use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.
the class DefaultApplicationValidator method validateLocalAndOutBoundAuthenticationConfig.
/**
* Validate local and outbound authenticator related configurations and append to the validation msg list.
*
* @param validationMsg validation error messages
* @param localAndOutBoundAuthenticationConfig local and out bound authentication config
* @param tenantDomain tenant domain
* @throws IdentityApplicationManagementException Identity Application Management Exception when unable to get the
* authenticator params
*/
private void validateLocalAndOutBoundAuthenticationConfig(List<String> validationMsg, LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig, String tenantDomain) throws IdentityApplicationManagementException {
if (localAndOutBoundAuthenticationConfig == null) {
return;
}
AuthenticationStep[] authenticationSteps = localAndOutBoundAuthenticationConfig.getAuthenticationSteps();
if (authenticationSteps == null || authenticationSteps.length == 0) {
return;
}
ApplicationManagementService applicationMgtService = ApplicationManagementService.getInstance();
Map<String, Property[]> allLocalAuthenticators = Arrays.stream(applicationMgtService.getAllLocalAuthenticators(tenantDomain)).collect(Collectors.toMap(LocalAuthenticatorConfig::getName, LocalAuthenticatorConfig::getProperties));
AtomicBoolean isAuthenticatorIncluded = new AtomicBoolean(false);
for (AuthenticationStep authenticationStep : authenticationSteps) {
for (IdentityProvider idp : authenticationStep.getFederatedIdentityProviders()) {
validateFederatedIdp(idp, isAuthenticatorIncluded, validationMsg, tenantDomain);
}
for (LocalAuthenticatorConfig localAuth : authenticationStep.getLocalAuthenticatorConfigs()) {
if (!allLocalAuthenticators.containsKey(localAuth.getName())) {
validationMsg.add(String.format(AUTHENTICATOR_NOT_AVAILABLE, localAuth.getName()));
} else if (!isAuthenticatorIncluded.get()) {
Property[] properties = allLocalAuthenticators.get(localAuth.getName());
if (properties.length == 0) {
isAuthenticatorIncluded.set(true);
} else {
for (Property property : properties) {
if (!(IS_HANDLER.equals(property.getName()) && Boolean.parseBoolean(property.getValue()))) {
isAuthenticatorIncluded.set(true);
}
}
}
}
}
}
if (!isAuthenticatorIncluded.get()) {
validationMsg.add("No authenticator have been registered in the authentication flow.");
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.
the class ApplicationManagementServiceImplTest method addApplicationConfigurations.
private void addApplicationConfigurations(ServiceProvider serviceProvider) {
serviceProvider.setDescription("Created for testing");
serviceProvider.setSaasApp(TRUE);
// Inbound Authentication Configurations.
InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
InboundAuthenticationRequestConfig authRequestConfig = new InboundAuthenticationRequestConfig();
authRequestConfig.setInboundAuthKey("auth key");
authRequestConfig.setInboundAuthType("oauth2");
InboundAuthenticationRequestConfig[] authRequests = new InboundAuthenticationRequestConfig[] { authRequestConfig };
inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(authRequests);
serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
// Inbound Provisioning Configurations.
InboundProvisioningConfig provisioningConfig = new InboundProvisioningConfig();
provisioningConfig.setProvisioningUserStore("UserStore");
serviceProvider.setInboundProvisioningConfig(provisioningConfig);
// OutBound Provisioning Configurations.
IdentityProvider provisioningIdP = new IdentityProvider();
provisioningIdP.setIdentityProviderName("Provisioning IdP");
OutboundProvisioningConfig outboundProvisioningConfig = new OutboundProvisioningConfig();
outboundProvisioningConfig.setProvisioningIdentityProviders(new IdentityProvider[] { provisioningIdP });
ProvisioningConnectorConfig provisioningConnectorConfig = new ProvisioningConnectorConfig();
provisioningConnectorConfig.setName("Provisioning connector");
provisioningIdP.setDefaultProvisioningConnectorConfig(provisioningConnectorConfig);
serviceProvider.setOutboundProvisioningConfig(outboundProvisioningConfig);
// Local And OutBound Authentication Configuration.
LocalAndOutboundAuthenticationConfig authenticationConfig = new LocalAndOutboundAuthenticationConfig();
AuthenticationStep authenticationStep = new AuthenticationStep();
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setIdentityProviderName(IDP_NAME_1);
FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
federatedAuthenticatorConfig.setName("Federated authenticator");
identityProvider.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
authenticationStep.setFederatedIdentityProviders(new IdentityProvider[] { identityProvider });
LocalAuthenticatorConfig localAuthenticatorConfig = new LocalAuthenticatorConfig();
localAuthenticatorConfig.setName("Local authenticator");
authenticationStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[] { localAuthenticatorConfig });
authenticationConfig.setAuthenticationSteps(new AuthenticationStep[] { authenticationStep });
serviceProvider.setLocalAndOutBoundAuthenticationConfig(authenticationConfig);
// Request Path Authenticator Configuration.
