Examples with IdentityException org.wso2.carbon.identity.base.IdentityException used on opensource projects

Example 96 with IdentityException

use of org.wso2.carbon.identity.base.IdentityException in project identity-inbound-auth-oauth by wso2-extensions.

the class ClaimsUtil method handleClaimMapping.

/**
 * Handle claims from identity provider based on claim configurations.
 *
 * @param identityProvider Identity Provider
 * @param attributes       Relevant Claims coming from IDP
 * @param tenantDomain     Tenant Domain.
 * @param tokenReqMsgCtx   Token request message context.
 * @return mapped local claims.
 * @throws IdentityException
 * @throws IdentityApplicationManagementException
 */
public static Map<String, String> handleClaimMapping(IdentityProvider identityProvider, Map<String, String> attributes, String tenantDomain, OAuthTokenReqMessageContext tokenReqMsgCtx) throws IdentityException, IdentityApplicationManagementException {
    boolean proxyUserAttributes = !OAuthServerConfiguration.getInstance().isConvertOriginalClaimsFromAssertionsToOIDCDialect();
    if (proxyUserAttributes) {
        setHasNonOIDCClaimsProperty(tokenReqMsgCtx);
        return attributes;
    }
    ClaimMapping[] idPClaimMappings = identityProvider.getClaimConfig().getClaimMappings();
    Map<String, String> claimsAfterIdpMapping;
    Map<String, String> claimsAfterSPMapping = new HashMap<>();
    ServiceProvider serviceProvider = getServiceProvider(tokenReqMsgCtx);
    if (ArrayUtils.isNotEmpty(idPClaimMappings)) {
        if (log.isDebugEnabled()) {
            log.debug("Claim mappings exist for identity provider " + identityProvider.getIdentityProviderName());
        }
        claimsAfterIdpMapping = handleClaimsForIDP(attributes, tenantDomain, identityProvider, false, idPClaimMappings);
        if (isUserClaimsInTokenLoggable()) {
            if (log.isDebugEnabled()) {
                log.debug("Claims of user : " + tokenReqMsgCtx.getAuthorizedUser() + " after IDP " + " claim mapping " + claimsAfterIdpMapping.toString());
            }
        }
        if (isSPRequestedClaimsExist(tokenReqMsgCtx)) {
            claimsAfterSPMapping = ClaimsUtil.convertClaimsToOIDCDialect(tokenReqMsgCtx, claimsAfterIdpMapping);
            claimsAfterSPMapping = handleUnMappedClaims(tokenReqMsgCtx, attributes, claimsAfterSPMapping, idPClaimMappings);
        } else {
            if (isUserClaimsInTokenLoggable()) {
                if (log.isDebugEnabled()) {
                    log.debug("IDP claims exists, SP claims does not exist, for the identity provider " + identityProvider.getIdentityProviderName() + ", service provider " + serviceProvider.getApplicationName() + ", hence cannot do claim mapping");
                }
            }
        }
    } else {
        claimsAfterIdpMapping = attributes;
        if (isUserClaimsInTokenLoggable()) {
            if (log.isDebugEnabled()) {
                log.debug("IDP claims do not exist for, identity provider, " + identityProvider.getIdentityProviderName() + ", hence directly copying custom claims, " + claimsAfterIdpMapping.toString());
            }
        }
        if (isSPRequestedClaimsExist(tokenReqMsgCtx)) {
            claimsAfterSPMapping = ClaimsUtil.convertClaimsToOIDCDialect(tokenReqMsgCtx, claimsAfterIdpMapping);
            if (isUserClaimsInTokenLoggable()) {
                if (log.isDebugEnabled()) {
                    log.debug("IDP claims do not exist but SP Claim mappings exists for, identity provider, " + identityProvider.getIdentityProviderName() + ", and Service Provider, " + serviceProvider.getApplicationName() + ", claims after SP mapping, " + claimsAfterSPMapping.toString());
                }
            }
            claimsAfterSPMapping = handleUnMappedClaims(tokenReqMsgCtx, attributes, claimsAfterSPMapping, idPClaimMappings);
        } else {
            setHasNonOIDCClaimsProperty(tokenReqMsgCtx);
            claimsAfterSPMapping = attributes;
            if (isUserClaimsInTokenLoggable()) {
                if (log.isDebugEnabled()) {
                    log.debug("IDP claims and SP Claim mappings do not exists for, identity provider, " + identityProvider.getIdentityProviderName() + ", and Service Provider, " + serviceProvider.getApplicationName() + ", hence claims are proxied, " + claimsAfterSPMapping.toString());
                }
            }
        }
    }
    return claimsAfterSPMapping;
}

