Example 6 with SessionDataCacheEntry
use of org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method manageOIDCSessionState.
private String manageOIDCSessionState(OAuthMessage oAuthMessage, OIDCSessionState sessionStateObj, OAuth2Parameters oAuth2Parameters, String authenticatedUser, String redirectURL, SessionDataCacheEntry sessionDataCacheEntry) {
HttpServletRequest request = oAuthMessage.getRequest();
HttpServletResponse response = oAuthMessage.getResponse();
Cookie opBrowserStateCookie = OIDCSessionManagementUtil.getOPBrowserStateCookie(request);
if (sessionStateObj.isAuthenticated()) {
// successful user authentication
if (opBrowserStateCookie == null) {
// new browser session
if (log.isDebugEnabled()) {
log.debug("User authenticated. Initiate OIDC browser session.");
}
opBrowserStateCookie = OIDCSessionManagementUtil.addOPBrowserStateCookie(response, request, oAuth2Parameters.getLoginTenantDomain(), sessionDataCacheEntry.getSessionContextIdentifier());
// Adding sid claim in the IDtoken to OIDCSessionState class.
storeSidClaim(oAuthMessage, sessionStateObj, redirectURL);
sessionStateObj.setAuthenticatedUser(authenticatedUser);
sessionStateObj.addSessionParticipant(oAuth2Parameters.getClientId());
OIDCSessionManagementUtil.getSessionManager().storeOIDCSessionState(opBrowserStateCookie.getValue(), sessionStateObj, oAuth2Parameters.getLoginTenantDomain());
} else {
// browser session exists
OIDCSessionState previousSessionState = OIDCSessionManagementUtil.getSessionManager().getOIDCSessionState(opBrowserStateCookie.getValue(), oAuth2Parameters.getLoginTenantDomain());
if (previousSessionState != null) {
if (!previousSessionState.getSessionParticipants().contains(oAuth2Parameters.getClientId())) {
// User is authenticated to a new client. Restore browser session state
if (log.isDebugEnabled()) {
log.debug("User is authenticated to a new client. Restore browser session state.");
}
String oldOPBrowserStateCookieId = opBrowserStateCookie.getValue();
opBrowserStateCookie = OIDCSessionManagementUtil.addOPBrowserStateCookie(response, request, oAuth2Parameters.getLoginTenantDomain(), sessionDataCacheEntry.getSessionContextIdentifier());
String newOPBrowserStateCookieId = opBrowserStateCookie.getValue();
previousSessionState.addSessionParticipant(oAuth2Parameters.getClientId());
OIDCSessionManagementUtil.getSessionManager().restoreOIDCSessionState(oldOPBrowserStateCookieId, newOPBrowserStateCookieId, previousSessionState, oAuth2Parameters.getLoginTenantDomain());
}
// Storing the oidc session id.
storeSidClaim(oAuthMessage, previousSessionState, redirectURL);
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("No session state found for the received Session ID : %s. Restore browser session " + "state.", opBrowserStateCookie.getValue()));
}
opBrowserStateCookie = OIDCSessionManagementUtil.addOPBrowserStateCookie(response, request, oAuth2Parameters.getLoginTenantDomain(), sessionDataCacheEntry.getSessionContextIdentifier());
sessionStateObj.setAuthenticatedUser(authenticatedUser);
sessionStateObj.addSessionParticipant(oAuth2Parameters.getClientId());
storeSidClaim(oAuthMessage, sessionStateObj, redirectURL);
OIDCSessionManagementUtil.getSessionManager().storeOIDCSessionState(opBrowserStateCookie.getValue(), sessionStateObj, oAuth2Parameters.getLoginTenantDomain());
}
}
}
if (sessionStateObj.isAddSessionState()) {
String sessionStateParam = OIDCSessionManagementUtil.getSessionStateParam(oAuth2Parameters.getClientId(), oAuth2Parameters.getRedirectURI(), opBrowserStateCookie == null ? null : opBrowserStateCookie.getValue());
redirectURL = OIDCSessionManagementUtil.addSessionStateToURL(redirectURL, sessionStateParam, oAuth2Parameters.getResponseType());
if (RESPONSE_MODE_FORM_POST.equals(oAuth2Parameters.getResponseMode()) && isJSON(redirectURL)) {
return sessionStateParam;
}
}
return redirectURL;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Cookie(javax.servlet.http.Cookie)
OIDCSessionState(org.wso2.carbon.identity.oidc.session.OIDCSessionState)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 7 with SessionDataCacheEntry
use of org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method addUserAttributesToOAuthMessage.
