use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2UtilTest method testGetTenantQualifiedIDTokenIssuer.
@Test(dataProvider = "TenantQualifiedURLsIDTokenIssuerData")
public void testGetTenantQualifiedIDTokenIssuer(boolean enableTenantURLSupport, String oidcConfigUrl, String tenantDomain, String expected) throws Exception {
when(IdentityTenantUtil.isTenantQualifiedUrlsEnabled()).thenReturn(enableTenantURLSupport);
when(IdentityTenantUtil.getTenantDomainFromContext()).thenReturn(tenantDomain);
when(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()).thenReturn("carbon.super");
FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = new FederatedAuthenticatorConfig[0];
when(mockIdentityProvider.getFederatedAuthenticatorConfigs()).thenReturn(federatedAuthenticatorConfigs);
mockStatic(IdentityApplicationManagementUtil.class);
mockStatic(FederatedAuthenticatorConfig.class);
Property property = mock(Property.class);
Property[] properties = new Property[0];
when(IdentityApplicationManagementUtil.getFederatedAuthenticator(federatedAuthenticatorConfigs, "openidconnect")).thenReturn(mockFederatedAuthenticatorConfig);
when(mockFederatedAuthenticatorConfig.getProperties()).thenReturn(properties);
when(IdentityApplicationManagementUtil.getProperty(properties, "IdPEntityId")).thenReturn(property);
when(property.getValue()).thenReturn(oidcConfigUrl);
assertEquals(getIdTokenIssuer(tenantDomain), expected);
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class RequestObjectValidatorImplTest method testValidateRequestObj.
@Test(dataProvider = "provideJWT")
public void testValidateRequestObj(String jwt, boolean isSigned, boolean isEncrypted, boolean validSignature, boolean validRequestObj, String errorMsg) throws Exception {
OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
oAuth2Parameters.setTenantDomain(SUPER_TENANT_DOMAIN_NAME);
oAuth2Parameters.setClientId(TEST_CLIENT_ID_1);
mockStatic(IdentityUtil.class);
when(IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())).thenReturn("some-server-url");
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
IdentityEventService eventServiceMock = mock(IdentityEventService.class);
mockStatic(CentralLogMgtServiceComponentHolder.class);
when(CentralLogMgtServiceComponentHolder.getInstance()).thenReturn(centralLogMgtServiceComponentHolderMock);
when(centralLogMgtServiceComponentHolderMock.getIdentityEventService()).thenReturn(eventServiceMock);
PowerMockito.doNothing().when(eventServiceMock).handleEvent(any());
OAuthServerConfiguration oauthServerConfigurationMock = mock(OAuthServerConfiguration.class);
mockStatic(OAuthServerConfiguration.class);
when(OAuthServerConfiguration.getInstance()).thenReturn(oauthServerConfigurationMock);
rsaPrivateKey = (RSAPrivateKey) wso2KeyStore.getKey("wso2carbon", "wso2carbon".toCharArray());
mockStatic(OAuth2Util.class);
when(OAuth2Util.getTenantId(SUPER_TENANT_DOMAIN_NAME)).thenReturn(SUPER_TENANT_ID);
when((OAuth2Util.getPrivateKey(anyString(), anyInt()))).thenReturn(rsaPrivateKey);
// Mock OAuth2Util returning public cert of the service provider
when(OAuth2Util.getX509CertOfOAuthApp(TEST_CLIENT_ID_1, SUPER_TENANT_DOMAIN_NAME)).thenReturn(clientKeyStore.getCertificate(CLIENT_PUBLIC_CERT_ALIAS));
RequestObjectValidatorImpl requestObjectValidator = PowerMockito.spy(new RequestObjectValidatorImpl());
RequestParamRequestObjectBuilder requestParamRequestObjectBuilder = new RequestParamRequestObjectBuilder();
when((oauthServerConfigurationMock.getRequestObjectValidator())).thenReturn(requestObjectValidator);
mockIdentityProviderManager();
PowerMockito.mockStatic(IdentityApplicationManagementUtil.class);
FederatedAuthenticatorConfig config = new FederatedAuthenticatorConfig();
when(IdentityApplicationManagementUtil.getFederatedAuthenticator(any(), any())).thenReturn(config);
Property property = new Property();
property.setValue(SOME_SERVER_URL);
when(IdentityApplicationManagementUtil.getProperty(config.getProperties(), "IdPEntityId")).thenReturn(property);
RequestObject requestObject = requestParamRequestObjectBuilder.buildRequestObject(jwt, oAuth2Parameters);
Assert.assertEquals(requestParamRequestObjectBuilder.isEncrypted(jwt), isEncrypted, "Payload is encrypted:" + isEncrypted);
Assert.assertEquals(requestObjectValidator.isSigned(requestObject), isSigned, "Request object isSigned: " + isSigned);
if (isSigned) {
Assert.assertEquals(requestObjectValidator.validateSignature(requestObject, oAuth2Parameters), validSignature, errorMsg + "Request Object Signature Validation failed.");
}
boolean validObject;
try {
validObject = requestObjectValidator.validateRequestObject(requestObject, oAuth2Parameters);
} catch (Exception e) {
validObject = false;
}
Assert.assertEquals(validObject, validRequestObj, errorMsg);
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2Util method getIssuerLocation.
/**
* Used to get the issuer url for a given tenant.
*
* @param tenantDomain Tenant domain.
* @return Token issuer url.
* @throws IdentityOAuth2Exception IdentityOAuth2Exception.
*/
public static String getIssuerLocation(String tenantDomain) throws IdentityOAuth2Exception {
/*
* IMPORTANT:
* This method should only honor the given tenant.
