Search in sources :

Example 1 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class JsGraphBuilder method filterOptions.

/**
 * Filter out options in the step config to retain only the options provided in authentication options
 *
 * @param authenticationOptions Authentication options to keep
 * @param stepConfig            The step config to be modified
 */
protected void filterOptions(Map<String, Map<String, String>> authenticationOptions, StepConfig stepConfig) {
    Map<String, Set<String>> filteredOptions = new HashMap<>();
    authenticationOptions.forEach((id, option) -> {
        String idp = option.get(FrameworkConstants.JSAttributes.IDP);
        String authenticator = option.get(FrameworkConstants.JSAttributes.AUTHENTICATOR);
        if (StringUtils.isNotBlank(authenticator) && StringUtils.isBlank(idp)) {
            // If Idp is not set, but authenticator is set, idp is assumed as local
            idp = FrameworkConstants.LOCAL_IDP_NAME;
        }
        if (StringUtils.isNotBlank(idp)) {
            filteredOptions.putIfAbsent(idp, new HashSet<>());
            if (StringUtils.isNotBlank(authenticator)) {
                filteredOptions.get(idp).add(authenticator.toLowerCase());
            }
        }
    });
    if (log.isDebugEnabled()) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Set<String>> entry : filteredOptions.entrySet()) {
            sb.append('\n').append(entry.getKey()).append(" : ");
            sb.append(StringUtils.join(entry.getValue(), ","));
        }
        log.debug("Authenticator options: " + sb.toString());
    }
    Set<AuthenticatorConfig> authenticatorsToRemove = new HashSet<>();
    Map<String, AuthenticatorConfig> idpsToRemove = new HashMap<>();
    stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> authenticatorConfig.getIdps().forEach((idpName, idp) -> {
        Set<String> authenticators = filteredOptions.get(idpName);
        boolean removeOption = false;
        if (authenticators == null) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Authentication options didn't include idp: %s. Hence excluding from " + "options list", idpName));
            }
            removeOption = true;
        } else if (!authenticators.isEmpty()) {
            // Both idp and authenticator present, but authenticator is given by display name due to the fact
            // that it is the one available at UI. Should translate the display name to actual name, and
            // keep/remove option
            removeOption = true;
            if (FrameworkConstants.LOCAL_IDP_NAME.equals(idpName)) {
                List<LocalAuthenticatorConfig> localAuthenticators = ApplicationAuthenticatorService.getInstance().getLocalAuthenticators();
                for (LocalAuthenticatorConfig localAuthenticatorConfig : localAuthenticators) {
                    if (authenticatorConfig.getName().equals(localAuthenticatorConfig.getName()) && authenticators.contains(localAuthenticatorConfig.getDisplayName().toLowerCase())) {
                        removeOption = false;
                        break;
                    }
                }
                if (log.isDebugEnabled()) {
                    if (removeOption) {
                        log.debug(String.format("Authenticator options don't match any entry for local" + "authenticator: %s. Hence removing the option", authenticatorConfig.getName()));
                    } else {
                        log.debug(String.format("Authenticator options contained a match for local " + "authenticator: %s. Hence keeping the option", authenticatorConfig.getName()));
                    }
                }
            } else {
                for (FederatedAuthenticatorConfig federatedAuthConfig : idp.getFederatedAuthenticatorConfigs()) {
                    if (authenticatorConfig.getName().equals(federatedAuthConfig.getName()) && authenticators.contains(federatedAuthConfig.getDisplayName().toLowerCase())) {
                        removeOption = false;
                        break;
                    }
                }
                if (log.isDebugEnabled()) {
                    if (removeOption) {
                        log.debug(String.format("Authenticator options don't match any entry for idp: %s, " + "authenticator: %s. Hence removing the option", idpName, authenticatorConfig.getName()));
                    } else {
                        log.debug(String.format("Authenticator options contained a match for idp: %s, " + "authenticator: %s. Hence keeping the option", idpName, authenticatorConfig.getName()));
                    }
                }
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No authenticator filters for idp %s, hence keeping it as an option", idpName));
            }
        }
        if (removeOption) {
            if (authenticatorConfig.getIdps().size() > 1) {
                idpsToRemove.put(idpName, authenticatorConfig);
            } else {
                authenticatorsToRemove.add(authenticatorConfig);
            }
        }
    }));
    if (stepConfig.getAuthenticatorList().size() > authenticatorsToRemove.size()) {
        idpsToRemove.forEach((idp, authenticatorConfig) -> {
            int index = stepConfig.getAuthenticatorList().indexOf(authenticatorConfig);
            stepConfig.getAuthenticatorList().get(index).getIdps().remove(idp);
            stepConfig.getAuthenticatorList().get(index).getIdpNames().remove(idp);
            if (log.isDebugEnabled()) {
                log.debug("Removed " + idp + " option from " + authenticatorConfig.getName() + " as it " + "doesn't match the provided authenticator options");
            }
        });
        // If all idps are removed from the authenticator the authenticator should be removed.
        stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> {
            if (authenticatorConfig.getIdps().isEmpty()) {
                authenticatorsToRemove.add(authenticatorConfig);
            }
        });
        stepConfig.getAuthenticatorList().removeAll(authenticatorsToRemove);
        if (log.isDebugEnabled()) {
            log.debug("Removed " + authenticatorsToRemove.size() + " options which doesn't match the " + "provided authenticator options");
        }
    } else {
        log.warn("The filtered authenticator list is empty, hence proceeding without filtering");
    }
}
Also used : StringUtils(org.apache.commons.lang.StringUtils) Bindings(javax.script.Bindings) AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext) FrameworkConstants(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants) HashMap(java.util.HashMap) Function(java.util.function.Function) HashSet(java.util.HashSet) AuthenticationDecisionEvaluator(org.wso2.carbon.identity.application.authentication.framework.AuthenticationDecisionEvaluator) JSObject(jdk.nashorn.api.scripting.JSObject) Map(java.util.Map) JsFunctionRegistry(org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry) BiConsumer(java.util.function.BiConsumer) ScriptException(javax.script.ScriptException) FrameworkServiceComponent(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent) Compilable(javax.script.Compilable) MapUtils(org.apache.commons.collections.MapUtils) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) ApplicationAuthenticatorService(org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService) AsyncProcess(org.wso2.carbon.identity.application.authentication.framework.AsyncProcess) Set(java.util.Set) AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) UUID(java.util.UUID) FunctionLibrary(org.wso2.carbon.identity.functions.library.mgt.model.FunctionLibrary) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) Collectors(java.util.stream.Collectors) ScriptContext(javax.script.ScriptContext) Serializable(java.io.Serializable) FunctionLibraryManagementService(org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService) List(java.util.List) Invocable(javax.script.Invocable) FrameworkServiceDataHolder(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder) CarbonContext(org.wso2.carbon.context.CarbonContext) CompiledScript(javax.script.CompiledScript) ScriptEngine(javax.script.ScriptEngine) Log(org.apache.commons.logging.Log) FunctionLibraryManagementException(org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException) ScriptObjectMirror(jdk.nashorn.api.scripting.ScriptObjectMirror) LogFactory(org.apache.commons.logging.LogFactory) JsAuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticationContext) FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) Collections(java.util.Collections) AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 2 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class UIBasedConfigurationLoader method loadFederatedAuthenticators.

protected void loadFederatedAuthenticators(AuthenticationStep authenticationStep, StepConfig stepConfig, String tenantDomain) throws FrameworkException {
    IdentityProvider[] federatedIDPs = authenticationStep.getFederatedIdentityProviders();
    if (federatedIDPs != null) {
        // for each idp in the step
        for (IdentityProvider federatedIDP : federatedIDPs) {
            FederatedAuthenticatorConfig federatedAuthenticator = federatedIDP.getDefaultAuthenticatorConfig();
            // retrieve the federated IDP and load
            if (federatedAuthenticator == null) {
                try {
                    federatedAuthenticator = IdentityProviderManager.getInstance().getIdPByName(federatedIDP.getIdentityProviderName(), tenantDomain).getDefaultAuthenticatorConfig();
                } catch (IdentityProviderManagementException e) {
                    throw new FrameworkException("Failed to load the default authenticator for IDP : " + federatedIDP.getIdentityProviderName(), e);
                }
            }
            String actualAuthenticatorName = federatedAuthenticator.getName();
            // assign it to the step
            loadStepAuthenticator(stepConfig, federatedIDP, actualAuthenticatorName);
        }
    }
}
Also used : FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 3 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class JsGraphBuilderTest method filterOptionsDataProvider.

