Search in sources :

Example 26 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2UtilTest method testGetTenantQualifiedIDTokenIssuer.

@Test(dataProvider = "TenantQualifiedURLsIDTokenIssuerData")
public void testGetTenantQualifiedIDTokenIssuer(boolean enableTenantURLSupport, String oidcConfigUrl, String tenantDomain, String expected) throws Exception {
    when(IdentityTenantUtil.isTenantQualifiedUrlsEnabled()).thenReturn(enableTenantURLSupport);
    when(IdentityTenantUtil.getTenantDomainFromContext()).thenReturn(tenantDomain);
    when(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()).thenReturn("carbon.super");
    FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = new FederatedAuthenticatorConfig[0];
    when(mockIdentityProvider.getFederatedAuthenticatorConfigs()).thenReturn(federatedAuthenticatorConfigs);
    mockStatic(IdentityApplicationManagementUtil.class);
    mockStatic(FederatedAuthenticatorConfig.class);
    Property property = mock(Property.class);
    Property[] properties = new Property[0];
    when(IdentityApplicationManagementUtil.getFederatedAuthenticator(federatedAuthenticatorConfigs, "openidconnect")).thenReturn(mockFederatedAuthenticatorConfig);
    when(mockFederatedAuthenticatorConfig.getProperties()).thenReturn(properties);
    when(IdentityApplicationManagementUtil.getProperty(properties, "IdPEntityId")).thenReturn(property);
    when(property.getValue()).thenReturn(oidcConfigUrl);
    assertEquals(getIdTokenIssuer(tenantDomain), expected);
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) Property(org.wso2.carbon.identity.application.common.model.Property) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Example 27 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class RequestObjectValidatorImplTest method testValidateRequestObj.

@Test(dataProvider = "provideJWT")
public void testValidateRequestObj(String jwt, boolean isSigned, boolean isEncrypted, boolean validSignature, boolean validRequestObj, String errorMsg) throws Exception {
    OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
    oAuth2Parameters.setTenantDomain(SUPER_TENANT_DOMAIN_NAME);
    oAuth2Parameters.setClientId(TEST_CLIENT_ID_1);
    mockStatic(IdentityUtil.class);
    when(IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())).thenReturn("some-server-url");
    mockStatic(IdentityTenantUtil.class);
    when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
    IdentityEventService eventServiceMock = mock(IdentityEventService.class);
    mockStatic(CentralLogMgtServiceComponentHolder.class);
    when(CentralLogMgtServiceComponentHolder.getInstance()).thenReturn(centralLogMgtServiceComponentHolderMock);
    when(centralLogMgtServiceComponentHolderMock.getIdentityEventService()).thenReturn(eventServiceMock);
    PowerMockito.doNothing().when(eventServiceMock).handleEvent(any());
    OAuthServerConfiguration oauthServerConfigurationMock = mock(OAuthServerConfiguration.class);
    mockStatic(OAuthServerConfiguration.class);
    when(OAuthServerConfiguration.getInstance()).thenReturn(oauthServerConfigurationMock);
    rsaPrivateKey = (RSAPrivateKey) wso2KeyStore.getKey("wso2carbon", "wso2carbon".toCharArray());
    mockStatic(OAuth2Util.class);
    when(OAuth2Util.getTenantId(SUPER_TENANT_DOMAIN_NAME)).thenReturn(SUPER_TENANT_ID);
    when((OAuth2Util.getPrivateKey(anyString(), anyInt()))).thenReturn(rsaPrivateKey);
    // Mock OAuth2Util returning public cert of the service provider
    when(OAuth2Util.getX509CertOfOAuthApp(TEST_CLIENT_ID_1, SUPER_TENANT_DOMAIN_NAME)).thenReturn(clientKeyStore.getCertificate(CLIENT_PUBLIC_CERT_ALIAS));
    RequestObjectValidatorImpl requestObjectValidator = PowerMockito.spy(new RequestObjectValidatorImpl());
    RequestParamRequestObjectBuilder requestParamRequestObjectBuilder = new RequestParamRequestObjectBuilder();
    when((oauthServerConfigurationMock.getRequestObjectValidator())).thenReturn(requestObjectValidator);
    mockIdentityProviderManager();
    PowerMockito.mockStatic(IdentityApplicationManagementUtil.class);
    FederatedAuthenticatorConfig config = new FederatedAuthenticatorConfig();
    when(IdentityApplicationManagementUtil.getFederatedAuthenticator(any(), any())).thenReturn(config);
    Property property = new Property();
    property.setValue(SOME_SERVER_URL);
    when(IdentityApplicationManagementUtil.getProperty(config.getProperties(), "IdPEntityId")).thenReturn(property);
    RequestObject requestObject = requestParamRequestObjectBuilder.buildRequestObject(jwt, oAuth2Parameters);
    Assert.assertEquals(requestParamRequestObjectBuilder.isEncrypted(jwt), isEncrypted, "Payload is encrypted:" + isEncrypted);
    Assert.assertEquals(requestObjectValidator.isSigned(requestObject), isSigned, "Request object isSigned: " + isSigned);
    if (isSigned) {
        Assert.assertEquals(requestObjectValidator.validateSignature(requestObject, oAuth2Parameters), validSignature, errorMsg + "Request Object Signature Validation failed.");
    }
    boolean validObject;
    try {
        validObject = requestObjectValidator.validateRequestObject(requestObject, oAuth2Parameters);
    } catch (Exception e) {
        validObject = false;
    }
    Assert.assertEquals(validObject, validRequestObj, errorMsg);
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration) Property(org.wso2.carbon.identity.application.common.model.Property) IdentityEventService(org.wso2.carbon.identity.event.services.IdentityEventService) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 28 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2Util method getIssuerLocation.

