Search in sources :

Example 1 with LocalAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.

the class JsGraphBuilder method filterOptions.

/**
 * Filter out options in the step config to retain only the options provided in authentication options
 *
 * @param authenticationOptions Authentication options to keep
 * @param stepConfig            The step config to be modified
 */
protected void filterOptions(Map<String, Map<String, String>> authenticationOptions, StepConfig stepConfig) {
    Map<String, Set<String>> filteredOptions = new HashMap<>();
    authenticationOptions.forEach((id, option) -> {
        String idp = option.get(FrameworkConstants.JSAttributes.IDP);
        String authenticator = option.get(FrameworkConstants.JSAttributes.AUTHENTICATOR);
        if (StringUtils.isNotBlank(authenticator) && StringUtils.isBlank(idp)) {
            // If Idp is not set, but authenticator is set, idp is assumed as local
            idp = FrameworkConstants.LOCAL_IDP_NAME;
        }
        if (StringUtils.isNotBlank(idp)) {
            filteredOptions.putIfAbsent(idp, new HashSet<>());
            if (StringUtils.isNotBlank(authenticator)) {
                filteredOptions.get(idp).add(authenticator.toLowerCase());
            }
        }
    });
    if (log.isDebugEnabled()) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Set<String>> entry : filteredOptions.entrySet()) {
            sb.append('\n').append(entry.getKey()).append(" : ");
            sb.append(StringUtils.join(entry.getValue(), ","));
        }
        log.debug("Authenticator options: " + sb.toString());
    }
    Set<AuthenticatorConfig> authenticatorsToRemove = new HashSet<>();
    Map<String, AuthenticatorConfig> idpsToRemove = new HashMap<>();
    stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> authenticatorConfig.getIdps().forEach((idpName, idp) -> {
        Set<String> authenticators = filteredOptions.get(idpName);
        boolean removeOption = false;
        if (authenticators == null) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Authentication options didn't include idp: %s. Hence excluding from " + "options list", idpName));
            }
            removeOption = true;
        } else if (!authenticators.isEmpty()) {
            // Both idp and authenticator present, but authenticator is given by display name due to the fact
            // that it is the one available at UI. Should translate the display name to actual name, and
            // keep/remove option
            removeOption = true;
            if (FrameworkConstants.LOCAL_IDP_NAME.equals(idpName)) {
                List<LocalAuthenticatorConfig> localAuthenticators = ApplicationAuthenticatorService.getInstance().getLocalAuthenticators();
                for (LocalAuthenticatorConfig localAuthenticatorConfig : localAuthenticators) {
                    if (authenticatorConfig.getName().equals(localAuthenticatorConfig.getName()) && authenticators.contains(localAuthenticatorConfig.getDisplayName().toLowerCase())) {
                        removeOption = false;
                        break;
                    }
                }
                if (log.isDebugEnabled()) {
                    if (removeOption) {
                        log.debug(String.format("Authenticator options don't match any entry for local" + "authenticator: %s. Hence removing the option", authenticatorConfig.getName()));
                    } else {
                        log.debug(String.format("Authenticator options contained a match for local " + "authenticator: %s. Hence keeping the option", authenticatorConfig.getName()));
                    }
                }
            } else {
                for (FederatedAuthenticatorConfig federatedAuthConfig : idp.getFederatedAuthenticatorConfigs()) {
                    if (authenticatorConfig.getName().equals(federatedAuthConfig.getName()) && authenticators.contains(federatedAuthConfig.getDisplayName().toLowerCase())) {
                        removeOption = false;
                        break;
                    }
                }
                if (log.isDebugEnabled()) {
                    if (removeOption) {
                        log.debug(String.format("Authenticator options don't match any entry for idp: %s, " + "authenticator: %s. Hence removing the option", idpName, authenticatorConfig.getName()));
