Search in sources :

Example 96 with InboundAuthenticationRequestConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method getOAuthAppsAssociatedWithApplication.

private Set<String> getOAuthAppsAssociatedWithApplication(ServiceProvider serviceProvider) {
    Set<String> oauthKeys = new HashSet<>();
    InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
    if (inboundAuthenticationConfig != null) {
        InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
        if (inboundRequestConfigs != null) {
            for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
                if (StringUtils.equals(OAUTH2, inboundRequestConfig.getInboundAuthType()) || StringUtils.equals(inboundRequestConfig.getInboundAuthType(), OAUTH)) {
                    oauthKeys.add(inboundRequestConfig.getInboundAuthKey());
                }
            }
        }
    }
    return oauthKeys;
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) HashSet(java.util.HashSet)

Example 97 with InboundAuthenticationRequestConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method removeClientSecret.

private void removeClientSecret(ServiceProvider serviceProvider) {
    InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
    if (inboundAuthenticationConfig != null) {
        InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
        if (inboundRequestConfigs != null) {
            for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
                if (inboundRequestConfig.getInboundAuthType().equals(OAUTH2)) {
                    Property[] props = inboundRequestConfig.getProperties();
                    for (Property prop : props) {
                        if (prop.getName().equalsIgnoreCase(OAUTH2_CONSUMER_SECRET)) {
                            props = (Property[]) ArrayUtils.removeElement(props, prop);
                            inboundRequestConfig.setProperties(props);
                            // we are interested only on this property
                            continue;
                        } else {
                        // ignore
                        }
                    }
                    // we are interested only on oauth2 config. Only one will be present.
                    continue;
                } else {
                // ignore
                }
            }
        } else {
        // ignore
        }
    } else {
    // nothing to do
    }
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 98 with InboundAuthenticationRequestConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListenerTest method createServiceProvider.

/**
 * Create service provider with required configurations.
 *
 * @param appId
 * @param hasAuthConfig
 * @param hasRequestConfig
 * @param authType
 * @param propName
 * @return
 */
private ServiceProvider createServiceProvider(int appId, boolean hasAuthConfig, boolean hasRequestConfig, String authType, String propName) {
    ServiceProvider serviceProvider = new ServiceProvider();
    serviceProvider.setApplicationID(appId);
    if (hasAuthConfig) {
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        if (hasRequestConfig) {
            InboundAuthenticationRequestConfig[] requestConfig = new InboundAuthenticationRequestConfig[1];
            requestConfig[0] = new InboundAuthenticationRequestConfig();
            requestConfig[0].setInboundAuthType(authType);
            requestConfig[0].setInboundAuthKey("authKey");
            Property[] properties = new Property[1];
            properties[0] = new Property();
            properties[0].setName(propName);
            requestConfig[0].setProperties(properties);
            inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(requestConfig);
        } else {
            inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(null);
        }
        serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    }
    return serviceProvider;
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 99 with InboundAuthenticationRequestConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class DCRManagementService method createOAuthApplication.

