Example 86 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class IdPManagementDAOTest method updateIdPData.
@DataProvider
public Object[][] updateIdPData() {
// Initialize Test Identity Provider 1.
IdentityProvider idp1 = new IdentityProvider();
idp1.setIdentityProviderName("testIdP1");
idp1.setHomeRealmId("1");
idp1.setEnable(true);
idp1.setPrimary(true);
idp1.setFederationHub(true);
idp1.setCertificate("");
FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
federatedAuthenticatorConfig.setDisplayName("DisplayName1");
federatedAuthenticatorConfig.setName("Name");
federatedAuthenticatorConfig.setEnabled(true);
Property property1 = new Property();
property1.setName("Property1");
property1.setValue("value1");
property1.setConfidential(true);
federatedAuthenticatorConfig.setProperties(new Property[] { property1 });
idp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
ProvisioningConnectorConfig provisioningConnectorConfig = new ProvisioningConnectorConfig();
provisioningConnectorConfig.setName("ProvisiningConfig1");
provisioningConnectorConfig.setProvisioningProperties(new Property[] { property1 });
idp1.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { provisioningConnectorConfig });
// Initialize Test Identity Provider 2.
IdentityProvider idp2 = new IdentityProvider();
idp2.setIdentityProviderName("testIdP2");
idp2.setHomeRealmId("2");
ClaimConfig claimConfig2 = new ClaimConfig();
claimConfig2.setLocalClaimDialect(true);
claimConfig2.setRoleClaimURI("http://wso2.org/claims/role");
claimConfig2.setUserClaimURI("http://wso2.org/claims/fullname");
ClaimMapping claimMapping2 = new ClaimMapping();
Claim localClaim2 = new Claim();
localClaim2.setClaimId(0);
localClaim2.setClaimUri("http://wso2.org/claims/fullname");
claimMapping2.setLocalClaim(localClaim2);
claimConfig2.setClaimMappings(new ClaimMapping[] { claimMapping2 });
idp2.setClaimConfig(claimConfig2);
// Initialize Test Identity Provider 3.
IdentityProvider idp3 = new IdentityProvider();
idp3.setIdentityProviderName("testIdP3");
// Initialize New Test Identity Provider 1.
IdentityProvider idp1New = new IdentityProvider();
idp1New.setIdentityProviderName("testIdP1New");
idp1New.setEnable(true);
idp1New.setPrimary(true);
idp1New.setFederationHub(true);
idp1New.setCertificate("");
RoleMapping newRoleMapping1 = new RoleMapping();
newRoleMapping1.setRemoteRole("Role1New");
newRoleMapping1.setLocalRole(new LocalRole("1", "LocalRole1"));
RoleMapping newRoleMapping2 = new RoleMapping();
newRoleMapping2.setRemoteRole("Role2New");
newRoleMapping2.setLocalRole(new LocalRole("2", "LocalRole2"));
PermissionsAndRoleConfig newPermissionsAndRoleConfig = new PermissionsAndRoleConfig();
newPermissionsAndRoleConfig.setIdpRoles(new String[] { "Role1New", "Role2New" });
newPermissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { newRoleMapping1, newRoleMapping2 });
idp1New.setPermissionAndRoleConfig(newPermissionsAndRoleConfig);
FederatedAuthenticatorConfig newFederatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
newFederatedAuthenticatorConfig.setDisplayName("DisplayName1New");
newFederatedAuthenticatorConfig.setName("Name");
newFederatedAuthenticatorConfig.setEnabled(true);
Property property1New = new Property();
property1New.setName("Property1New");
property1New.setValue("value1New");
property1New.setConfidential(false);
Property property2New = new Property();
property2New.setName("Property2New");
property2New.setValue("value2New");
property2New.setConfidential(false);
newFederatedAuthenticatorConfig.setProperties(new Property[] { property1New, property2New });
idp1New.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { newFederatedAuthenticatorConfig });
ProvisioningConnectorConfig newProvisioningConnectorConfig1 = new ProvisioningConnectorConfig();
newProvisioningConnectorConfig1.setName("ProvisiningConfig1");
