Example 6 with ServiceProvider
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class JsGraphBuilderTest method testCreateJavascript.
@Test
public void testCreateJavascript() throws Exception {
String script = "var onLoginRequest = function(context) { executeStep(1, { onSuccess : function(context) {" + "executeStep(2);}})};";
ServiceProvider sp1 = getTestServiceProvider("js-sp-1.xml");
AuthenticationContext context = getAuthenticationContext(sp1);
Map<Integer, StepConfig> stepConfigMap = new HashMap<>();
stepConfigMap.put(1, new StepConfig());
stepConfigMap.put(2, new StepConfig());
JsGraphBuilder jsGraphBuilder = jsGraphBuilderFactory.createBuilder(context, stepConfigMap);
jsGraphBuilder.createWith(script);
AuthenticationGraph graph = jsGraphBuilder.build();
assertNotNull(graph.getStartNode());
assertTrue(graph.getStartNode() instanceof StepConfigGraphNode);
StepConfigGraphNode firstStep = (StepConfigGraphNode) graph.getStartNode();
assertNotNull(firstStep.getNext());
assertTrue(firstStep.getNext() instanceof DynamicDecisionNode);
}
Also used :
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
HashMap(java.util.HashMap)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
Test(org.testng.annotations.Test)
AbstractFrameworkTest(org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest)
BeforeTest(org.testng.annotations.BeforeTest)
AfterTest(org.testng.annotations.AfterTest)
Example 7 with ServiceProvider
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class JsGraphBuilderTest method testCreateDirectJava.
@Test
public void testCreateDirectJava() throws Exception {
ServiceProvider sp1 = getTestServiceProvider("js-sp-1.xml");
AuthenticationContext context = getAuthenticationContext(sp1);
Map<Integer, StepConfig> stepConfigMap = new HashMap<>();
stepConfigMap.put(1, new StepConfig());
stepConfigMap.put(2, new StepConfig());
JsGraphBuilder jsGraphBuilder = jsGraphBuilderFactory.createBuilder(context, stepConfigMap);
jsGraphBuilder.executeStep(1);
jsGraphBuilder.executeStep(2);
AuthenticationGraph graph = jsGraphBuilder.build();
assertNotNull(graph.getStartNode());
assertTrue(graph.getStartNode() instanceof StepConfigGraphNode);
StepConfigGraphNode firstStep = (StepConfigGraphNode) graph.getStartNode();
assertNotNull(firstStep.getNext());
assertTrue(firstStep.getNext() instanceof StepConfigGraphNode);
}
Also used :
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
HashMap(java.util.HashMap)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
Test(org.testng.annotations.Test)
AbstractFrameworkTest(org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest)
BeforeTest(org.testng.annotations.BeforeTest)
AfterTest(org.testng.annotations.AfterTest)
Example 8 with ServiceProvider
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class OutboundProvisioningManager method provision.
/**
* Outbound provisioning method.
*
* @param provisioningEntity Provisioning entity.
* @param serviceProviderIdentifier Identifier of the service provider.
* @param inboundClaimDialect Inbound claim dialect.
* @param spTenantDomainName Tenant domain of the service provider.
* @param jitProvisioning Is JIT provisioning enabled.
* @throws IdentityProvisioningException if error occurred while user provisioning.
*/
public void provision(ProvisioningEntity provisioningEntity, String serviceProviderIdentifier, String inboundClaimDialect, String spTenantDomainName, boolean jitProvisioning) throws IdentityProvisioningException {
try {
if (provisioningEntity.getEntityName() == null) {
setProvisioningEntityName(provisioningEntity);
}
// get details about the service provider.any in-bound provisioning request via
// the SOAP based API (or the management console) - or SCIM API with HTTP Basic
// Authentication is considered as coming from the local service provider.
ServiceProvider serviceProvider = ApplicationManagementService.getInstance().getServiceProvider(serviceProviderIdentifier, spTenantDomainName);
if (serviceProvider == null) {
throw new IdentityProvisioningException("Invalid service provider name : " + serviceProviderIdentifier);
}
String provisioningEntityTenantDomainName = spTenantDomainName;
if (serviceProvider.isSaasApp() && isUserTenantBasedOutboundProvisioningEnabled()) {
provisioningEntityTenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
}
ClaimMapping[] spClaimMappings = null;
// if we know the serviceProviderClaimDialect - we do not need to find it again.
if (inboundClaimDialect == null && serviceProvider.getClaimConfig() != null) {
spClaimMappings = serviceProvider.getClaimConfig().getClaimMappings();
}
// get all the provisioning connectors associated with local service provider for
// out-bound provisioning.
