getIdentityProviderName(), e);
}
}
String actualAuthenticatorName = federatedAuthenticator.getName();
// assign it to the step
loadStepAuthenticator(stepConfig, federatedIDP, actualAuthenticatorName);
}
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class JsGraphBuilderTest method filterOptionsDataProvider.
@DataProvider
public Object[][] filterOptionsDataProvider() {
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().clear();
LocalAuthenticatorConfig basic = new LocalAuthenticatorConfig();
basic.setName("BasicAuthenticator");
basic.setDisplayName("basic");
LocalAuthenticatorConfig totp = new LocalAuthenticatorConfig();
totp.setName("TOTPAuthenticator");
totp.setDisplayName("totp");
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(basic);
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(totp);
IdentityProvider localIdp = new IdentityProvider();
localIdp.setId("LOCAL");
localIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
FederatedAuthenticatorConfig samlFederated = new FederatedAuthenticatorConfig();
samlFederated.setDisplayName("samlsso");
samlFederated.setName("SAMLAuthenticator");
FederatedAuthenticatorConfig oidcFederated = new FederatedAuthenticatorConfig();
oidcFederated.setDisplayName("oidc");
oidcFederated.setName("OIDCAuthenticator");
FederatedAuthenticatorConfig twitterFederated = new FederatedAuthenticatorConfig();
twitterFederated.setDisplayName("twitter");
twitterFederated.setName("TwitterAuthenticator");
IdentityProvider customIdp1 = new IdentityProvider();
customIdp1.setId("customIdp1");
customIdp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { samlFederated, oidcFederated });
customIdp1.setDefaultAuthenticatorConfig(samlFederated);
IdentityProvider customIdp2 = new IdentityProvider();
customIdp2.setId("customIdp2");
customIdp2.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { twitterFederated });
customIdp2.setDefaultAuthenticatorConfig(twitterFederated);
AuthenticatorConfig basicAuthConfig = new AuthenticatorConfig();
basicAuthConfig.setName("BasicAuthenticator");
basicAuthConfig.setEnabled(true);
basicAuthConfig.getIdps().put("LOCAL", localIdp);
AuthenticatorConfig totpAuthConfig = new AuthenticatorConfig();
totpAuthConfig.setName("TOTPAuthenticator");
totpAuthConfig.setEnabled(true);
totpAuthConfig.getIdps().put("LOCAL", localIdp);
AuthenticatorConfig samlAuthConfig = new AuthenticatorConfig();
samlAuthConfig.setName("SAMLAuthenticator");
samlAuthConfig.setEnabled(true);
samlAuthConfig.getIdps().put("customIdp1", customIdp1);
AuthenticatorConfig oidcAuthConfig = new AuthenticatorConfig();
oidcAuthConfig.setName("OIDCAuthenticator");
oidcAuthConfig.setEnabled(true);
oidcAuthConfig.getIdps().put("customIdp1", customIdp1);
AuthenticatorConfig twitterAuthConfig = new AuthenticatorConfig();
twitterAuthConfig.setName("TwitterAuthenticator");
twitterAuthConfig.setEnabled(true);
twitterAuthConfig.getIdps().put("customIdp2", customIdp2);
StepConfig stepWithSingleOption = new StepConfig();
stepWithSingleOption.setAuthenticatorList(Collections.singletonList(basicAuthConfig));
Map<String, Map<String, String>> singleOptionConfig = new HashMap<>();
singleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
StepConfig stepWithMultipleOptions = new StepConfig();
stepWithMultipleOptions.setAuthenticatorList(new ArrayList<>(Arrays.asList(basicAuthConfig, totpAuthConfig, oidcAuthConfig, twitterAuthConfig)));
Map<String, String> oidcOption = new HashMap<>();
oidcOption.put("idp", "customIdp1");
oidcOption.put("authenticator", "oidc");
Map<String, String> twitterOption = new HashMap<>();
twitterOption.put("idp", "customIdp2");
twitterOption.put("authenticator", "twitter");
Map<String, String> invalidOption = new HashMap<>();
invalidOption.put("idp", "customIdp1");
invalidOption.put("authenticator", "twitter");
Map<String, Map<String, String>> multipleOptionConfig = new HashMap<>();
multipleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
multipleOptionConfig.put("1", oidcOption);
multipleOptionConfig.put("2", twitterOption);
Map<String, Map<String, String>> multipleAndInvalidOptionConfig = new HashMap<>();
multipleAndInvalidOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
multipleAndInvalidOptionConfig.put("1", oidcOption);
multipleAndInvalidOptionConfig.put("2", invalidOption);
Map<String, Map<String, String>> idpOnlyOptionConfig = new HashMap<>();
idpOnlyOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
idpOnlyOptionConfig.put("1", Collections.singletonMap("idp", "customIdp1"));
Map<String, Map<String, String>> singleInvalidOptionConfig = new HashMap<>();
singleInvalidOptionConfig.put("0", invalidOption);
return new Object[][] { { singleOptionConfig, duplicateStepConfig(stepWithSingleOption), 1 }, { singleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 1 }, { multipleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 3 }, { multipleAndInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 }, { singleInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 4 }, { idpOnlyOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 } };
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class IdentityProviderManager method getResidentIdP.