                    } else {
                        log.debug(String.format("Authenticator options contained a match for idp: %s, " + "authenticator: %s. Hence keeping the option", idpName, authenticatorConfig.getName()));
                    }
                }
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No authenticator filters for idp %s, hence keeping it as an option", idpName));
            }
        }
        if (removeOption) {
            if (authenticatorConfig.getIdps().size() > 1) {
                idpsToRemove.put(idpName, authenticatorConfig);
            } else {
                authenticatorsToRemove.add(authenticatorConfig);
            }
        }
    }));
    if (stepConfig.getAuthenticatorList().size() > authenticatorsToRemove.size()) {
        idpsToRemove.forEach((idp, authenticatorConfig) -> {
            int index = stepConfig.getAuthenticatorList().indexOf(authenticatorConfig);
            stepConfig.getAuthenticatorList().get(index).getIdps().remove(idp);
            stepConfig.getAuthenticatorList().get(index).getIdpNames().remove(idp);
            if (log.isDebugEnabled()) {
                log.debug("Removed " + idp + " option from " + authenticatorConfig.getName() + " as it " + "doesn't match the provided authenticator options");
            }
        });
        // If all idps are removed from the authenticator the authenticator should be removed.
        stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> {
            if (authenticatorConfig.getIdps().isEmpty()) {
                authenticatorsToRemove.add(authenticatorConfig);
            }
        });
        stepConfig.getAuthenticatorList().removeAll(authenticatorsToRemove);
        if (log.isDebugEnabled()) {
            log.debug("Removed " + authenticatorsToRemove.size() + " options which doesn't match the " + "provided authenticator options");
        }
    } else {
        log.warn("The filtered authenticator list is empty, hence proceeding without filtering");
    }
}
Also used : StringUtils(org.apache.commons.lang.StringUtils) Bindings(javax.script.Bindings) AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext) FrameworkConstants(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants) HashMap(java.util.HashMap) Function(java.util.function.Function) HashSet(java.util.HashSet) AuthenticationDecisionEvaluator(org.wso2.carbon.identity.application.authentication.framework.AuthenticationDecisionEvaluator) JSObject(jdk.nashorn.api.scripting.JSObject) Map(java.util.Map) JsFunctionRegistry(org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry) BiConsumer(java.util.function.BiConsumer) ScriptException(javax.script.ScriptException) FrameworkServiceComponent(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent) Compilable(javax.script.Compilable) MapUtils(org.apache.commons.collections.MapUtils) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) ApplicationAuthenticatorService(org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService) AsyncProcess(org.wso2.carbon.identity.application.authentication.framework.AsyncProcess) Set(java.util.Set) AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) UUID(java.util.UUID) FunctionLibrary(org.wso2.carbon.identity.functions.library.mgt.model.FunctionLibrary) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) Collectors(java.util.stream.Collectors) ScriptContext(javax.script.ScriptContext) Serializable(java.io.Serializable) FunctionLibraryManagementService(org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService) List(java.util.List) Invocable(javax.script.Invocable) FrameworkServiceDataHolder(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder) CarbonContext(org.wso2.carbon.context.CarbonContext) CompiledScript(javax.script.CompiledScript) ScriptEngine(javax.script.ScriptEngine) Log(org.apache.commons.logging.Log) FunctionLibraryManagementException(org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException) ScriptObjectMirror(jdk.nashorn.api.scripting.ScriptObjectMirror) LogFactory(org.apache.commons.logging.LogFactory) JsAuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticationContext) FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) Collections(java.util.Collections) AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 2 with LocalAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.