@DataProvider
public Object[][] filterOptionsDataProvider() {
    ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().clear();
    LocalAuthenticatorConfig basic = new LocalAuthenticatorConfig();
    basic.setName("BasicAuthenticator");
    basic.setDisplayName("basic");
    LocalAuthenticatorConfig totp = new LocalAuthenticatorConfig();
    totp.setName("TOTPAuthenticator");
    totp.setDisplayName("totp");
    ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(basic);
    ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(totp);
    IdentityProvider localIdp = new IdentityProvider();
    localIdp.setId("LOCAL");
    localIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
    FederatedAuthenticatorConfig samlFederated = new FederatedAuthenticatorConfig();
    samlFederated.setDisplayName("samlsso");
    samlFederated.setName("SAMLAuthenticator");
    FederatedAuthenticatorConfig oidcFederated = new FederatedAuthenticatorConfig();
    oidcFederated.setDisplayName("oidc");
    oidcFederated.setName("OIDCAuthenticator");
    FederatedAuthenticatorConfig twitterFederated = new FederatedAuthenticatorConfig();
    twitterFederated.setDisplayName("twitter");
    twitterFederated.setName("TwitterAuthenticator");
    IdentityProvider customIdp1 = new IdentityProvider();
    customIdp1.setId("customIdp1");
    customIdp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { samlFederated, oidcFederated });
    customIdp1.setDefaultAuthenticatorConfig(samlFederated);
    IdentityProvider customIdp2 = new IdentityProvider();
    customIdp2.setId("customIdp2");
    customIdp2.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { twitterFederated });
    customIdp2.setDefaultAuthenticatorConfig(twitterFederated);
    AuthenticatorConfig basicAuthConfig = new AuthenticatorConfig();
    basicAuthConfig.setName("BasicAuthenticator");
    basicAuthConfig.setEnabled(true);
    basicAuthConfig.getIdps().put("LOCAL", localIdp);
    AuthenticatorConfig totpAuthConfig = new AuthenticatorConfig();
    totpAuthConfig.setName("TOTPAuthenticator");
    totpAuthConfig.setEnabled(true);
    totpAuthConfig.getIdps().put("LOCAL", localIdp);
    AuthenticatorConfig samlAuthConfig = new AuthenticatorConfig();
    samlAuthConfig.setName("SAMLAuthenticator");
    samlAuthConfig.setEnabled(true);
    samlAuthConfig.getIdps().put("customIdp1", customIdp1);
    AuthenticatorConfig oidcAuthConfig = new AuthenticatorConfig();
    oidcAuthConfig.setName("OIDCAuthenticator");
    oidcAuthConfig.setEnabled(true);
    oidcAuthConfig.getIdps().put("customIdp1", customIdp1);
    AuthenticatorConfig twitterAuthConfig = new AuthenticatorConfig();
    twitterAuthConfig.setName("TwitterAuthenticator");
    twitterAuthConfig.setEnabled(true);
    twitterAuthConfig.getIdps().put("customIdp2", customIdp2);
    StepConfig stepWithSingleOption = new StepConfig();
    stepWithSingleOption.setAuthenticatorList(Collections.singletonList(basicAuthConfig));
    Map<String, Map<String, String>> singleOptionConfig = new HashMap<>();
    singleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    StepConfig stepWithMultipleOptions = new StepConfig();
    stepWithMultipleOptions.setAuthenticatorList(new ArrayList<>(Arrays.asList(basicAuthConfig, totpAuthConfig, oidcAuthConfig, twitterAuthConfig)));
    Map<String, String> oidcOption = new HashMap<>();
    oidcOption.put("idp", "customIdp1");
    oidcOption.put("authenticator", "oidc");
    Map<String, String> twitterOption = new HashMap<>();
    twitterOption.put("idp", "customIdp2");
    twitterOption.put("authenticator", "twitter");
    Map<String, String> invalidOption = new HashMap<>();
    invalidOption.put("idp", "customIdp1");
    invalidOption.put("authenticator", "twitter");
    Map<String, Map<String, String>> multipleOptionConfig = new HashMap<>();
    multipleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    multipleOptionConfig.put("1", oidcOption);
    multipleOptionConfig.put("2", twitterOption);
    Map<String, Map<String, String>> multipleAndInvalidOptionConfig = new HashMap<>();
    multipleAndInvalidOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    multipleAndInvalidOptionConfig.put("1", oidcOption);
    multipleAndInvalidOptionConfig.put("2", invalidOption);
    Map<String, Map<String, String>> idpOnlyOptionConfig = new HashMap<>();
    idpOnlyOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    idpOnlyOptionConfig.put("1", Collections.singletonMap("idp", "customIdp1"));
    Map<String, Map<String, String>> singleInvalidOptionConfig = new HashMap<>();
    singleInvalidOptionConfig.put("0", invalidOption);
    return new Object[][] { { singleOptionConfig, duplicateStepConfig(stepWithSingleOption), 1 }, { singleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 1 }, { multipleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 3 }, { multipleAndInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 }, { singleInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 4 }, { idpOnlyOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 } };
}
Also used : AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) HashMap(java.util.HashMap) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) HashMap(java.util.HashMap) Map(java.util.Map) DataProvider(org.testng.annotations.DataProvider)

Example 4 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class IdentityProviderManager method getResidentIdP.

/**
 * Retrieves resident Identity provider for a given tenant.
