Example 31 with RoleMapping
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project carbon-identity-framework by wso2.
the class IdPManagementUIUtil method buildRoleConfiguration.
/**
* @param fedIdp
* @param paramMap
* @param idpRoles
* @param currentRoleMapping
* @throws IdentityApplicationManagementException
*/
private static void buildRoleConfiguration(IdentityProvider fedIdp, Map<String, String> paramMap, List<String> idpRoles, RoleMapping[] currentRoleMapping) throws IdentityApplicationManagementException {
PermissionsAndRoleConfig roleConfiguration = new PermissionsAndRoleConfig();
roleConfiguration.setIdpRoles(idpRoles.toArray(new String[idpRoles.size()]));
Set<RoleMapping> roleMappingList = new HashSet<RoleMapping>();
String idpProvisioningRole = paramMap.get("idpProvisioningRole");
fedIdp.setProvisioningRole(idpProvisioningRole);
int attributesCount = 0;
if (paramMap.get("rolemappingrow_name_count") != null) {
attributesCount = Integer.parseInt(paramMap.get("rolemappingrow_name_count"));
}
for (int i = 0; i < attributesCount; i++) {
String idPRoleName = paramMap.get("rolerowname_" + i);
String localRoleString = paramMap.get("localrowname_" + i);
if (idPRoleName != null && localRoleString != null) {
String[] splitLocalRole = localRoleString.split("/");
String userStoreId = null;
String localRoleName = null;
LocalRole localRole = null;
if (splitLocalRole != null && splitLocalRole.length == 2) {
userStoreId = splitLocalRole[0];
localRoleName = splitLocalRole[1];
localRole = new LocalRole();
localRole.setUserStoreId(userStoreId);
localRole.setLocalRoleName(localRoleName);
} else {
localRoleName = localRoleString;
localRole = new LocalRole();
localRole.setLocalRoleName(localRoleName);
}
RoleMapping roleMapping = new RoleMapping();
roleMapping.setLocalRole(localRole);
roleMapping.setRemoteRole(idPRoleName);
roleMappingList.add(roleMapping);
}
}
roleConfiguration.setRoleMappings(roleMappingList.toArray(new RoleMapping[roleMappingList.size()]));
fedIdp.setPermissionAndRoleConfig(roleConfiguration);
}
Also used :
PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.PermissionsAndRoleConfig)
LocalRole(org.wso2.carbon.identity.application.common.model.idp.xsd.LocalRole)
RoleMapping(org.wso2.carbon.identity.application.common.model.idp.xsd.RoleMapping)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 32 with RoleMapping
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class DefaultOIDCClaimsCallbackHandlerTest method testHandleCustomClaimsWithOAuthTokenReqMsgCtxtWithSpRoleMappings.
@Test
public void testHandleCustomClaimsWithOAuthTokenReqMsgCtxtWithSpRoleMappings() throws Exception {
JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
OAuthTokenReqMessageContext requestMsgCtx = getTokenReqMessageContextForLocalUser();
ServiceProvider serviceProvider = getSpWithDefaultRequestedClaimsMappings();
// Add a SP role mapping
RoleMapping[] roleMappings = new RoleMapping[] { new RoleMapping(new LocalRole(USER_STORE_DOMAIN, ROLE2), SP_ROLE_2) };
serviceProvider.getPermissionAndRoleConfig().setRoleMappings(roleMappings);
mockApplicationManagementService(serviceProvider);
UserRealm userRealm = getUserRealmWithUserClaims(USER_CLAIMS_MAP);
mockUserRealm(requestMsgCtx.getAuthorizedUser().toString(), userRealm);
mockClaimHandler();
// Define OIDC Scope property
Properties oidcProperties = new Properties();
String[] oidcScopeClaims = new String[] { ROLE, USERNAME };
oidcProperties.setProperty(OIDC_SCOPE, StringUtils.join(oidcScopeClaims, ","));
JWTClaimsSet jwtClaimsSet = getJwtClaimSet(jwtClaimsSetBuilder, requestMsgCtx);
assertNotNull(jwtClaimsSet);
assertNotNull(jwtClaimsSet.getClaim(EMAIL));
assertNotNull(jwtClaimsSet.getClaim(USERNAME));
assertEquals(jwtClaimsSet.getClaim(USERNAME), USER_NAME);
assertNotNull(jwtClaimsSet.getClaim(ROLE));
JSONArray jsonArray = (JSONArray) jwtClaimsSet.getClaim(ROLE);
String[] expectedRoles = new String[] { ROLE1, SP_ROLE_2, ROLE3 };
for (String role : expectedRoles) {
assertTrue(jsonArray.contains(role));
}
}
Also used :
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
OAuthTokenReqMessageContext(org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)
JSONArray(net.minidev.json.JSONArray)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Matchers.anyString(org.mockito.Matchers.anyString)
Properties(java.util.Properties)
UserRealm(org.wso2.carbon.user.core.UserRealm)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole)
SAML2BearerGrantHandlerTest(org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandlerTest)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 33 with RoleMapping
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class ClaimUtilTest method setup.