/**
 * Used to get the issuer url for a given tenant.
 *
 * @param tenantDomain Tenant domain.
 * @return Token issuer url.
 * @throws IdentityOAuth2Exception IdentityOAuth2Exception.
 */
public static String getIssuerLocation(String tenantDomain) throws IdentityOAuth2Exception {
    /*
        * IMPORTANT:
        * This method should only honor the given tenant.
        * Do not add any auto tenant resolving logic.
        */
    if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
        try {
            startTenantFlow(tenantDomain);
            return ServiceURLBuilder.create().addPath(OAUTH2_TOKEN_EP_URL).build().getAbsolutePublicURL();
        } catch (URLBuilderException e) {
            String errorMsg = String.format("Error while building the absolute url of the context: '%s',  for the" + " tenant domain: '%s'", OAUTH2_TOKEN_EP_URL, tenantDomain);
            throw new IdentityOAuth2Exception(errorMsg, e);
        } finally {
            endTenantFlow();
        }
    } else {
        IdentityProvider identityProvider = getResidentIdp(tenantDomain);
        FederatedAuthenticatorConfig[] fedAuthnConfigs = identityProvider.getFederatedAuthenticatorConfigs();
        // Get OIDC authenticator
        FederatedAuthenticatorConfig oidcAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(fedAuthnConfigs, IdentityApplicationConstants.Authenticator.OIDC.NAME);
        return IdentityApplicationManagementUtil.getProperty(oidcAuthenticatorConfig.getProperties(), IDP_ENTITY_ID).getValue();
    }
}
Also used : URLBuilderException(org.wso2.carbon.identity.core.URLBuilderException) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)

Example 29 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class SAML2BearerGrantHandler method getTokenEPAliasFromResidentIdp.

private String getTokenEPAliasFromResidentIdp(Assertion assertion, IdentityProvider identityProvider, String tenantDomain) throws IdentityOAuth2Exception {
    String tokenEndpointAlias = null;
    FederatedAuthenticatorConfig[] fedAuthnConfigs = identityProvider.getFederatedAuthenticatorConfigs();
    // Get OpenIDConnect authenticator == OAuth
    // authenticator
    FederatedAuthenticatorConfig oauthAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(fedAuthnConfigs, IdentityApplicationConstants.Authenticator.OIDC.NAME);
    // Get OAuth token endpoint
    Property oauthProperty = IdentityApplicationManagementUtil.getProperty(oauthAuthenticatorConfig.getProperties(), IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL);
    if (oauthProperty != null) {
        tokenEndpointAlias = oauthProperty.getValue();
    }
    return tokenEndpointAlias;
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 30 with FederatedAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig in project identity-governance by wso2-extensions.

the class IdentityGovernanceUtil method saveConnectorDefaultProperties.