RequestPathAuthenticatorConfig requestPathAuthenticatorConfig = new RequestPathAuthenticatorConfig();
requestPathAuthenticatorConfig.setName("Request path authenticator");
serviceProvider.setRequestPathAuthenticatorConfigs(new RequestPathAuthenticatorConfig[] { requestPathAuthenticatorConfig });
// Claim Configurations.
ClaimConfig claimConfig = new ClaimConfig();
claimConfig.setRoleClaimURI("Role claim uri");
claimConfig.setSpClaimDialects(new String[] { "SP claim dialect" });
ClaimMapping claimMapping = new ClaimMapping();
Claim localClaim = new Claim();
localClaim.setClaimUri("Local claim uri");
Claim remoteClaim = new Claim();
remoteClaim.setClaimUri("Remote claim uri");
claimMapping.setLocalClaim(localClaim);
claimMapping.setRemoteClaim(remoteClaim);
claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
serviceProvider.setClaimConfig(claimConfig);
// Permission Role Configurations.
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
RoleMapping roleMapping = new RoleMapping();
LocalRole localRole = new LocalRole("Local role");
roleMapping.setLocalRole(localRole);
roleMapping.setRemoteRole("Remote role");
RoleMapping[] roleMappings = new RoleMapping[] { roleMapping };
permissionsAndRoleConfig.setRoleMappings(roleMappings);
}
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.
the class DefaultAuthSeqMgtServiceImpl method validateAuthSeqConfiguration.
private void validateAuthSeqConfiguration(DefaultAuthenticationSequence sequence, String tenantDomain, String errorMsg) throws DefaultAuthSeqMgtException {
List<String> validationMsg = new ArrayList<>();
LocalAndOutboundAuthenticationConfig authenticationConfig = sequence.getContent();
if (authenticationConfig == null) {
return;
}
AuthenticationStep[] authenticationSteps = authenticationConfig.getAuthenticationSteps();
if (authenticationSteps == null || authenticationSteps.length == 0) {
return;
}
Map<String, Property[]> allLocalAuthenticators;
try {
allLocalAuthenticators = getAllLocalAuthenticators(tenantDomain);
} catch (IdentityApplicationManagementException e) {
throw new DefaultAuthSeqMgtServerException(errorMsg, e);
}
AtomicBoolean isAuthenticatorIncluded = new AtomicBoolean(false);
for (AuthenticationStep authenticationStep : authenticationSteps) {
if (authenticationStep == null || (authenticationStep.getFederatedIdentityProviders() == null && authenticationStep.getLocalAuthenticatorConfigs() == null)) {
validationMsg.add("Some authentication steps do not have authenticators.");
break;
}
for (IdentityProvider idp : authenticationStep.getFederatedIdentityProviders()) {
validateFederatedIdp(idp, isAuthenticatorIncluded, validationMsg, tenantDomain);
}
validateLocalAuthenticatorConfig(validationMsg, allLocalAuthenticators, isAuthenticatorIncluded, authenticationStep);
}
if (!isAuthenticatorIncluded.get()) {
validationMsg.add("No authenticator have been registered in the authentication flow.");
}
if (!validationMsg.isEmpty()) {
log.error(errorMsg + tenantDomain);
for (String msg : validationMsg) {
log.error(msg);
}
throw new DefaultAuthSeqMgtException(validationMsg.toArray(new String[0]));
}
removeUnsupportedConfigurations(authenticationConfig);
}
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.
the class SSOConsentServiceImplTest method testGetConsentRequiredClaimsWithExistingConsents.
