Example 21 with InboundAuthenticationConfig
use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthApplicationMgtListener method addClientSecret.
private void addClientSecret(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
if (serviceProvider == null) {
// if service provider is not present no need to add this information
return;
}
try {
InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
if (inboundAuthenticationConfig != null) {
InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
if (inboundRequestConfigs != null) {
for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
if (inboundRequestConfig.getInboundAuthType().equals(OAUTH2)) {
Property[] props = inboundRequestConfig.getProperties();
Property property = new Property();
property.setName(OAUTH2_CONSUMER_SECRET);
String clientSecret = null;
try {
clientSecret = OAuth2Util.getClientSecret(inboundRequestConfig.getInboundAuthKey());
} catch (InvalidOAuthClientException e) {
log.warn("The OAuth application data not exists for " + inboundRequestConfig.getInboundAuthKey());
}
property.setValue(clientSecret);
props = (Property[]) ArrayUtils.add(props, property);
inboundRequestConfig.setProperties(props);
// we are interested only on oauth2 config. Only one will be present.
continue;
} else {
// ignore
}
}
} else {
// ignore
}
} else {
// nothing to do
}
} catch (IdentityOAuth2Exception e) {
throw new IdentityApplicationManagementException("Injecting client secret failed.", e);
}
return;
}
Also used :
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)
Property(org.wso2.carbon.identity.application.common.model.Property)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Example 22 with InboundAuthenticationConfig
use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthApplicationMgtListener method getOAuthAppsAssociatedWithApplication.
private Set<String> getOAuthAppsAssociatedWithApplication(ServiceProvider serviceProvider) {
Set<String> oauthKeys = new HashSet<>();
InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
if (inboundAuthenticationConfig != null) {
InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
if (inboundRequestConfigs != null) {
for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
if (StringUtils.equals(OAUTH2, inboundRequestConfig.getInboundAuthType()) || StringUtils.equals(inboundRequestConfig.getInboundAuthType(), OAUTH)) {
oauthKeys.add(inboundRequestConfig.getInboundAuthKey());
}
}
}
}
return oauthKeys;
}
Also used :
InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)
HashSet(java.util.HashSet)
Example 23 with InboundAuthenticationConfig
use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthApplicationMgtListener method removeClientSecret.
private void removeClientSecret(ServiceProvider serviceProvider) {
InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
if (inboundAuthenticationConfig != null) {
InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
if (inboundRequestConfigs != null) {
for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
if (inboundRequestConfig.getInboundAuthType().equals(OAUTH2)) {
Property[] props = inboundRequestConfig.getProperties();
for (Property prop : props) {
if (prop.getName().equalsIgnoreCase(OAUTH2_CONSUMER_SECRET)) {
props = (Property[]) ArrayUtils.removeElement(props, prop);
inboundRequestConfig.setProperties(props);
// we are interested only on this property
continue;
} else {
// ignore
}
}
// we are interested only on oauth2 config. Only one will be present.
continue;
} else {
// ignore
}
}
} else {
// ignore
}
} else {
// nothing to do
}
}
Also used :
InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)
Property(org.wso2.carbon.identity.application.common.model.Property)
Example 24 with InboundAuthenticationConfig
use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuthApplicationMgtListenerTest method createServiceProvider.
/**
* Create service provider with required configurations.
*
* @param appId
* @param hasAuthConfig
* @param hasRequestConfig
* @param authType
* @param propName
* @return
*/
private ServiceProvider createServiceProvider(int appId, boolean hasAuthConfig, boolean hasRequestConfig, String authType, String propName) {
ServiceProvider serviceProvider = new ServiceProvider();
serviceProvider.setApplicationID(appId);
if (hasAuthConfig) {
InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
if (hasRequestConfig) {
InboundAuthenticationRequestConfig[] requestConfig = new InboundAuthenticationRequestConfig[1];
requestConfig[0] = new InboundAuthenticationRequestConfig();
requestConfig[0].setInboundAuthType(authType);
requestConfig[0].setInboundAuthKey("authKey");
Property[] properties = new Property[1];
properties[0] = new Property();
properties[0].setName(propName);
requestConfig[0].setProperties(properties);
inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(requestConfig);
} else {
inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(null);
}
serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
}
return serviceProvider;
}
Also used :
InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)
Property(org.wso2.carbon.identity.application.common.model.Property)
Example 25 with InboundAuthenticationConfig
use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.
the class DCRManagementService method createOAuthApplication.
