Search in sources :

Example 6 with LocalAndOutboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.

the class DefaultApplicationValidator method validateLocalAndOutBoundAuthenticationConfig.

/**
 * Validate local and outbound authenticator related configurations and append to the validation msg list.
 *
 * @param validationMsg                        validation error messages
 * @param localAndOutBoundAuthenticationConfig local and out bound authentication config
 * @param tenantDomain                         tenant domain
 * @throws IdentityApplicationManagementException Identity Application Management Exception when unable to get the
 *                                                authenticator params
 */
private void validateLocalAndOutBoundAuthenticationConfig(List<String> validationMsg, LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig, String tenantDomain) throws IdentityApplicationManagementException {
    if (localAndOutBoundAuthenticationConfig == null) {
        return;
    }
    AuthenticationStep[] authenticationSteps = localAndOutBoundAuthenticationConfig.getAuthenticationSteps();
    if (authenticationSteps == null || authenticationSteps.length == 0) {
        return;
    }
    ApplicationManagementService applicationMgtService = ApplicationManagementService.getInstance();
    Map<String, Property[]> allLocalAuthenticators = Arrays.stream(applicationMgtService.getAllLocalAuthenticators(tenantDomain)).collect(Collectors.toMap(LocalAuthenticatorConfig::getName, LocalAuthenticatorConfig::getProperties));
    AtomicBoolean isAuthenticatorIncluded = new AtomicBoolean(false);
    for (AuthenticationStep authenticationStep : authenticationSteps) {
        for (IdentityProvider idp : authenticationStep.getFederatedIdentityProviders()) {
            validateFederatedIdp(idp, isAuthenticatorIncluded, validationMsg, tenantDomain);
        }
        for (LocalAuthenticatorConfig localAuth : authenticationStep.getLocalAuthenticatorConfigs()) {
            if (!allLocalAuthenticators.containsKey(localAuth.getName())) {
                validationMsg.add(String.format(AUTHENTICATOR_NOT_AVAILABLE, localAuth.getName()));
            } else if (!isAuthenticatorIncluded.get()) {
                Property[] properties = allLocalAuthenticators.get(localAuth.getName());
                if (properties.length == 0) {
                    isAuthenticatorIncluded.set(true);
                } else {
                    for (Property property : properties) {
                        if (!(IS_HANDLER.equals(property.getName()) && Boolean.parseBoolean(property.getValue()))) {
                            isAuthenticatorIncluded.set(true);
                        }
                    }
                }
            }
        }
    }
    if (!isAuthenticatorIncluded.get()) {
        validationMsg.add("No authenticator have been registered in the authentication flow.");
    }
}
Also used : AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 7 with LocalAndOutboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.

the class ApplicationManagementServiceImplTest method addApplicationConfigurations.

