Search in sources :

Example 11 with OIDCSessionState

use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCSessionManager method storeOIDCSessionState.

/**
 * Stores the session state against the provided session id.
 *
 * @param sessionId    session id value
 * @param sessionState OIDCSessionState instance
 * @param loginTenantDomain login tenant domain
 */
public void storeOIDCSessionState(String sessionId, OIDCSessionState sessionState, String loginTenantDomain) {
    String tenantDomain = resolveCacheTenantDomain(loginTenantDomain);
    OIDCSessionParticipantCacheKey cacheKey = new OIDCSessionParticipantCacheKey();
    cacheKey.setSessionID(sessionId);
    OIDCSessionParticipantCacheEntry cacheEntry = new OIDCSessionParticipantCacheEntry();
    cacheEntry.setSessionState(sessionState);
    cacheEntry.setTenantDomain(tenantDomain);
    OIDCSessionParticipantCache.getInstance().addToCache(cacheKey, cacheEntry, tenantDomain);
}
Also used : OIDCSessionParticipantCacheEntry(org.wso2.carbon.identity.oidc.session.cache.OIDCSessionParticipantCacheEntry) OIDCSessionParticipantCacheKey(org.wso2.carbon.identity.oidc.session.cache.OIDCSessionParticipantCacheKey)

Example 12 with OIDCSessionState

use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCSessionManager method getOIDCSessionState.

/**
 * Retrieves session state for the given session id.
 *
 * @param sessionId session id value
 * @param loginTenantDomain login tenant domain
 * @return OIDCSessionState instance
 */
public OIDCSessionState getOIDCSessionState(String sessionId, String loginTenantDomain) {
    String tenantDomain = resolveCacheTenantDomain(loginTenantDomain);
    OIDCSessionParticipantCacheKey cacheKey = new OIDCSessionParticipantCacheKey();
    cacheKey.setSessionID(sessionId);
    OIDCSessionParticipantCacheEntry cacheEntry = OIDCSessionParticipantCache.getInstance().getValueFromCache(cacheKey, tenantDomain);
    return cacheEntry == null ? null : cacheEntry.getSessionState();
}
Also used : OIDCSessionParticipantCacheEntry(org.wso2.carbon.identity.oidc.session.cache.OIDCSessionParticipantCacheEntry) OIDCSessionParticipantCacheKey(org.wso2.carbon.identity.oidc.session.cache.OIDCSessionParticipantCacheKey)

Example 13 with OIDCSessionState

use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultLogoutTokenBuilder method buildLogoutToken.

@Override
public Map<String, String> buildLogoutToken(HttpServletRequest request) throws IdentityOAuth2Exception, InvalidOAuthClientException {
    Map<String, String> logoutTokenList = new HashMap<>();
    // Send logout token to all RPs.
    Cookie opbsCookie = OIDCSessionManagementUtil.getOPBrowserStateCookie(request);
    // For backward compatibility, SUPER_TENANT_DOMAIN was added as the cache maintained tenant.
    OIDCSessionState sessionState = getSessionState(opbsCookie != null ? opbsCookie.getValue() : null, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
    if (sessionState != null) {
        Set<String> sessionParticipants = getSessionParticipants(sessionState);
        if (!sessionParticipants.isEmpty()) {
            for (String clientID : sessionParticipants) {
                OAuthAppDO oAuthAppDO;
                try {
                    oAuthAppDO = getOAuthAppDO(clientID);
                } catch (InvalidOAuthClientException e) {
                    if (log.isDebugEnabled()) {
                        log.debug("The application with client id: " + clientID + " does not exists. This application may be deleted after" + " this session is created. So skipping it in logout token list.", e);
                    }
                    continue;
                }
                String tenantDomain = oAuthAppDO.getAppOwner().getTenantDomain();
                if (StringUtils.equals(clientID, getClientId(request, tenantDomain))) {
                    // No need to send logout token if the client id of the RP initiated logout is known.
                    continue;
                }
                addToLogoutTokenList(logoutTokenList, sessionState, clientID);
            }
        }
    }
    return logoutTokenList;
}
Also used : Cookie(javax.servlet.http.Cookie) OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) HashMap(java.util.HashMap) OIDCSessionState(org.wso2.carbon.identity.oidc.session.OIDCSessionState) InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)

Example 14 with OIDCSessionState

use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleResponseFromConsent.