@BeforeClass
public void setup() {
// Setting requested claims in SP
requestedClaimMappings = new ClaimMapping[3];
ClaimMapping claimMapping1 = new ClaimMapping();
ClaimMapping claimMapping2 = new ClaimMapping();
ClaimMapping claimMapping3 = new ClaimMapping();
Claim claim1 = new Claim();
Claim claim2 = new Claim();
Claim claim3 = new Claim();
claim1.setClaimUri(USERNAME_CLAIM_URI);
claimMapping1.setLocalClaim(claim1);
claimMapping1.setRemoteClaim(claim1);
requestedClaimMappings[0] = claimMapping1;
claim2.setClaimUri(ROLE_CLAIM_URI);
claimMapping2.setLocalClaim(claim2);
claimMapping2.setRemoteClaim(claim2);
requestedClaimMappings[1] = claimMapping2;
claim3.setClaimUri(EMAIL_CLAIM_URI);
claimMapping3.setLocalClaim(claim3);
claimMapping3.setRemoteClaim(claim3);
claimMapping3.setRequested(true);
requestedClaimMappings[2] = claimMapping3;
// Setting returning claims from user store
userClaimsMap = new HashMap<>();
userClaimsMap.put(USERNAME_CLAIM_URI, AUTHORIZED_USER);
userClaimsMap.put(EMAIL_CLAIM_URI, "test@wso2.com");
userClaimsMap.put(ROLE_CLAIM_URI, "role1");
userClaimsMapWithSubject = new HashedMap();
userClaimsMap.put(USERNAME_CLAIM_URI, AUTHORIZED_USER);
// Setting SP to local claim mapping
spToLocalClaimMappings = new HashMap<>();
spToLocalClaimMappings.put(USERNAME_CLAIM_URI, USERNAME_CLAIM_URI);
spToLocalClaimMappings.put(ROLE_CLAIM_URI, ROLE_CLAIM_URI);
spToLocalClaimMappings.put(EMAIL_CLAIM_URI, EMAIL_CLAIM_URI);
// Setting SP role mappings
roleMappings = new RoleMapping[2];
LocalRole role1 = new LocalRole("PRIMARY", "role1");
LocalRole role2 = new LocalRole("PRIMARY", "role2");
RoleMapping mapping1 = new RoleMapping(role1, "remoteRole1");
RoleMapping mapping2 = new RoleMapping(role2, "remoteRole2");
roleMappings[0] = mapping1;
roleMappings[1] = mapping2;
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
HashedMap(org.apache.commons.collections.map.HashedMap)
Claim(org.wso2.carbon.identity.application.common.model.Claim)
BeforeClass(org.testng.annotations.BeforeClass)
Example 34 with RoleMapping
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class JDBCPermissionBasedInternalScopeValidator method getAllowedUIResourcesForNotAssociatedFederatedUser.
/**
* Method user to get list of federated users permissions using idp role mapping for not account associated
* federated users.
* @param authenticatedUser FederatedAuthenticatedUser
* @param authorizationManager AuthorizationManager
* @return List of permissions
* @throws UserStoreException UserStoreException
* @throws IdentityOAuth2Exception IdentityOAuth2Exception
*/
private String[] getAllowedUIResourcesForNotAssociatedFederatedUser(AuthenticatedUser authenticatedUser, AuthorizationManager authorizationManager) throws UserStoreException, IdentityOAuth2Exception {
List<String> userRolesList = new ArrayList<>();
List<String> allowedUIResourcesListForUser = new ArrayList<>();
IdentityProvider identityProvider = OAuth2Util.getIdentityProvider(authenticatedUser.getFederatedIdPName(), authenticatedUser.getTenantDomain());
/*
Values of Groups consists mapped local roles and Internal/everyone corresponding to
authenticated user.