 *
 * @param tenantDomain Tenant domain whose resident IdP is requested
 * @return <code>LocalIdentityProvider</code>
 * @throws IdentityProviderManagementException Error when getting Resident Identity Providers
 */
@Override
public IdentityProvider getResidentIdP(String tenantDomain) throws IdentityProviderManagementException {
    IdPManagementUtil.setTenantSpecifiers(tenantDomain);
    String openIdUrl;
    String oauth1RequestTokenUrl;
    String oauth1AuthorizeUrl;
    String oauth1AccessTokenUrl;
    String oauth2AuthzEPUrl;
    String oauth2TokenEPUrl;
    String oauth2RevokeEPUrl;
    String oauth2IntrospectEpUrl;
    String oauth2UserInfoEPUrl;
    String oidcCheckSessionEPUrl;
    String oidcLogoutEPUrl;
    String oIDCWebFingerEPUrl;
    String oAuth2DCREPUrl;
    String oAuth2JWKSPage;
    String oIDCDiscoveryEPUrl;
    String passiveStsUrl;
    String stsUrl;
    String scimUsersEndpoint;
    String scimGroupsEndpoint;
    String scim2UsersEndpoint;
    String scim2GroupsEndpoint;
    openIdUrl = IdentityUtil.getProperty(IdentityConstants.ServerConfig.OPENID_SERVER_URL);
    oauth1RequestTokenUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_REQUEST_TOKEN_URL);
    oauth1AuthorizeUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_AUTHORIZE_URL);
    oauth1AccessTokenUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH1_ACCESSTOKEN_URL);
    oauth2AuthzEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_AUTHZ_EP_URL);
    oauth2TokenEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_TOKEN_EP_URL);
    oauth2UserInfoEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_USERINFO_EP_URL);
    oidcCheckSessionEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_CHECK_SESSION_EP_URL);
    oidcLogoutEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_LOGOUT_EP_URL);
    passiveStsUrl = IdentityUtil.getProperty(IdentityConstants.STS.PSTS_IDENTITY_PROVIDER_URL);
    stsUrl = IdentityUtil.getProperty(IdentityConstants.STS.STS_IDENTITY_PROVIDER_URL);
    scimUsersEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM.USER_EP_URL);
    scimGroupsEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM.GROUP_EP_URL);
    scim2UsersEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM2.USER_EP_URL);
    scim2GroupsEndpoint = IdentityUtil.getProperty(IdentityConstants.SCIM2.GROUP_EP_URL);
    oauth2RevokeEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_REVOKE_EP_URL);
    oauth2IntrospectEpUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_INTROSPECT_EP_URL);
    oIDCWebFingerEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_WEB_FINGER_EP_URL);
    oAuth2DCREPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_DCR_EP_URL);
    oAuth2JWKSPage = IdentityUtil.getProperty(IdentityConstants.OAuth.OAUTH2_JWKS_EP_URL);
    oIDCDiscoveryEPUrl = IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_DISCOVERY_EP_URL);
    if (StringUtils.isBlank(openIdUrl)) {
        openIdUrl = IdentityUtil.getServerURL(IdentityConstants.OpenId.OPENID, true, true);
    }
    if (StringUtils.isBlank(oauth1RequestTokenUrl)) {
        oauth1RequestTokenUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.REQUEST_TOKEN, true, true);
    }
    if (StringUtils.isBlank(oauth1AuthorizeUrl)) {
        oauth1AuthorizeUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.AUTHORIZE_URL, true, true);
    }
    if (StringUtils.isBlank(oauth1AccessTokenUrl)) {
        oauth1AccessTokenUrl = IdentityUtil.getServerURL(IdentityConstants.OAuth.ACCESS_TOKEN, true, true);
    }
    oauth2AuthzEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.AUTHORIZE, oauth2AuthzEPUrl, tenantDomain);
    oauth2TokenEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.TOKEN, oauth2TokenEPUrl, tenantDomain);
    oauth2RevokeEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.REVOKE, oauth2RevokeEPUrl, tenantDomain);
    oauth2IntrospectEpUrl = resolveAbsoluteURL(IdentityConstants.OAuth.INTROSPECT, oauth2IntrospectEpUrl, tenantDomain);
    oauth2IntrospectEpUrl = addTenantPathParamInLegacyMode(oauth2IntrospectEpUrl, tenantDomain);
    oauth2UserInfoEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.USERINFO, oauth2UserInfoEPUrl, tenantDomain);
    oidcCheckSessionEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.CHECK_SESSION, oidcCheckSessionEPUrl, tenantDomain);
    oidcLogoutEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.LOGOUT, oidcLogoutEPUrl, tenantDomain);
    oAuth2DCREPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.DCR, oAuth2DCREPUrl, tenantDomain);
    oAuth2DCREPUrl = addTenantPathParamInLegacyMode(oAuth2DCREPUrl, tenantDomain);
    oAuth2JWKSPage = resolveAbsoluteURL(IdentityConstants.OAuth.JWKS, oAuth2JWKSPage, tenantDomain);
    oAuth2JWKSPage = addTenantPathParamInLegacyMode(oAuth2JWKSPage, tenantDomain);
    oIDCDiscoveryEPUrl = resolveAbsoluteURL(IdentityConstants.OAuth.DISCOVERY, oIDCDiscoveryEPUrl, tenantDomain);
    oIDCDiscoveryEPUrl = addTenantPathParamInLegacyMode(oIDCDiscoveryEPUrl, tenantDomain);