the class UIBasedConfigurationLoader method loadLocalAuthenticators.

protected void loadLocalAuthenticators(AuthenticationStep authenticationStep, StepConfig stepConfig) {
    LocalAuthenticatorConfig[] localAuthenticators = authenticationStep.getLocalAuthenticatorConfigs();
    if (localAuthenticators != null) {
        IdentityProvider localIdp = new IdentityProvider();
        localIdp.setIdentityProviderName(FrameworkConstants.LOCAL_IDP_NAME);
        // assign it to the step
        for (LocalAuthenticatorConfig localAuthenticator : localAuthenticators) {
            String actualAuthenticatorName = localAuthenticator.getName();
            loadStepAuthenticator(stepConfig, localIdp, actualAuthenticatorName);
        }
    }
}
Also used : LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)

Example 3 with LocalAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.

the class JsGraphBuilderTest method filterOptionsDataProvider.

@DataProvider
public Object[][] filterOptionsDataProvider() {
    ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().clear();
    LocalAuthenticatorConfig basic = new LocalAuthenticatorConfig();
    basic.setName("BasicAuthenticator");
    basic.setDisplayName("basic");
    LocalAuthenticatorConfig totp = new LocalAuthenticatorConfig();
    totp.setName("TOTPAuthenticator");
    totp.setDisplayName("totp");
    ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(basic);
    ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(totp);
    IdentityProvider localIdp = new IdentityProvider();
    localIdp.setId("LOCAL");
    localIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
    FederatedAuthenticatorConfig samlFederated = new FederatedAuthenticatorConfig();
    samlFederated.setDisplayName("samlsso");
    samlFederated.setName("SAMLAuthenticator");
    FederatedAuthenticatorConfig oidcFederated = new FederatedAuthenticatorConfig();
    oidcFederated.setDisplayName("oidc");
    oidcFederated.setName("OIDCAuthenticator");
    FederatedAuthenticatorConfig twitterFederated = new FederatedAuthenticatorConfig();
    twitterFederated.setDisplayName("twitter");
    twitterFederated.setName("TwitterAuthenticator");
    IdentityProvider customIdp1 = new IdentityProvider();
    customIdp1.setId("customIdp1");
    customIdp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { samlFederated, oidcFederated });
    customIdp1.setDefaultAuthenticatorConfig(samlFederated);
    IdentityProvider customIdp2 = new IdentityProvider();
    customIdp2.setId("customIdp2");
    customIdp2.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { twitterFederated });
    customIdp2.setDefaultAuthenticatorConfig(twitterFederated);
    AuthenticatorConfig basicAuthConfig = new AuthenticatorConfig();
    basicAuthConfig.setName("BasicAuthenticator");
    basicAuthConfig.setEnabled(true);
    basicAuthConfig.getIdps().put("LOCAL", localIdp);
    AuthenticatorConfig totpAuthConfig = new AuthenticatorConfig();
    totpAuthConfig.setName("TOTPAuthenticator");
    totpAuthConfig.setEnabled(true);
    totpAuthConfig.getIdps().put("LOCAL", localIdp);
    AuthenticatorConfig samlAuthConfig = new AuthenticatorConfig();
    samlAuthConfig.setName("SAMLAuthenticator");
    samlAuthConfig.setEnabled(true);
    samlAuthConfig.getIdps().put("customIdp1", customIdp1);
    AuthenticatorConfig oidcAuthConfig = new AuthenticatorConfig();
    oidcAuthConfig.setName("OIDCAuthenticator");
    oidcAuthConfig.setEnabled(true);
    oidcAuthConfig.getIdps().put("customIdp1", customIdp1);
    AuthenticatorConfig twitterAuthConfig = new AuthenticatorConfig();
    twitterAuthConfig.setName("TwitterAuthenticator");
    twitterAuthConfig.setEnabled(true);
    twitterAuthConfig.getIdps().put("customIdp2", customIdp2);
    StepConfig stepWithSingleOption = new StepConfig();
    stepWithSingleOption.setAuthenticatorList(Collections.singletonList(basicAuthConfig));
    Map<String, Map<String, String>> singleOptionConfig = new HashMap<>();
    singleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    StepConfig stepWithMultipleOptions = new StepConfig();
    stepWithMultipleOptions.setAuthenticatorList(new ArrayList<>(Arrays.asList(basicAuthConfig, totpAuthConfig, oidcAuthConfig, twitterAuthConfig)));
    Map<String, String> oidcOption = new HashMap<>();
    oidcOption.put("idp", "customIdp1");
    oidcOption.put("authenticator", "oidc");
    Map<String, String> twitterOption = new HashMap<>();
    twitterOption.put("idp", "customIdp2");
    twitterOption.put("authenticator", "twitter");
    Map<String, String> invalidOption = new HashMap<>();
    invalidOption.put("idp", "customIdp1");
    invalidOption.put("authenticator", "twitter");
    Map<String, Map<String, String>> multipleOptionConfig = new HashMap<>();
    multipleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    multipleOptionConfig.put("1", oidcOption);
    multipleOptionConfig.put("2", twitterOption);
    Map<String, Map<String, String>> multipleAndInvalidOptionConfig = new HashMap<>();
    multipleAndInvalidOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    multipleAndInvalidOptionConfig.put("1", oidcOption);
    multipleAndInvalidOptionConfig.put("2", invalidOption);
    Map<String, Map<String, String>> idpOnlyOptionConfig = new HashMap<>();
    idpOnlyOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
    idpOnlyOptionConfig.put("1", Collections.singletonMap("idp", "customIdp1"));
    Map<String, Map<String, String>> singleInvalidOptionConfig = new HashMap<>();
    singleInvalidOptionConfig.put("0", invalidOption);
    return new Object[][] { { singleOptionConfig, duplicateStepConfig(stepWithSingleOption), 1 }, { singleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 1 }, { multipleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 3 }, { multipleAndInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 }, { singleInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 4 }, { idpOnlyOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 } };
}
Also used : AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) HashMap(java.util.HashMap) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) HashMap(java.util.HashMap) Map(java.util.Map) DataProvider(org.testng.annotations.DataProvider)