private void addApplicationConfigurations(ServiceProvider serviceProvider) {
    serviceProvider.setDescription("Created for testing");
    serviceProvider.setSaasApp(TRUE);
    // Inbound Authentication Configurations.
    InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
    InboundAuthenticationRequestConfig authRequestConfig = new InboundAuthenticationRequestConfig();
    authRequestConfig.setInboundAuthKey("auth key");
    authRequestConfig.setInboundAuthType("oauth2");
    InboundAuthenticationRequestConfig[] authRequests = new InboundAuthenticationRequestConfig[] { authRequestConfig };
    inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(authRequests);
    serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    // Inbound Provisioning Configurations.
    InboundProvisioningConfig provisioningConfig = new InboundProvisioningConfig();
    provisioningConfig.setProvisioningUserStore("UserStore");
    serviceProvider.setInboundProvisioningConfig(provisioningConfig);
    // OutBound Provisioning Configurations.
    IdentityProvider provisioningIdP = new IdentityProvider();
    provisioningIdP.setIdentityProviderName("Provisioning IdP");
    OutboundProvisioningConfig outboundProvisioningConfig = new OutboundProvisioningConfig();
    outboundProvisioningConfig.setProvisioningIdentityProviders(new IdentityProvider[] { provisioningIdP });
    ProvisioningConnectorConfig provisioningConnectorConfig = new ProvisioningConnectorConfig();
    provisioningConnectorConfig.setName("Provisioning connector");
    provisioningIdP.setDefaultProvisioningConnectorConfig(provisioningConnectorConfig);
    serviceProvider.setOutboundProvisioningConfig(outboundProvisioningConfig);
    // Local And OutBound Authentication Configuration.
    LocalAndOutboundAuthenticationConfig authenticationConfig = new LocalAndOutboundAuthenticationConfig();
    AuthenticationStep authenticationStep = new AuthenticationStep();
    IdentityProvider identityProvider = new IdentityProvider();
    identityProvider.setIdentityProviderName(IDP_NAME_1);
    FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    federatedAuthenticatorConfig.setName("Federated authenticator");
    identityProvider.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
    authenticationStep.setFederatedIdentityProviders(new IdentityProvider[] { identityProvider });
    LocalAuthenticatorConfig localAuthenticatorConfig = new LocalAuthenticatorConfig();
    localAuthenticatorConfig.setName("Local authenticator");
    authenticationStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[] { localAuthenticatorConfig });
    authenticationConfig.setAuthenticationSteps(new AuthenticationStep[] { authenticationStep });
    serviceProvider.setLocalAndOutBoundAuthenticationConfig(authenticationConfig);
    // Request Path Authenticator Configuration.
    RequestPathAuthenticatorConfig requestPathAuthenticatorConfig = new RequestPathAuthenticatorConfig();
    requestPathAuthenticatorConfig.setName("Request path authenticator");
    serviceProvider.setRequestPathAuthenticatorConfigs(new RequestPathAuthenticatorConfig[] { requestPathAuthenticatorConfig });
    // Claim Configurations.
    ClaimConfig claimConfig = new ClaimConfig();
    claimConfig.setRoleClaimURI("Role claim uri");
    claimConfig.setSpClaimDialects(new String[] { "SP claim dialect" });
    ClaimMapping claimMapping = new ClaimMapping();
    Claim localClaim = new Claim();
    localClaim.setClaimUri("Local claim uri");
    Claim remoteClaim = new Claim();
    remoteClaim.setClaimUri("Remote claim uri");
    claimMapping.setLocalClaim(localClaim);
    claimMapping.setRemoteClaim(remoteClaim);
    claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
    serviceProvider.setClaimConfig(claimConfig);
    // Permission Role Configurations.
    PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
    RoleMapping roleMapping = new RoleMapping();
    LocalRole localRole = new LocalRole("Local role");
    roleMapping.setLocalRole(localRole);
    roleMapping.setRemoteRole("Remote role");
    RoleMapping[] roleMappings = new RoleMapping[] { roleMapping };
    permissionsAndRoleConfig.setRoleMappings(roleMappings);
}
Also used : InboundProvisioningConfig(org.wso2.carbon.identity.application.common.model.InboundProvisioningConfig) InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) OutboundProvisioningConfig(org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig) Claim(org.wso2.carbon.identity.application.common.model.Claim)

Example 8 with LocalAndOutboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.

the class DefaultAuthSeqMgtServiceImpl method validateAuthSeqConfiguration.