    passiveStsUrl = resolveAbsoluteURL(IdentityConstants.STS.PASSIVE_STS, passiveStsUrl, tenantDomain);
    // If sts url is configured in file, change it according to tenant domain. If not configured, add a default url
    if (StringUtils.isNotBlank(stsUrl)) {
        stsUrl = stsUrl.replace(IdentityConstants.STS.WSO2_CARBON_STS, getTenantContextFromTenantDomain(tenantDomain) + IdentityConstants.STS.WSO2_CARBON_STS);
    } else {
        stsUrl = IdentityUtil.getServerURL("services/" + getTenantContextFromTenantDomain(tenantDomain) + IdentityConstants.STS.WSO2_CARBON_STS, true, true);
    }
    if (StringUtils.isBlank(scimUsersEndpoint)) {
        scimUsersEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM.USER_EP, true, false);
    }
    if (StringUtils.isBlank(scimGroupsEndpoint)) {
        scimGroupsEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM.GROUP_EP, true, false);
    }
    if (StringUtils.isBlank(scim2UsersEndpoint)) {
        scim2UsersEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM2.USER_EP, true, false);
    }
    try {
        if (StringUtils.isNotBlank(tenantDomain) && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            scim2UsersEndpoint = getTenantUrl(scim2UsersEndpoint, tenantDomain);
        }
    } catch (URISyntaxException e) {
        log.error("SCIM 2.0 Users endpoint is malformed");
    }
    if (StringUtils.isBlank(scim2GroupsEndpoint)) {
        scim2GroupsEndpoint = IdentityUtil.getServerURL(IdentityConstants.SCIM2.GROUP_EP, true, false);
    }
    try {
        if (StringUtils.isNotBlank(tenantDomain) && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            scim2GroupsEndpoint = getTenantUrl(scim2GroupsEndpoint, tenantDomain);
        }
    } catch (URISyntaxException e) {
        log.error("SCIM 2.0 Groups endpoint is malformed");
    }
    IdentityProvider identityProvider = dao.getIdPByName(null, IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME, IdentityTenantUtil.getTenantId(tenantDomain), tenantDomain);
    if (identityProvider == null) {
        String message = "Could not find Resident Identity Provider for tenant " + tenantDomain;
        throw new IdentityProviderManagementException(message);
    }
    int tenantId = -1;
    try {
        tenantId = IdPManagementServiceComponent.getRealmService().getTenantManager().getTenantId(tenantDomain);
    } catch (UserStoreException e) {
        throw new IdentityProviderManagementException("Exception occurred while retrieving Tenant ID from Tenant Domain " + tenantDomain, e);
    }
    X509Certificate cert = null;
    try {
        IdentityTenantUtil.initializeRegistry(tenantId);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        carbonContext.setTenantDomain(tenantDomain, true);
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
        if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
            // derive key store name
            String ksName = tenantDomain.trim().replace(".", "-");
            // derive JKS name
            String jksName = ksName + ".jks";
            KeyStore keyStore = keyStoreManager.getKeyStore(jksName);
            cert = (X509Certificate) keyStore.getCertificate(tenantDomain);
        } else {
            cert = keyStoreManager.getDefaultPrimaryCertificate();
        }
    } catch (Exception e) {
        String msg = "Error retrieving primary certificate for tenant : " + tenantDomain;
        throw new IdentityProviderManagementException(msg, e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    if (cert == null) {
        throw new IdentityProviderManagementException("Cannot find the primary certificate for tenant " + tenantDomain);
    }
    try {
        identityProvider.setCertificate(Base64.encode(cert.getEncoded()));
    } catch (CertificateEncodingException e) {
        String msg = "Error occurred while encoding primary certificate for tenant domain " + tenantDomain;
        throw new IdentityProviderManagementException(msg, e);
    }
    List<FederatedAuthenticatorConfig> fedAuthnCofigs = new ArrayList<FederatedAuthenticatorConfig>();
    List<Property> propertiesList = null;
    FederatedAuthenticatorConfig openIdFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.OpenID.NAME);
    if (openIdFedAuthn == null) {
        openIdFedAuthn = new FederatedAuthenticatorConfig();
        openIdFedAuthn.setName(IdentityApplicationConstants.Authenticator.OpenID.NAME);
    }
    propertiesList = new ArrayList<Property>(Arrays.asList(openIdFedAuthn.getProperties()));
    if (IdentityApplicationManagementUtil.getProperty(openIdFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.OpenID.OPEN_ID_URL) == null) {
        Property openIdUrlProp = new Property();
        openIdUrlProp.setName(IdentityApplicationConstants.Authenticator.OpenID.OPEN_ID_URL);
        openIdUrlProp.setValue(openIdUrl);
        propertiesList.add(openIdUrlProp);
    }
    openIdFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    fedAuthnCofigs.add(openIdFedAuthn);
    // SAML2 related endpoints.
