Search in sources :

Example 56 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class AbstractRequestCoordinator method getServiceProvider.

/**
 * Returns the service provider form persistence layer.
 */
protected ServiceProvider getServiceProvider(String reqType, String clientId, String tenantDomain) throws FrameworkException {
    ApplicationManagementService appInfo = ApplicationManagementService.getInstance();
    // special case for OpenID Connect, these clients are stored as OAuth2 clients
    if ("oidc".equals(reqType)) {
        reqType = "oauth2";
    }
    ServiceProvider serviceProvider;
    try {
        serviceProvider = appInfo.getServiceProviderByClientId(clientId, reqType, tenantDomain);
    } catch (IdentityApplicationManagementException e) {
        throw new FrameworkException("Error occurred while retrieving service provider for client ID: " + clientId + " and tenant: " + tenantDomain, e);
    }
    return serviceProvider;
}
Also used : FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService)

Example 57 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class DefaultLogoutRequestHandler method getRegisteredLogoutReturnUrl.

private String getRegisteredLogoutReturnUrl(String relyingParty, String requestType, String tenantDomain) throws IdentityApplicationManagementException {
    if (FrameworkConstants.OIDC.equals(requestType)) {
        requestType = FrameworkConstants.OAUTH2;
    }
    String configuredReturnUrl = ".*";
    ApplicationManagementService appMgtService = ApplicationManagementService.getInstance();
    ServiceProvider serviceProvider = appMgtService.getServiceProviderByClientId(relyingParty, requestType, tenantDomain);
    if (serviceProvider != null && serviceProvider.getSpProperties() != null) {
        for (ServiceProviderProperty spProperty : serviceProvider.getSpProperties()) {
            if (LOGOUT_RETURN_URL_SP_PROPERTY.equals(spProperty.getName())) {
                configuredReturnUrl = spProperty.getValue();
                if (log.isDebugEnabled()) {
                    log.debug("Logout caller path validation is configured for service provider of " + relyingParty);
                }
                break;
            }
        }
    }
    return configuredReturnUrl;
}
Also used : ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)

Example 58 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method handlePreConsent.

protected PostAuthnHandlerFlowStatus handlePreConsent(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
    String spName = context.getSequenceConfig().getApplicationConfig().getApplicationName();
    Map<String, String> claimMappings = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
    // Should be removed once the issue is fixed
    if (SP_NAME_DEFAULT.equalsIgnoreCase(spName)) {
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    }
    AuthenticatedUser authenticatedUser = getAuthenticatedUser(context);
    ServiceProvider serviceProvider = getServiceProvider(context);
    try {
        ConsentClaimsData consentClaimsData = getSSOConsentService().getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser);
        if (isDebugEnabled()) {
            String message = String.format("Retrieving required consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
            logDebug(message);
        }
        removeClaimsWithoutConsent(context, consentClaimsData);
        // Remove the claims which dont have values given by the user.
        consentClaimsData.setRequestedClaims(removeConsentRequestedNullUserAttributes(consentClaimsData.getRequestedClaims(), authenticatedUser.getUserAttributes(), claimMappings));
        if (hasConsentForRequiredClaims(consentClaimsData)) {
            if (isDebugEnabled()) {
                String message = String.format("Required consent data is empty for user: %s for service " + "provider: %s in tenant domain: %s. Post authentication completed.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
                logDebug(message);
            }
            return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
        } else {
            String mandatoryLocalClaims = buildConsentClaimString(consentClaimsData.getMandatoryClaims());
            String requestedLocalClaims = buildConsentClaimString(consentClaimsData.getRequestedClaims());
            if (isDebugEnabled()) {
                String message = "Require consent for mandatory claims: %s, requested claims: %s, from user: %s " + "for service provider: %s in tenant domain: %s.";
                message = String.format(message, consentClaimsData.getMandatoryClaims(), consentClaimsData.getRequestedClaims(), authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
                logDebug(message);
            }
            redirectToConsentPage(response, context, requestedLocalClaims, mandatoryLocalClaims);
            setConsentPoppedUpState(context);
            context.addParameter(CONSENT_CLAIM_META_DATA, consentClaimsData);
            return PostAuthnHandlerFlowStatus.INCOMPLETE;
        }
    } catch (SSOConsentDisabledException e) {
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    } catch (SSOConsentServiceException e) {
        String error = String.format("Error occurred while retrieving consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
        throw new PostAuthenticationFailedException("Authentication failed. Error occurred while processing user " + "consent.", error, e);
    }
}
Also used : SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString) PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)

Example 59 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method getSPRequestedLocalClaims.

private List<String> getSPRequestedLocalClaims(AuthenticationContext context) throws PostAuthenticationFailedException {
    List<String> spRequestedLocalClaims = new ArrayList<>();
    ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
    if (applicationConfig == null) {
        ServiceProvider serviceProvider = getServiceProvider(context);
        String error = "Application configs are null in AuthenticationContext for SP: " + serviceProvider.getApplicationName() + " in tenant domain: " + getSPTenantDomain(serviceProvider);
        throw new PostAuthenticationFailedException("Authentication failed. Error while processing application " + "claim configurations.", error);
    }
    Map<String, String> claimMappings = applicationConfig.getRequestedClaimMappings();
    if (isNotEmpty(claimMappings) && isNotEmpty(claimMappings.values())) {
        spRequestedLocalClaims = new ArrayList<>(claimMappings.values());
    }
    String subjectClaimUri = getSubjectClaimUri(applicationConfig);
    spRequestedLocalClaims.remove(subjectClaimUri);
    if (isDebugEnabled()) {
        String message = String.format("Requested claims for SP: %s - " + spRequestedLocalClaims, applicationConfig.getApplicationName());
        logDebug(message);
    }
    return spRequestedLocalClaims;
}
Also used : ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ArrayList(java.util.ArrayList) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString) PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)

Example 60 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method removeDisapprovedClaims.

private void removeDisapprovedClaims(AuthenticationContext context, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException, PostAuthenticationFailedException {
    String spStandardDialect = getStandardDialect(context);
    List<String> claimWithConsent = getClaimsFromMetaData(getSSOConsentService().getClaimsWithConsents(getServiceProvider(context), authenticatedUser));
    List<String> disapprovedClaims = getClaimsWithoutConsent(claimWithConsent, context);
    if (isDebugEnabled()) {
        String message = "Removing disapproved claims: %s in the dialect: %s by user: %s for service provider: %s" + " in tenant domain: %s.";
        ServiceProvider serviceProvider = getServiceProvider(context);
        message = String.format(message, disapprovedClaims, defaultString(spStandardDialect), getAuthenticatedUser(context).getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
        logDebug(message);
    }
    removeUserClaimsFromContext(context, disapprovedClaims, spStandardDialect);
}
Also used : ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)

Aggregations

ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)232 Test (org.testng.annotations.Test)129 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)96 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)85 ArrayList (java.util.ArrayList)66 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)58 HashMap (java.util.HashMap)50 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)49 AuthenticationContext (org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)40 ApplicationManagementService (org.wso2.carbon.identity.application.mgt.ApplicationManagementService)40 SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)35 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)35 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)33 HttpServletResponse (javax.servlet.http.HttpServletResponse)26 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)26 HttpServletRequest (javax.servlet.http.HttpServletRequest)24 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig)23 IdentityException (org.wso2.carbon.identity.base.IdentityException)23 Property (org.wso2.carbon.identity.application.common.model.xsd.Property)21 InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)20