Example 1 with LocalAuthenticatorConfig
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.
the class JsGraphBuilder method filterOptions.
/**
* Filter out options in the step config to retain only the options provided in authentication options
*
* @param authenticationOptions Authentication options to keep
* @param stepConfig The step config to be modified
*/
protected void filterOptions(Map<String, Map<String, String>> authenticationOptions, StepConfig stepConfig) {
Map<String, Set<String>> filteredOptions = new HashMap<>();
authenticationOptions.forEach((id, option) -> {
String idp = option.get(FrameworkConstants.JSAttributes.IDP);
String authenticator = option.get(FrameworkConstants.JSAttributes.AUTHENTICATOR);
if (StringUtils.isNotBlank(authenticator) && StringUtils.isBlank(idp)) {
// If Idp is not set, but authenticator is set, idp is assumed as local
idp = FrameworkConstants.LOCAL_IDP_NAME;
}
if (StringUtils.isNotBlank(idp)) {
filteredOptions.putIfAbsent(idp, new HashSet<>());
if (StringUtils.isNotBlank(authenticator)) {
filteredOptions.get(idp).add(authenticator.toLowerCase());
}
}
});
if (log.isDebugEnabled()) {
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, Set<String>> entry : filteredOptions.entrySet()) {
sb.append('\n').append(entry.getKey()).append(" : ");
sb.append(StringUtils.join(entry.getValue(), ","));
}
log.debug("Authenticator options: " + sb.toString());
}
Set<AuthenticatorConfig> authenticatorsToRemove = new HashSet<>();
Map<String, AuthenticatorConfig> idpsToRemove = new HashMap<>();
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> authenticatorConfig.getIdps().forEach((idpName, idp) -> {
Set<String> authenticators = filteredOptions.get(idpName);
boolean removeOption = false;
if (authenticators == null) {
if (log.isDebugEnabled()) {
log.debug(String.format("Authentication options didn't include idp: %s. Hence excluding from " + "options list", idpName));
}
removeOption = true;
} else if (!authenticators.isEmpty()) {
// Both idp and authenticator present, but authenticator is given by display name due to the fact
// that it is the one available at UI. Should translate the display name to actual name, and
// keep/remove option
removeOption = true;
if (FrameworkConstants.LOCAL_IDP_NAME.equals(idpName)) {
List<LocalAuthenticatorConfig> localAuthenticators = ApplicationAuthenticatorService.getInstance().getLocalAuthenticators();
for (LocalAuthenticatorConfig localAuthenticatorConfig : localAuthenticators) {
if (authenticatorConfig.getName().equals(localAuthenticatorConfig.getName()) && authenticators.contains(localAuthenticatorConfig.getDisplayName().toLowerCase())) {
removeOption = false;
break;
}
}
if (log.isDebugEnabled()) {
if (removeOption) {
log.debug(String.format("Authenticator options don't match any entry for local" + "authenticator: %s. Hence removing the option", authenticatorConfig.getName()));
} else {
log.debug(String.format("Authenticator options contained a match for local " + "authenticator: %s. Hence keeping the option", authenticatorConfig.getName()));
}
}
} else {
for (FederatedAuthenticatorConfig federatedAuthConfig : idp.getFederatedAuthenticatorConfigs()) {
if (authenticatorConfig.getName().equals(federatedAuthConfig.getName()) && authenticators.contains(federatedAuthConfig.getDisplayName().toLowerCase())) {
removeOption = false;
break;
}
}
if (log.isDebugEnabled()) {
if (removeOption) {
log.debug(String.format("Authenticator options don't match any entry for idp: %s, " + "authenticator: %s. Hence removing the option", idpName, authenticatorConfig.getName()));
} else {
log.debug(String.format("Authenticator options contained a match for idp: %s, " + "authenticator: %s. Hence keeping the option", idpName, authenticatorConfig.getName()));
}
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("No authenticator filters for idp %s, hence keeping it as an option", idpName));
}
}
if (removeOption) {
if (authenticatorConfig.getIdps().size() > 1) {
idpsToRemove.put(idpName, authenticatorConfig);
} else {
authenticatorsToRemove.add(authenticatorConfig);
}
}
}));
if (stepConfig.getAuthenticatorList().size() > authenticatorsToRemove.size()) {
idpsToRemove.forEach((idp, authenticatorConfig) -> {
int index = stepConfig.getAuthenticatorList().indexOf(authenticatorConfig);
stepConfig.getAuthenticatorList().get(index).getIdps().remove(idp);
stepConfig.getAuthenticatorList().get(index).getIdpNames().remove(idp);
if (log.isDebugEnabled()) {
log.debug("Removed " + idp + " option from " + authenticatorConfig.getName() + " as it " + "doesn't match the provided authenticator options");
}
});
// If all idps are removed from the authenticator the authenticator should be removed.