private void validateAuthSeqConfiguration(DefaultAuthenticationSequence sequence, String tenantDomain, String errorMsg) throws DefaultAuthSeqMgtException {
    List<String> validationMsg = new ArrayList<>();
    LocalAndOutboundAuthenticationConfig authenticationConfig = sequence.getContent();
    if (authenticationConfig == null) {
        return;
    }
    AuthenticationStep[] authenticationSteps = authenticationConfig.getAuthenticationSteps();
    if (authenticationSteps == null || authenticationSteps.length == 0) {
        return;
    }
    Map<String, Property[]> allLocalAuthenticators;
    try {
        allLocalAuthenticators = getAllLocalAuthenticators(tenantDomain);
    } catch (IdentityApplicationManagementException e) {
        throw new DefaultAuthSeqMgtServerException(errorMsg, e);
    }
    AtomicBoolean isAuthenticatorIncluded = new AtomicBoolean(false);
    for (AuthenticationStep authenticationStep : authenticationSteps) {
        if (authenticationStep == null || (authenticationStep.getFederatedIdentityProviders() == null && authenticationStep.getLocalAuthenticatorConfigs() == null)) {
            validationMsg.add("Some authentication steps do not have authenticators.");
            break;
        }
        for (IdentityProvider idp : authenticationStep.getFederatedIdentityProviders()) {
            validateFederatedIdp(idp, isAuthenticatorIncluded, validationMsg, tenantDomain);
        }
        validateLocalAuthenticatorConfig(validationMsg, allLocalAuthenticators, isAuthenticatorIncluded, authenticationStep);
    }
    if (!isAuthenticatorIncluded.get()) {
        validationMsg.add("No authenticator have been registered in the authentication flow.");
    }
    if (!validationMsg.isEmpty()) {
        log.error(errorMsg + tenantDomain);
        for (String msg : validationMsg) {
            log.error(msg);
        }
        throw new DefaultAuthSeqMgtException(validationMsg.toArray(new String[0]));
    }
    removeUnsupportedConfigurations(authenticationConfig);
}
Also used : AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) ArrayList(java.util.ArrayList) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)

Example 9 with LocalAndOutboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.

the class SSOConsentServiceImplTest method testGetConsentRequiredClaimsWithExistingConsents.

@Test
public void testGetConsentRequiredClaimsWithExistingConsents() throws Exception {
    ServiceProvider serviceProvider = new ServiceProvider();
    serviceProvider.setApplicationName("Travelocity.com");
    User user = new User();
    user.setTenantDomain("carbon.super");
    user.setUserStoreDomain("PRIMARY");
    serviceProvider.setOwner(user);
    ClaimConfig claimConfig = new ClaimConfig();
    Claim tempClaim1 = new Claim();
    tempClaim1.setClaimUri("http://wso2.org/claims/organization");
    ClaimMapping tempClaimMapping1 = new ClaimMapping();
    tempClaimMapping1.setRequested(true);
    tempClaimMapping1.setMandatory(false);
    tempClaimMapping1.setLocalClaim(tempClaim1);
    tempClaimMapping1.setRemoteClaim(tempClaim1);
    Claim tempClaim2 = new Claim();
    tempClaim2.setClaimUri("http://wso2.org/claims/country");
    ClaimMapping tempClaimMapping2 = new ClaimMapping();
    tempClaimMapping2.setRequested(true);
    tempClaimMapping2.setMandatory(true);
    tempClaimMapping2.setLocalClaim(tempClaim2);
    tempClaimMapping2.setRemoteClaim(tempClaim2);
    claimConfig.setClaimMappings(new ClaimMapping[] { tempClaimMapping1, tempClaimMapping2 });
    serviceProvider.setClaimConfig(claimConfig);
    LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
    localAndOutboundAuthenticationConfig.setSubjectClaimUri(null);
    serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
    AuthenticatedUser authenticatedUser = getAuthenticatedUser();
    mockStatic(IdentityUtil.class);
    when(IdentityUtil.getProperty("Consent.PromptSubjectClaimRequestedConsent")).thenReturn(null);
    mockCarbonContextForTenant();
    mockStatic(FrameworkServiceDataHolder.class);
    when(FrameworkServiceDataHolder.getInstance()).thenReturn(frameworkServiceDataHolder);
    setConsentManagerConfigurationHolder();
    RealmService realmService = mock(RealmService.class);
    configurationHolder.setRealmService(realmService);
    ConsentManager consentManager = new ConsentManagerImpl(configurationHolder);
    when(frameworkServiceDataHolder.getConsentManager()).thenReturn(consentManager);
    mockStatic(ConsentUtils.class);
    when(ConsentUtils.getTenantDomainFromCarbonContext()).thenReturn("carbon.super");
    mockRealmService(realmService);
    when(frameworkServiceDataHolder.getClaimMetadataManagementService()).thenReturn(claimMetadataManagementService);
    List<LocalClaim> localClaims = new ArrayList<>();
    LocalClaim localClaim = new LocalClaim("http://wso2.org/claims/country");
    LocalClaim localClaim2 = new LocalClaim("http://wso2.org/claims/organization");
    localClaims.add(localClaim);
    localClaims.add(localClaim2);
    when(claimMetadataManagementService.getLocalClaims(anyString())).thenReturn(localClaims);
    ConsentClaimsData consentClaimsData = ssoConsentService.getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser);
    assertEquals(consentClaimsData.getRequestedClaims().get(0).getClaimUri(), "http://wso2.org/claims/organization", "Incorrect requested claim URI");
    assertEquals(consentClaimsData.getMandatoryClaims().get(0).getClaimUri(), "http://wso2.org/claims/country", "Incorrect mandatory claim URI");
    assertNotNull(consentClaimsData.getMandatoryClaims().get(0).getClaimUri());
}
Also used : User(org.wso2.carbon.identity.application.common.model.User) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) ConsentManagerImpl(org.wso2.carbon.consent.mgt.core.ConsentManagerImpl) ArrayList(java.util.ArrayList) LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim) ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) RealmService(org.wso2.carbon.user.core.service.RealmService) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) Claim(org.wso2.carbon.identity.application.common.model.Claim) LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 10 with LocalAndOutboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig in project carbon-identity-framework by wso2.

