Search in sources :

Example 1 with Claim

use of org.wso2.carbon.identity.mgt.endpoint.util.client.model.Claim in project carbon-apimgt by wso2.

the class PolicyDAOImpl method setJWTClaimConditions.

/**
 * Add JWT claim conditions of pipeline with pipeline Id: <code>pipelineId</code> to a
 * provided {@link Condition} array
 *
 * @param pipelineId Id of the pipeline
 * @param conditions condition array to populate
 * @throws SQLException
 */
private void setJWTClaimConditions(int pipelineId, ArrayList<Condition> conditions, Connection connection) throws SQLException {
    final String query = "SELECT " + "CLAIM_URI, " + "CLAIM_ATTRIB , IS_CLAIM_MAPPING " + "FROM " + "AM_JWT_CLAIM_CONDITION " + "WHERE " + "CONDITION_GROUP_ID =?";
    try (PreparedStatement preparedStatement = connection.prepareStatement(query)) {
        preparedStatement.setInt(1, pipelineId);
        try (ResultSet resultSet = preparedStatement.executeQuery()) {
            while (resultSet.next()) {
                JWTClaimsCondition jwtClaimsCondition = new JWTClaimsCondition();
                jwtClaimsCondition.setClaimUrl(resultSet.getString(APIMgtConstants.ThrottlePolicyConstants.COLUMN_CLAIM_URI));
                jwtClaimsCondition.setAttribute(resultSet.getString(APIMgtConstants.ThrottlePolicyConstants.COLUMN_CLAIM_ATTRIBUTE));
                jwtClaimsCondition.setInvertCondition(resultSet.getBoolean(APIMgtConstants.ThrottlePolicyConstants.COLUMN_IS_CLAIM_MAPPING));
                conditions.add(jwtClaimsCondition);
            }
        }
    }
}
Also used : JWTClaimsCondition(org.wso2.carbon.apimgt.core.models.policy.JWTClaimsCondition) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement)

Example 2 with Claim

use of org.wso2.carbon.identity.mgt.endpoint.util.client.model.Claim in project carbon-apimgt by wso2.

the class DefaultGroupIDExtractorImpl method getGroupingIdentifiers.

public String getGroupingIdentifiers(String loginResponse) {
    JSONObject obj;
    String username = null;
    Boolean isSuperTenant;
    int tenantId = MultitenantConstants.SUPER_TENANT_ID;
    String tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
    APIManagerConfiguration config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
    String claim = config.getFirstProperty(APIConstants.API_STORE_GROUP_EXTRACTOR_CLAIM_URI);
    if (StringUtils.isBlank(claim)) {
        claim = "http://wso2.org/claims/organization";
    }
    String organization = null;
    try {
        obj = new JSONObject(loginResponse);
        username = (String) obj.get("user");
        isSuperTenant = (Boolean) obj.get("isSuperTenant");
        RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
        // if the user is not in the super tenant domain then find the domain name and tenant id.
        if (!isSuperTenant) {
            tenantDomain = MultitenantUtils.getTenantDomain(username);
            tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        }
        UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
        UserStoreManager manager = realm.getUserStoreManager();
        organization = manager.getUserClaimValue(MultitenantUtils.getTenantAwareUsername(username), claim, null);
        if (organization != null) {
            organization = tenantDomain + "/" + organization.trim();
        }
    } catch (JSONException e) {
        log.error("Exception occured while trying to get group Identifier from login response", e);
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        log.error("Error while checking user existence for " + username, e);
    }
    return organization;
}
Also used : JSONException(org.json.JSONException) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) JSONObject(org.json.JSONObject) UserRealm(org.wso2.carbon.user.core.UserRealm) RealmService(org.wso2.carbon.user.core.service.RealmService)

Example 3 with Claim

use of org.wso2.carbon.identity.mgt.endpoint.util.client.model.Claim in project carbon-apimgt by wso2.

the class SAMLGroupIDExtractorImpl method getOrganizationClaim.

/**
 * Get the organization claim from authenticators configuration
 *
 * @return OrganizationClaimAttribute value configured in authenticators.xml
 */
private String getOrganizationClaim() {
    AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
    AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(APIConstants.SAML2_SSO_AUTHENTICATOR_NAME);
    if (authenticatorConfig != null) {
        Map<String, String> configParameters = authenticatorConfig.getParameters();
        if (configParameters.containsKey(APIConstants.ORGANIZATION_CLAIM_ATTRIBUTE)) {
            return configParameters.get(APIConstants.ORGANIZATION_CLAIM_ATTRIBUTE);
        }
    }
    return APIConstants.DEFAULT_ORGANIZATION_CLAIM_NAME;
}
Also used : AuthenticatorsConfiguration(org.wso2.carbon.core.security.AuthenticatorsConfiguration) XSString(org.opensaml.core.xml.schema.XSString)

Example 4 with Claim

use of org.wso2.carbon.identity.mgt.endpoint.util.client.model.Claim in project carbon-apimgt by wso2.

the class SAMLGroupIDExtractorImpl method getGroupingIdentifierList.

