Search in sources :

Example 61 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method removeUserClaimsFromContext.

private void removeUserClaimsFromContext(AuthenticationContext context, List<String> disapprovedClaims, String spStandardDialect) {
    Map<ClaimMapping, String> userAttributes = getUserAttributes(context);
    Map<ClaimMapping, String> modifiedUserAttributes = new HashMap<>();
    if (isDebugEnabled()) {
        String message = "Removing disapproved claims: %s from context of user: %s for service provider: %s in " + "tenant domain: %s";
        ServiceProvider serviceProvider = getServiceProvider(context);
        message = String.format(message, disapprovedClaims, getAuthenticatedUser(context).getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
        logDebug(message);
    }
    if (isStandardDialect(spStandardDialect)) {
        Map<String, String> standardToCarbonClaimMappings = getSPToCarbonClaimMappings(context);
        filterClaims(userAttributes, disapprovedClaims, standardToCarbonClaimMappings, modifiedUserAttributes);
    } else {
        // WSO2 dialect or Non standards custom claim mappings.
        Map<String, String> customToLocalClaimMappings = context.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings();
        filterClaims(userAttributes, disapprovedClaims, customToLocalClaimMappings, modifiedUserAttributes);
    }
    context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(modifiedUserAttributes);
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) HashMap(java.util.HashMap) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)

Example 62 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class ConsentMgtPostAuthnHandler method getSPTenantDomain.

private String getSPTenantDomain(ServiceProvider serviceProvider) {
    String spTenantDomain;
    User owner = serviceProvider.getOwner();
    if (owner != null) {
        spTenantDomain = owner.getTenantDomain();
    } else {
        spTenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
    }
    return spTenantDomain;
}
Also used : User(org.wso2.carbon.identity.application.common.model.User) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) StringUtils.defaultString(org.apache.commons.lang.StringUtils.defaultString)

Example 63 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method addReceipt.

private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
    ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
    AddReceiptResponse receiptResponse;
    try {
        startTenantFlowWithUser(subject, subjectTenantDomain);
        receiptResponse = getConsentManager().addConsent(receiptInput);
    } catch (ConsentManagementException e) {
        throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
    if (isDebugEnabled()) {
        logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
    }
}
Also used : AddReceiptResponse(org.wso2.carbon.consent.mgt.core.model.AddReceiptResponse) ReceiptInput(org.wso2.carbon.consent.mgt.core.model.ReceiptInput) ConsentManagementException(org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 64 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class SSOConsentServiceImpl method getClaimsWithConsents.

/**
 * Retrieves claims which a user has provided consent for a given service provider.
 *
 * @param serviceProvider   Service provider to retrieve the consent against.
 * @param authenticatedUser Authenticated user to related to consent claim retrieval.
 * @return List of claim which the user has provided consent for the given service provider.
 * @throws SSOConsentServiceException If error occurs while retrieve user consents.
 */
@Override
public List<ClaimMetaData> getClaimsWithConsents(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException {
    if (!isSSOConsentManagementEnabled(serviceProvider)) {
        String message = "Consent management for SSO is disabled.";
        throw new SSOConsentDisabledException(message, message);
    }
    if (serviceProvider == null) {
        throw new SSOConsentServiceException("Service provider cannot be null.");
    }
    String spName = serviceProvider.getApplicationName();
    List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
    String spTenantDomain = getSPTenantDomain(serviceProvider);
    String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
    Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
    if (receipt == null) {
        return receiptConsentMetaData;
    } else {
        receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
    }
    return receiptConsentMetaData;
}
Also used : SSOConsentDisabledException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentDisabledException) Receipt(org.wso2.carbon.consent.mgt.core.model.Receipt) ArrayList(java.util.ArrayList) SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)

Example 65 with ServiceProvider

use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.

the class DefaultClaimHandler method setSubjectClaim.

/**
 * Set authenticated user's SP Subject Claim URI as a property
 */
private void setSubjectClaim(AuthenticatedUser authenticatedUser, AbstractUserStoreManager userStore, Map<String, String> attributesMap, String spStandardDialect, AuthenticationContext context) {
    String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
    ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
    ServiceProvider serviceProvider = applicationConfig.getServiceProvider();
    ClaimConfig claimConfig = serviceProvider.getClaimConfig();
    boolean isLocalClaimDialect = claimConfig.isLocalClaimDialect();
    Map<String, String> spToLocalClaimMappings = applicationConfig.getClaimMappings();
    if (subjectURI != null) {
        if (!isLocalClaimDialect && spStandardDialect != null) {
            if (spToLocalClaimMappings != null) {
                subjectURI = spToLocalClaimMappings.get(subjectURI);
            }
        }
        if (attributesMap.get(subjectURI) != null) {
            context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, attributesMap.get(subjectURI));
            if (log.isDebugEnabled()) {
                log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value from " + "attribute map " + attributesMap.get(subjectURI));
            }
        } else {
            log.debug("Subject claim not found among attributes");
        }
        // if federated case return
        if (authenticatedUser == null || userStore == null || authenticatedUser.isFederatedUser()) {
            if (log.isDebugEnabled()) {
                log.debug("User id or user store \'NULL\'. Possibly federated case");
            }
            return;
        }
        // standard dialect
        if (spStandardDialect != null) {
            setSubjectClaimForStandardDialect(authenticatedUser, userStore, context, subjectURI);
        }
    }
}
Also used : ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)

Aggregations

ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)232 Test (org.testng.annotations.Test)129 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)96 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)85 ArrayList (java.util.ArrayList)66 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)58 HashMap (java.util.HashMap)50 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)49 AuthenticationContext (org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)40 ApplicationManagementService (org.wso2.carbon.identity.application.mgt.ApplicationManagementService)40 SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)35 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)35 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)33 HttpServletResponse (javax.servlet.http.HttpServletResponse)26 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)26 HttpServletRequest (javax.servlet.http.HttpServletRequest)24 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig)23 IdentityException (org.wso2.carbon.identity.base.IdentityException)23 Property (org.wso2.carbon.identity.application.common.model.xsd.Property)21 InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)20