/**
* @param profile - RegistrationRequestProfile of the OAuth application to be created.
* @return RegistrationResponseProfile object which holds the necessary data of created OAuth app.
* @throws DCRException
* @throws IdentityException
*/
private RegistrationResponseProfile createOAuthApplication(RegistrationRequestProfile profile) throws DCRException {
// Subscriber's name should be passed as a parameter, since it's under the subscriber
// the OAuth App is created.
String owner = profile.getOwner();
// Replace all unsupported characters
String ownerName = owner.replaceAll(String.valueOf(DCRConstants.UNSUPPORTED_CHARACTERS_IN_REGISTRY), "_");
String applicationName = ownerName + "_" + profile.getClientName();
// Regex validation of the application name.
if (!DCRMUtils.isRegexValidated(applicationName)) {
throw new DCRException("The Application name: " + applicationName + " is not valid! It is not adhering to" + " the regex: " + DCRMUtils.getSPValidatorRegex());
}
String grantType = StringUtils.join(profile.getGrantTypes(), " ");
String baseUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
String userName = MultitenantUtils.getTenantAwareUsername(profile.getOwner());
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(profile.getTenantDomain(), true);
// Acting as the provided user. When creating Service Provider/OAuth App,
// username is fetched from CarbonContext
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(userName);
try {
// Create the Service Provider
ServiceProvider serviceProvider = new ServiceProvider();
serviceProvider.setApplicationName(applicationName);
User user = new User();
user.setUserName(UserCoreUtil.removeDomainFromName(userName));
user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(userName));
user.setTenantDomain(profile.getTenantDomain());
serviceProvider.setOwner(user);
serviceProvider.setDescription("Service Provider for application " + applicationName);
ApplicationManagementService appMgtService = DCRDataHolder.getInstance().getApplicationManagementService();
ServiceProvider existingServiceProvider = null;
ServiceProvider createdServiceProvider = null;
try {
existingServiceProvider = appMgtService.getServiceProvider(applicationName, profile.getTenantDomain());
if (existingServiceProvider == null) {
appMgtService.createApplication(serviceProvider, profile.getTenantDomain(), userName);
createdServiceProvider = appMgtService.getServiceProvider(applicationName, profile.getTenantDomain());
} else {
String errorMessage = "Service Provider with name: " + applicationName + " already registered";
throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
}
} catch (IdentityApplicationManagementException e) {
String errorMessage = "Error occurred while reading service provider, " + applicationName;
throw IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), errorMessage, e);
}
if (createdServiceProvider == null) {
String errorMessage = "Couldn't create Service Provider Application " + applicationName;
throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
}
// Set SaaS app option
createdServiceProvider.setSaasApp(false);
// Then Create OAuthApp
OAuthAdminService oAuthAdminService = new OAuthAdminService();
OAuthConsumerAppDTO oAuthConsumerApp = new OAuthConsumerAppDTO();
oAuthConsumerApp.setApplicationName(applicationName);
// TODO: After implement multi-urls to the oAuth application, we have to change this API call
if (profile.getRedirectUris().size() == 0 && (profile.getGrantTypes().contains(DCRConstants.GrantTypes.AUTHORIZATION_CODE) || profile.getGrantTypes().contains(DCRConstants.GrantTypes.IMPLICIT))) {
String errorMessage = "RedirectUris property must have at least one URI value.";
throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
} else if (profile.getRedirectUris().size() == 1) {
String redirectUri = profile.getRedirectUris().get(0);
try {
// validate the redirect uri
IdentityValidationUtil.getValidInputOverWhiteListPatterns(redirectUri, new String[] { IdentityValidationUtil.ValidatorPattern.URL_WITHOUT_FRAGMENT.name() });
oAuthConsumerApp.setCallbackUrl(redirectUri);
} catch (IdentityValidationException e) {
// TODO: need to add error code
throw IdentityException.error(DCRException.class, "Redirect URI: " + redirectUri + ", is invalid", e);
}
} else if (profile.getRedirectUris().size() > 1) {
oAuthConsumerApp.setCallbackUrl(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX + createRegexPattern(profile.getRedirectUris()));
}
