Search in sources :

Example 26 with RoleMapping

use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.

the class IdentityProviderManager method getMappedLocalRolesMap.

/**
 * Retrieves Identity provider information about a given tenant
 *
 * @param idPName      Unique name of the IdP to which the given IdP roles need to be mapped
 * @param tenantDomain The tenant domain of whose local roles to be mapped
 * @param idPRoles     IdP roles which need to be mapped to local roles
 * @throws IdentityProviderManagementException Error when getting role mappings
 */
@Override
public Map<String, LocalRole> getMappedLocalRolesMap(String idPName, String tenantDomain, String[] idPRoles) throws IdentityProviderManagementException {
    Set<RoleMapping> roleMappings = getMappedLocalRoles(idPName, tenantDomain, idPRoles);
    Map<String, LocalRole> returnMap = new HashMap<String, LocalRole>();
    for (RoleMapping roleMapping : roleMappings) {
        returnMap.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole());
    }
    return returnMap;
}
Also used : HashMap(java.util.HashMap) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)

Example 27 with RoleMapping

use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.

the class IdentityProviderManagementServiceTest method updateIdPData.

@DataProvider
public Object[][] updateIdPData() {
    // Initialize New Test Identity Provider 1.
    IdentityProvider idp1New = new IdentityProvider();
    idp1New.setIdentityProviderName("testIdP1New");
    idp1New.setEnable(true);
    idp1New.setPrimary(true);
    idp1New.setFederationHub(true);
    idp1New.setCertificate("");
    RoleMapping newRoleMapping1 = new RoleMapping();
    newRoleMapping1.setRemoteRole("Role1New");
    newRoleMapping1.setLocalRole(new LocalRole("1", "LocalRole1"));
    RoleMapping newRoleMapping2 = new RoleMapping();
    newRoleMapping2.setRemoteRole("Role2New");
    newRoleMapping2.setLocalRole(new LocalRole("2", "LocalRole2"));
    PermissionsAndRoleConfig newPermissionsAndRoleConfig = new PermissionsAndRoleConfig();
    newPermissionsAndRoleConfig.setIdpRoles(new String[] { "Role1New", "Role2New" });
    newPermissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { newRoleMapping1, newRoleMapping2 });
    idp1New.setPermissionAndRoleConfig(newPermissionsAndRoleConfig);
    FederatedAuthenticatorConfig newFederatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    newFederatedAuthenticatorConfig.setDisplayName("DisplayName1New");
    newFederatedAuthenticatorConfig.setName("Name");
    newFederatedAuthenticatorConfig.setEnabled(true);
    Property newProperty1 = new Property();
    newProperty1.setName("Property1New");
    newProperty1.setValue("value1New");
    newProperty1.setConfidential(false);
    Property newProperty2 = new Property();
    newProperty2.setName("Property2New");
    newProperty2.setValue("value2New");
    newProperty2.setConfidential(false);
    newFederatedAuthenticatorConfig.setProperties(new Property[] { newProperty1, newProperty2 });
    idp1New.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { newFederatedAuthenticatorConfig });
    ProvisioningConnectorConfig newProvisioningConnectorConfig1 = new ProvisioningConnectorConfig();
    newProvisioningConnectorConfig1.setName("ProvisiningConfig1");
    newProvisioningConnectorConfig1.setProvisioningProperties(new Property[] { newProperty1 });
    ProvisioningConnectorConfig newProvisioningConnectorConfig2 = new ProvisioningConnectorConfig();
    newProvisioningConnectorConfig2.setName("ProvisiningConfig2");
    newProvisioningConnectorConfig2.setProvisioningProperties(new Property[] { newProperty2 });
    newProvisioningConnectorConfig2.setEnabled(true);
    newProvisioningConnectorConfig2.setBlocking(true);
    idp1New.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { newProvisioningConnectorConfig1, newProvisioningConnectorConfig2 });
    ClaimConfig newClaimConfig = new ClaimConfig();
    newClaimConfig.setLocalClaimDialect(false);
    newClaimConfig.setRoleClaimURI("Country");
    newClaimConfig.setUserClaimURI("Country");
    ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
    Claim remoteClaim = new Claim();
    remoteClaim.setClaimId(0);
    remoteClaim.setClaimUri("Country");
    newClaimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
    newClaimConfig.setIdpClaims(new Claim[] { remoteClaim });
    idp1New.setClaimConfig(newClaimConfig);
    // Initialize New Test Identity Provider 2.
    IdentityProvider idp2New = new IdentityProvider();
    idp2New.setIdentityProviderName("testIdP2New");
    // Initialize New Test Identity Provider 3.
    IdentityProvider idp3New = new IdentityProvider();
    idp3New.setIdentityProviderName("testIdP3New");
    return new Object[][] { // IDP with PermissionsAndRoleConfig,FederatedAuthenticatorConfig,ProvisioningConnectorConfig,ClaimConf.
    { "testIdP1", idp1New }, // New IDP with Only name.
    { "testIdP2", idp2New }, // New IDP with Only name.
    { "testIdP3", idp3New } };
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) Matchers.anyObject(org.mockito.Matchers.anyObject) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) Property(org.wso2.carbon.identity.application.common.model.Property) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig) Claim(org.wso2.carbon.identity.application.common.model.Claim) LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim) DataProvider(org.testng.annotations.DataProvider)