stepConfig.getAuthenticatorList().forEach(authenticatorConfig -> {
if (authenticatorConfig.getIdps().isEmpty()) {
authenticatorsToRemove.add(authenticatorConfig);
}
});
stepConfig.getAuthenticatorList().removeAll(authenticatorsToRemove);
if (log.isDebugEnabled()) {
log.debug("Removed " + authenticatorsToRemove.size() + " options which doesn't match the " + "provided authenticator options");
}
} else {
log.warn("The filtered authenticator list is empty, hence proceeding without filtering");
}
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
Bindings(javax.script.Bindings)
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
FrameworkConstants(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants)
HashMap(java.util.HashMap)
Function(java.util.function.Function)
HashSet(java.util.HashSet)
AuthenticationDecisionEvaluator(org.wso2.carbon.identity.application.authentication.framework.AuthenticationDecisionEvaluator)
JSObject(jdk.nashorn.api.scripting.JSObject)
Map(java.util.Map)
JsFunctionRegistry(org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry)
BiConsumer(java.util.function.BiConsumer)
ScriptException(javax.script.ScriptException)
FrameworkServiceComponent(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent)
Compilable(javax.script.Compilable)
MapUtils(org.apache.commons.collections.MapUtils)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
ApplicationAuthenticatorService(org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService)
AsyncProcess(org.wso2.carbon.identity.application.authentication.framework.AsyncProcess)
Set(java.util.Set)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
UUID(java.util.UUID)
FunctionLibrary(org.wso2.carbon.identity.functions.library.mgt.model.FunctionLibrary)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
Collectors(java.util.stream.Collectors)
ScriptContext(javax.script.ScriptContext)
Serializable(java.io.Serializable)
FunctionLibraryManagementService(org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService)
List(java.util.List)
Invocable(javax.script.Invocable)
FrameworkServiceDataHolder(org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder)
CarbonContext(org.wso2.carbon.context.CarbonContext)
CompiledScript(javax.script.CompiledScript)
ScriptEngine(javax.script.ScriptEngine)
Log(org.apache.commons.logging.Log)
FunctionLibraryManagementException(org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException)
ScriptObjectMirror(jdk.nashorn.api.scripting.ScriptObjectMirror)
LogFactory(org.apache.commons.logging.LogFactory)
JsAuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticationContext)
FrameworkUtils(org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
Collections(java.util.Collections)
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 2 with LocalAuthenticatorConfig
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.
the class UIBasedConfigurationLoader method loadLocalAuthenticators.
protected void loadLocalAuthenticators(AuthenticationStep authenticationStep, StepConfig stepConfig) {
LocalAuthenticatorConfig[] localAuthenticators = authenticationStep.getLocalAuthenticatorConfigs();
if (localAuthenticators != null) {
IdentityProvider localIdp = new IdentityProvider();
localIdp.setIdentityProviderName(FrameworkConstants.LOCAL_IDP_NAME);
// assign it to the step
for (LocalAuthenticatorConfig localAuthenticator : localAuthenticators) {
String actualAuthenticatorName = localAuthenticator.getName();
loadStepAuthenticator(stepConfig, localIdp, actualAuthenticatorName);
}
}
}
Also used :
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
Example 3 with LocalAuthenticatorConfig
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.
the class JsGraphBuilderTest method filterOptionsDataProvider.
