Example 16 with LocalClaim
use of org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim in project carbon-identity-framework by wso2.
the class LocalClaimDAO method updateLocalClaim.
public void updateLocalClaim(LocalClaim localClaim, int tenantId) throws ClaimMetadataException {
Connection connection = IdentityDatabaseUtil.getDBConnection();
PreparedStatement prepStmt = null;
String localClaimURI = localClaim.getClaimURI();
try {
// Start transaction
connection.setAutoCommit(false);
int localClaimId = getClaimId(connection, ClaimConstants.LOCAL_CLAIM_DIALECT_URI, localClaimURI, tenantId);
// TODO : Handle invalid local claim URI
deleteClaimAttributeMappings(connection, localClaimId, tenantId);
addClaimAttributeMappings(connection, localClaimId, localClaim.getMappedAttributes(), tenantId);
deleteClaimProperties(connection, localClaimId, tenantId);
addClaimProperties(connection, localClaimId, localClaim.getClaimProperties(), tenantId);
// End transaction
connection.commit();
} catch (SQLException e) {
rollbackTransaction(connection);
throw new ClaimMetadataException("Error while updating local claim " + localClaimURI, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, null, null);
}
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
Example 17 with LocalClaim
use of org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim in project carbon-identity-framework by wso2.
the class DefaultClaimMetadataStore method getMappedAttribute.
private String getMappedAttribute(String domainName, LocalClaim localClaim, int tenantId) throws UserStoreException {
String mappedAttribute = localClaim.getMappedAttribute(domainName);
if (StringUtils.isNotBlank(mappedAttribute)) {
if (log.isDebugEnabled()) {
log.debug("Assigned mapped attribute : " + mappedAttribute + " from user store domain : " + domainName + " for claim : " + localClaim.getClaimURI() + " in tenant : " + tenantId);
}
return mappedAttribute;
}
mappedAttribute = localClaim.getClaimProperty(ClaimConstants.DEFAULT_ATTRIBUTE);
if (StringUtils.isNotBlank(mappedAttribute)) {
if (log.isDebugEnabled()) {
log.debug("Assigned mapped attribute : " + mappedAttribute + " from " + ClaimConstants.DEFAULT_ATTRIBUTE + " property for claim : " + localClaim.getClaimURI() + " in tenant : " + tenantId);
}
return mappedAttribute;
}
UserRealm realm = IdentityClaimManagementServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(tenantId);
String primaryDomainName = realm.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
mappedAttribute = localClaim.getMappedAttribute(primaryDomainName);
if (StringUtils.isNotBlank(mappedAttribute)) {
if (log.isDebugEnabled()) {
log.debug("Assigned mapped attribute : " + mappedAttribute + " from primary user store domain : " + primaryDomainName + " for claim : " + localClaim.getClaimURI() + " in tenant : " + tenantId);
}
return mappedAttribute;
} else {
throw new IllegalStateException("Cannot find suitable mapped attribute for local claim " + localClaim.getClaimURI());
}
}
Also used :
UserRealm(org.wso2.carbon.user.api.UserRealm)
Example 18 with LocalClaim
use of org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim in project carbon-identity-framework by wso2.
the class PostAuthnMissingClaimHandler method handlePostAuthenticationForMissingClaimsResponse.
protected void handlePostAuthenticationForMissingClaimsResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
if (log.isDebugEnabled()) {
log.debug("Starting to process the response with missing claims");
}
Map<String, String> claims = new HashMap<String, String>();
Map<String, String> claimsForContext = new HashMap<String, String>();
Map<String, String[]> requestParams = request.getParameterMap();
boolean persistClaims = false;
AuthenticatedUser user = context.getSequenceConfig().getAuthenticatedUser();
Map<String, String> carbonToSPClaimMapping = new HashMap<>();
Object spToCarbonClaimMappingObject = context.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
if (spToCarbonClaimMappingObject instanceof Map) {
Map<String, String> spToCarbonClaimMapping = (Map<String, String>) spToCarbonClaimMappingObject;
for (Map.Entry<String, String> entry : spToCarbonClaimMapping.entrySet()) {
carbonToSPClaimMapping.put(entry.getValue(), entry.getKey());
}
}
boolean doMandatoryClaimsExist = false;
for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
doMandatoryClaimsExist = true;
break;
}
}
if (!doMandatoryClaimsExist) {
// Check whether mandatory claims exist in the request. If not throw error.