    FederatedAuthenticatorConfig saml2SSOFedAuthn = buildSAMLProperties(identityProvider, tenantDomain);
    fedAuthnCofigs.add(saml2SSOFedAuthn);
    FederatedAuthenticatorConfig oauth1FedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.OAuth10A.NAME);
    if (oauth1FedAuthn == null) {
        oauth1FedAuthn = new FederatedAuthenticatorConfig();
        oauth1FedAuthn.setName(IdentityApplicationConstants.OAuth10A.NAME);
    }
    propertiesList = new ArrayList<Property>(Arrays.asList(oauth1FedAuthn.getProperties()));
    if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL) == null) {
        Property oauth1ReqTokUrlProp = new Property();
        oauth1ReqTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL);
        oauth1ReqTokUrlProp.setValue(oauth1RequestTokenUrl);
        propertiesList.add(oauth1ReqTokUrlProp);
    }
    if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL) == null) {
        Property oauth1AuthzUrlProp = new Property();
        oauth1AuthzUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL);
        oauth1AuthzUrlProp.setValue(oauth1AuthorizeUrl);
        propertiesList.add(oauth1AuthzUrlProp);
    }
    if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL) == null) {
        Property oauth1AccessTokUrlProp = new Property();
        oauth1AccessTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL);
        oauth1AccessTokUrlProp.setValue(oauth1AccessTokenUrl);
        propertiesList.add(oauth1AccessTokUrlProp);
    }
    oauth1FedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    fedAuthnCofigs.add(oauth1FedAuthn);
    FederatedAuthenticatorConfig oidcFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.OIDC.NAME);
    if (oidcFedAuthn == null) {
        oidcFedAuthn = new FederatedAuthenticatorConfig();
        oidcFedAuthn.setName(IdentityApplicationConstants.Authenticator.OIDC.NAME);
    }
    propertiesList = new ArrayList<Property>();
    Property idPEntityIdProp;
    // When the tenant qualified urls are enabled, we need to see the oauth2 token endpoint.
    if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
        idPEntityIdProp = resolveFedAuthnProperty(oauth2TokenEPUrl, oidcFedAuthn, OPENID_IDP_ENTITY_ID);
    } else {
        idPEntityIdProp = resolveFedAuthnProperty(getOIDCResidentIdPEntityId(), oidcFedAuthn, OPENID_IDP_ENTITY_ID);
    }
    propertiesList.add(idPEntityIdProp);
    Property authzUrlProp = resolveFedAuthnProperty(oauth2AuthzEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_AUTHZ_URL);
    propertiesList.add(authzUrlProp);
    Property tokenUrlProp = resolveFedAuthnProperty(oauth2TokenEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL);
    propertiesList.add(tokenUrlProp);
    Property revokeUrlProp = resolveFedAuthnProperty(oauth2RevokeEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_REVOKE_URL);
    propertiesList.add(revokeUrlProp);
    Property instropsectUrlProp = resolveFedAuthnProperty(oauth2IntrospectEpUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_INTROSPECT_URL);
    propertiesList.add(instropsectUrlProp);
    Property userInfoUrlProp = resolveFedAuthnProperty(oauth2UserInfoEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_USER_INFO_EP_URL);
    propertiesList.add(userInfoUrlProp);
    Property checkSessionUrlProp = resolveFedAuthnProperty(oidcCheckSessionEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_CHECK_SESSION_URL);
    propertiesList.add(checkSessionUrlProp);
    Property logoutUrlProp = resolveFedAuthnProperty(oidcLogoutEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_LOGOUT_URL);
    propertiesList.add(logoutUrlProp);
    Property dcrUrlProp = resolveFedAuthnProperty(oAuth2DCREPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_DCR_EP_URL);
    propertiesList.add(dcrUrlProp);
    Property webFingerUrlProp = resolveFedAuthnProperty(oIDCWebFingerEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_WEB_FINGER_EP_URL);
    propertiesList.add(webFingerUrlProp);
    Property jwksUrlProp = resolveFedAuthnProperty(oAuth2JWKSPage, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_JWKS_EP_URL);
    propertiesList.add(jwksUrlProp);
    Property discoveryUrlProp = resolveFedAuthnProperty(oIDCDiscoveryEPUrl, oidcFedAuthn, IdentityApplicationConstants.Authenticator.OIDC.OIDC_DISCOVERY_EP_URL);
    propertiesList.add(discoveryUrlProp);
    oidcFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    fedAuthnCofigs.add(oidcFedAuthn);
    FederatedAuthenticatorConfig passiveSTSFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.PassiveSTS.NAME);
    if (passiveSTSFedAuthn == null) {
        passiveSTSFedAuthn = new FederatedAuthenticatorConfig();
        passiveSTSFedAuthn.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.NAME);
    }
    propertiesList = new ArrayList<>();
    Property passiveSTSUrlProperty = IdentityApplicationManagementUtil.getProperty(passiveSTSFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL);
    if (passiveSTSUrlProperty == null) {
