use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method removeUserClaimsFromContext.
private void removeUserClaimsFromContext(AuthenticationContext context, List<String> disapprovedClaims, String spStandardDialect) {
Map<ClaimMapping, String> userAttributes = getUserAttributes(context);
Map<ClaimMapping, String> modifiedUserAttributes = new HashMap<>();
if (isDebugEnabled()) {
String message = "Removing disapproved claims: %s from context of user: %s for service provider: %s in " + "tenant domain: %s";
ServiceProvider serviceProvider = getServiceProvider(context);
message = String.format(message, disapprovedClaims, getAuthenticatedUser(context).getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider));
logDebug(message);
}
if (isStandardDialect(spStandardDialect)) {
Map<String, String> standardToCarbonClaimMappings = getSPToCarbonClaimMappings(context);
filterClaims(userAttributes, disapprovedClaims, standardToCarbonClaimMappings, modifiedUserAttributes);
} else {
// WSO2 dialect or Non standards custom claim mappings.
Map<String, String> customToLocalClaimMappings = context.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings();
filterClaims(userAttributes, disapprovedClaims, customToLocalClaimMappings, modifiedUserAttributes);
}
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(modifiedUserAttributes);
}
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class ConsentMgtPostAuthnHandler method getSPTenantDomain.
private String getSPTenantDomain(ServiceProvider serviceProvider) {
String spTenantDomain;
User owner = serviceProvider.getOwner();
if (owner != null) {
spTenantDomain = owner.getTenantDomain();
} else {
spTenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
}
return spTenantDomain;
}
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method addReceipt.
private void addReceipt(String subject, String subjectTenantDomain, ServiceProvider serviceProvider, String spTenantDomain, List<ClaimMetaData> claimsWithConsent, List<ClaimMetaData> claimsDeniedConsent) throws SSOConsentServiceException {
ReceiptInput receiptInput = buildReceiptInput(subject, serviceProvider, spTenantDomain, claimsWithConsent, claimsDeniedConsent);
AddReceiptResponse receiptResponse;
try {
startTenantFlowWithUser(subject, subjectTenantDomain);
receiptResponse = getConsentManager().addConsent(receiptInput);
} catch (ConsentManagementException e) {
throw new SSOConsentServiceException("Consent receipt error", "Error while adding the consent " + "receipt", e);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
if (isDebugEnabled()) {
logDebug("Successfully added consent receipt: " + receiptResponse.getConsentReceiptId());
}
}
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getClaimsWithConsents.
/**
* Retrieves claims which a user has provided consent for a given service provider.
*
* @param serviceProvider Service provider to retrieve the consent against.
* @param authenticatedUser Authenticated user to related to consent claim retrieval.
* @return List of claim which the user has provided consent for the given service provider.
* @throws SSOConsentServiceException If error occurs while retrieve user consents.
*/
@Override
public List<ClaimMetaData> getClaimsWithConsents(ServiceProvider serviceProvider, AuthenticatedUser authenticatedUser) throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (serviceProvider == null) {
throw new SSOConsentServiceException("Service provider cannot be null.");
}
String spName = serviceProvider.getApplicationName();
List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
if (receipt == null) {
return receiptConsentMetaData;
} else {
receiptConsentMetaData = getRequestedClaimsFromReceipt(receipt, true);
}
return receiptConsentMetaData;
}
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class DefaultClaimHandler method setSubjectClaim.
/**
* Set authenticated user's SP Subject Claim URI as a property
*/
private void setSubjectClaim(AuthenticatedUser authenticatedUser, AbstractUserStoreManager userStore, Map<String, String> attributesMap, String spStandardDialect, AuthenticationContext context) {
String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
ServiceProvider serviceProvider = applicationConfig.getServiceProvider();
ClaimConfig claimConfig = serviceProvider.getClaimConfig();
boolean isLocalClaimDialect = claimConfig.isLocalClaimDialect();
Map<String, String> spToLocalClaimMappings = applicationConfig.getClaimMappings();
if (subjectURI != null) {
if (!isLocalClaimDialect && spStandardDialect != null) {
if (spToLocalClaimMappings != null) {
subjectURI = spToLocalClaimMappings.get(subjectURI);
}
}
if (attributesMap.get(subjectURI) != null) {
context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, attributesMap.get(subjectURI));
if (log.isDebugEnabled()) {
log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value from " + "attribute map " + attributesMap.get(subjectURI));
}
} else {
log.debug("Subject claim not found among attributes");
}
// if federated case return
if (authenticatedUser == null || userStore == null || authenticatedUser.isFederatedUser()) {
if (log.isDebugEnabled()) {
log.debug("User id or user store \'NULL\'. Possibly federated case");
}
return;
}
// standard dialect
if (spStandardDialect != null) {
setSubjectClaimForStandardDialect(authenticatedUser, userStore, context, subjectURI);
}
}
}
Aggregations