use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.
the class IdentityProviderManager method getMappedLocalRolesMap.
/**
* Retrieves Identity provider information about a given tenant
*
* @param idPName Unique name of the IdP to which the given IdP roles need to be mapped
* @param tenantDomain The tenant domain of whose local roles to be mapped
* @param idPRoles IdP roles which need to be mapped to local roles
* @throws IdentityProviderManagementException Error when getting role mappings
*/
@Override
public Map<String, LocalRole> getMappedLocalRolesMap(String idPName, String tenantDomain, String[] idPRoles) throws IdentityProviderManagementException {
Set<RoleMapping> roleMappings = getMappedLocalRoles(idPName, tenantDomain, idPRoles);
Map<String, LocalRole> returnMap = new HashMap<String, LocalRole>();
for (RoleMapping roleMapping : roleMappings) {
returnMap.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole());
}
return returnMap;
}
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.
the class IdentityProviderManagementServiceTest method updateIdPData.
@DataProvider
public Object[][] updateIdPData() {
// Initialize New Test Identity Provider 1.
IdentityProvider idp1New = new IdentityProvider();
idp1New.setIdentityProviderName("testIdP1New");
idp1New.setEnable(true);
idp1New.setPrimary(true);
idp1New.setFederationHub(true);
idp1New.setCertificate("");
RoleMapping newRoleMapping1 = new RoleMapping();
newRoleMapping1.setRemoteRole("Role1New");
newRoleMapping1.setLocalRole(new LocalRole("1", "LocalRole1"));
RoleMapping newRoleMapping2 = new RoleMapping();
newRoleMapping2.setRemoteRole("Role2New");
newRoleMapping2.setLocalRole(new LocalRole("2", "LocalRole2"));
PermissionsAndRoleConfig newPermissionsAndRoleConfig = new PermissionsAndRoleConfig();
newPermissionsAndRoleConfig.setIdpRoles(new String[] { "Role1New", "Role2New" });
newPermissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { newRoleMapping1, newRoleMapping2 });
idp1New.setPermissionAndRoleConfig(newPermissionsAndRoleConfig);
FederatedAuthenticatorConfig newFederatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
newFederatedAuthenticatorConfig.setDisplayName("DisplayName1New");
newFederatedAuthenticatorConfig.setName("Name");
newFederatedAuthenticatorConfig.setEnabled(true);
Property newProperty1 = new Property();
newProperty1.setName("Property1New");
newProperty1.setValue("value1New");
newProperty1.setConfidential(false);
Property newProperty2 = new Property();
newProperty2.setName("Property2New");
newProperty2.setValue("value2New");
newProperty2.setConfidential(false);
newFederatedAuthenticatorConfig.setProperties(new Property[] { newProperty1, newProperty2 });
idp1New.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { newFederatedAuthenticatorConfig });
ProvisioningConnectorConfig newProvisioningConnectorConfig1 = new ProvisioningConnectorConfig();
newProvisioningConnectorConfig1.setName("ProvisiningConfig1");
newProvisioningConnectorConfig1.setProvisioningProperties(new Property[] { newProperty1 });
ProvisioningConnectorConfig newProvisioningConnectorConfig2 = new ProvisioningConnectorConfig();
newProvisioningConnectorConfig2.setName("ProvisiningConfig2");
newProvisioningConnectorConfig2.setProvisioningProperties(new Property[] { newProperty2 });
newProvisioningConnectorConfig2.setEnabled(true);
newProvisioningConnectorConfig2.setBlocking(true);
idp1New.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { newProvisioningConnectorConfig1, newProvisioningConnectorConfig2 });
ClaimConfig newClaimConfig = new ClaimConfig();
newClaimConfig.setLocalClaimDialect(false);
newClaimConfig.setRoleClaimURI("Country");
newClaimConfig.setUserClaimURI("Country");
ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
Claim remoteClaim = new Claim();
remoteClaim.setClaimId(0);
remoteClaim.setClaimUri("Country");
newClaimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
newClaimConfig.setIdpClaims(new Claim[] { remoteClaim });
idp1New.setClaimConfig(newClaimConfig);
// Initialize New Test Identity Provider 2.
IdentityProvider idp2New = new IdentityProvider();
idp2New.setIdentityProviderName("testIdP2New");
// Initialize New Test Identity Provider 3.
IdentityProvider idp3New = new IdentityProvider();
idp3New.setIdentityProviderName("testIdP3New");
return new Object[][] { // IDP with PermissionsAndRoleConfig,FederatedAuthenticatorConfig,ProvisioningConnectorConfig,ClaimConf.
{ "testIdP1", idp1New }, // New IDP with Only name.
{ "testIdP2", idp2New }, // New IDP with Only name.
{ "testIdP3", idp3New } };
}
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.
the class ApplicationDAOImpl method getRoleMappingOfApplication.