private void addUserAttributesToOAuthMessage(OAuthMessage oAuthMessage, String code, String codeId, String tokenBindingValue) throws OAuthSystemException {
SessionDataCacheEntry sessionDataCacheEntry = oAuthMessage.getSessionDataCacheEntry();
AuthorizationGrantCacheEntry authorizationGrantCacheEntry = new AuthorizationGrantCacheEntry(sessionDataCacheEntry.getLoggedInUser().getUserAttributes());
ClaimMapping key = new ClaimMapping();
Claim claimOfKey = new Claim();
claimOfKey.setClaimUri(OAuth2Util.SUB);
key.setRemoteClaim(claimOfKey);
String sub = sessionDataCacheEntry.getLoggedInUser().getUserAttributes().get(key);
if (StringUtils.isBlank(sub)) {
sub = sessionDataCacheEntry.getLoggedInUser().getAuthenticatedSubjectIdentifier();
}
if (StringUtils.isNotBlank(sub)) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
log.debug("Setting subject: " + sub + " as the sub claim in cache against the authorization code.");
}
authorizationGrantCacheEntry.setSubjectClaim(sub);
}
// PKCE
String[] pkceCodeChallengeArray = sessionDataCacheEntry.getParamMap().get(OAuthConstants.OAUTH_PKCE_CODE_CHALLENGE);
String[] pkceCodeChallengeMethodArray = sessionDataCacheEntry.getParamMap().get(OAuthConstants.OAUTH_PKCE_CODE_CHALLENGE_METHOD);
String pkceCodeChallenge = null;
String pkceCodeChallengeMethod = null;
if (ArrayUtils.isNotEmpty(pkceCodeChallengeArray)) {
pkceCodeChallenge = pkceCodeChallengeArray[0];
}
if (ArrayUtils.isNotEmpty(pkceCodeChallengeMethodArray)) {
pkceCodeChallengeMethod = pkceCodeChallengeMethodArray[0];
}
authorizationGrantCacheEntry.setAcrValue(sessionDataCacheEntry.getoAuth2Parameters().getACRValues());
authorizationGrantCacheEntry.setNonceValue(sessionDataCacheEntry.getoAuth2Parameters().getNonce());
authorizationGrantCacheEntry.setCodeId(codeId);
authorizationGrantCacheEntry.setPkceCodeChallenge(pkceCodeChallenge);
authorizationGrantCacheEntry.setPkceCodeChallengeMethod(pkceCodeChallengeMethod);
authorizationGrantCacheEntry.setEssentialClaims(sessionDataCacheEntry.getoAuth2Parameters().getEssentialClaims());
authorizationGrantCacheEntry.setAuthTime(sessionDataCacheEntry.getAuthTime());
authorizationGrantCacheEntry.setMaxAge(sessionDataCacheEntry.getoAuth2Parameters().getMaxAge());
authorizationGrantCacheEntry.setTokenBindingValue(tokenBindingValue);
authorizationGrantCacheEntry.setSessionContextIdentifier(sessionDataCacheEntry.getSessionContextIdentifier());
String[] sessionIds = sessionDataCacheEntry.getParamMap().get(FrameworkConstants.SESSION_DATA_KEY);
if (ArrayUtils.isNotEmpty(sessionIds)) {
String commonAuthSessionId = sessionIds[0];
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(commonAuthSessionId, sessionDataCacheEntry.getoAuth2Parameters().getLoginTenantDomain());
if (sessionContext != null) {
String selectedAcr = sessionContext.getSessionAuthHistory().getSelectedAcrValue();
authorizationGrantCacheEntry.setSelectedAcrValue(selectedAcr);
}
}
String[] amrEntries = sessionDataCacheEntry.getParamMap().get(OAuthConstants.AMR);
if (amrEntries != null) {
for (String amrEntry : amrEntries) {
authorizationGrantCacheEntry.addAmr(amrEntry);
}
}
authorizationGrantCacheEntry.setAuthorizationCode(code);
boolean isRequestObjectFlow = sessionDataCacheEntry.getoAuth2Parameters().isRequestObjectFlow();
authorizationGrantCacheEntry.setRequestObjectFlow(isRequestObjectFlow);
oAuthMessage.setAuthorizationGrantCacheEntry(authorizationGrantCacheEntry);
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
AuthorizationGrantCacheEntry(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry)
SessionDataCacheEntry(org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry)
SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)
RequestedClaim(org.wso2.carbon.identity.openidconnect.model.RequestedClaim)
Claim(org.wso2.carbon.identity.application.common.model.Claim)
ExternalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim)
Aggregations
SessionDataCacheEntry (org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry)4
SessionContext (org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)3
SessionDataCacheKey (org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey)3
SessionDataCache (org.wso2.carbon.identity.oauth.cache.SessionDataCache)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Method (java.lang.reflect.Method)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Hashtable (java.util.Hashtable)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
Cookie (javax.servlet.http.Cookie)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
HttpMethod (javax.ws.rs.HttpMethod)1
MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)1
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)1
OAuthValidator (org.apache.oltu.oauth2.common.validators.OAuthValidator)1
Matchers.anyString (org.mockito.Matchers.anyString)1
InvocationOnMock (org.mockito.invocation.InvocationOnMock)1
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1