Example 4 with LocalAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.

the class ApplicationManagementServiceImpl method getAllLocalAuthenticators.

@Override
public LocalAuthenticatorConfig[] getAllLocalAuthenticators(String tenantDomain) throws IdentityApplicationManagementException {
    try {
        startTenantFlow(tenantDomain);
        IdentityProviderDAO idpdao = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO();
        List<LocalAuthenticatorConfig> localAuthenticators = idpdao.getAllLocalAuthenticators();
        if (localAuthenticators != null) {
            return localAuthenticators.toArray(new LocalAuthenticatorConfig[localAuthenticators.size()]);
        }
        return new LocalAuthenticatorConfig[0];
    } catch (Exception e) {
        String error = "Error occurred while retrieving all Local Authenticators" + ". " + e.getMessage();
        throw new IdentityApplicationManagementException(error, e);
    } finally {
        endTenantFlow();
    }
}
Also used : IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) IdentityProviderDAO(org.wso2.carbon.identity.application.mgt.dao.IdentityProviderDAO) IdentityApplicationManagementClientException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException) TransformerException(javax.xml.transform.TransformerException) RegistryException(org.wso2.carbon.registry.api.RegistryException) IOException(java.io.IOException) IdentityApplicationManagementValidationException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) JAXBException(javax.xml.bind.JAXBException) IdentityApplicationRegistrationFailureException(org.wso2.carbon.identity.application.common.IdentityApplicationRegistrationFailureException) SAXException(org.xml.sax.SAXException) DefaultAuthSeqMgtException(org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityApplicationManagementServerException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 5 with LocalAuthenticatorConfig

use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method updateLocalAndOutboundAuthenticationConfiguration.