/**
* Reads the claim mappings for a given appID
*
* @param applicationId
* @param connection
* @return
* @throws IdentityApplicationManagementException
*/
private List<RoleMapping> getRoleMappingOfApplication(int applicationId, Connection connection, int tenantID) throws IdentityApplicationManagementException {
ArrayList<RoleMapping> roleMappingList = new ArrayList<RoleMapping>();
if (log.isDebugEnabled()) {
log.debug("Reading Role Mapping of Application " + applicationId);
}
PreparedStatement getClientInfo = null;
ResultSet resultSet = null;
try {
getClientInfo = connection.prepareStatement(LOAD_ROLE_MAPPING_BY_APP_ID);
// IDP_ROLE, SP_ROLE
getClientInfo.setInt(1, applicationId);
getClientInfo.setInt(2, tenantID);
resultSet = getClientInfo.executeQuery();
while (resultSet.next()) {
RoleMapping roleMapping = new RoleMapping();
LocalRole localRole = new LocalRole();
localRole.setLocalRoleName(resultSet.getString(1));
roleMapping.setLocalRole(localRole);
roleMapping.setRemoteRole(resultSet.getString(2));
roleMappingList.add(roleMapping);
if (log.isDebugEnabled()) {
log.debug("Local Role: " + roleMapping.getLocalRole().getLocalRoleName() + " SPRole: " + roleMapping.getRemoteRole());
}
}
} catch (SQLException e) {
throw new IdentityApplicationManagementException("Error while retrieving all application");
} finally {
IdentityApplicationManagementUtil.closeStatement(getClientInfo);
IdentityApplicationManagementUtil.closeResultSet(resultSet);
}
return roleMappingList;
}
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.
the class ApplicationMgtAuditLogger method buildData.
private String buildData(ServiceProvider serviceProvider) {
if (serviceProvider == null) {
return StringUtils.EMPTY;
}
StringBuilder data = new StringBuilder();
data.append("Name:").append(serviceProvider.getApplicationName()).append(", ");
data.append("Description:").append(serviceProvider.getDescription()).append(", ");
data.append("Resource ID:").append(serviceProvider.getApplicationResourceId()).append(", ");
data.append("Access URL:").append(serviceProvider.getAccessUrl()).append(", ");
data.append("Is Discoverable:").append(serviceProvider.isDiscoverable()).append(", ");
data.append("Is SaaS:").append(serviceProvider.isSaasApp()).append(", ");
if (serviceProvider.getInboundAuthenticationConfig() != null && ArrayUtils.isNotEmpty(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs())) {
InboundAuthenticationRequestConfig[] requestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
data.append("Inbound Authentication Configs:").append("[");
for (InboundAuthenticationRequestConfig requestConfig : requestConfigs) {
data.append("{");
data.append("Auth Key:").append(requestConfig.getInboundAuthKey()).append(", ");
data.append("Auth Type:").append(requestConfig.getInboundAuthType()).append(", ");
data.append("Config Type:").append(requestConfig.getInboundConfigType()).append(", ");
data.append("Inbound configuration:").append(requestConfig.getInboundConfiguration());
Property[] properties = requestConfig.getProperties();
if (ArrayUtils.isNotEmpty(properties)) {
data.append("Properties:").append("[");
String joiner = "";
for (Property property : properties) {
data.append(joiner);
joiner = ", ";
data.append("{");
data.append(property.getName()).append(":");
data.append(property.getValue());
data.append("}");
}
data.append("]");
}
data.append("}");
}
data.append("]");
}
if (serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null) {
data.append(", Local and Outbound Configuration:{");
data.append("Auth Type:").append(serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType());
AuthenticationStep[] authSteps = serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps();
if (ArrayUtils.isNotEmpty(authSteps)) {
data.append(", Authentication Steps:[");
for (AuthenticationStep authStep : authSteps) {
data.append("{");
data.append("Step Order:").append(authStep.getStepOrder()).append(", ");
LocalAuthenticatorConfig[] localConfigs = authStep.getLocalAuthenticatorConfigs();
if (ArrayUtils.isNotEmpty(localConfigs)) {
data.append(", Local Authenticators:[");
String joiner = "";
for (LocalAuthenticatorConfig localConfig : localConfigs) {
data.append(joiner);
joiner = ", ";
data.append(localConfig.getName());
}
data.append("]");
}
IdentityProvider[] fedIDPs = authStep.getFederatedIdentityProviders();
if (ArrayUtils.isNotEmpty(fedIDPs)) {
data.append("Federated Authenticators:[");
String joiner = "";
for (IdentityProvider provider : fedIDPs) {
data.append(joiner);
joiner = ", ";
data.append("{IDP:").append(provider.getIdentityProviderName()).append(",");
if (provider.getDefaultAuthenticatorConfig() != null) {
data.append("Authenticator:").append(provider.getDefaultAuthenticatorConfig().getName()).append("}");
}
}
data.append("]");
}
data.append("}");
}
data.append("]");
}
data.append("}");
}
if (serviceProvider.getClaimConfig() != null) {
data.append(", Claim Configuration:{");