/**
* Retrieves resident Identity provider for a given tenant.
*
* @param tenantDomain Tenant domain whose resident IdP is requested
* @return <code>LocalIdentityProvider</code>
* @throws IdentityProviderManagementException Error when getting Resident Identity Providers
*/
@Override
public IdentityProvider getResidentIdP(String tenantDomain) throws IdentityProviderManagementException {
IdPManagementUtil.setTenantSpecifiers(tenantDomain);
String openIdUrl;
String oauth1RequestTokenUrl;
String oauth1AuthorizeUrl;
String oauth1AccessTokenUrl;
String oauth2AuthzEPUrl;
String oauth2TokenEPUrl;
String oauth2RevokeEPUrl;
String oauth2IntrospectEpUrl;
String oauth2UserInfoEPUrl;
String oidcCheckSessionEPUrl;
String oidcLogoutEPUrl;
String oIDCWebFingerEPUrl;
String oAuth2DCREPUrl;
String oAuth2JWKSPage;
String oIDCDiscoveryEPUrl;
String passiveStsUrl;
String stsUrl;
String scimUsersEndpoint;
String scimGroupsEndpoint;
String scim2UsersEndpoint;
String scim2GroupsEndpoint;
openIdUrl = IdentityUtil.getProperty(IdentityConstants.ServerConfig.OPENID_SERVER_URL);
oauth1RequestTokenUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_REQUEST_TOKEN_URL);
oauth1AuthorizeUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_AUTHORIZE_URL);
oauth1AccessTokenUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_ACCESSTOKEN_URL);
oauth2AuthzEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_AUTHZ_EP_URL);
oauth2TokenEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_TOKEN_EP_URL);
oauth2UserInfoEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_USERINFO_EP_URL);
oidcCheckSessionEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_CHECK_SESSION_EP_URL);
oidcLogoutEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_LOGOUT_EP_URL);
passiveStsUrl = IdentityUtil.getProperty(IdentityConstants.STS.PSTS_IDENTITY_PROVIDER_URL);
stsUrl = IdentityUtil.getProperty(IdentityConstants.STS.STS_IDENTITY_PROVIDER_URL);
scimUsersEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM.USER_EP_URL);
scimGroupsEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM.GROUP_EP_URL);
scim2UsersEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM2.USER_EP_URL);
scim2GroupsEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM2.GROUP_EP_URL);
oauth2RevokeEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_REVOKE_EP_URL);
oauth2IntrospectEpUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_INTROSPECT_EP_URL);
oIDCWebFingerEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_WEB_FINGER_EP_URL);
oAuth2DCREPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_DCR_EP_URL);
oAuth2JWKSPage = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_JWKS_EP_URL);
oIDCDiscoveryEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_DISCOVERY_EP_URL);
if (StringUtils.isBlank(openIdUrl)) {
openIdUrl = IdentityUtil.getServerURL(IdentityConstants.OpenId.OPENID, true, true);
}
if (StringUtils.isBlank(oauth1RequestTokenUrl)) {
oauth1RequestTokenUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.REQUEST_TOKEN, true, true);
}
if (StringUtils.isBlank(oauth1AuthorizeUrl)) {
oauth1AuthorizeUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.AUTHORIZE_URL, true, true);
}
if (StringUtils.isBlank(oauth1AccessTokenUrl)) {
oauth1AccessTokenUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.ACCESS_TOKEN, true, true);
}
oauth2AuthzEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.AUTHORIZE, oauth2AuthzEPUrl, tenantDomain);
oauth2TokenEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.TOKEN, oauth2TokenEPUrl, tenantDomain);
oauth2RevokeEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.REVOKE, oauth2RevokeEPUrl, tenantDomain);