        passiveSTSUrlProperty = new Property();
        passiveSTSUrlProperty.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL);
    }
    passiveSTSUrlProperty.setValue(passiveStsUrl);
    propertiesList.add(passiveSTSUrlProperty);
    Property stsIdPEntityIdProperty = IdentityApplicationManagementUtil.getProperty(passiveSTSFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID);
    if (stsIdPEntityIdProperty == null) {
        stsIdPEntityIdProperty = new Property();
        stsIdPEntityIdProperty.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID);
        stsIdPEntityIdProperty.setValue(IdPManagementUtil.getResidentIdPEntityId());
    }
    propertiesList.add(stsIdPEntityIdProperty);
    for (Property property : passiveSTSFedAuthn.getProperties()) {
        if (property != null && !IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL.equals(property.getName()) && !IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID.equals(property.getName())) {
            propertiesList.add(property);
        }
    }
    passiveSTSFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    fedAuthnCofigs.add(passiveSTSFedAuthn);
    FederatedAuthenticatorConfig stsFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.WSTrust.NAME);
    if (stsFedAuthn == null) {
        stsFedAuthn = new FederatedAuthenticatorConfig();
        stsFedAuthn.setName(IdentityApplicationConstants.Authenticator.WSTrust.NAME);
    }
    propertiesList = new ArrayList<Property>(Arrays.asList(stsFedAuthn.getProperties()));
    if (IdentityApplicationManagementUtil.getProperty(stsFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.WSTrust.IDENTITY_PROVIDER_URL) == null) {
        Property stsUrlProp = new Property();
        stsUrlProp.setName(IdentityApplicationConstants.Authenticator.WSTrust.IDENTITY_PROVIDER_URL);
        stsUrlProp.setValue(stsUrl);
        propertiesList.add(stsUrlProp);
    }
    stsFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    fedAuthnCofigs.add(stsFedAuthn);
    List<IdentityProviderProperty> identityProviderProperties = new ArrayList<IdentityProviderProperty>();
    FederatedAuthenticatorConfig sessionTimeoutConfig = new FederatedAuthenticatorConfig();
    sessionTimeoutConfig.setName(IdentityApplicationConstants.NAME);
    propertiesList = new ArrayList<Property>(Arrays.asList(sessionTimeoutConfig.getProperties()));
    Property cleanUpPeriodProp = new Property();
    cleanUpPeriodProp.setName(IdentityApplicationConstants.CLEAN_UP_PERIOD);
    String cleanUpPeriod = IdentityUtil.getProperty(IdentityConstants.ServerConfig.CLEAN_UP_PERIOD);
    if (StringUtils.isBlank(cleanUpPeriod)) {
        cleanUpPeriod = IdentityApplicationConstants.CLEAN_UP_PERIOD_DEFAULT;
    } else if (!StringUtils.isNumeric(cleanUpPeriod)) {
        log.warn("PersistanceCleanUpPeriod in identity.xml should be a numeric value");
        cleanUpPeriod = IdentityApplicationConstants.CLEAN_UP_PERIOD_DEFAULT;
    }
    cleanUpPeriodProp.setValue(cleanUpPeriod);
    propertiesList.add(cleanUpPeriodProp);
    sessionTimeoutConfig.setProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    fedAuthnCofigs.add(sessionTimeoutConfig);
    identityProvider.setFederatedAuthenticatorConfigs(fedAuthnCofigs.toArray(new FederatedAuthenticatorConfig[fedAuthnCofigs.size()]));
    ProvisioningConnectorConfig scimProvConn = IdentityApplicationManagementUtil.getProvisioningConnector(identityProvider.getProvisioningConnectorConfigs(), "scim");
    if (scimProvConn == null) {
        scimProvConn = new ProvisioningConnectorConfig();
        scimProvConn.setName("scim");
    }
    propertiesList = new ArrayList<>(Arrays.asList(scimProvConn.getProvisioningProperties()));
    Property scimUserEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM.USERS_EP_URL);
    if (scimUserEndpointProperty == null) {
        Property property = new Property();
        property.setName(IdentityApplicationConstants.SCIM.USERS_EP_URL);
        property.setValue(scimUsersEndpoint);
        propertiesList.add(property);
    } else if (!scimUsersEndpoint.equalsIgnoreCase(scimUserEndpointProperty.getValue())) {
        scimUserEndpointProperty.setValue(scimUsersEndpoint);
    }
    Property scimGroupEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM.GROUPS_EP_URL);
    if (scimGroupEndpointProperty == null) {
        Property property = new Property();
        property.setName(IdentityApplicationConstants.SCIM.GROUPS_EP_URL);
        property.setValue(scimGroupsEndpoint);
        propertiesList.add(property);
    } else if (!scimGroupsEndpoint.equalsIgnoreCase(scimGroupEndpointProperty.getValue())) {
        scimGroupEndpointProperty.setValue(scimGroupsEndpoint);
    }
    Property scim2UserEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM2.USERS_EP_URL);
    if (scim2UserEndpointProperty == null) {
        Property property = new Property();
        property.setName(IdentityApplicationConstants.SCIM2.USERS_EP_URL);
        property.setValue(scim2UsersEndpoint);
        propertiesList.add(property);