@Deprecated
public static void saveConnectorDefaultProperties(IdentityConnectorConfig identityConnectorConfig, String tenantDomain) throws ConnectorException {
    IdpManager identityProviderManager = IdentityMgtServiceDataHolder.getInstance().getIdpManager();
    try {
        IdentityProvider residentIdp = identityProviderManager.getResidentIdP(tenantDomain);
        IdentityProviderProperty[] idpProperties = residentIdp.getIdpProperties();
        String[] connectorPropertiesNames = identityConnectorConfig.getPropertyNames();
        List<IdentityProviderProperty> propertiesToAdd = new ArrayList<>();
        for (String connectorPropertyName : connectorPropertiesNames) {
            boolean propertyExists = false;
            for (IdentityProviderProperty property : idpProperties) {
                if (connectorPropertyName.equals(property.getName())) {
                    propertyExists = true;
                    break;
                }
            }
            if (!propertyExists) {
                IdentityProviderProperty newProperty = new IdentityProviderProperty();
                newProperty.setName(connectorPropertyName);
                newProperty.setDisplayName(identityConnectorConfig.getPropertyNameMapping().get(connectorPropertyName));
                Properties defaultPropertyValues = identityConnectorConfig.getDefaultPropertyValues(tenantDomain);
                newProperty.setValue(String.valueOf(defaultPropertyValues.get(connectorPropertyName)));
                propertiesToAdd.add(newProperty);
            }
        }
        // If the property list size is greater than 0, add the new properties to the database.
        if (propertiesToAdd.size() > 0) {
            String alreadyWrittenPropertyName = identityConnectorConfig.getName() + "." + IdentityEventConstants.PropertyConfig.ALREADY_WRITTEN_PROPERTY_KEY;
            boolean alreadyWrittenPropertyExists = false;
            for (IdentityProviderProperty property : idpProperties) {
                if (alreadyWrittenPropertyName.equals(property.getName())) {
                    alreadyWrittenPropertyExists = true;
                    break;
                }
            }
            if (!alreadyWrittenPropertyExists) {
                IdentityProviderProperty property = new IdentityProviderProperty();
                property.setName(alreadyWrittenPropertyName);
                property.setValue(IdentityEventConstants.PropertyConfig.ALREADY_WRITTEN_PROPERTY_VALUE);
                propertiesToAdd.add(property);
            }
            propertiesToAdd.addAll(Arrays.asList(idpProperties));
            residentIdp.setIdpProperties(propertiesToAdd.toArray(new IdentityProviderProperty[0]));
            FederatedAuthenticatorConfig[] authenticatorConfigs = residentIdp.getFederatedAuthenticatorConfigs();
            List<FederatedAuthenticatorConfig> configsToSave = new ArrayList<>();
            for (FederatedAuthenticatorConfig authenticatorConfig : authenticatorConfigs) {
                if (IdentityApplicationConstants.Authenticator.PassiveSTS.NAME.equals(authenticatorConfig.getName()) || IdentityApplicationConstants.Authenticator.SAML2SSO.NAME.equals(authenticatorConfig.getName())) {
                    configsToSave.add(authenticatorConfig);
                }
            }
            residentIdp.setFederatedAuthenticatorConfigs(configsToSave.toArray(new FederatedAuthenticatorConfig[0]));
            identityProviderManager.updateResidentIdP(residentIdp, tenantDomain);
            if (log.isDebugEnabled()) {
                log.debug("New resident IDP properties for tenant : " + tenantDomain + " written to database");
            }
        }
    } catch (IdentityProviderManagementException e) {
        log.error("Error while adding identity management properties to resident Idp.", e);
    }
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) ArrayList(java.util.ArrayList) IdpManager(org.wso2.carbon.idp.mgt.IdpManager) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) Properties(java.util.Properties) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Aggregations

FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)60 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)36 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig)29 Property (org.wso2.carbon.identity.application.common.model.Property)28 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)25 ArrayList (java.util.ArrayList)21 IdentityProviderManagementException (org.wso2.carbon.idp.mgt.IdentityProviderManagementException)17 IdentityProvider (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider)16 Test (org.testng.annotations.Test)14 Property (org.wso2.carbon.identity.application.common.model.idp.xsd.Property)14 HashMap (java.util.HashMap)12 ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)11 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)10 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProviderProperty)10 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)9 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)8 LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)8 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)8 Map (java.util.Map)7 DataProvider (org.testng.annotations.DataProvider)7