oauth2IntrospectEpUrl = resolveAbsoluteURL(IdentityConstants.OAuth.INTROSPECT, oauth2IntrospectEpUrl, tenantDomain);
oauth2IntrospectEpUrl = addTenantPathParamInLegacyMode(oauth2IntrospectEpUrl, tenantDomain);
oauth2UserInfoEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.USERINFO, oauth2UserInfoEPUrl, tenantDomain);
oidcCheckSessionEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.CHECK_SESSION, oidcCheckSessionEPUrl, tenantDomain);
oidcLogoutEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.LOGOUT, oidcLogoutEPUrl, tenantDomain);
oAuth2DCREPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.DCR, oAuth2DCREPUrl, tenantDomain);
oAuth2DCREPUrl = addTenantPathParamInLegacyMode(oAuth2DCREPUrl, tenantDomain);
oAuth2JWKSPage = resolveAbsoluteURL(IdentityConstants.OAuth.JWKS, oAuth2JWKSPage, tenantDomain);
oAuth2JWKSPage = addTenantPathParamInLegacyMode(oAuth2JWKSPage, tenantDomain);
oIDCDiscoveryEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.DISCOVERY, oIDCDiscoveryEPUrl, tenantDomain);
oIDCDiscoveryEPUrl = addTenantPathParamInLegacyMode(oIDCDiscoveryEPUrl, tenantDomain);
passiveStsUrl = resolveAbsoluteURL(IdentityConstants.STS.PASSIVE_STS, passiveStsUrl, tenantDomain);
// If sts url is configured in file, change it according to tenant domain. If not configured, add a default url
if (StringUtils.isNotBlank(stsUrl)) {
stsUrl = stsUrl.replace(IdentityConstants.STS.WSO2_CARBON_STS, getTenantContextFromTenantDomain(tenantDomain) + IdentityConstants.STS.WSO2_CARBON_STS);
} else {
stsUrl = IdentityUtil.getServerURL("services/" + getTenantContextFromTenantDomain(tenantDomain) + IdentityConstants.STS.WSO2_CARBON_STS, true, true);
}
if (StringUtils.isBlank(scimUsersEndpoint)) {
scimUsersEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM.USER_EP, true, false);
}
if (StringUtils.isBlank(scimGroupsEndpoint)) {
scimGroupsEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM.GROUP_EP, true, false);
}
if (StringUtils.isBlank(scim2UsersEndpoint)) {
scim2UsersEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM2.USER_EP, true, false);
}
try {
if (StringUtils.isNotBlank(tenantDomain) && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
scim2UsersEndpoint = getTenantUrl(scim2UsersEndpoint, tenantDomain);
}
} catch (URISyntaxException e) {
log.error("SCIM 2.0 Users endpoint is malformed");
}
if (StringUtils.isBlank(scim2GroupsEndpoint)) {
scim2GroupsEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM2.GROUP_EP, true, false);
}
try {
if (StringUtils.isNotBlank(tenantDomain) && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
scim2GroupsEndpoint = getTenantUrl(scim2GroupsEndpoint, tenantDomain);
}
} catch (URISyntaxException e) {
log.error("SCIM 2.0 Groups endpoint is malformed");
}
IdentityProvider identityProvider = dao.getIdPByName(null, IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME, IdentityTenantUtil.getTenantId(tenantDomain), tenantDomain);
if (identityProvider == null) {
String message = "Could not find Resident Identity Provider for tenant " + tenantDomain;
throw new IdentityProviderManagementException(message);
}
int tenantId = -1;
try {
tenantId = IdPManagementServiceComponent.getRealmService().getTenantManager().getTenantId(tenantDomain);
} catch (UserStoreException e) {
throw new IdentityProviderManagementException("Exception occurred while retrieving Tenant ID from Tenant Domain " + tenantDomain, e);
}
X509Certificate cert = null;
try {
IdentityTenantUtil.initializeRegistry(tenantId);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantDomain(tenantDomain, true);
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
// derive key store name
String ksName = tenantDomain.trim().replace(".", "-");