private Response handleResponseFromConsent(OAuthMessage oAuthMessage) throws OAuthSystemException, URISyntaxException, ConsentHandlingFailedException {
    if (LoggerUtils.isDiagnosticLogsEnabled()) {
        Map<String, Object> params = new HashMap<>();
        if (oAuthMessage.getRequest() != null && MapUtils.isNotEmpty(oAuthMessage.getRequest().getParameterMap())) {
            oAuthMessage.getRequest().getParameterMap().forEach((key, value) -> {
                if (ArrayUtils.isNotEmpty(value)) {
                    params.put(key, Arrays.asList(value));
                }
            });
        }
        LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "Successfully received consent response", "receive-consent-response", null);
    }
    updateAuthTimeInSessionDataCacheEntry(oAuthMessage);
    addSessionDataKeyToSessionDataCacheEntry(oAuthMessage);
    String consent = getConsentFromRequest(oAuthMessage);
    if (consent != null) {
        if (OAuthConstants.Consent.DENY.equals(consent)) {
            return handleDeniedConsent(oAuthMessage);
        }
        /*
                Get the user consented claims from the consent response and create a consent receipt.
            */
        handlePostConsent(oAuthMessage);
        OIDCSessionState sessionState = new OIDCSessionState();
        String redirectURL = handleUserConsent(oAuthMessage, consent, sessionState);
        if (isFormPostResponseMode(oAuthMessage, redirectURL)) {
            return handleFormPostResponseMode(oAuthMessage, sessionState, redirectURL);
        }
        redirectURL = manageOIDCSessionState(oAuthMessage, sessionState, redirectURL);
        return Response.status(HttpServletResponse.SC_FOUND).location(new URI(redirectURL)).build();
    } else {
        return handleEmptyConsent(oAuthMessage);
    }
}
Also used : ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) OIDCSessionState(org.wso2.carbon.identity.oidc.session.OIDCSessionState) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) URI(java.net.URI) REDIRECT_URI(org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)

Example 15 with OIDCSessionState

use of org.wso2.carbon.identity.oidc.session.OIDCSessionState in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleApprovedAlwaysWithoutPromptingForNewConsent.

private String handleApprovedAlwaysWithoutPromptingForNewConsent(OAuthMessage oAuthMessage, OIDCSessionState sessionState, OAuth2Parameters oauth2Params) throws ConsentHandlingFailedException, OAuthSystemException, OAuthProblemException {
    AuthenticatedUser authenticatedUser = getLoggedInUser(oAuthMessage);
    String preConsent = handlePreConsentIncludingExistingConsents(oauth2Params, authenticatedUser);
    if (isConsentFromUserRequired(preConsent)) {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            params.put("clientId", oauth2Params.getClientId());
            params.put("prompt", oauth2Params.getPrompt());
            Map<String, Object> configs = new HashMap<>();
            configs.put("consentRequiredClaims", preConsent);
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.FAILED, "'prompt' is set to none, and existing user consent is incomplete for the OAuth client.", "validate-existing-consent", configs);
        }
        throw OAuthProblemException.error(OAuth2ErrorCodes.CONSENT_REQUIRED, "Consent approved always without prompting for new consent");
    } else {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            Map<String, Object> params = new HashMap<>();
            params.put("clientId", oauth2Params.getClientId());
            params.put("prompt", oauth2Params.getPrompt());
            LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, params, OAuthConstants.LogConstants.SUCCESS, "'prompt' is set to none, and existing user consent found for the OAuth client.", "validate-existing-consent", null);
        }
        return handleUserConsent(oAuthMessage, APPROVE, sessionState);
    }
}
Also used : ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) JSONObject(org.json.JSONObject) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)

Aggregations

HashMap (java.util.HashMap)9 OIDCSessionState (org.wso2.carbon.identity.oidc.session.OIDCSessionState)9 RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)7 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)6 JSONObject (org.json.JSONObject)5 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)5 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)5 Cookie (javax.servlet.http.Cookie)4 OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)3 URI (java.net.URI)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 Matchers.anyString (org.mockito.Matchers.anyString)2 REDIRECT_URI (org.wso2.carbon.identity.oauth.common.OAuthConstants.OAuth20Params.REDIRECT_URI)2 InvalidOAuthClientException (org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)2 OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)2 OAuth2AuthorizeRespDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO)2 OIDCSessionParticipantCacheEntry (org.wso2.carbon.identity.oidc.session.cache.OIDCSessionParticipantCacheEntry)2 OIDCSessionParticipantCacheKey (org.wso2.carbon.identity.oidc.session.cache.OIDCSessionParticipantCacheKey)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1