@DataProvider
public Object[][] filterOptionsDataProvider() {
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().clear();
LocalAuthenticatorConfig basic = new LocalAuthenticatorConfig();
basic.setName("BasicAuthenticator");
basic.setDisplayName("basic");
LocalAuthenticatorConfig totp = new LocalAuthenticatorConfig();
totp.setName("TOTPAuthenticator");
totp.setDisplayName("totp");
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(basic);
ApplicationAuthenticatorService.getInstance().getLocalAuthenticators().add(totp);
IdentityProvider localIdp = new IdentityProvider();
localIdp.setId("LOCAL");
localIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
FederatedAuthenticatorConfig samlFederated = new FederatedAuthenticatorConfig();
samlFederated.setDisplayName("samlsso");
samlFederated.setName("SAMLAuthenticator");
FederatedAuthenticatorConfig oidcFederated = new FederatedAuthenticatorConfig();
oidcFederated.setDisplayName("oidc");
oidcFederated.setName("OIDCAuthenticator");
FederatedAuthenticatorConfig twitterFederated = new FederatedAuthenticatorConfig();
twitterFederated.setDisplayName("twitter");
twitterFederated.setName("TwitterAuthenticator");
IdentityProvider customIdp1 = new IdentityProvider();
customIdp1.setId("customIdp1");
customIdp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { samlFederated, oidcFederated });
customIdp1.setDefaultAuthenticatorConfig(samlFederated);
IdentityProvider customIdp2 = new IdentityProvider();
customIdp2.setId("customIdp2");
customIdp2.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { twitterFederated });
customIdp2.setDefaultAuthenticatorConfig(twitterFederated);
AuthenticatorConfig basicAuthConfig = new AuthenticatorConfig();
basicAuthConfig.setName("BasicAuthenticator");
basicAuthConfig.setEnabled(true);
basicAuthConfig.getIdps().put("LOCAL", localIdp);
AuthenticatorConfig totpAuthConfig = new AuthenticatorConfig();
totpAuthConfig.setName("TOTPAuthenticator");
totpAuthConfig.setEnabled(true);
totpAuthConfig.getIdps().put("LOCAL", localIdp);
AuthenticatorConfig samlAuthConfig = new AuthenticatorConfig();
samlAuthConfig.setName("SAMLAuthenticator");
samlAuthConfig.setEnabled(true);
samlAuthConfig.getIdps().put("customIdp1", customIdp1);
AuthenticatorConfig oidcAuthConfig = new AuthenticatorConfig();
oidcAuthConfig.setName("OIDCAuthenticator");
oidcAuthConfig.setEnabled(true);
oidcAuthConfig.getIdps().put("customIdp1", customIdp1);
AuthenticatorConfig twitterAuthConfig = new AuthenticatorConfig();
twitterAuthConfig.setName("TwitterAuthenticator");
twitterAuthConfig.setEnabled(true);
twitterAuthConfig.getIdps().put("customIdp2", customIdp2);
StepConfig stepWithSingleOption = new StepConfig();
stepWithSingleOption.setAuthenticatorList(Collections.singletonList(basicAuthConfig));
Map<String, Map<String, String>> singleOptionConfig = new HashMap<>();
singleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
StepConfig stepWithMultipleOptions = new StepConfig();
stepWithMultipleOptions.setAuthenticatorList(new ArrayList<>(Arrays.asList(basicAuthConfig, totpAuthConfig, oidcAuthConfig, twitterAuthConfig)));
Map<String, String> oidcOption = new HashMap<>();
oidcOption.put("idp", "customIdp1");
oidcOption.put("authenticator", "oidc");
Map<String, String> twitterOption = new HashMap<>();
twitterOption.put("idp", "customIdp2");
twitterOption.put("authenticator", "twitter");
Map<String, String> invalidOption = new HashMap<>();
invalidOption.put("idp", "customIdp1");
invalidOption.put("authenticator", "twitter");
Map<String, Map<String, String>> multipleOptionConfig = new HashMap<>();
multipleOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
multipleOptionConfig.put("1", oidcOption);
multipleOptionConfig.put("2", twitterOption);
Map<String, Map<String, String>> multipleAndInvalidOptionConfig = new HashMap<>();
multipleAndInvalidOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
multipleAndInvalidOptionConfig.put("1", oidcOption);
multipleAndInvalidOptionConfig.put("2", invalidOption);
Map<String, Map<String, String>> idpOnlyOptionConfig = new HashMap<>();
idpOnlyOptionConfig.put("0", Collections.singletonMap("authenticator", "basic"));
idpOnlyOptionConfig.put("1", Collections.singletonMap("idp", "customIdp1"));
Map<String, Map<String, String>> singleInvalidOptionConfig = new HashMap<>();
singleInvalidOptionConfig.put("0", invalidOption);
return new Object[][] { { singleOptionConfig, duplicateStepConfig(stepWithSingleOption), 1 }, { singleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 1 }, { multipleOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 3 }, { multipleAndInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 }, { singleInvalidOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 4 }, { idpOnlyOptionConfig, duplicateStepConfig(stepWithMultipleOptions), 2 } };
}
Also used :
AuthenticatorConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
HashMap(java.util.HashMap)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
HashMap(java.util.HashMap)
Map(java.util.Map)
DataProvider(org.testng.annotations.DataProvider)
Example 4 with LocalAuthenticatorConfig
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.