// TODO: stop loading connectors all the time.
Map<String, RuntimeProvisioningConfig> connectors = getOutboundProvisioningConnectors(serviceProvider, spTenantDomainName);
ProvisioningEntity outboundProEntity;
ExecutorService executors = null;
if (MapUtils.isNotEmpty(connectors)) {
executors = Executors.newFixedThreadPool(connectors.size());
}
for (Iterator<Entry<String, RuntimeProvisioningConfig>> iterator = connectors.entrySet().iterator(); iterator.hasNext(); ) {
Entry<String, RuntimeProvisioningConfig> entry = iterator.next();
Entry<String, AbstractOutboundProvisioningConnector> connectorEntry = entry.getValue().getProvisioningConnectorEntry();
AbstractOutboundProvisioningConnector connector = connectorEntry.getValue();
String connectorType = connectorEntry.getKey();
String idPName = entry.getKey();
IdentityProvider provisioningIdp = IdentityProviderManager.getInstance().getIdPByName(idPName, spTenantDomainName);
if (provisioningIdp == null) {
// by its name.
throw new IdentityProvisioningException("Invalid identity provider name : " + idPName);
}
String outboundClaimDialect = connector.getClaimDialectUri();
if (outboundClaimDialect == null && (provisioningIdp.getClaimConfig() == null || provisioningIdp.getClaimConfig().isLocalClaimDialect())) {
outboundClaimDialect = IdentityProvisioningConstants.WSO2_CARBON_DIALECT;
}
ClaimMapping[] idpClaimMappings = null;
if (provisioningIdp.getClaimConfig() != null) {
idpClaimMappings = provisioningIdp.getClaimConfig().getClaimMappings();
}
// TODO: this should happen asynchronously in a different thread.
// create a new provisioning entity object for each provisioning identity
// provider.
Map<ClaimMapping, List<String>> mapppedClaims;
// get mapped claims.
mapppedClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, provisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
if (provisioningIdp.getPermissionAndRoleConfig() != null) {
// update with mapped user groups.
updateProvisioningUserWithMappedRoles(provisioningEntity, provisioningIdp.getPermissionAndRoleConfig().getRoleMappings());
}
// check whether we already have the provisioned identifier - if
// so set it.
ProvisionedIdentifier provisionedIdentifier;
provisionedIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, provisioningEntity, spTenantDomainName);
ProvisioningOperation provisioningOp = provisioningEntity.getOperation();
if (ProvisioningOperation.DELETE.equals(provisioningOp) && (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null)) {
// send outbound delete request. Skip the flow
return;
}
if (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) {
provisioningOp = ProvisioningOperation.POST;
}
String[] provisionByRoleList = new String[0];
if (provisioningIdp.getProvisioningRole() != null) {
provisionByRoleList = provisioningIdp.getProvisioningRole().trim().split("\\s*,[,\\s]*");
}
if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList(provisionByRoleList).contains(provisioningEntity.getEntityName())) {
Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
List<String> newUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false));
List<String> deletedUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, null, null, false));
Map<ClaimMapping, List<String>> mappedUserClaims;
ProvisionedIdentifier provisionedUserIdentifier;
for (String user : newUsersList) {
ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.POST, user);
provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
continue;
}
mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.POST, mappedUserClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isBlocking = entry.getValue().isBlocking();
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
for (String user : deletedUsersList) {
ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.DELETE, user);
provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.DELETE, mappedUserClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedUserIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isBlocking = entry.getValue().isBlocking();
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
}
} else {
if (!canUserBeProvisioned(provisioningEntity, provisionByRoleList, provisioningEntityTenantDomainName)) {
if (!canUserBeDeProvisioned(provisionedIdentifier)) {
continue;
} else {
// This is used when user removed from the provisioning role
provisioningOp = ProvisioningOperation.DELETE;
}
}
if (!skipOutBoundProvisioning(provisioningOp, provisioningEntity, inboundClaimDialect)) {
outboundProEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), provisioningOp, mapppedClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isAllowed = true;
boolean isBlocking = entry.getValue().isBlocking();
boolean isPolicyEnabled = entry.getValue().isPolicyEnabled();
if (isPolicyEnabled) {
isAllowed = XACMLBasedRuleHandler.getInstance().isAllowedToProvision(spTenantDomainName, provisioningEntity, serviceProvider, idPName, connectorType);
}
if (isAllowed) {
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
}
}
}
if (executors != null) {
executors.shutdown();
}
} catch (CarbonException | IdentityApplicationManagementException | IdentityProviderManagementException | UserStoreException e) {
throw new IdentityProvisioningException("Error occurred while checking for user " + "provisioning", e);
}
}
Also used :
CarbonException(org.wso2.carbon.CarbonException)
Entry(java.util.Map.Entry)
SimpleEntry(java.util.AbstractMap.SimpleEntry)
ServiceProviderProvisioningConnectorCacheEntry(org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
List(java.util.List)
ArrayList(java.util.ArrayList)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
ExecutorService(java.util.concurrent.ExecutorService)
IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)
Example 9 with ServiceProvider
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class OutboundProvisioningManager method getOutboundProvisioningConnectors.