@Override
public String[] getGroupingIdentifierList(String loginResponse) {
    if (log.isDebugEnabled()) {
        log.debug("Login response " + loginResponse);
    }
    ByteArrayInputStream samlResponseStream = null;
    DocumentBuilder docBuilder;
    String username = "";
    String organization = "";
    String[] groupIdArray = null;
    try {
        APIManagerConfiguration config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
        String claim = config.getFirstProperty(APIConstants.API_STORE_GROUP_EXTRACTOR_CLAIM_URI);
        if (StringUtils.isBlank(claim)) {
            claim = "http://wso2.org/claims/organization";
        }
        samlResponseStream = getByteArrayInputStream(loginResponse);
        DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
        builderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        builderFactory.setNamespaceAware(true);
        docBuilder = builderFactory.newDocumentBuilder();
        Document document = docBuilder.parse(samlResponseStream);
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        Response response = (Response) unmarshaller.unmarshall(element);
        List<Assertion> assertions = response.getAssertions();
        if (assertions != null && assertions.size() > 0) {
            Subject subject = assertions.get(0).getSubject();
            if (subject != null) {
                if (subject.getNameID() != null) {
                    username = subject.getNameID().getValue();
                }
            }
        }
        String isSAML2Enabled = System.getProperty(APIConstants.READ_ORGANIZATION_FROM_SAML_ASSERTION);
        if (!StringUtils.isEmpty(isSAML2Enabled) && Boolean.parseBoolean(isSAML2Enabled)) {
            organization = getOrganizationFromSamlAssertion(assertions);
        } else {
            RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
            String tenantDomain = MultitenantUtils.getTenantDomain(username);
            int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
            UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
            UserStoreManager manager = realm.getUserStoreManager();
            organization = manager.getUserClaimValue(MultitenantUtils.getTenantAwareUsername(username), claim, null);
        }
        if (log.isDebugEnabled()) {
            log.debug("User organization " + organization);
        }
        if (organization != null) {
            if (organization.contains(",")) {
                groupIdArray = organization.split(",");
                for (int i = 0; i < groupIdArray.length; i++) {
                    groupIdArray[i] = groupIdArray[i].toString().trim();
                }
            } else {
                organization = organization.trim();
                groupIdArray = new String[] { organization };
            }
        } else {
            // If claim is null then returning a empty string
            groupIdArray = new String[] {};
        }
    } catch (ParserConfigurationException e) {
        String msg = "Error while parsing SAML Assertion";
        log.error(msg, e);
    } catch (UnmarshallingException e) {
        String msg = "Error while unmarshalling the SAML Assertion";
        log.error(msg, e);
    } catch (SAXException e) {
        String msg = "Parsing exception  occur while unmarshalling the SAML Assertion";
        log.error(msg, e);
    } catch (IOException e) {
        String msg = "IO exception happen while unmarshalling the SAML Assertion";
        log.error(msg, e);
    } catch (UserStoreException e) {
        log.error("User store exception occurred for user" + username, e);
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        log.error("Error while checking user existence for " + username, e);
    } finally {
        if (samlResponseStream != null) {
            try {
                samlResponseStream.close();
            } catch (IOException e) {
                // Ignore
                log.error("ERROR_CLOSING_STREAM");
            }
        }
    }
    return groupIdArray;
}
Also used : DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) Element(org.w3c.dom.Element) XSString(org.opensaml.core.xml.schema.XSString) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException) UserRealm(org.wso2.carbon.user.core.UserRealm) UserStoreException(org.wso2.carbon.user.core.UserStoreException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) Unmarshaller(org.opensaml.core.xml.io.Unmarshaller) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException) Assertion(org.opensaml.saml.saml2.core.Assertion) UnmarshallerFactory(org.opensaml.core.xml.io.UnmarshallerFactory) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) IOException(java.io.IOException) Subject(org.opensaml.saml.saml2.core.Subject) Response(org.opensaml.saml.saml2.core.Response) ByteArrayInputStream(java.io.ByteArrayInputStream) DocumentBuilder(javax.xml.parsers.DocumentBuilder) RealmService(org.wso2.carbon.user.core.service.RealmService)

Example 5 with Claim

use of org.wso2.carbon.identity.mgt.endpoint.util.client.model.Claim in project carbon-apimgt by wso2.