Example 28 with RoleMapping

use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method getRoleMappingOfApplication.

/**
 * Reads the claim mappings for a given appID
 *
 * @param applicationId
 * @param connection
 * @return
 * @throws IdentityApplicationManagementException
 */
private List<RoleMapping> getRoleMappingOfApplication(int applicationId, Connection connection, int tenantID) throws IdentityApplicationManagementException {
    ArrayList<RoleMapping> roleMappingList = new ArrayList<RoleMapping>();
    if (log.isDebugEnabled()) {
        log.debug("Reading Role Mapping of Application " + applicationId);
    }
    PreparedStatement getClientInfo = null;
    ResultSet resultSet = null;
    try {
        getClientInfo = connection.prepareStatement(LOAD_ROLE_MAPPING_BY_APP_ID);
        // IDP_ROLE, SP_ROLE
        getClientInfo.setInt(1, applicationId);
        getClientInfo.setInt(2, tenantID);
        resultSet = getClientInfo.executeQuery();
        while (resultSet.next()) {
            RoleMapping roleMapping = new RoleMapping();
            LocalRole localRole = new LocalRole();
            localRole.setLocalRoleName(resultSet.getString(1));
            roleMapping.setLocalRole(localRole);
            roleMapping.setRemoteRole(resultSet.getString(2));
            roleMappingList.add(roleMapping);
            if (log.isDebugEnabled()) {
                log.debug("Local Role: " + roleMapping.getLocalRole().getLocalRoleName() + " SPRole: " + roleMapping.getRemoteRole());
            }
        }
    } catch (SQLException e) {
        throw new IdentityApplicationManagementException("Error while retrieving all application");
    } finally {
        IdentityApplicationManagementUtil.closeStatement(getClientInfo);
        IdentityApplicationManagementUtil.closeResultSet(resultSet);
    }
    return roleMappingList;
}
Also used : SQLException(java.sql.SQLException) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) ArrayList(java.util.ArrayList) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)

Example 29 with RoleMapping

use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.

the class ApplicationMgtAuditLogger method buildData.