    } else if (!scim2UsersEndpoint.equalsIgnoreCase(scim2UserEndpointProperty.getValue())) {
        scim2UserEndpointProperty.setValue(scim2UsersEndpoint);
    }
    Property scim2GroupEndpointProperty = IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), IdentityApplicationConstants.SCIM2.GROUPS_EP_URL);
    if (scim2GroupEndpointProperty == null) {
        Property property = new Property();
        property.setName(IdentityApplicationConstants.SCIM2.GROUPS_EP_URL);
        property.setValue(scim2GroupsEndpoint);
        propertiesList.add(property);
    } else if (!scim2GroupsEndpoint.equalsIgnoreCase(scim2GroupEndpointProperty.getValue())) {
        scim2GroupEndpointProperty.setValue(scim2GroupsEndpoint);
    }
    scimProvConn.setProvisioningProperties(propertiesList.toArray(new Property[propertiesList.size()]));
    identityProvider.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { scimProvConn });
    return identityProvider;
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) ArrayList(java.util.ArrayList) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) CertificateEncodingException(java.security.cert.CertificateEncodingException) URISyntaxException(java.net.URISyntaxException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) URISyntaxException(java.net.URISyntaxException) IdentityRoleManagementException(org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException) NotImplementedException(org.apache.commons.lang.NotImplementedException) XMLStreamException(javax.xml.stream.XMLStreamException) URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IdentityException(org.wso2.carbon.identity.base.IdentityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IOException(java.io.IOException) KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) Property(org.wso2.carbon.identity.application.common.model.Property) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)

Example 5 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project carbon-identity-framework by wso2.

the class IdentityProviderManager method getResidentIDPMetadata.

public String getResidentIDPMetadata(String tenantDomain) throws IdentityProviderManagementException {
    if (IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().isEmpty()) {
        throw new IdentityProviderManagementException("Error receiving Metadata object for tenant: " + tenantDomain);
    }
    IdentityProvider residentIdentityProvider = this.getResidentIdP(tenantDomain);
    FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = residentIdentityProvider.getFederatedAuthenticatorConfigs();
    FederatedAuthenticatorConfig samlFederatedAuthenticatorConfig = null;
    for (int i = 0; i < federatedAuthenticatorConfigs.length; i++) {
        if (federatedAuthenticatorConfigs[i].getName().equals(IdentityApplicationConstants.Authenticator.SAML2SSO.NAME)) {
            samlFederatedAuthenticatorConfig = federatedAuthenticatorConfigs[i];
            break;
        }
    }
    if (samlFederatedAuthenticatorConfig != null) {
        try {
            for (int t = 0; t < IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().size(); t++) {
                MetadataConverter converter = IdpMgtServiceComponentHolder.getInstance().getMetadataConverters().get(t);
                if (converter.canHandle(samlFederatedAuthenticatorConfig)) {
                    return converter.getMetadataString(samlFederatedAuthenticatorConfig);
                }
            }
        } catch (IdentityProviderSAMLException e) {
            throw new IdentityProviderManagementException("Error in retrieving metadata string for tenant:" + tenantDomain, e.getMessage());
        }
    }
    return null;
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) MetadataConverter(org.wso2.carbon.idp.mgt.util.MetadataConverter) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)

Aggregations

FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)60 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)36 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig)29 Property (org.wso2.carbon.identity.application.common.model.Property)28 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)25 ArrayList (java.util.ArrayList)21 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)17 IdentityProvider (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider)16 Test (org.testng.annotations.Test)14 Property (org.wso2.carbon.identity.application.common.model.idp.xsd.Property)14 HashMap (java.util.HashMap)12 ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)11 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)10 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProviderProperty)10 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)9 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)8 LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)8 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)8 Map (java.util.Map)7 DataProvider (org.testng.annotations.DataProvider)7