throw new PostAuthenticationFailedException("Mandatory missing claims are not found", "Mandatory missing " + "claims are not found in the request for the session with context identifier: " + context.getContextIdentifier());
}
List<String> missingClaims = new ArrayList<>();
for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
String localClaimURI = entry.getKey().substring(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX.length());
if (StringUtils.isBlank(entry.getValue()[0])) {
missingClaims.add(localClaimURI);
continue;
}
claims.put(localClaimURI, entry.getValue()[0]);
if (spToCarbonClaimMappingObject != null) {
String spClaimURI = carbonToSPClaimMapping.get(localClaimURI);
claimsForContext.put(spClaimURI, entry.getValue()[0]);
} else {
claimsForContext.put(localClaimURI, entry.getValue()[0]);
}
}
}
if (CollectionUtils.isNotEmpty(missingClaims)) {
String missingClaimURIs = StringUtils.join(missingClaims, ",");
if (log.isDebugEnabled()) {
log.debug("Claim values for the mandatory claims: " + missingClaimURIs + " are empty");
}
throw new PostAuthenticationFailedException("Mandatory claim is not found", "Claim " + "values for the claim URIs: " + missingClaimURIs + " are empty");
}
Map<ClaimMapping, String> authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(claimsForContext);
authenticatedUserAttributes.putAll(user.getUserAttributes());
for (Map.Entry<Integer, StepConfig> entry : context.getSequenceConfig().getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
if (stepConfig.isSubjectAttributeStep()) {
if (stepConfig.getAuthenticatedUser() != null) {
user = stepConfig.getAuthenticatedUser();
}
if (!user.isFederatedUser()) {
persistClaims = true;
} else {
String associatedID;
String subject = user.getAuthenticatedSubjectIdentifier();
try {
FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
associatedID = federatedAssociationManager.getUserForFederatedAssociation(context.getTenantDomain(), stepConfig.getAuthenticatedIdP(), subject);
if (StringUtils.isNotBlank(associatedID)) {
String fullQualifiedAssociatedUserId = FrameworkUtils.prependUserStoreDomainToName(associatedID + UserCoreConstants.TENANT_DOMAIN_COMBINER + context.getTenantDomain());
UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(associatedID));
user = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(fullQualifiedAssociatedUserId);
persistClaims = true;
}
} catch (FederatedAssociationManagerException | FrameworkException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while getting association for " + subject, e);
}
}
break;
}
}
if (persistClaims) {
if (log.isDebugEnabled()) {
log.debug("Local user mapping found. Claims will be persisted");
}
try {
Map<String, String> claimMapping = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
Map<String, String> localIdpClaims = new HashMap<>();
for (Map.Entry<String, String> entry : claims.entrySet()) {
String localClaim = claimMapping.get(entry.getKey());
localIdpClaims.put(localClaim, entry.getValue());
}
if (log.isDebugEnabled()) {
log.debug("Updating user profile of user : " + user.getLoggableUserId());
}
UserRealm realm = getUserRealm(user.getTenantDomain());
AbstractUserStoreManager userStoreManager = (AbstractUserStoreManager) realm.getUserStoreManager();
userStoreManager.setUserClaimValuesWithID(user.getUserId(), localIdpClaims, null);
} catch (UserStoreException e) {
if (e instanceof UserStoreClientException) {
context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR, e.getMessage());
if (StringUtils.isNotBlank(e.getErrorCode())) {
context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE, e.getErrorCode());
}
/*
When the attribute update is disabled for JIT provisioned users, the mandatory claim update
request will be identified through the error code and handled it.
*/
if (ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.equals(e.getErrorCode())) {
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
return;
}
}
if (ErrorMessages.ERROR_CODE_READONLY_USER_STORE.getCode().equals(e.getErrorCode())) {
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
return;
}
throw new PostAuthenticationFailedException(e.getMessage(), "Error while updating claims for local user. Could not update profile", e);
} catch (UserIdNotFoundException e) {
throw new PostAuthenticationFailedException("User id not found", "User id not found for local user. Could not update profile", e);
}
}
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
Also used :
HashMap(java.util.HashMap)
UserStoreClientException(org.wso2.carbon.user.core.UserStoreClientException)
ArrayList(java.util.ArrayList)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
UserRealm(org.wso2.carbon.user.core.UserRealm)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 19 with LocalClaim
use of org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim in project carbon-identity-framework by wso2.
the class PostAuthnMissingClaimHandler method handlePostAuthenticationForMissingClaimsRequest.
protected PostAuthnHandlerFlowStatus handlePostAuthenticationForMissingClaimsRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
String[] missingClaims = FrameworkUtils.getMissingClaims(context);
if (StringUtils.isNotBlank(missingClaims[0])) {
if (log.isDebugEnabled()) {
log.debug("Mandatory claims missing for the application : " + missingClaims[0]);
}
try {
// If there are read only claims marked as mandatory and they are missing, we cannot proceed further.
// We have to end the flow and show an error message to user.