Role mapping consists mapped federated roles with local roles corresponding to IDP.
By cross checking role mapped local roles and values of groups we can filter valid local roles which mapped
to a federated role of authenticated user.
*/
List<String> valuesOfGroups = getValuesOfGroupsFromUserAttributes(authenticatedUser.getUserAttributes());
if (CollectionUtils.isNotEmpty(valuesOfGroups)) {
for (RoleMapping roleMapping : identityProvider.getPermissionAndRoleConfig().getRoleMappings()) {
if (roleMapping != null && roleMapping.getLocalRole() != null) {
if (valuesOfGroups.contains(roleMapping.getLocalRole().getLocalRoleName())) {
userRolesList.add(roleMapping.getLocalRole().getLocalRoleName());
}
}
}
}
// Loop through each local role and get permissions.
for (String userRole : userRolesList) {
for (String allowedUIResource : authorizationManager.getAllowedUIResourcesForRole(userRole, "/")) {
if (!allowedUIResourcesListForUser.contains(allowedUIResource)) {
allowedUIResourcesListForUser.add(allowedUIResource);
}
}
}
// Add everyone permission to allowed permission.
allowedUIResourcesListForUser.add(EVERYONE_PERMISSION);
return allowedUIResourcesListForUser.toArray(new String[0]);
}
Also used :
ArrayList(java.util.ArrayList)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Example 35 with RoleMapping
use of org.wso2.carbon.identity.application.common.model.xsd.RoleMapping in project identity-inbound-auth-oauth by wso2-extensions.
the class JDBCScopeValidator method getUserRolesForNotAssociatedFederatedUser.
private String[] getUserRolesForNotAssociatedFederatedUser(AuthenticatedUser user) throws IdentityOAuth2Exception {
List<String> userRolesList = new ArrayList<>();
IdentityProvider identityProvider = OAuth2Util.getIdentityProvider(user.getFederatedIdPName(), user.getTenantDomain());
/*
Values of Groups consists unmapped federated roles, mapped local roles and Internal/everyone corresponding to
authenticated user.
Role mapping consists mapped federated roles with local roles corresponding to IDP.
By cross checking federated role mapped local roles and values of groups we can filter valid local roles which
mapped to the federated role of authenticated user.
*/
List<String> valuesOfGroups = getValuesOfGroupsFromUserAttributes(user.getUserAttributes());
if (CollectionUtils.isNotEmpty(valuesOfGroups)) {
for (RoleMapping roleMapping : identityProvider.getPermissionAndRoleConfig().getRoleMappings()) {
if (roleMapping != null && roleMapping.getLocalRole() != null) {
if (valuesOfGroups.contains(roleMapping.getLocalRole().getLocalRoleName())) {
userRolesList.add(roleMapping.getLocalRole().getLocalRoleName());
}
}
}
}
// By default we provide Internal/everyone role for all users.
String internalEveryoneRole = OAuth2Util.getInternalEveryoneRole(user);
if (StringUtils.isNotBlank(internalEveryoneRole)) {
userRolesList.add(internalEveryoneRole);
}
return userRolesList.toArray(new String[0]);
}
Also used :
ArrayList(java.util.ArrayList)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Aggregations
RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)29
ArrayList (java.util.ArrayList)15
LocalRole (org.wso2.carbon.identity.application.common.model.LocalRole)15
PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)14
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)12
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)9
Claim (org.wso2.carbon.identity.application.common.model.Claim)8
ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)8
Property (org.wso2.carbon.identity.application.common.model.Property)7
HashMap (java.util.HashMap)6
FederatedAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)6
ProvisioningConnectorConfig (org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)6
IdentityProviderProperty (org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)5
PreparedStatement (java.sql.PreparedStatement)4
RoleAliasListDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.RoleAliasListDTO)4
ResultSet (java.sql.ResultSet)3
HashSet (java.util.HashSet)3
JSONObject (org.json.simple.JSONObject)3
DataProvider (org.testng.annotations.DataProvider)3
Test (org.testng.annotations.Test)3