oAuthConsumerApp.setGrantTypes(grantType);
oAuthConsumerApp.setOAuthVersion(OAUTH_VERSION);
if (log.isDebugEnabled()) {
log.debug("Creating OAuth App " + applicationName);
}
OAuthConsumerAppDTO createdApp;
try {
createdApp = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerApp);
} catch (IdentityOAuthAdminException e) {
throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), e.getMessage());
}
if (log.isDebugEnabled()) {
log.debug("Created OAuth App " + applicationName);
log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName());
}
// Set the OAuthApp in InboundAuthenticationConfig
InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
List<InboundAuthenticationRequestConfig> inboundAuthenticationRequestConfigs = new ArrayList<>();
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2);
String oauthConsumerSecret = createdApp.getOauthConsumerSecret();
if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
Property property = new Property();
property.setName(OAUTH_CONSUMER_SECRET);
property.setValue(oauthConsumerSecret);
Property[] properties = { property };
inboundAuthenticationRequestConfig.setProperties(properties);
}
inboundAuthenticationRequestConfigs.add(inboundAuthenticationRequestConfig);
inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs.toArray(new InboundAuthenticationRequestConfig[inboundAuthenticationRequestConfigs.size()]));
createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
// Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
try {
appMgtService.updateApplication(createdServiceProvider, profile.getTenantDomain(), userName);
} catch (IdentityApplicationManagementException e) {
throw IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), e.getMessage());
}
RegistrationResponseProfile registrationResponseProfile = new RegistrationResponseProfile();
registrationResponseProfile.setClientId(createdApp.getOauthConsumerKey());
registrationResponseProfile.getRedirectUrls().add(createdApp.getCallbackUrl());
registrationResponseProfile.setClientSecret(oauthConsumerSecret);
registrationResponseProfile.setClientName(createdApp.getApplicationName());
registrationResponseProfile.setClientSecretExpiresAt(DEFAULT_CLIENT_SECRET_EXPIRY_TIME);
if (StringUtils.isNotBlank(createdApp.getGrantTypes())) {
String[] split = createdApp.getGrantTypes().split(" ");
registrationResponseProfile.setGrantTypes(Arrays.asList(split));
}
return registrationResponseProfile;
} finally {
PrivilegedCarbonContext.endTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(baseUser);
}
}
Also used :
IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException)
User(org.wso2.carbon.identity.application.common.model.User)
InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)
OAuthAdminService(org.wso2.carbon.identity.oauth.OAuthAdminService)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO)
ArrayList(java.util.ArrayList)
RegistrationResponseProfile(org.wso2.carbon.identity.oauth.dcr.model.RegistrationResponseProfile)
IdentityValidationException(org.wso2.carbon.identity.base.IdentityValidationException)
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)
DCRException(org.wso2.carbon.identity.oauth.dcr.DCRException)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService)
Property(org.wso2.carbon.identity.application.common.model.Property)
Aggregations
InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)21
InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)21
ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)19
InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)16
InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)15
Property (org.wso2.carbon.identity.application.common.model.xsd.Property)15
ArrayList (java.util.ArrayList)9
Property (org.wso2.carbon.identity.application.common.model.Property)7
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)6
RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.xsd.RequestPathAuthenticatorConfig)5
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)4
LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig)4
PreparedStatement (java.sql.PreparedStatement)3
SQLException (java.sql.SQLException)3
NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)3
ServiceProviderProperty (org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)3
IOException (java.io.IOException)2
HashMap (java.util.HashMap)2
APIError (org.wso2.carbon.identity.api.server.common.error.APIError)2
AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)2