the class ApplicationManagementServiceImpl method getAllLocalAuthenticators.
@Override
public LocalAuthenticatorConfig[] getAllLocalAuthenticators(String tenantDomain) throws IdentityApplicationManagementException {
try {
startTenantFlow(tenantDomain);
IdentityProviderDAO idpdao = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO();
List<LocalAuthenticatorConfig> localAuthenticators = idpdao.getAllLocalAuthenticators();
if (localAuthenticators != null) {
return localAuthenticators.toArray(new LocalAuthenticatorConfig[localAuthenticators.size()]);
}
return new LocalAuthenticatorConfig[0];
} catch (Exception e) {
String error = "Error occurred while retrieving all Local Authenticators" + ". " + e.getMessage();
throw new IdentityApplicationManagementException(error, e);
} finally {
endTenantFlow();
}
}
Also used :
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
IdentityProviderDAO(org.wso2.carbon.identity.application.mgt.dao.IdentityProviderDAO)
IdentityApplicationManagementClientException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException)
TransformerException(javax.xml.transform.TransformerException)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
IOException(java.io.IOException)
IdentityApplicationManagementValidationException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
JAXBException(javax.xml.bind.JAXBException)
IdentityApplicationRegistrationFailureException(org.wso2.carbon.identity.application.common.IdentityApplicationRegistrationFailureException)
SAXException(org.xml.sax.SAXException)
DefaultAuthSeqMgtException(org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtException)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
IdentityApplicationManagementServerException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
Example 5 with LocalAuthenticatorConfig
use of org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig in project carbon-identity-framework by wso2.
the class ApplicationDAOImpl method updateLocalAndOutboundAuthenticationConfiguration.
/**
* @param applicationId
* @param localAndOutboundAuthConfig
* @param connection
* @throws SQLException
* @throws IdentityApplicationManagementException
*/
private void updateLocalAndOutboundAuthenticationConfiguration(int applicationId, LocalAndOutboundAuthenticationConfig localAndOutboundAuthConfig, Connection connection) throws SQLException, IdentityApplicationManagementException {
int tenantID = CarbonContext.getThreadLocalCarbonContext().getTenantId();
if (localAndOutboundAuthConfig == null) {
// no local or out-bound configuration for this service provider.
return;
}
updateAuthenticationScriptConfiguration(applicationId, localAndOutboundAuthConfig, connection, tenantID);
PreparedStatement updateAuthTypePrepStmt = null;
PreparedStatement storeSendAuthListOfIdPsPrepStmt = null;
try {
storeSendAuthListOfIdPsPrepStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_SEND_AUTH_LIST_OF_IDPS);
// IS_SEND_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?
storeSendAuthListOfIdPsPrepStmt.setString(1, localAndOutboundAuthConfig.isAlwaysSendBackAuthenticatedListOfIdPs() ? "1" : "0");
storeSendAuthListOfIdPsPrepStmt.setInt(2, tenantID);
storeSendAuthListOfIdPsPrepStmt.setInt(3, applicationId);
storeSendAuthListOfIdPsPrepStmt.executeUpdate();
} finally {
IdentityApplicationManagementUtil.closeStatement(storeSendAuthListOfIdPsPrepStmt);
}
PreparedStatement storeUseTenantDomainInLocalSubjectIdStmt = null;
try {
storeUseTenantDomainInLocalSubjectIdStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_USE_TENANT_DOMAIN_LOCAL_SUBJECT_ID);
// IS_USE_TENANT_DIMAIN_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?