@Test
public void testGetConsentRequiredClaimsWithExistingConsents() throws Exception {
ServiceProvider serviceProvider = new ServiceProvider();
serviceProvider.setApplicationName("Travelocity.com");
User user = new User();
user.setTenantDomain("carbon.super");
user.setUserStoreDomain("PRIMARY");
serviceProvider.setOwner(user);
ClaimConfig claimConfig = new ClaimConfig();
Claim tempClaim1 = new Claim();
tempClaim1.setClaimUri("http://wso2.org/claims/organization");
ClaimMapping tempClaimMapping1 = new ClaimMapping();
tempClaimMapping1.setRequested(true);
tempClaimMapping1.setMandatory(false);
tempClaimMapping1.setLocalClaim(tempClaim1);
tempClaimMapping1.setRemoteClaim(tempClaim1);
Claim tempClaim2 = new Claim();
tempClaim2.setClaimUri("http://wso2.org/claims/country");
ClaimMapping tempClaimMapping2 = new ClaimMapping();
tempClaimMapping2.setRequested(true);
tempClaimMapping2.setMandatory(true);
tempClaimMapping2.setLocalClaim(tempClaim2);
tempClaimMapping2.setRemoteClaim(tempClaim2);
claimConfig.setClaimMappings(new ClaimMapping[] { tempClaimMapping1, tempClaimMapping2 });
serviceProvider.setClaimConfig(claimConfig);
LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
localAndOutboundAuthenticationConfig.setSubjectClaimUri(null);
serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
AuthenticatedUser authenticatedUser = getAuthenticatedUser();
mockStatic(IdentityUtil.class);
when(IdentityUtil.getProperty("Consent.PromptSubjectClaimRequestedConsent")).thenReturn(null);
mockCarbonContextForTenant();
mockStatic(FrameworkServiceDataHolder.class);
when(FrameworkServiceDataHolder.getInstance()).thenReturn(frameworkServiceDataHolder);
setConsentManagerConfigurationHolder();
RealmService realmService = mock(RealmService.class);
configurationHolder.setRealmService(realmService);
ConsentManager consentManager = new ConsentManagerImpl(configurationHolder);
when(frameworkServiceDataHolder.getConsentManager()).thenReturn(consentManager);
mockStatic(ConsentUtils.class);
when(ConsentUtils.getTenantDomainFromCarbonContext()).thenReturn("carbon.super");
mockRealmService(realmService);
when(frameworkServiceDataHolder.getClaimMetadataManagementService()).thenReturn(claimMetadataManagementService);
List<LocalClaim> localClaims = new ArrayList<>();
LocalClaim localClaim = new LocalClaim("http://wso2.org/claims/country");
LocalClaim localClaim2 = new LocalClaim("http://wso2.org/claims/organization");
localClaims.add(localClaim);
localClaims.add(localClaim2);
when(claimMetadataManagementService.getLocalClaims(anyString())).thenReturn(localClaims);
ConsentClaimsData consentClaimsData = ssoConsentService.getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser);
assertEquals(consentClaimsData.getRequestedClaims().get(0).getClaimUri(), "http://wso2.org/claims/organization", "Incorrect requested claim URI");
assertEquals(consentClaimsData.getMandatoryClaims().get(0).getClaimUri(), "http://wso2.org/claims/country", "Incorrect mandatory claim URI");
assertNotNull(consentClaimsData.getMandatoryClaims().get(0).getClaimUri());
}
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.
the class SSOConsentServiceImplTest method testGetClaimsWithConsents.
@Test
public void testGetClaimsWithConsents() throws Exception {
ServiceProvider serviceProvider = new ServiceProvider();
serviceProvider.setApplicationName("Travelocity.com");
User user = new User();
user.setTenantDomain("carbon.super");
user.setUserStoreDomain("PRIMARY");
serviceProvider.setOwner(user);
ClaimConfig claimConfig = new ClaimConfig();
Claim tempClaim = new Claim();
tempClaim.setClaimUri(TEMPORARY_CLAIM_URI);
ClaimMapping tempClaimMapping = new ClaimMapping();
tempClaimMapping.setRequested(true);
tempClaimMapping.setLocalClaim(tempClaim);
tempClaimMapping.setRemoteClaim(tempClaim);
claimConfig.setClaimMappings(new ClaimMapping[] { tempClaimMapping });
serviceProvider.setClaimConfig(claimConfig);
LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
localAndOutboundAuthenticationConfig.setSubjectClaimUri(null);
serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
AuthenticatedUser authenticatedUser = getAuthenticatedUser();
mockCarbonContextForTenant();
mockStatic(FrameworkServiceDataHolder.class);
when(FrameworkServiceDataHolder.getInstance()).thenReturn(frameworkServiceDataHolder);
setConsentManagerConfigurationHolder();
RealmService realmService = mock(RealmService.class);
configurationHolder.setRealmService(realmService);
ConsentManager consentManager = new ConsentManagerImpl(configurationHolder);
when(frameworkServiceDataHolder.getConsentManager()).thenReturn(consentManager);
mockStatic(ConsentUtils.class);
when(ConsentUtils.getTenantDomainFromCarbonContext()).thenReturn("carbon.super");
mockRealmService(realmService);
assertNotNull(ssoConsentService.getClaimsWithConsents(serviceProvider, authenticatedUser));
}
Aggregations