/**
 * @param applicationId
 * @param localAndOutboundAuthConfig
 * @param connection
 * @throws SQLException
 * @throws IdentityApplicationManagementException
 */
private void updateLocalAndOutboundAuthenticationConfiguration(int applicationId, LocalAndOutboundAuthenticationConfig localAndOutboundAuthConfig, Connection connection) throws SQLException, IdentityApplicationManagementException {
    int tenantID = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    if (localAndOutboundAuthConfig == null) {
        // no local or out-bound configuration for this service provider.
        return;
    }
    updateAuthenticationScriptConfiguration(applicationId, localAndOutboundAuthConfig, connection, tenantID);
    PreparedStatement updateAuthTypePrepStmt = null;
    PreparedStatement storeSendAuthListOfIdPsPrepStmt = null;
    try {
        storeSendAuthListOfIdPsPrepStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_SEND_AUTH_LIST_OF_IDPS);
        // IS_SEND_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?
        storeSendAuthListOfIdPsPrepStmt.setString(1, localAndOutboundAuthConfig.isAlwaysSendBackAuthenticatedListOfIdPs() ? "1" : "0");
        storeSendAuthListOfIdPsPrepStmt.setInt(2, tenantID);
        storeSendAuthListOfIdPsPrepStmt.setInt(3, applicationId);
        storeSendAuthListOfIdPsPrepStmt.executeUpdate();
    } finally {
        IdentityApplicationManagementUtil.closeStatement(storeSendAuthListOfIdPsPrepStmt);
    }
    PreparedStatement storeUseTenantDomainInLocalSubjectIdStmt = null;
    try {
        storeUseTenantDomainInLocalSubjectIdStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_USE_TENANT_DOMAIN_LOCAL_SUBJECT_ID);
        // IS_USE_TENANT_DIMAIN_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?
        storeUseTenantDomainInLocalSubjectIdStmt.setString(1, localAndOutboundAuthConfig.isUseTenantDomainInLocalSubjectIdentifier() ? "1" : "0");
        storeUseTenantDomainInLocalSubjectIdStmt.setInt(2, tenantID);
        storeUseTenantDomainInLocalSubjectIdStmt.setInt(3, applicationId);
        storeUseTenantDomainInLocalSubjectIdStmt.executeUpdate();
    } finally {
        IdentityApplicationManagementUtil.closeStatement(storeUseTenantDomainInLocalSubjectIdStmt);
    }
    PreparedStatement storeUseUserstoreDomainInLocalSubjectIdStmt = null;
    try {
        storeUseUserstoreDomainInLocalSubjectIdStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_USE_USERSTORE_DOMAIN_LOCAL_SUBJECT_ID);
        // IS_USE_USERSTORE_DIMAIN_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?
        storeUseUserstoreDomainInLocalSubjectIdStmt.setString(1, localAndOutboundAuthConfig.isUseUserstoreDomainInLocalSubjectIdentifier() ? "1" : "0");
        storeUseUserstoreDomainInLocalSubjectIdStmt.setInt(2, tenantID);
        storeUseUserstoreDomainInLocalSubjectIdStmt.setInt(3, applicationId);
        storeUseUserstoreDomainInLocalSubjectIdStmt.executeUpdate();
    } finally {
        IdentityApplicationManagementUtil.closeStatement(storeUseUserstoreDomainInLocalSubjectIdStmt);
    }
    PreparedStatement enableAuthzStmt = null;
    try {
        enableAuthzStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_ENABLE_AUTHORIZATION);
        enableAuthzStmt.setString(1, localAndOutboundAuthConfig.isEnableAuthorization() ? "1" : "0");
        enableAuthzStmt.setInt(2, tenantID);
        enableAuthzStmt.setInt(3, applicationId);
        enableAuthzStmt.executeUpdate();
    } finally {
        IdentityApplicationManagementUtil.closeStatement(enableAuthzStmt);
    }
    PreparedStatement storeSubjectClaimUri = null;
    try {
        storeSubjectClaimUri = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_SUBJECT_CLAIM_URI);
        // SUBJECT_CLAIM_URI=? WHERE TENANT_ID= ? AND ID = ?
        storeSubjectClaimUri.setString(1, localAndOutboundAuthConfig.getSubjectClaimUri());
        storeSubjectClaimUri.setInt(2, tenantID);
        storeSubjectClaimUri.setInt(3, applicationId);
        storeSubjectClaimUri.executeUpdate();
    } finally {
        IdentityApplicationManagementUtil.closeStatement(storeSubjectClaimUri);
    }
    AuthenticationStep[] authSteps = localAndOutboundAuthConfig.getAuthenticationSteps();
    if (authSteps == null || authSteps.length == 0) {
        // if no authentication steps defined - it should be the default behavior.
        localAndOutboundAuthConfig.setAuthenticationType(ApplicationConstants.AUTH_TYPE_DEFAULT);
    }
    try {
        if (localAndOutboundAuthConfig.getAuthenticationType() == null) {
            // no authentication type defined - set to default.
            localAndOutboundAuthConfig.setAuthenticationType(ApplicationConstants.AUTH_TYPE_DEFAULT);
        }
        updateAuthTypePrepStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_AUTH_TYPE);
        // AUTH_TYPE=? WHERE TENANT_ID= ? AND ID = ?
        updateAuthTypePrepStmt.setString(1, localAndOutboundAuthConfig.getAuthenticationType());