storeUseTenantDomainInLocalSubjectIdStmt.setString(1, localAndOutboundAuthConfig.isUseTenantDomainInLocalSubjectIdentifier() ? "1" : "0");
storeUseTenantDomainInLocalSubjectIdStmt.setInt(2, tenantID);
storeUseTenantDomainInLocalSubjectIdStmt.setInt(3, applicationId);
storeUseTenantDomainInLocalSubjectIdStmt.executeUpdate();
} finally {
IdentityApplicationManagementUtil.closeStatement(storeUseTenantDomainInLocalSubjectIdStmt);
}
PreparedStatement storeUseUserstoreDomainInLocalSubjectIdStmt = null;
try {
storeUseUserstoreDomainInLocalSubjectIdStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_USE_USERSTORE_DOMAIN_LOCAL_SUBJECT_ID);
// IS_USE_USERSTORE_DIMAIN_LOCAL_SUBJECT_ID=? WHERE TENANT_ID= ? AND ID = ?
storeUseUserstoreDomainInLocalSubjectIdStmt.setString(1, localAndOutboundAuthConfig.isUseUserstoreDomainInLocalSubjectIdentifier() ? "1" : "0");
storeUseUserstoreDomainInLocalSubjectIdStmt.setInt(2, tenantID);
storeUseUserstoreDomainInLocalSubjectIdStmt.setInt(3, applicationId);
storeUseUserstoreDomainInLocalSubjectIdStmt.executeUpdate();
} finally {
IdentityApplicationManagementUtil.closeStatement(storeUseUserstoreDomainInLocalSubjectIdStmt);
}
PreparedStatement enableAuthzStmt = null;
try {
enableAuthzStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_ENABLE_AUTHORIZATION);
enableAuthzStmt.setString(1, localAndOutboundAuthConfig.isEnableAuthorization() ? "1" : "0");
enableAuthzStmt.setInt(2, tenantID);
enableAuthzStmt.setInt(3, applicationId);
enableAuthzStmt.executeUpdate();
} finally {
IdentityApplicationManagementUtil.closeStatement(enableAuthzStmt);
}
PreparedStatement storeSubjectClaimUri = null;
try {
storeSubjectClaimUri = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_SUBJECT_CLAIM_URI);
// SUBJECT_CLAIM_URI=? WHERE TENANT_ID= ? AND ID = ?
storeSubjectClaimUri.setString(1, localAndOutboundAuthConfig.getSubjectClaimUri());
storeSubjectClaimUri.setInt(2, tenantID);
storeSubjectClaimUri.setInt(3, applicationId);
storeSubjectClaimUri.executeUpdate();
} finally {
IdentityApplicationManagementUtil.closeStatement(storeSubjectClaimUri);
}
AuthenticationStep[] authSteps = localAndOutboundAuthConfig.getAuthenticationSteps();
if (authSteps == null || authSteps.length == 0) {
// if no authentication steps defined - it should be the default behavior.
localAndOutboundAuthConfig.setAuthenticationType(ApplicationConstants.AUTH_TYPE_DEFAULT);
}
try {
if (localAndOutboundAuthConfig.getAuthenticationType() == null) {
// no authentication type defined - set to default.
localAndOutboundAuthConfig.setAuthenticationType(ApplicationConstants.AUTH_TYPE_DEFAULT);
}
updateAuthTypePrepStmt = connection.prepareStatement(UPDATE_BASIC_APPINFO_WITH_AUTH_TYPE);
// AUTH_TYPE=? WHERE TENANT_ID= ? AND ID = ?
updateAuthTypePrepStmt.setString(1, localAndOutboundAuthConfig.getAuthenticationType());
updateAuthTypePrepStmt.setInt(2, tenantID);
updateAuthTypePrepStmt.setInt(3, applicationId);
updateAuthTypePrepStmt.execute();
} finally {
IdentityApplicationManagementUtil.closeStatement(updateAuthTypePrepStmt);
}
if (authSteps != null && authSteps.length > 0) {
// we have authentications steps defined.