// derive JKS name
String jksName = ksName + ".jks";
KeyStore keyStore = keyStoreManager.getKeyStore(jksName);
cert = (X509Certificate) keyStore.getCertificate(tenantDomain);
} else {
cert = keyStoreManager.getDefaultPrimaryCertificate();
}
} catch (Exception e) {
String msg = "Error retrieving primary certificate for tenant : " + tenantDomain;
throw new IdentityProviderManagementException(msg, e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
if (cert == null) {
throw new IdentityProviderManagementException("Cannot find the primary certificate for tenant " + tenantDomain);
}
try {
identityProvider.setCertificate(Base64.encode(cert.getEncoded()));
} catch (CertificateEncodingException e) {
String msg = "Error occurred while encoding primary certificate for tenant domain " + tenantDomain;
throw new IdentityProviderManagementException(msg, e);
}
List<FederatedAuthenticatorConfig> fedAuthnCofigs = new ArrayList<FederatedAuthenticatorConfig>();
List<Property> propertiesList = null;
FederatedAuthenticatorConfig openIdFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.OpenID.NAME);
if (openIdFedAuthn == null) {
openIdFedAuthn = new FederatedAuthenticatorConfig();
openIdFedAuthn.setName(IdentityApplicationConstants.Authenticator.OpenID.NAME);
}
propertiesList = new ArrayList<Property>(Arrays.asList(openIdFedAuthn.getProperties()));
if (IdentityApplicationManagementUtil.getProperty(openIdFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.OpenID.OPEN_ID_URL) == null) {
Property openIdUrlProp = new Property();
openIdUrlProp.setName(IdentityApplicationConstants.Authenticator.OpenID.OPEN_ID_URL);
openIdUrlProp.setValue(openIdUrl);
propertiesList.add(openIdUrlProp);
}
openIdFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
fedAuthnCofigs.add(openIdFedAuthn);
// SAML2 related endpoints.
FederatedAuthenticatorConfig saml2SSOFedAuthn = buildSAMLProperties(identityProvider, tenantDomain);
fedAuthnCofigs.add(saml2SSOFedAuthn);
FederatedAuthenticatorConfig oauth1FedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.OAuth10A.NAME);
if (oauth1FedAuthn == null) {
oauth1FedAuthn = new FederatedAuthenticatorConfig();
oauth1FedAuthn.setName(IdentityApplicationConstants.OAuth10A.NAME);
}
propertiesList = new ArrayList<Property>(Arrays.asList(oauth1FedAuthn.getProperties()));
if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL) == null) {
Property oauth1ReqTokUrlProp = new Property();
oauth1ReqTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL);
oauth1ReqTokUrlProp.setValue(oauth1RequestTokenUrl);
propertiesList.add(oauth1ReqTokUrlProp);
}
if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL) == null) {
Property oauth1AuthzUrlProp = new Property();
oauth1AuthzUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL);
oauth1AuthzUrlProp.setValue(oauth1AuthorizeUrl);
propertiesList.add(oauth1AuthzUrlProp);
}
if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL) == null) {
Property oauth1AccessTokUrlProp = new Property();
oauth1AccessTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL);
oauth1AccessTokUrlProp.setValue(oauth1AccessTokenUrl);
propertiesList.add(oauth1AccessTokUrlProp);
}
oauth1FedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
fedAuthnCofigs.add(oauth1FedAuthn);
FederatedAuthenticatorConfig oidcFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.OIDC.NAME);
if (oidcFedAuthn == null) {
oidcFedAuthn = new FederatedAuthenticatorConfig();
oidcFedAuthn.setName(IdentityApplicationConstants.Authenticator.OIDC.NAME);
}
propertiesList = new ArrayList<Property>();
Property idPEntityIdProp;
// When the tenant qualified urls are enabled, we need to see the oauth2 token endpoint.