        updateAuthTypePrepStmt.setInt(2, tenantID);
        updateAuthTypePrepStmt.setInt(3, applicationId);
        updateAuthTypePrepStmt.execute();
    } finally {
        IdentityApplicationManagementUtil.closeStatement(updateAuthTypePrepStmt);
    }
    if (authSteps != null && authSteps.length > 0) {
        // we have authentications steps defined.
        PreparedStatement storeStepIDPAuthnPrepStmt = null;
        storeStepIDPAuthnPrepStmt = connection.prepareStatement(STORE_STEP_IDP_AUTH);
        try {
            if (ApplicationConstants.AUTH_TYPE_LOCAL.equalsIgnoreCase(localAndOutboundAuthConfig.getAuthenticationType())) {
                // only one local authenticator.
                if (authSteps.length != 1 || authSteps[0] == null || authSteps[0].getLocalAuthenticatorConfigs() == null || authSteps[0].getLocalAuthenticatorConfigs().length != 1 || (authSteps[0].getFederatedIdentityProviders() != null && authSteps[0].getFederatedIdentityProviders().length >= 1)) {
                    String errorMessage = "Invalid local authentication configuration." + " For local authentication there can only be only one authentication step and" + " only one local authenticator";
                    throw new IdentityApplicationManagementException(errorMessage);
                }
            } else if (ApplicationConstants.AUTH_TYPE_FEDERATED.equalsIgnoreCase(localAndOutboundAuthConfig.getAuthenticationType())) {
                // the corresponding authenticator.
                if (authSteps.length != 1 || authSteps[0] == null || authSteps[0].getFederatedIdentityProviders() == null || authSteps[0].getFederatedIdentityProviders().length != 1 || authSteps[0].getLocalAuthenticatorConfigs().length > 0) {
                    String errorMessage = "Invalid federated authentication configuration." + " For federated authentication there can only be only one authentication step and" + " only one federated authenticator";
                    throw new IdentityApplicationManagementException(errorMessage);
                }
                IdentityProvider fedIdp = authSteps[0].getFederatedIdentityProviders()[0];
                if (fedIdp.getDefaultAuthenticatorConfig() == null || fedIdp.getFederatedAuthenticatorConfigs() == null) {
                    IdentityProviderDAO idpDAO = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO();
                    String defualtAuthName = idpDAO.getDefaultAuthenticator(fedIdp.getIdentityProviderName());
                    // set the default authenticator.
                    FederatedAuthenticatorConfig defaultAuth = new FederatedAuthenticatorConfig();
                    defaultAuth.setName(defualtAuthName);
                    fedIdp.setDefaultAuthenticatorConfig(defaultAuth);
                    fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { defaultAuth });
                }
            }
            // iterating through each step.
            for (AuthenticationStep authStep : authSteps) {
                int stepId = 0;
                IdentityProvider[] federatedIdps = authStep.getFederatedIdentityProviders();
                // provider or a local authenticator.
                if ((federatedIdps == null || federatedIdps.length == 0) && (authStep.getLocalAuthenticatorConfigs() == null || authStep.getLocalAuthenticatorConfigs().length == 0)) {
                    String errorMesssage = "Invalid authentication configuration." + "An authentication step should have at least one federated identity " + "provider or a local authenticator";
                    throw new IdentityApplicationManagementException(errorMesssage);
                }
                // we have valid federated identity providers.
                PreparedStatement storeStepPrepStmtz = null;
                ResultSet result = null;
                try {
                    String dbProductName = connection.getMetaData().getDatabaseProductName();
                    storeStepPrepStmtz = connection.prepareStatement(STORE_STEP_INFO, new String[] { DBUtils.getConvertedAutoGeneratedColumnName(dbProductName, "ID") });
                    // TENANT_ID, STEP_ORDER, APP_ID
                    storeStepPrepStmtz.setInt(1, tenantID);
                    storeStepPrepStmtz.setInt(2, authStep.getStepOrder());
                    storeStepPrepStmtz.setInt(3, applicationId);
                    storeStepPrepStmtz.setString(4, authStep.isSubjectStep() ? "1" : "0");
                    storeStepPrepStmtz.setString(5, authStep.isAttributeStep() ? "1" : "0");
                    storeStepPrepStmtz.execute();
                    result = storeStepPrepStmtz.getGeneratedKeys();
                    if (result.next()) {
                        stepId = result.getInt(1);
                    }
                } finally {
                    IdentityApplicationManagementUtil.closeResultSet(result);
                    IdentityApplicationManagementUtil.closeStatement(storeStepPrepStmtz);
                }