Example 97 with IdentityException

use of org.wso2.carbon.identity.base.IdentityException in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeGrantHandler method deactivateAuthzCode.

private void deactivateAuthzCode(OAuthTokenReqMessageContext tokReqMsgCtx, String tokenId, String authzCode) throws IdentityOAuth2Exception {
    try {
        // Here we deactivate the authorization and in the process update the tokenId against the authorization
        // code so that we can correlate the current access token that is valid against the authorization code.
        AuthzCodeDO authzCodeDO = new AuthzCodeDO();
        authzCodeDO.setAuthorizationCode(authzCode);
        authzCodeDO.setOauthTokenId(tokenId);
        authzCodeDO.setAuthzCodeId(tokReqMsgCtx.getProperty(CODE_ID).toString());
        OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().deactivateAuthorizationCode(authzCodeDO);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
            log.debug("Deactivated authorization code : " + authzCode);
        }
    } catch (IdentityException e) {
        throw new IdentityOAuth2Exception("Error occurred while deactivating authorization code", e);
    }
}

Example 98 with IdentityException

use of org.wso2.carbon.identity.base.IdentityException in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeGrantHandler method storeAccessToken.

@Override
protected void storeAccessToken(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, String userStoreDomain, AccessTokenDO newTokenBean, String newAccessToken, AccessTokenDO existingTokenBean) throws IdentityOAuth2Exception {
    try {
        newTokenBean.setAuthorizationCode(oAuth2AccessTokenReqDTO.getAuthorizationCode());
        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().insertAccessToken(newAccessToken, oAuth2AccessTokenReqDTO.getClientId(), newTokenBean, existingTokenBean, userStoreDomain);
    } catch (IdentityException e) {
        throw new IdentityOAuth2Exception("Error occurred while storing new access token", e);
    }
}

Example 99 with IdentityException

use of org.wso2.carbon.identity.base.IdentityException in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultOIDCClaimsCallbackHandler method retrieveClaimsForLocalUser.

private Map<String, Object> retrieveClaimsForLocalUser(OAuthAuthzReqMessageContext authzReqMessageContext) throws IdentityOAuth2Exception {
    try {
        String spTenantDomain = getServiceProviderTenantDomain(authzReqMessageContext);
        String clientId = authzReqMessageContext.getAuthorizationReqDTO().getConsumerKey();
        AuthenticatedUser authenticatedUser = authzReqMessageContext.getAuthorizationReqDTO().getUser();
        return getUserClaimsInOIDCDialect(spTenantDomain, clientId, authenticatedUser);
    } catch (UserStoreException | IdentityApplicationManagementException | IdentityException e) {
        if (FrameworkUtils.isContinueOnClaimHandlingErrorAllowed()) {
            log.error("Error occurred while getting claims for user " + authzReqMessageContext.getAuthorizationReqDTO().getUser(), e);
        } else {
            throw new IdentityOAuth2Exception("Error occurred while getting claims for user " + authzReqMessageContext.getAuthorizationReqDTO().getUser(), e);
        }
    }
    return new HashMap<>();
}

Example 100 with IdentityException

use of org.wso2.carbon.identity.base.IdentityException in project identity-governance by wso2-extensions.

the class ChallengeQuestionManager method setChallengesOfUser.