private String buildData(ServiceProvider serviceProvider) {
    if (serviceProvider == null) {
        return StringUtils.EMPTY;
    }
    StringBuilder data = new StringBuilder();
    data.append("Name:").append(serviceProvider.getApplicationName()).append(", ");
    data.append("Description:").append(serviceProvider.getDescription()).append(", ");
    data.append("Resource ID:").append(serviceProvider.getApplicationResourceId()).append(", ");
    data.append("Access URL:").append(serviceProvider.getAccessUrl()).append(", ");
    data.append("Is Discoverable:").append(serviceProvider.isDiscoverable()).append(", ");
    data.append("Is SaaS:").append(serviceProvider.isSaasApp()).append(", ");
    if (serviceProvider.getInboundAuthenticationConfig() != null && ArrayUtils.isNotEmpty(serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs())) {
        InboundAuthenticationRequestConfig[] requestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
        data.append("Inbound Authentication Configs:").append("[");
        for (InboundAuthenticationRequestConfig requestConfig : requestConfigs) {
            data.append("{");
            data.append("Auth Key:").append(requestConfig.getInboundAuthKey()).append(", ");
            data.append("Auth Type:").append(requestConfig.getInboundAuthType()).append(", ");
            data.append("Config Type:").append(requestConfig.getInboundConfigType()).append(", ");
            data.append("Inbound configuration:").append(requestConfig.getInboundConfiguration());
            Property[] properties = requestConfig.getProperties();
            if (ArrayUtils.isNotEmpty(properties)) {
                data.append("Properties:").append("[");
                String joiner = "";
                for (Property property : properties) {
                    data.append(joiner);
                    joiner = ", ";
                    data.append("{");
                    data.append(property.getName()).append(":");
                    data.append(property.getValue());
                    data.append("}");
                }
                data.append("]");
            }
            data.append("}");
        }
        data.append("]");
    }
    if (serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null) {
        data.append(", Local and Outbound Configuration:{");
        data.append("Auth Type:").append(serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType());
        AuthenticationStep[] authSteps = serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps();
        if (ArrayUtils.isNotEmpty(authSteps)) {
            data.append(", Authentication Steps:[");
            for (AuthenticationStep authStep : authSteps) {
                data.append("{");
                data.append("Step Order:").append(authStep.getStepOrder()).append(", ");
                LocalAuthenticatorConfig[] localConfigs = authStep.getLocalAuthenticatorConfigs();
                if (ArrayUtils.isNotEmpty(localConfigs)) {
                    data.append(", Local Authenticators:[");
                    String joiner = "";
                    for (LocalAuthenticatorConfig localConfig : localConfigs) {
                        data.append(joiner);
                        joiner = ", ";
                        data.append(localConfig.getName());
                    }
                    data.append("]");
                }
                IdentityProvider[] fedIDPs = authStep.getFederatedIdentityProviders();
                if (ArrayUtils.isNotEmpty(fedIDPs)) {
                    data.append("Federated Authenticators:[");
                    String joiner = "";
                    for (IdentityProvider provider : fedIDPs) {
                        data.append(joiner);
                        joiner = ", ";
                        data.append("{IDP:").append(provider.getIdentityProviderName()).append(",");
                        if (provider.getDefaultAuthenticatorConfig() != null) {
                            data.append("Authenticator:").append(provider.getDefaultAuthenticatorConfig().getName()).append("}");
                        }
                    }
                    data.append("]");
                }
                data.append("}");
            }
            data.append("]");
        }
        data.append("}");
    }
    if (serviceProvider.getClaimConfig() != null) {
        data.append(", Claim Configuration:{");
        ClaimConfig claimConfig = serviceProvider.getClaimConfig();
        data.append("User Claim URI:").append(claimConfig.getUserClaimURI()).append(", ");
        data.append("Role Claim URI:").append(claimConfig.getRoleClaimURI());
        ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
        if (ArrayUtils.isNotEmpty(claimMappings)) {
            data.append(", Claim Mappings: [");
            String joiner = "";
            for (ClaimMapping mapping : claimMappings) {
                data.append("{");
                data.append(joiner);
                joiner = ", ";
                if (mapping.getLocalClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
                    data.append("Local Claim:").append(mapping.getLocalClaim().getClaimUri());
                }
                if (mapping.getRemoteClaim() != null && StringUtils.isNotBlank(mapping.getLocalClaim().getClaimUri())) {
                    data.append(", ").append("Remote Claim:").append(mapping.getRemoteClaim().getClaimUri());
                }
                data.append("}");
            }
            data.append("]");
        }
        data.append("}");
    }
    if (serviceProvider.getPermissionAndRoleConfig() != null) {
        RoleMapping[] roleMappings = serviceProvider.getPermissionAndRoleConfig().getRoleMappings();
        if (ArrayUtils.isNotEmpty(roleMappings)) {
            data.append(", Role Mappings:[");
            for (RoleMapping mapping : roleMappings) {
                data.append("{");
                if (mapping.getLocalRole() != null && StringUtils.isNotBlank(mapping.getLocalRole().getLocalRoleName())) {
                    data.append("Local Role:").append(mapping.getLocalRole().getLocalRoleName());
                }
                if (StringUtils.isNotBlank(mapping.getRemoteRole())) {
                    data.append(", Remote Role:").append(mapping.getRemoteRole());
                }
                data.append("}");
            }
            data.append("]");
        }
    }
    if (serviceProvider.getInboundProvisioningConfig() != null) {
        data.append(", Inbound Provisioning Configuration:{");
        data.append("Provisioning Userstore:").append(serviceProvider.getInboundProvisioningConfig().getProvisioningUserStore()).append(", ");
        data.append("Is Dumb Mode:").append(serviceProvider.getInboundProvisioningConfig().isDumbMode());
        data.append("}");
    }
    if (serviceProvider.getOutboundProvisioningConfig() != null) {
        data.append(", Outbound Provisioning Configuration:{");
        String[] provisionRoles = serviceProvider.getOutboundProvisioningConfig().getProvisionByRoleList();
        if (ArrayUtils.isNotEmpty(provisionRoles)) {
            data.append("Provisioning Roles:[");
            String joiner = "";
            for (String role : provisionRoles) {
                data.append(joiner);
                joiner = ", ";
                data.append(role);
            }
            data.append("]");
        }
        IdentityProvider[] provisionIdPs = serviceProvider.getOutboundProvisioningConfig().getProvisioningIdentityProviders();
        if (ArrayUtils.isNotEmpty(provisionIdPs)) {
            data.append("Provisioning IDPs:[");
            String joiner = "";
            for (IdentityProvider provider : provisionIdPs) {
                data.append(joiner);
                joiner = ", ";
                data.append(provider.getIdentityProviderName());
            }
            data.append("]");
        }
        data.append("}");
    }
    if (ArrayUtils.isNotEmpty(serviceProvider.getSpProperties())) {
        data.append(", Service Provider Properties:[");
        ServiceProviderProperty[] spProperties = serviceProvider.getSpProperties();
        String joiner = "";
        for (ServiceProviderProperty spProperty : spProperties) {
            data.append(joiner);
            joiner = ", ";
            data.append("{").append(spProperty.getName()).append(":").append(spProperty.getValue()).append("}");
        }
        data.append("]");
    }
    return data.toString();
}
Also used : LocalAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig) AuthenticationStep(org.wso2.carbon.identity.application.common.model.AuthenticationStep) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty) Property(org.wso2.carbon.identity.application.common.model.Property) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)