the class SAMLGroupIDExtractorImpl method getGroupingIdentifiers.

public String getGroupingIdentifiers(String loginResponse) {
    if (log.isDebugEnabled()) {
        log.debug("Login response " + loginResponse);
    }
    ByteArrayInputStream samlResponseStream = null;
    DocumentBuilder docBuilder;
    String username = "";
    String organization = "";
    try {
        APIManagerConfiguration config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
        String claim = config.getFirstProperty(APIConstants.API_STORE_GROUP_EXTRACTOR_CLAIM_URI);
        if (StringUtils.isBlank(claim)) {
            claim = "http://wso2.org/claims/organization";
        }
        samlResponseStream = getByteArrayInputStream(loginResponse);
        DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
        builderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        builderFactory.setNamespaceAware(true);
        docBuilder = builderFactory.newDocumentBuilder();
        Document document = docBuilder.parse(samlResponseStream);
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        Response response = (Response) unmarshaller.unmarshall(element);
        List<Assertion> assertions = response.getAssertions();
        if (assertions != null && assertions.size() > 0) {
            Subject subject = assertions.get(0).getSubject();
            if (subject != null) {
                if (subject.getNameID() != null) {
                    username = subject.getNameID().getValue();
                }
            }
        }
        RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
        String tenantDomain = MultitenantUtils.getTenantDomain(username);
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        UserRealm realm = (UserRealm) realmService.getTenantUserRealm(tenantId);
        UserStoreManager manager = realm.getUserStoreManager();
        organization = manager.getUserClaimValue(MultitenantUtils.getTenantAwareUsername(username), claim, null);
        if (log.isDebugEnabled()) {
            log.debug("User organization " + organization);
        }
        if (organization != null) {
            organization = tenantDomain + "/" + organization.trim();
        }
    } catch (ParserConfigurationException e) {
        String msg = "Error while parsing SAML Assertion";
        log.error(msg, e);
    } catch (UnmarshallingException e) {
        String msg = "Error while unmarshalling the SAML Assertion";
        log.error(msg, e);
    } catch (SAXException e) {
        String msg = "Parsing exception  occur while unmarshalling the SAML Assertion";
        log.error(msg, e);
    } catch (IOException e) {
        String msg = "IO exception happen while unmarshalling the SAML Assertion";
        log.error(msg, e);
    } catch (UserStoreException e) {
        log.error("User store exception occurred for user" + username, e);
    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        log.error("Error while checking user existence for " + username, e);
    } finally {
        if (samlResponseStream != null) {
            try {
                samlResponseStream.close();
            } catch (IOException e) {
                // Ignore
                log.error("ERROR_CLOSING_STREAM");
            }
        }
    }
    return organization;
}
Also used : DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) Element(org.w3c.dom.Element) XSString(org.opensaml.core.xml.schema.XSString) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException) UserRealm(org.wso2.carbon.user.core.UserRealm) UserStoreException(org.wso2.carbon.user.core.UserStoreException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) Unmarshaller(org.opensaml.core.xml.io.Unmarshaller) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException) Assertion(org.opensaml.saml.saml2.core.Assertion) UnmarshallerFactory(org.opensaml.core.xml.io.UnmarshallerFactory) UserStoreManager(org.wso2.carbon.user.core.UserStoreManager) IOException(java.io.IOException) Subject(org.opensaml.saml.saml2.core.Subject) Response(org.opensaml.saml.saml2.core.Response) ByteArrayInputStream(java.io.ByteArrayInputStream) DocumentBuilder(javax.xml.parsers.DocumentBuilder) RealmService(org.wso2.carbon.user.core.service.RealmService)

Aggregations

HashMap (java.util.HashMap)112 ArrayList (java.util.ArrayList)90 ClaimMapping (org.wso2.carbon.identity.application.common.model.ClaimMapping)67 UserStoreException (org.wso2.carbon.user.api.UserStoreException)66 Test (org.testng.annotations.Test)63 ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)55 Map (java.util.Map)50 PreparedStatement (java.sql.PreparedStatement)48 SQLException (java.sql.SQLException)43 LocalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)34 RealmService (org.wso2.carbon.user.core.service.RealmService)30 UserRealm (org.wso2.carbon.user.core.UserRealm)29 UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)29 Claim (org.wso2.carbon.user.api.Claim)28 UserStoreException (org.wso2.carbon.user.core.UserStoreException)28 ResultSet (java.sql.ResultSet)27 ClaimConfig (org.wso2.carbon.identity.application.common.model.ClaimConfig)26 Connection (java.sql.Connection)25 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)24 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)24