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
idPEntityIdProp = resolveFedAuthnProperty(oauth2TokenEPUrl, oidcFedAuthn, OPENID_IDP_ENTITY_ID);
} else {
idPEntityIdProp = resolveFedAuthnProperty(getOIDCResidentIdPEntityId(), oidcFedAuthn, OPENID_IDP_ENTITY_ID);
}
propertiesList.add(idPEntityIdProp);
Property authzUrlProp = resolveFedAuthnProperty(oauth2AuthzEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_AUTHZ_URL);
propertiesList.add(authzUrlProp);
Property tokenUrlProp = resolveFedAuthnProperty(oauth2TokenEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL);
propertiesList.add(tokenUrlProp);
Property revokeUrlProp = resolveFedAuthnProperty(oauth2RevokeEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_REVOKE_URL);
propertiesList.add(revokeUrlProp);
Property instropsectUrlProp = resolveFedAuthnProperty(oauth2IntrospectEpUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_INTROSPECT_URL);
propertiesList.add(instropsectUrlProp);
Property userInfoUrlProp = resolveFedAuthnProperty(oauth2UserInfoEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_USER_INFO_EP_URL);
propertiesList.add(userInfoUrlProp);
Property checkSessionUrlProp = resolveFedAuthnProperty(oidcCheckSessionEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_CHECK_SESSION_URL);
propertiesList.add(checkSessionUrlProp);
Property logoutUrlProp = resolveFedAuthnProperty(oidcLogoutEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_LOGOUT_URL);
propertiesList.add(logoutUrlProp);
Property dcrUrlProp = resolveFedAuthnProperty(oAuth2DCREPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_DCR_EP_URL);
propertiesList.add(dcrUrlProp);
Property webFingerUrlProp = resolveFedAuthnProperty(oIDCWebFingerEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_WEB_FINGER_EP_URL);
propertiesList.add(webFingerUrlProp);
Property jwksUrlProp = resolveFedAuthnProperty(oAuth2JWKSPage, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_JWKS_EP_URL);
propertiesList.add(jwksUrlProp);
Property discoveryUrlProp = resolveFedAuthnProperty(oIDCDiscoveryEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_DISCOVERY_EP_URL);
propertiesList.add(discoveryUrlProp);
oidcFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
fedAuthnCofigs.add(oidcFedAuthn);
FederatedAuthenticatorConfig passiveSTSFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.PassiveSTS.NAME);
if (passiveSTSFedAuthn == null) {
passiveSTSFedAuthn = new FederatedAuthenticatorConfig();
passiveSTSFedAuthn.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.NAME);
}
propertiesList = new ArrayList<>();
Property passiveSTSUrlProperty = IdentityApplicationManagementUtil.getProperty(passiveSTSFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL);
if (passiveSTSUrlProperty == null) {
passiveSTSUrlProperty = new Property();
passiveSTSUrlProperty.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL);
}
passiveSTSUrlProperty.setValue(passiveStsUrl);
propertiesList.add(passiveSTSUrlProperty);
Property stsIdPEntityIdProperty = IdentityApplicationManagementUtil.getProperty(passiveSTSFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID);
if (stsIdPEntityIdProperty == null) {
stsIdPEntityIdProperty = new Property();
stsIdPEntityIdProperty.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID);
stsIdPEntityIdProperty.setValue(IdPManagementUtil.getResidentIdPEntityId());
}
propertiesList.add(stsIdPEntityIdProperty);
for (Property property : passiveSTSFedAuthn.getProperties()) {
if (property != null && !IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID.equals(property.getName())) {
propertiesList.add(property);
}
}
passiveSTSFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
fedAuthnCofigs.add(passiveSTSFedAuthn);
FederatedAuthenticatorConfig stsFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.WSTrust.NAME);
if (stsFedAuthn == null) {
stsFedAuthn = new FederatedAuthenticatorConfig();
stsFedAuthn.setName(IdentityApplicationConstants.Authenticator.WSTrust.NAME);
}
propertiesList = new ArrayList<Property>(Arrays.asList(stsFedAuthn.getProperties()));
if (IdentityApplicationManagementUtil.getProperty(stsFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.WSTrust.IDENTITY_PROVIDER_URL) == null) {
Property stsUrlProp = new Property();
stsUrlProp.setName(IdentityApplicationConstants.Authenticator.WSTrust.IDENTITY_PROVIDER_URL);
stsUrlProp.setValue(stsUrl);
propertiesList.add(stsUrlProp);
}
stsFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
fedAuthnCofigs.add(stsFedAuthn);
List<IdentityProviderProperty> identityProviderProperties = new ArrayList<IdentityProviderProperty>();
FederatedAuthenticatorConfig sessionTimeoutConfig = new FederatedAuthenticatorConfig();
sessionTimeoutConfig.setName(IdentityApplicationConstants.NAME);