Example 30 with RoleMapping

use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.

the class IdentityProviderManager method verifyAndUpdateRoleConfiguration.

private void verifyAndUpdateRoleConfiguration(String tenantDomain, int tenantId, PermissionsAndRoleConfig roleConfiguration) throws IdentityProviderManagementException {
    List<RoleMapping> validRoleMappings = new ArrayList<>();
    List<String> validIdPRoles = new ArrayList<>();
    for (RoleMapping mapping : roleConfiguration.getRoleMappings()) {
        try {
            if (mapping.getRemoteRole() == null || mapping.getLocalRole() == null || StringUtils.isBlank(mapping.getLocalRole().getLocalRoleName())) {
                continue;
            }
            UserStoreManager usm = IdPManagementServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
            String role = mapping.getLocalRole().getLocalRoleName();
            if (StringUtils.isNotBlank(mapping.getLocalRole().getUserStoreId())) {
                role = IdentityUtil.addDomainToName(role, mapping.getLocalRole().getUserStoreId());
            }
            if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
                // Only roles are allowed for role mapping.
                if (isGroup(role)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Groups including: " + role + ", are not allowed for the identity " + "provider role mapping.");
                    }
                    continue;
                }
            }
            // Remove invalid mappings if local role does not exists.
            if (usm.isExistingRole(role)) {
                validRoleMappings.add(mapping);
                validIdPRoles.add(mapping.getRemoteRole());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Invalid local role name: " + role + " for the federated role: " + mapping.getRemoteRole());
                }
            }
        } catch (UserStoreException e) {
            throw new IdentityProviderManagementException("Error occurred while retrieving UserStoreManager for tenant " + tenantDomain, e);
        }
    }
    roleConfiguration.setRoleMappings(validRoleMappings.toArray(new RoleMapping[0]));
    roleConfiguration.setIdpRoles(validIdPRoles.toArray(new String[0]));
}
Also used : ArrayList(java.util.ArrayList) UserStoreException(org.wso2.carbon.user.api.UserStoreException) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)

Aggregations

RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)29 ArrayList (java.util.ArrayList)15 LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)15 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)14 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)12 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)9 Claim (org.wso2.carbon.identity.application.common.model.Claim)8 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)8 Property (org.wso2.carbon.identity.application.common.model.Property)7 HashMap (java.util.HashMap)6 FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)6 ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)6 IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)5 PreparedStatement (java.sql.PreparedStatement)4 RoleAliasListDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.RoleAliasListDTO)4 ResultSet (java.sql.ResultSet)3 HashSet (java.util.HashSet)3 JSONObject (org.json.simple.JSONObject)3 DataProvider (org.testng.annotations.DataProvider)3 Test (org.testng.annotations.Test)3