the class SSOConsentServiceImplTest method testGetClaimsWithConsents.

@Test
public void testGetClaimsWithConsents() throws Exception {
    ServiceProvider serviceProvider = new ServiceProvider();
    serviceProvider.setApplicationName("Travelocity.com");
    User user = new User();
    user.setTenantDomain("carbon.super");
    user.setUserStoreDomain("PRIMARY");
    serviceProvider.setOwner(user);
    ClaimConfig claimConfig = new ClaimConfig();
    Claim tempClaim = new Claim();
    tempClaim.setClaimUri(TEMPORARY_CLAIM_URI);
    ClaimMapping tempClaimMapping = new ClaimMapping();
    tempClaimMapping.setRequested(true);
    tempClaimMapping.setLocalClaim(tempClaim);
    tempClaimMapping.setRemoteClaim(tempClaim);
    claimConfig.setClaimMappings(new ClaimMapping[] { tempClaimMapping });
    serviceProvider.setClaimConfig(claimConfig);
    LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
    localAndOutboundAuthenticationConfig.setSubjectClaimUri(null);
    serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
    AuthenticatedUser authenticatedUser = getAuthenticatedUser();
    mockCarbonContextForTenant();
    mockStatic(FrameworkServiceDataHolder.class);
    when(FrameworkServiceDataHolder.getInstance()).thenReturn(frameworkServiceDataHolder);
    setConsentManagerConfigurationHolder();
    RealmService realmService = mock(RealmService.class);
    configurationHolder.setRealmService(realmService);
    ConsentManager consentManager = new ConsentManagerImpl(configurationHolder);
    when(frameworkServiceDataHolder.getConsentManager()).thenReturn(consentManager);
    mockStatic(ConsentUtils.class);
    when(ConsentUtils.getTenantDomainFromCarbonContext()).thenReturn("carbon.super");
    mockRealmService(realmService);
    assertNotNull(ssoConsentService.getClaimsWithConsents(serviceProvider, authenticatedUser));
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) User(org.wso2.carbon.identity.application.common.model.User) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) LocalAndOutboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) RealmService(org.wso2.carbon.user.core.service.RealmService) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ConsentManagerImpl(org.wso2.carbon.consent.mgt.core.ConsentManagerImpl) ConsentManager(org.wso2.carbon.consent.mgt.core.ConsentManager) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) Claim(org.wso2.carbon.identity.application.common.model.Claim) LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig)24 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig)13 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)12 AuthenticationStep (org.wso2.carbon.identity.application.common.model.AuthenticationStep)8 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)7 AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)7 PreparedStatement (java.sql.PreparedStatement)6 ArrayList (java.util.ArrayList)6 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6 Test (org.testng.annotations.Test)6 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)6 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig)6 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)5 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)5 ResultSet (java.sql.ResultSet)4 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)4 User (org.wso2.carbon.identity.application.common.model.User)4 InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)4 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)4 ApplicationConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)3