/**
 * @param profile - RegistrationRequestProfile of the OAuth application to be created.
 * @return RegistrationResponseProfile object which holds the necessary data of created OAuth app.
 * @throws DCRException
 * @throws IdentityException
 */
private RegistrationResponseProfile createOAuthApplication(RegistrationRequestProfile profile) throws DCRException {
    // Subscriber's name should be passed as a parameter, since it's under the subscriber
    // the OAuth App is created.
    String owner = profile.getOwner();
    // Replace all unsupported characters
    String ownerName = owner.replaceAll(String.valueOf(DCRConstants.UNSUPPORTED_CHARACTERS_IN_REGISTRY), "_");
    String applicationName = ownerName + "_" + profile.getClientName();
    // Regex validation of the application name.
    if (!DCRMUtils.isRegexValidated(applicationName)) {
        throw new DCRException("The Application name: " + applicationName + " is not valid! It is not adhering to" + " the regex: " + DCRMUtils.getSPValidatorRegex());
    }
    String grantType = StringUtils.join(profile.getGrantTypes(), " ");
    String baseUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
    String userName = MultitenantUtils.getTenantAwareUsername(profile.getOwner());
    PrivilegedCarbonContext.startTenantFlow();
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(profile.getTenantDomain(), true);
    // Acting as the provided user. When creating Service Provider/OAuth App,
    // username is fetched from CarbonContext
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(userName);
    try {
        // Create the Service Provider
        ServiceProvider serviceProvider = new ServiceProvider();
        serviceProvider.setApplicationName(applicationName);
        User user = new User();
        user.setUserName(UserCoreUtil.removeDomainFromName(userName));
        user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(userName));
        user.setTenantDomain(profile.getTenantDomain());
        serviceProvider.setOwner(user);
        serviceProvider.setDescription("Service Provider for application " + applicationName);
        ApplicationManagementService appMgtService = DCRDataHolder.getInstance().getApplicationManagementService();
        ServiceProvider existingServiceProvider = null;
        ServiceProvider createdServiceProvider = null;
        try {
            existingServiceProvider = appMgtService.getServiceProvider(applicationName, profile.getTenantDomain());
            if (existingServiceProvider == null) {
                appMgtService.createApplication(serviceProvider, profile.getTenantDomain(), userName);
                createdServiceProvider = appMgtService.getServiceProvider(applicationName, profile.getTenantDomain());
            } else {
                String errorMessage = "Service Provider with name: " + applicationName + " already registered";
                throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
            }
        } catch (IdentityApplicationManagementException e) {
            String errorMessage = "Error occurred while reading service provider, " + applicationName;
            throw IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), errorMessage, e);
        }
        if (createdServiceProvider == null) {
            String errorMessage = "Couldn't create Service Provider Application " + applicationName;
            throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
        }
        // Set SaaS app option
        createdServiceProvider.setSaasApp(false);
        // Then Create OAuthApp
        OAuthAdminService oAuthAdminService = new OAuthAdminService();
        OAuthConsumerAppDTO oAuthConsumerApp = new OAuthConsumerAppDTO();
        oAuthConsumerApp.setApplicationName(applicationName);
        // TODO: After implement multi-urls to the oAuth application, we have to change this API call
        if (profile.getRedirectUris().size() == 0 && (profile.getGrantTypes().contains(DCRConstants.GrantTypes.AUTHORIZATION_CODE) || profile.getGrantTypes().contains(DCRConstants.GrantTypes.IMPLICIT))) {
            String errorMessage = "RedirectUris property must have at least one URI value.";
            throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
        } else if (profile.getRedirectUris().size() == 1) {
            String redirectUri = profile.getRedirectUris().get(0);
            try {
                // validate the redirect uri
                IdentityValidationUtil.getValidInputOverWhiteListPatterns(redirectUri, new String[] { IdentityValidationUtil.ValidatorPattern.URL_WITHOUT_FRAGMENT.name() });
                oAuthConsumerApp.setCallbackUrl(redirectUri);
            } catch (IdentityValidationException e) {
                // TODO: need to add error code
                throw IdentityException.error(DCRException.class, "Redirect URI: " + redirectUri + ", is invalid", e);
            }
        } else if (profile.getRedirectUris().size() > 1) {
            oAuthConsumerApp.setCallbackUrl(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX + createRegexPattern(profile.getRedirectUris()));
        }
        oAuthConsumerApp.setGrantTypes(grantType);
        oAuthConsumerApp.setOAuthVersion(OAUTH_VERSION);
        if (log.isDebugEnabled()) {
            log.debug("Creating OAuth App " + applicationName);
        }
        OAuthConsumerAppDTO createdApp;
        try {
            createdApp = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerApp);
        } catch (IdentityOAuthAdminException e) {
            throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), e.getMessage());
        }
        if (log.isDebugEnabled()) {
            log.debug("Created OAuth App " + applicationName);
            log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName());
        }
        // Set the OAuthApp in InboundAuthenticationConfig
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        List<InboundAuthenticationRequestConfig> inboundAuthenticationRequestConfigs = new ArrayList<>();
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
        inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2);
        String oauthConsumerSecret = createdApp.getOauthConsumerSecret();
        if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
            Property property = new Property();
            property.setName(OAUTH_CONSUMER_SECRET);
            property.setValue(oauthConsumerSecret);
            Property[] properties = { property };
            inboundAuthenticationRequestConfig.setProperties(properties);
        }
        inboundAuthenticationRequestConfigs.add(inboundAuthenticationRequestConfig);
        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs.toArray(new InboundAuthenticationRequestConfig[inboundAuthenticationRequestConfigs.size()]));
        createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
        // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
        try {
            appMgtService.updateApplication(createdServiceProvider, profile.getTenantDomain(), userName);
        } catch (IdentityApplicationManagementException e) {
            throw IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), e.getMessage());
        }
        RegistrationResponseProfile registrationResponseProfile = new RegistrationResponseProfile();
        registrationResponseProfile.setClientId(createdApp.getOauthConsumerKey());
        registrationResponseProfile.getRedirectUrls().add(createdApp.getCallbackUrl());
        registrationResponseProfile.setClientSecret(oauthConsumerSecret);
        registrationResponseProfile.setClientName(createdApp.getApplicationName());
        registrationResponseProfile.setClientSecretExpiresAt(DEFAULT_CLIENT_SECRET_EXPIRY_TIME);
        if (StringUtils.isNotBlank(createdApp.getGrantTypes())) {
            String[] split = createdApp.getGrantTypes().split(" ");
            registrationResponseProfile.setGrantTypes(Arrays.asList(split));
        }
        return registrationResponseProfile;
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(baseUser);
    }
}
Also used : IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException) User(org.wso2.carbon.identity.application.common.model.User) InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) OAuthAdminService(org.wso2.carbon.identity.oauth.OAuthAdminService) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO) ArrayList(java.util.ArrayList) RegistrationResponseProfile(org.wso2.carbon.identity.oauth.dcr.model.RegistrationResponseProfile) IdentityValidationException(org.wso2.carbon.identity.base.IdentityValidationException) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) DCRException(org.wso2.carbon.identity.oauth.dcr.DCRException) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 100 with InboundAuthenticationRequestConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class DCRMService method updateServiceProviderWithOAuthAppDetails.