propertiesList = new ArrayList<Property>(Arrays.asList(sessionTimeoutConfig.getProperties()));
Property cleanUpPeriodProp = new Property();
cleanUpPeriodProp.setName(IdentityApplicationConstants.CLEAN_UP_PERIOD);
String cleanUpPeriod = IdentityUtil.getProperty(IdentityConstants.ServerConfig.CLEAN_UP_PERIOD);
if (StringUtils.isBlank(cleanUpPeriod)) {
cleanUpPeriod = IdentityApplicationConstants.CLEAN_UP_PERIOD_DEFAULT;
} else if (!StringUtils.isNumeric(cleanUpPeriod)) {
log.warn("PersistanceCleanUpPeriod in identity.xml should be a numeric value");
cleanUpPeriod = IdentityApplicationConstants.CLEAN_UP_PERIOD_DEFAULT;
}
cleanUpPeriodProp.setValue(cleanUpPeriod);
propertiesList.add(cleanUpPeriodProp);
sessionTimeoutConfig.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
fedAuthnCofigs.add(sessionTimeoutConfig);
identityProvider.setFederatedAuthenticatorConfigs(fedAuthnCofigs.toArray(new FederatedAuthenticatorConfig[fedAuthnCofigs.size()]));
ProvisioningConnectorConfig scimProvConn = IdentityApplicationManagementUtil.getProvisioningConnector(identityProvider.getProvisioningConnectorConfigs(), "scim");
if (scimProvConn == null) {
scimProvConn = new ProvisioningConnectorConfig();
scimProvConn.setName("scim");
}
propertiesList = new ArrayList<>(Arrays.asList(scimProvConn.getProvisioningProperties()));
Property scimUserEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM.USERS_EP_URL);
if (scimUserEndpointProperty == null) {
Property property = new Property();
property.setName(IdentityApplicationConstants.SCIM.USERS_EP_URL);
property.setValue(scimUsersEndpoint);
propertiesList.add(property);
} else if (!scimUsersEndpoint.equalsIgnoreCase(scimUserEndpointProperty.getValue())) {
scimUserEndpointProperty.setValue(scimUsersEndpoint);
}
Property scimGroupEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM.GROUPS_EP_URL);
if (scimGroupEndpointProperty == null) {
Property property = new Property();
property.setName(IdentityApplicationConstants.SCIM.GROUPS_EP_URL);
property.setValue(scimGroupsEndpoint);
propertiesList.add(property);
} else if (!scimGroupsEndpoint.equalsIgnoreCase(scimGroupEndpointProperty.getValue())) {
scimGroupEndpointProperty.setValue(scimGroupsEndpoint);
}
Property scim2UserEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM2.USERS_EP_URL);
if (scim2UserEndpointProperty == null) {
Property property = new Property();
property.setName(IdentityApplicationConstants.SCIM2.USERS_EP_URL);
property.setValue(scim2UsersEndpoint);
propertiesList.add(property);
} else if (!scim2UsersEndpoint.equalsIgnoreCase(scim2UserEndpointProperty.getValue())) {
scim2UserEndpointProperty.setValue(scim2UsersEndpoint);
}
Property scim2GroupEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM2.GROUPS_EP_URL);
if (scim2GroupEndpointProperty == null) {
Property property = new Property();
property.setName(IdentityApplicationConstants.SCIM2.GROUPS_EP_URL);
property.setValue(scim2GroupsEndpoint);
propertiesList.add(property);
} else if (!scim2GroupsEndpoint.equalsIgnoreCase(scim2GroupEndpointProperty.getValue())) {
scim2GroupEndpointProperty.setValue(scim2GroupsEndpoint);
}
scimProvConn.setProvisioningProperties(propertiesList.toArray(new Property[propertiesList.size()]));
identityProvider.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { scimProvConn });
return identityProvider;
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.
the class IdentityProviderManager method getResidentIDPMetadata.
public String getResidentIDPMetadata(String tenantDomain) throws IdentityProviderManagementException {
if (IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().isEmpty()) {
throw new IdentityProviderManagementException("Error receiving Metadata object for tenant: " + tenantDomain);
}
IdentityProvider residentIdentityProvider = this.getResidentIdP(tenantDomain);
FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = residentIdentityProvider.getFederatedAuthenticatorConfigs();
FederatedAuthenticatorConfig samlFederatedAuthenticatorConfig = null;
for (int i = 0; i < federatedAuthenticatorConfigs.length; i++) {
if (federatedAuthenticatorConfigs[i].getName().equals(IdentityApplicationConstants.Authenticator.SAML2SSO.NAME)) {
samlFederatedAuthenticatorConfig = federatedAuthenticatorConfigs[i];
break;
}
}
if (samlFederatedAuthenticatorConfig != null) {
try {
for (int t = 0; t < IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().size(); t++) {
MetadataConverter converter = IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().get(t);
if (converter.canHandle(samlFederatedAuthenticatorConfig)) {
return converter.getMetadataString(samlFederatedAuthenticatorConfig);
}
}
} catch (IdentityProviderSAMLException e) {
throw new IdentityProviderManagementException("Error in retrieving metadata string for tenant:" + tenantDomain, e.getMessage());
}
}
return null;
}
Aggregations