                if (authStep.getLocalAuthenticatorConfigs() != null && authStep.getLocalAuthenticatorConfigs().length > 0) {
                    for (LocalAuthenticatorConfig lclAuthenticator : authStep.getLocalAuthenticatorConfigs()) {
                        // set the identity provider name to LOCAL.
                        int authenticatorId = getAuthentictorID(connection, tenantID, ApplicationConstants.LOCAL_IDP_NAME, lclAuthenticator.getName());
                        if (authenticatorId < 0) {
                            authenticatorId = addAuthenticator(connection, tenantID, ApplicationConstants.LOCAL_IDP_NAME, lclAuthenticator.getName(), lclAuthenticator.getDisplayName());
                        }
                        if (authenticatorId > 0) {
                            // ID, TENANT_ID, AUTHENTICATOR_ID
                            storeStepIDPAuthnPrepStmt.setInt(1, stepId);
                            storeStepIDPAuthnPrepStmt.setInt(2, tenantID);
                            storeStepIDPAuthnPrepStmt.setInt(3, authenticatorId);
                            storeStepIDPAuthnPrepStmt.addBatch();
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("Updating Local IdP of Application " + applicationId + " Step Order: " + authStep.getStepOrder() + " IdP: " + ApplicationConstants.LOCAL_IDP + " Authenticator: " + lclAuthenticator.getName());
                        }
                    }
                }
                // we have federated identity providers.
                if (federatedIdps != null && federatedIdps.length > 0) {
                    // iterating through each IDP of the step
                    for (IdentityProvider federatedIdp : federatedIdps) {
                        String idpName = federatedIdp.getIdentityProviderName();
                        // the identity provider name wso2carbon-local-idp is reserved.
                        if (ApplicationConstants.LOCAL_IDP.equalsIgnoreCase(idpName)) {
                            throw new IdentityApplicationManagementException("The federated IdP name cannot be equal to " + ApplicationConstants.LOCAL_IDP);
                        }
                        FederatedAuthenticatorConfig[] authenticators = federatedIdp.getFederatedAuthenticatorConfigs();
                        if (authenticators != null && authenticators.length > 0) {
                            for (FederatedAuthenticatorConfig authenticator : authenticators) {
                                // ID, TENANT_ID, AUTHENTICATOR_ID
                                if (authenticator != null) {
                                    int authenticatorId = getAuthentictorID(connection, tenantID, idpName, authenticator.getName());
                                    if (authenticatorId > 0) {
                                        storeStepIDPAuthnPrepStmt.setInt(1, stepId);
                                        storeStepIDPAuthnPrepStmt.setInt(2, tenantID);
                                        storeStepIDPAuthnPrepStmt.setInt(3, authenticatorId);
                                        storeStepIDPAuthnPrepStmt.addBatch();
                                        if (log.isDebugEnabled()) {
                                            log.debug("Updating Federated IdP of Application " + applicationId + " Step Order: " + authStep.getStepOrder() + " IdP: " + idpName + " Authenticator: " + authenticator);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            storeStepIDPAuthnPrepStmt.executeBatch();
        } finally {
            IdentityApplicationManagementUtil.closeStatement(storeStepIDPAuthnPrepStmt);
        }
    }
}
Also used : FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) PreparedStatement(java.sql.PreparedStatement) NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) ResultSet(java.sql.ResultSet) IdentityProviderDAO(org.wso2.carbon.identity.application.mgt.dao.IdentityProviderDAO)

Aggregations

LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)19 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)11 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)9 RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)8 AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)8 LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig)8 ArrayList (java.util.ArrayList)7 AuthenticationStep (org.wso2.carbon.identity.application.common.model.AuthenticationStep)7 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig)6 HashMap (java.util.HashMap)4 AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)4 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)4 Map (java.util.Map)3 Authenticator (org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator)3 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)3 Property (org.wso2.carbon.identity.application.common.model.Property)3 IOException (java.io.IOException)2 PreparedStatement (java.sql.PreparedStatement)2 ResultSet (java.sql.ResultSet)2 List (java.util.List)2