ClaimManager claimManager = getUserRealm(context.getTenantDomain()).getClaimManager();
Map<String, String> missingClaimMap = FrameworkUtils.getMissingClaimsMap(context);
for (Map.Entry<String, String> missingClaim : missingClaimMap.entrySet()) {
Claim claimObj = claimManager.getClaim(missingClaim.getValue());
if (claimObj != null && claimObj.isReadOnly()) {
throw new PostAuthenticationFailedException("One or more read-only claim is missing in the " + "requested claim set. Please contact your administrator for more information about " + "this issue.", "One or more read-only claim is missing in the requested claim set");
}
}
List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(context.getTenantDomain());
String displayNames = getMissingClaimsDisplayNames(missingClaimMap, localClaims);
URIBuilder uriBuilder = new URIBuilder(ConfigurationFacade.getInstance().getAuthenticationEndpointMissingClaimsURL());
uriBuilder.addParameter(FrameworkConstants.MISSING_CLAIMS, missingClaims[0]);
uriBuilder.addParameter(FrameworkConstants.DISPLAY_NAMES, displayNames);
uriBuilder.addParameter(FrameworkConstants.SESSION_DATA_KEY, context.getContextIdentifier());
uriBuilder.addParameter(FrameworkConstants.REQUEST_PARAM_SP, context.getSequenceConfig().getApplicationConfig().getApplicationName());
if (context.getProperty(POST_AUTH_MISSING_CLAIMS_ERROR) != null) {
uriBuilder.addParameter("errorMessage", context.getProperty(POST_AUTH_MISSING_CLAIMS_ERROR).toString());
context.removeProperty(POST_AUTH_MISSING_CLAIMS_ERROR);
}
if (context.getProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE) != null) {
uriBuilder.addParameter("errorCode", context.getProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE).toString());
context.removeProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE);
}
response.sendRedirect(uriBuilder.build().toString());
context.setProperty(POST_AUTHENTICATION_REDIRECTION_TRIGGERED, true);
if (log.isDebugEnabled()) {
log.debug("Redirecting to outside to pick mandatory claims");
}
} catch (IOException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error " + "while redirecting to request claims page", e);
} catch (URISyntaxException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while building redirect URI", e);
} catch (org.wso2.carbon.user.api.UserStoreException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while retrieving claim from claim URI.", e);
} catch (ClaimMetadataException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while retrieving claim metadata.", e);
}
return PostAuthnHandlerFlowStatus.INCOMPLETE;
} else {
return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
}
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
URIBuilder(org.apache.http.client.utils.URIBuilder)
ClaimManager(org.wso2.carbon.user.api.ClaimManager)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
Map(java.util.Map)
HashMap(java.util.HashMap)
LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)
Claim(org.wso2.carbon.user.api.Claim)
Example 20 with LocalClaim
use of org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim in project carbon-identity-framework by wso2.
the class SSOConsentServiceImpl method getConsentRequiredClaimData.
private ConsentClaimsData getConsentRequiredClaimData(List<String> mandatoryClaims, List<String> requestedClaims, String tenantDomain) throws SSOConsentServiceException {
ConsentClaimsData consentClaimsData = new ConsentClaimsData();
try {
List<LocalClaim> localClaims = getClaimMetadataManagementService().getLocalClaims(tenantDomain);
List<ClaimMetaData> mandatoryClaimsMetaData = new ArrayList<>();
List<ClaimMetaData> requestedClaimsMetaData = new ArrayList<>();
int claimId = 0;
if (isNotEmpty(localClaims)) {
for (LocalClaim localClaim : localClaims) {
if (isAllRequiredClaimsChecked(mandatoryClaims, requestedClaims)) {
break;
}
String claimURI = localClaim.getClaimURI();
if (mandatoryClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
} else if (requestedClaims.remove(claimURI)) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, localClaim, claimURI);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
}
if (isNotEmpty(mandatoryClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
mandatoryClaimsMetaData.add(claimMetaData);
claimId++;
}
}
if (isNotEmpty(requestedClaims)) {
for (String claimUri : mandatoryClaims) {
ClaimMetaData claimMetaData = buildClaimMetaData(claimId, claimUri);
requestedClaimsMetaData.add(claimMetaData);
claimId++;
}
}
consentClaimsData.setMandatoryClaims(mandatoryClaimsMetaData);
consentClaimsData.setRequestedClaims(requestedClaimsMetaData);
} catch (ClaimMetadataException e) {
throw new SSOConsentServiceException("Error while retrieving local claims", "Error occurred while " + "retrieving local claims for tenant: " + tenantDomain, e);
}
return consentClaimsData;
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
ArrayList(java.util.ArrayList)
LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)
SSOConsentServiceException(org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.exception.SSOConsentServiceException)
Aggregations
LocalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)52
ArrayList (java.util.ArrayList)38
HashMap (java.util.HashMap)26
ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)23
ExternalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim)19
AttributeMapping (org.wso2.carbon.identity.claim.metadata.mgt.model.AttributeMapping)17
Test (org.testng.annotations.Test)15
Map (java.util.Map)11
ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)10
ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)8
ClaimDialect (org.wso2.carbon.identity.claim.metadata.mgt.model.ClaimDialect)8
UserStoreException (org.wso2.carbon.user.api.UserStoreException)8
ClaimMapping (org.wso2.carbon.user.api.ClaimMapping)7
Event (org.wso2.carbon.identity.event.event.Event)6
PreparedStatement (java.sql.PreparedStatement)5
HashSet (java.util.HashSet)5
Claim (org.wso2.carbon.identity.application.common.model.Claim)5
ClaimMapping (org.wso2.carbon.user.core.claim.ClaimMapping)5
Attribute (org.wso2.charon3.core.attributes.Attribute)5
MultiValuedAttribute (org.wso2.charon3.core.attributes.MultiValuedAttribute)5