PreparedStatement storeStepIDPAuthnPrepStmt = null;
storeStepIDPAuthnPrepStmt = connection.prepareStatement(STORE_STEP_IDP_AUTH);
try {
if (ApplicationConstants.AUTH_TYPE_LOCAL.equalsIgnoreCase(localAndOutboundAuthConfig.getAuthenticationType())) {
// only one local authenticator.
if (authSteps.length != 1 || authSteps[0] == null || authSteps[0].getLocalAuthenticatorConfigs() == null || authSteps[0].getLocalAuthenticatorConfigs().length != 1 || (authSteps[0].getFederatedIdentityProviders() != null && authSteps[0].getFederatedIdentityProviders().length >= 1)) {
String errorMessage = "Invalid local authentication configuration." + " For local authentication there can only be only one authentication step and" + " only one local authenticator";
throw new IdentityApplicationManagementException(errorMessage);
}
} else if (ApplicationConstants.AUTH_TYPE_FEDERATED.equalsIgnoreCase(localAndOutboundAuthConfig.getAuthenticationType())) {
// the corresponding authenticator.
if (authSteps.length != 1 || authSteps[0] == null || authSteps[0].getFederatedIdentityProviders() == null || authSteps[0].getFederatedIdentityProviders().length != 1 || authSteps[0].getLocalAuthenticatorConfigs().length > 0) {
String errorMessage = "Invalid federated authentication configuration." + " For federated authentication there can only be only one authentication step and" + " only one federated authenticator";
throw new IdentityApplicationManagementException(errorMessage);
}
IdentityProvider fedIdp = authSteps[0].getFederatedIdentityProviders()[0];
if (fedIdp.getDefaultAuthenticatorConfig() == null || fedIdp.getFederatedAuthenticatorConfigs() == null) {
IdentityProviderDAO idpDAO = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO();
String defualtAuthName = idpDAO.getDefaultAuthenticator(fedIdp.getIdentityProviderName());
// set the default authenticator.
FederatedAuthenticatorConfig defaultAuth = new FederatedAuthenticatorConfig();
defaultAuth.setName(defualtAuthName);
fedIdp.setDefaultAuthenticatorConfig(defaultAuth);
fedIdp.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { defaultAuth });
}
}
// iterating through each step.
for (AuthenticationStep authStep : authSteps) {
int stepId = 0;
IdentityProvider[] federatedIdps = authStep.getFederatedIdentityProviders();
// provider or a local authenticator.
if ((federatedIdps == null || federatedIdps.length == 0) && (authStep.getLocalAuthenticatorConfigs() == null || authStep.getLocalAuthenticatorConfigs().length == 0)) {
String errorMesssage = "Invalid authentication configuration." + "An authentication step should have at least one federated identity " + "provider or a local authenticator";
throw new IdentityApplicationManagementException(errorMesssage);
}
// we have valid federated identity providers.
PreparedStatement storeStepPrepStmtz = null;
ResultSet result = null;
try {
String dbProductName = connection.getMetaData().getDatabaseProductName();
storeStepPrepStmtz = connection.prepareStatement(STORE_STEP_INFO, new String[] { DBUtils.getConvertedAutoGeneratedColumnName(dbProductName, "ID") });
// TENANT_ID, STEP_ORDER, APP_ID
storeStepPrepStmtz.setInt(1, tenantID);
storeStepPrepStmtz.setInt(2, authStep.getStepOrder());
storeStepPrepStmtz.setInt(3, applicationId);
storeStepPrepStmtz.setString(4, authStep.isSubjectStep() ? "1" : "0");
storeStepPrepStmtz.setString(5, authStep.isAttributeStep() ? "1" : "0");
storeStepPrepStmtz.execute();
result = storeStepPrepStmtz.getGeneratedKeys();
if (result.next()) {
stepId = result.getInt(1);
}
} finally {
IdentityApplicationManagementUtil.closeResultSet(result);
IdentityApplicationManagementUtil.closeStatement(storeStepPrepStmtz);
}
if (authStep.getLocalAuthenticatorConfigs() != null && authStep.getLocalAuthenticatorConfigs().length > 0) {
for (LocalAuthenticatorConfig lclAuthenticator : authStep.getLocalAuthenticatorConfigs()) {
// set the identity provider name to LOCAL.