/**
 * @param user
 * @param userChallengeAnswers
 * @throws IdentityException
 */
public void setChallengesOfUser(User user, UserChallengeAnswer[] userChallengeAnswers) throws IdentityRecoveryException {
    validateUser(user);
    if (log.isDebugEnabled()) {
        log.debug(String.format("Setting user challenge question answers in %s's profile.", user.toString()));
    }
    try {
        String tenantDomain = StringUtils.isBlank(user.getTenantDomain()) ? MultitenantConstants.SUPER_TENANT_DOMAIN_NAME : user.getTenantDomain();
        // validate whether two questions from the same set has been answered.
        validateSecurityQuestionDuplicate(userChallengeAnswers);
        // check whether the answered questions exist in the tenant domain
        checkChallengeQuestionExists(userChallengeAnswers, tenantDomain);
        // Get the existing challenge questions and answers for the user.
        Map<String, String> existingQuestionAndAnswers = retrieveAnsweredChallenges(user, userChallengeAnswers);
        triggerChallengeAnswersValidation(user, userChallengeAnswers, existingQuestionAndAnswers, IdentityEventConstants.Event.PRE_SET_CHALLENGE_QUESTION_ANSWERS);
        List<String> challengesUris = new ArrayList<String>();
        String challengesUrisValue = "";
        String separator = getChallengeSeparator();
        Map<String, String> challengeQuestionToUpdate = new HashMap<>();
        if (!ArrayUtils.isEmpty(userChallengeAnswers)) {
            for (UserChallengeAnswer userChallengeAnswer : userChallengeAnswers) {
                if (StringUtils.isNotBlank(userChallengeAnswer.getQuestion().getQuestionSetId()) && StringUtils.isNotBlank(userChallengeAnswer.getQuestion().getQuestion()) && StringUtils.isNotBlank(userChallengeAnswer.getAnswer())) {
                    // Get the previous answer for the question.
                    String oldValue = existingQuestionAndAnswers.get(userChallengeAnswer.getQuestion().getQuestionSetId().trim());
                    if (oldValue != null && oldValue.contains(separator)) {
                        String oldAnswer = oldValue.split(separator)[1];
                        if (!oldAnswer.trim().equals(userChallengeAnswer.getAnswer().trim())) {
                            String claimValue = userChallengeAnswer.getQuestion().getQuestion().trim() + separator + Utils.doHash(userChallengeAnswer.getAnswer().trim().toLowerCase());
                            challengeQuestionToUpdate.put(userChallengeAnswer.getQuestion().getQuestionSetId().trim(), claimValue);
                        }
                    } else {
                        String claimValue = userChallengeAnswer.getQuestion().getQuestion().trim() + separator + Utils.doHash(userChallengeAnswer.getAnswer().trim().toLowerCase());
                        challengeQuestionToUpdate.put(userChallengeAnswer.getQuestion().getQuestionSetId().trim(), claimValue);
                    }
                    challengesUris.add(userChallengeAnswer.getQuestion().getQuestionSetId().trim());
                }
            }
            for (String challengesUri : challengesUris) {
                if ("".equals(challengesUrisValue)) {
                    challengesUrisValue = challengesUri;
                } else {
                    challengesUrisValue = challengesUrisValue + separator + challengesUri;
                }
            }
            challengeQuestionToUpdate.put(IdentityRecoveryConstants.CHALLENGE_QUESTION_URI, challengesUrisValue);
            if (MapUtils.isNotEmpty(challengeQuestionToUpdate)) {
                Utils.setClaimsListOfUser(user, challengeQuestionToUpdate);
            }
            triggerChallengeAnswersValidation(user, userChallengeAnswers, existingQuestionAndAnswers, IdentityEventConstants.Event.POST_SET_CHALLENGE_QUESTION_ANSWERS);
        }
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        throw Utils.handleServerException(ERROR_CODE_REMOVING_CHALLENGE_QUESTIONS, user.getUserName(), e);
    }
}