/**
* TODO: Need to cache the output from this method.
*
* @return
* @throws UserStoreException
*/
private Map<String, RuntimeProvisioningConfig> getOutboundProvisioningConnectors(ServiceProvider serviceProvider, String tenantDomain) throws IdentityProvisioningException {
Map<String, RuntimeProvisioningConfig> connectors = new HashMap<>();
ServiceProviderProvisioningConnectorCacheKey key;
ServiceProviderProvisioningConnectorCacheEntry entry;
// Reading from the cache.
if (serviceProvider != null && tenantDomain != null) {
key = new ServiceProviderProvisioningConnectorCacheKey(serviceProvider.getApplicationName());
entry = ServiceProviderProvisioningConnectorCache.getInstance().getValueFromCache(key, tenantDomain);
// cache hit
if (entry != null) {
if (log.isDebugEnabled()) {
log.debug("Provisioning cache HIT for " + serviceProvider + " of " + tenantDomain);
}
return entry.getConnectors();
}
} else {
throw new IdentityProvisioningException("Error reading service provider from cache.");
}
// NOW build the Map
// a list of registered provisioning connector factories.
Map<String, AbstractProvisioningConnectorFactory> registeredConnectorFactories = IdentityProvisionServiceComponent.getConnectorFactories();
// get all registered list of out-bound provisioning connectors registered for the local
// service provider.
OutboundProvisioningConfig outboundProvisioningConfiguration = serviceProvider.getOutboundProvisioningConfig();
if (outboundProvisioningConfiguration == null) {
if (log.isDebugEnabled()) {
log.debug("No outbound provisioning configuration defined for local service provider.");
}
// empty list.
return new HashMap<String, RuntimeProvisioningConfig>();
}
// get the list of registered provisioning identity providers in out-bound provisioning
// configuration.
IdentityProvider[] provisionningIdPList = outboundProvisioningConfiguration.getProvisioningIdentityProviders();
if (provisionningIdPList != null && provisionningIdPList.length > 0) {
for (IdentityProvider fIdP : provisionningIdPList) {
try {
AbstractOutboundProvisioningConnector connector;
ProvisioningConnectorConfig defaultConnector = fIdP.getDefaultProvisioningConnectorConfig();
if (defaultConnector != null) {
// if no default provisioning connector defined for this identity provider,
// we can safely ignore it - need not to worry about provisioning.
String connectorType = fIdP.getDefaultProvisioningConnectorConfig().getName();
boolean enableJitProvisioning = false;
if (fIdP.getJustInTimeProvisioningConfig() != null && fIdP.getJustInTimeProvisioningConfig().isProvisioningEnabled()) {
enableJitProvisioning = true;
}
connector = getOutboundProvisioningConnector(fIdP, registeredConnectorFactories, tenantDomain, enableJitProvisioning);
// configuration of the local service provider.