int authenticatorId = getAuthentictorID(connection, tenantID, ApplicationConstants.LOCAL_IDP_NAME, lclAuthenticator.getName());
if (authenticatorId < 0) {
authenticatorId = addAuthenticator(connection, tenantID, ApplicationConstants.LOCAL_IDP_NAME, lclAuthenticator.getName(), lclAuthenticator.getDisplayName());
}
if (authenticatorId > 0) {
// ID, TENANT_ID, AUTHENTICATOR_ID
storeStepIDPAuthnPrepStmt.setInt(1, stepId);
storeStepIDPAuthnPrepStmt.setInt(2, tenantID);
storeStepIDPAuthnPrepStmt.setInt(3, authenticatorId);
storeStepIDPAuthnPrepStmt.addBatch();
}
if (log.isDebugEnabled()) {
log.debug("Updating Local IdP of Application " + applicationId + " Step Order: " + authStep.getStepOrder() + " IdP: " + ApplicationConstants.LOCAL_IDP + " Authenticator: " + lclAuthenticator.getName());
}
}
}
// we have federated identity providers.
if (federatedIdps != null && federatedIdps.length > 0) {
// iterating through each IDP of the step
for (IdentityProvider federatedIdp : federatedIdps) {
String idpName = federatedIdp.getIdentityProviderName();
// the identity provider name wso2carbon-local-idp is reserved.
if (ApplicationConstants.LOCAL_IDP.equalsIgnoreCase(idpName)) {
throw new IdentityApplicationManagementException("The federated IdP name cannot be equal to " + ApplicationConstants.LOCAL_IDP);
}
FederatedAuthenticatorConfig[] authenticators = federatedIdp.getFederatedAuthenticatorConfigs();
if (authenticators != null && authenticators.length > 0) {
for (FederatedAuthenticatorConfig authenticator : authenticators) {
// ID, TENANT_ID, AUTHENTICATOR_ID
if (authenticator != null) {
int authenticatorId = getAuthentictorID(connection, tenantID, idpName, authenticator.getName());
if (authenticatorId > 0) {
storeStepIDPAuthnPrepStmt.setInt(1, stepId);
storeStepIDPAuthnPrepStmt.setInt(2, tenantID);
storeStepIDPAuthnPrepStmt.setInt(3, authenticatorId);
storeStepIDPAuthnPrepStmt.addBatch();
if (log.isDebugEnabled()) {
log.debug("Updating Federated IdP of Application " + applicationId + " Step Order: " + authStep.getStepOrder() + " IdP: " + idpName + " Authenticator: " + authenticator);
}
}
}
}
}
}
}
}
storeStepIDPAuthnPrepStmt.executeBatch();
} finally {
IdentityApplicationManagementUtil.closeStatement(storeStepIDPAuthnPrepStmt);
}
}
}
Also used :
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)
AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep)
PreparedStatement(java.sql.PreparedStatement)
NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
ResultSet(java.sql.ResultSet)
IdentityProviderDAO(org.wso2.carbon.identity.application.mgt.dao.IdentityProviderDAO)
Aggregations
LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig)19
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)11
FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)9
RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)8
AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)8
LocalAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAuthenticatorConfig)8
ArrayList (java.util.ArrayList)7
AuthenticationStep (org.wso2.carbon.identity.application.common.model.AuthenticationStep)7
LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig)6
HashMap (java.util.HashMap)4
AuthenticatorConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig)4
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)4
Map (java.util.Map)3
Authenticator (org.wso2.carbon.identity.api.server.authenticators.v1.model.Authenticator)3
StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)3
Property (org.wso2.carbon.identity.application.common.model.Property)3
IOException (java.io.IOException)2
PreparedStatement (java.sql.PreparedStatement)2
ResultSet (java.sql.ResultSet)2
List (java.util.List)2