private void updateServiceProviderWithOAuthAppDetails(ServiceProvider serviceProvider, OAuthConsumerAppDTO createdApp, String applicationOwner, String tenantDomain) throws DCRMException {
    // Update created service provider, InboundAuthenticationConfig with OAuth application info.
    InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
    List<InboundAuthenticationRequestConfig> inboundAuthenticationRequestConfigs = new ArrayList<>();
    InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
    inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
    inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2);
    inboundAuthenticationRequestConfigs.add(inboundAuthenticationRequestConfig);
    inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs.toArray(new InboundAuthenticationRequestConfig[inboundAuthenticationRequestConfigs.size()]));
    serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    // Set SaaS app option
    serviceProvider.setSaasApp(false);
    // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
    updateServiceProvider(serviceProvider, tenantDomain, applicationOwner);
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) ArrayList(java.util.ArrayList) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)

Aggregations

InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)54 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)39 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)37 ArrayList (java.util.ArrayList)24 Property (org.wso2.carbon.identity.application.common.model.xsd.Property)23 InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)21 InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)15 Property (org.wso2.carbon.identity.application.common.model.Property)14 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)13 Test (org.testng.annotations.Test)12 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)12 Property (org.wso2.carbon.identity.application.common.model.idp.xsd.Property)9 OutboundProvisioningConfig (org.wso2.carbon.identity.application.common.model.xsd.OutboundProvisioningConfig)9 IdentityOAuthAdminException (org.wso2.carbon.identity.oauth.IdentityOAuthAdminException)7 OAuthConsumerAppDTO (org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO)7 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig)6 IdentityProvider (org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider)6 AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)6 Claim (org.wso2.carbon.identity.application.common.model.xsd.Claim)6 ClaimConfig (org.wso2.carbon.identity.application.common.model.xsd.ClaimConfig)6