if (connector != null) {
RuntimeProvisioningConfig proConfig = new RuntimeProvisioningConfig();
proConfig.setProvisioningConnectorEntry(new SimpleEntry<>(connectorType, connector));
proConfig.setBlocking(defaultConnector.isBlocking());
proConfig.setPolicyEnabled(defaultConnector.isRulesEnabled());
connectors.put(fIdP.getIdentityProviderName(), proConfig);
}
}
} catch (IdentityProviderManagementException e) {
throw new IdentityProvisioningException("Error while retrieving idp configuration for " + fIdP.getIdentityProviderName(), e);
}
}
}
entry = new ServiceProviderProvisioningConnectorCacheEntry();
entry.setConnectors(connectors);
ServiceProviderProvisioningConnectorCache.getInstance().addToCache(key, entry, tenantDomain);
if (log.isDebugEnabled()) {
log.debug("Entry added successfully ");
}
return connectors;
}
Also used :
HashMap(java.util.HashMap)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
OutboundProvisioningConfig(org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig)
ServiceProviderProvisioningConnectorCacheEntry(org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry)
ServiceProviderProvisioningConnectorCacheKey(org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheKey)
IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)
ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)
Example 10 with ServiceProvider
use of org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider in project carbon-identity-framework by wso2.
the class DefaultInboundUserProvisioningListener method doPreDeleteUserClaimValues.
@Override
public boolean doPreDeleteUserClaimValues(String userName, String[] attributesToDelete, String profileName, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable() || ArrayUtils.isEmpty(attributesToDelete)) {
return true;
}
Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>();
if (userName != null) {
outboundAttributes.put(ClaimMapping.build(IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false), Arrays.asList(new String[] { userName }));
}
String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
if (log.isDebugEnabled()) {
log.debug("Adding domain name : " + domainName + " to user : " + userName);
}
String domainAwareName = UserCoreUtil.addDomainToName(userName, domainName);
ProvisioningEntity provisioningEntity = new ProvisioningEntity(ProvisioningEntityType.USER, domainAwareName, ProvisioningOperation.PATCH, outboundAttributes);
Map<String, String> inboundAttributes = new HashMap<>();
for (int i = 0; i < attributesToDelete.length; i++) {
inboundAttributes.put(attributesToDelete[i], "");
}
;
// set the in-bound attribute list.
provisioningEntity.setInboundAttributes(inboundAttributes);
String tenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
ThreadLocalProvisioningServiceProvider threadLocalServiceProvider;
threadLocalServiceProvider = IdentityApplicationManagementUtil.getThreadLocalProvisioningServiceProvider();
if (threadLocalServiceProvider != null) {
String serviceProvider = threadLocalServiceProvider.getServiceProviderName();
tenantDomainName = threadLocalServiceProvider.getTenantDomain();
if (threadLocalServiceProvider.getServiceProviderType() == ProvisioningServiceProviderType.OAUTH) {
try {
serviceProvider = ApplicationManagementService.getInstance().getServiceProviderNameByClientId(threadLocalServiceProvider.getServiceProviderName(), IdentityApplicationConstants.OAuth2.NAME, tenantDomainName);
} catch (IdentityApplicationManagementException e) {
log.error("Error while provisioning", e);
return true;
}
}
// call framework method to provision the user.
OutboundProvisioningManager.getInstance().provision(provisioningEntity, serviceProvider, threadLocalServiceProvider.getClaimDialect(), tenantDomainName, threadLocalServiceProvider.isJustInTimeProvisioning());
} else {
// call framework method to provision the user.
OutboundProvisioningManager.getInstance().provision(provisioningEntity, ApplicationConstants.LOCAL_SP, IdentityProvisioningConstants.WSO2_CARBON_DIALECT, tenantDomainName, false);
}
return true;
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
HashMap(java.util.HashMap)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
List(java.util.List)
ThreadLocalProvisioningServiceProvider(org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider)
ProvisioningEntity(org.wso2.carbon.identity.provisioning.ProvisioningEntity)
Aggregations
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)222
Test (org.testng.annotations.Test)120
ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)96
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)85
ArrayList (java.util.ArrayList)65
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)58
HashMap (java.util.HashMap)50
InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)49
ApplicationManagementService (org.wso2.carbon.identity.application.mgt.ApplicationManagementService)40
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)35
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)33
AuthenticationContext (org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)29
InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)26
SequenceConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)25
IdentityException (org.wso2.carbon.identity.base.IdentityException)23
Property (org.wso2.carbon.identity.application.common.model.xsd.Property)21
LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig)20
InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)20
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)20
Matchers.anyString (org.mockito.Matchers.anyString)19