* Do not add any auto tenant resolving logic.
*/
if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
try {
startTenantFlow(tenantDomain);
return ServiceURLBuilder.create().addPath(OAUTH2_TOKEN_EP_URL).build().getAbsolutePublicURL();
} catch (URLBuilderException e) {
String errorMsg = String.format("Error while building the absolute url of the context: '%s', for the" + " tenant domain: '%s'", OAUTH2_TOKEN_EP_URL, tenantDomain);
throw new IdentityOAuth2Exception(errorMsg, e);
} finally {
endTenantFlow();
}
} else {
IdentityProvider identityProvider = getResidentIdp(tenantDomain);
FederatedAuthenticatorConfig[] fedAuthnConfigs = identityProvider.getFederatedAuthenticatorConfigs();
// Get OIDC authenticator
FederatedAuthenticatorConfig oidcAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(fedAuthnConfigs, IdentityApplicationConstants.Authenticator.OIDC.NAME);
return IdentityApplicationManagementUtil.getProperty(oidcAuthenticatorConfig.getProperties(), IDP_ENTITY_ID).getValue();
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class SAML2BearerGrantHandler method getTokenEPAliasFromResidentIdp.
private String getTokenEPAliasFromResidentIdp(Assertion assertion, IdentityProvider identityProvider, String tenantDomain) throws IdentityOAuth2Exception {
String tokenEndpointAlias = null;
FederatedAuthenticatorConfig[] fedAuthnConfigs = identityProvider.getFederatedAuthenticatorConfigs();
// Get OpenIDConnect authenticator == OAuth
// authenticator
FederatedAuthenticatorConfig oauthAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(fedAuthnConfigs, IdentityApplicationConstants.Authenticator.OIDC.NAME);
// Get OAuth token endpoint
Property oauthProperty = IdentityApplicationManagementUtil.getProperty(oauthAuthenticatorConfig.getProperties(), IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL);
if (oauthProperty != null) {
tokenEndpointAlias = oauthProperty.getValue();
}
return tokenEndpointAlias;
}
use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-governance by wso2-extensions.
the class IdentityGovernanceUtil method saveConnectorDefaultProperties.
@Deprecated
public static void saveConnectorDefaultProperties(IdentityConnectorConfig identityConnectorConfig, String tenantDomain) throws ConnectorException {
IdpManager identityProviderManager = IdentityMgtServiceDataHolder.getInstance().getIdpManager();
try {
IdentityProvider residentIdp = identityProviderManager.getResidentIdP(tenantDomain);
IdentityProviderProperty[] idpProperties = residentIdp.getIdpProperties();
String[] connectorPropertiesNames = identityConnectorConfig.getPropertyNames();
List<IdentityProviderProperty> propertiesToAdd = new ArrayList<>();
for (String connectorPropertyName : connectorPropertiesNames) {
boolean propertyExists = false;
for (IdentityProviderProperty property : idpProperties) {
if (connectorPropertyName.equals(property.getName())) {
propertyExists = true;
break;
}
}
if (!propertyExists) {
IdentityProviderProperty newProperty = new IdentityProviderProperty();
newProperty.setName(connectorPropertyName);
newProperty.setDisplayName(identityConnectorConfig.getPropertyNameMapping().get(connectorPropertyName));
Properties defaultPropertyValues = identityConnectorConfig.getDefaultPropertyValues(tenantDomain);
newProperty.setValue(String.valueOf(defaultPropertyValues.get(connectorPropertyName)));
propertiesToAdd.add(newProperty);
}
}
// If the property list size is greater than 0, add the new properties to the database.
if (propertiesToAdd.size() > 0) {
String alreadyWrittenPropertyName = identityConnectorConfig.getName() + "." + IdentityEventConstants.PropertyConfig.ALREADY_WRITTEN_PROPERTY_KEY;
boolean alreadyWrittenPropertyExists = false;
for (IdentityProviderProperty property : idpProperties) {
if (alreadyWrittenPropertyName.equals(property.getName())) {
alreadyWrittenPropertyExists = true;
break;
}
}
if (!alreadyWrittenPropertyExists) {
IdentityProviderProperty property = new IdentityProviderProperty();
property.setName(alreadyWrittenPropertyName);
property.setValue(IdentityEventConstants.PropertyConfig.ALREADY_WRITTEN_PROPERTY_VALUE);
propertiesToAdd.add(property);
}
propertiesToAdd.addAll(Arrays.asList(idpProperties));
residentIdp.setIdpProperties(propertiesToAdd.toArray(new IdentityProviderProperty[0]));
FederatedAuthenticatorConfig[] authenticatorConfigs = residentIdp.getFederatedAuthenticatorConfigs();
List<FederatedAuthenticatorConfig> configsToSave = new ArrayList<>();
for (FederatedAuthenticatorConfig authenticatorConfig : authenticatorConfigs) {
if (IdentityApplicationConstants.Authenticator.PassiveSTS.NAME.equals(authenticatorConfig.getName()) || IdentityApplicationConstants.Authenticator.SAML2SSO.NAME.equals(authenticatorConfig.getName())) {
configsToSave.add(authenticatorConfig);
}
}
residentIdp.setFederatedAuthenticatorConfigs(configsToSave.toArray(new FederatedAuthenticatorConfig[0]));
identityProviderManager.updateResidentIdP(residentIdp, tenantDomain);
if (log.isDebugEnabled()) {
log.debug("New resident IDP properties for tenant : " + tenantDomain + " written to database");
}
}
} catch (IdentityProviderManagementException e) {
log.error("Error while adding identity management properties to resident Idp.", e);
}
}
Aggregations