ClaimConfig claimConfig = serviceProvider.getClaimConfig();
data.append("User Claim URI:").append(claimConfig.getUserClaimURI()).append(", ");
data.append("Role Claim URI:").append(claimConfig.getRoleClaimURI());
ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
if (ArrayUtils.isNotEmpty(claimMappings)) {
data.append(", Claim Mappings: [");
String joiner = "";
for (ClaimMapping mapping : claimMappings) {
data.append("{");
data.append(joiner);
joiner = ", ";
if (mapping.getLocalClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
data.append("Local Claim:").append(mapping.getLocalClaim().getClaimUri());
}
if (mapping.getRemoteClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
data.append(", ").append("Remote Claim:").append(mapping.getRemoteClaim().getClaimUri());
}
data.append("}");
}
data.append("]");
}
data.append("}");
}
if (serviceProvider.getPermissionAndRoleConfig() != null) {
RoleMapping[] roleMappings = serviceProvider.getPermissionAndRoleConfig().getRoleMappings();
if (ArrayUtils.isNotEmpty(roleMappings)) {
data.append(", Role Mappings:[");
for (RoleMapping mapping : roleMappings) {
data.append("{");
if (mapping.getLocalRole() != null && StringUtils.isNotBlank(mapping.getLocalRole().getLocalRoleName())) {
data.append("Local Role:").append(mapping.getLocalRole().getLocalRoleName());
}
if (StringUtils.isNotBlank(mapping.getRemoteRole())) {
data.append(", Remote Role:").append(mapping.getRemoteRole());
}
data.append("}");
}
data.append("]");
}
}
if (serviceProvider.getInboundProvisioningConfig() != null) {
data.append(", Inbound Provisioning Configuration:{");
data.append("Provisioning Userstore:").append(serviceProvider.getInboundProvisioningConfig().getProvisioningUserStore()).append(", ");
data.append("Is Dumb Mode:").append(serviceProvider.getInboundProvisioningConfig().isDumbMode());
data.append("}");
}
if (serviceProvider.getOutboundProvisioningConfig() != null) {
data.append(", Outbound Provisioning Configuration:{");
String[] provisionRoles = serviceProvider.getOutboundProvisioningConfig().getProvisionByRoleList();
if (ArrayUtils.isNotEmpty(provisionRoles)) {
data.append("Provisioning Roles:[");
String joiner = "";
for (String role : provisionRoles) {
data.append(joiner);
joiner = ", ";
data.append(role);
}
data.append("]");
}
IdentityProvider[] provisionIdPs = serviceProvider.getOutboundProvisioningConfig().getProvisioningIdentityProviders();
if (ArrayUtils.isNotEmpty(provisionIdPs)) {
data.append("Provisioning IDPs:[");
String joiner = "";
for (IdentityProvider provider : provisionIdPs) {
data.append(joiner);
joiner = ", ";
data.append(provider.getIdentityProviderName());
}
data.append("]");
}
data.append("}");
}
if (ArrayUtils.isNotEmpty(serviceProvider.getSpProperties())) {
data.append(", Service Provider Properties:[");
ServiceProviderProperty[] spProperties = serviceProvider.getSpProperties();
String joiner = "";
for (ServiceProviderProperty spProperty : spProperties) {
data.append(joiner);
joiner = ", ";
data.append("{").append(spProperty.getName()).append(":").append(spProperty.getValue()).append("}");
}
data.append("]");
}
return data.toString();
}
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.
the class IdentityProviderManager method verifyAndUpdateRoleConfiguration.
private void verifyAndUpdateRoleConfiguration(String tenantDomain, int tenantId, PermissionsAndRoleConfig roleConfiguration) throws IdentityProviderManagementException {
List<RoleMapping> validRoleMappings = new ArrayList<>();
List<String> validIdPRoles = new ArrayList<>();
for (RoleMapping mapping : roleConfiguration.getRoleMappings()) {
try {
if (mapping.getRemoteRole() == null || mapping.getLocalRole() == null || StringUtils.isBlank(mapping.getLocalRole().getLocalRoleName())) {
continue;
}
UserStoreManager usm = IdPManagementServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
String role = mapping.getLocalRole().getLocalRoleName();
if (StringUtils.isNotBlank(mapping.getLocalRole().getUserStoreId())) {
role = IdentityUtil.addDomainToName(role, mapping.getLocalRole().getUserStoreId());
}
if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
// Only roles are allowed for role mapping.
if (isGroup(role)) {
if (log.isDebugEnabled()) {
log.debug("Groups including: " + role + ", are not allowed for the identity " + "provider role mapping.");
}
continue;
}
}
// Remove invalid mappings if local role does not exists.
if (usm.isExistingRole(role)) {
validRoleMappings.add(mapping);
validIdPRoles.add(mapping.getRemoteRole());
} else {
if (log.isDebugEnabled()) {
log.debug("Invalid local role name: " + role + " for the federated role: " + mapping.getRemoteRole());
}
}
} catch (UserStoreException e) {
throw new IdentityProviderManagementException("Error occurred while retrieving UserStoreManager for tenant " + tenantDomain, e);
}
}
roleConfiguration.setRoleMappings(validRoleMappings.toArray(new RoleMapping[0]));
roleConfiguration.setIdpRoles(validIdPRoles.toArray(new String[0]));
}
Aggregations