newProvisioningConnectorConfig1.setProvisioningProperties(new Property[] { property1New });
ProvisioningConnectorConfig newProvisioningConnectorConfig2 = new ProvisioningConnectorConfig();
newProvisioningConnectorConfig2.setName("ProvisiningConfig2");
newProvisioningConnectorConfig2.setProvisioningProperties(new Property[] { property2New });
newProvisioningConnectorConfig2.setEnabled(true);
newProvisioningConnectorConfig2.setBlocking(true);
idp1New.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { newProvisioningConnectorConfig1, newProvisioningConnectorConfig2 });
ClaimConfig newClaimConfig = new ClaimConfig();
newClaimConfig.setLocalClaimDialect(false);
newClaimConfig.setRoleClaimURI("Country");
newClaimConfig.setUserClaimURI("Country");
ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
Claim remoteClaim = new Claim();
remoteClaim.setClaimId(0);
remoteClaim.setClaimUri("Country");
newClaimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
newClaimConfig.setIdpClaims(new Claim[] { remoteClaim });
idp1New.setClaimConfig(newClaimConfig);
// Initialize New Test Identity Provider 2.
IdentityProvider idp2New = new IdentityProvider();
idp2New.setIdentityProviderName("testIdP2New");
// Initialize New Test Identity Provider 3.
IdentityProvider idp3New = new IdentityProvider();
idp3New.setIdentityProviderName("testIdP3New");
return new Object[][] { // Update PermissionsAndRoleConfig,FederatedAuthenticatorConfig,ProvisioningConnectorConfig,ClaimConfig.
{ idp1, idp1New, SAMPLE_TENANT_ID }, // Update name, LocalClaimDialect, ClaimConfig.
{ idp2, idp2New, SAMPLE_TENANT_ID }, // Update name.
{ idp3, idp3New, SAMPLE_TENANT_ID2 } };
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig)
PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Property(org.wso2.carbon.identity.application.common.model.Property)
IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)
ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)
Claim(org.wso2.carbon.identity.application.common.model.Claim)
DataProvider(org.testng.annotations.DataProvider)
Example 87 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class IdPManagementDAOTest method addTestIdps.
private void addTestIdps() throws IdentityProviderManagementException {
// Initialize Test Identity Provider 1.
IdentityProvider idp1 = new IdentityProvider();
idp1.setIdentityProviderName("testIdP1");
idp1.setHomeRealmId("1");
idp1.setEnable(true);
idp1.setPrimary(true);
idp1.setFederationHub(true);
idp1.setCertificate("");
RoleMapping roleMapping1 = new RoleMapping();
roleMapping1.setRemoteRole("Role1");
roleMapping1.setLocalRole(new LocalRole("1", "LocalRole1"));
RoleMapping roleMapping2 = new RoleMapping();
roleMapping2.setRemoteRole("Role2");
roleMapping2.setLocalRole(new LocalRole("2", "LocalRole2"));
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
permissionsAndRoleConfig.setIdpRoles(new String[] { "Role1", "Role2" });
permissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { roleMapping1, roleMapping2 });
idp1.setPermissionAndRoleConfig(permissionsAndRoleConfig);
FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
federatedAuthenticatorConfig.setDisplayName("DisplayName1");
federatedAuthenticatorConfig.setName("Name");
federatedAuthenticatorConfig.setEnabled(true);
Property property1 = new Property();
property1.setName("Property1");
property1.setValue("value1");
property1.setConfidential(true);
Property property2 = new Property();
property2.setName("Property2");
property2.setValue("value2");
property2.setConfidential(false);
federatedAuthenticatorConfig.setProperties(new Property[] { property1, property2 });
idp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
ProvisioningConnectorConfig provisioningConnectorConfig1 = new ProvisioningConnectorConfig();
provisioningConnectorConfig1.setName("ProvisiningConfig1");
provisioningConnectorConfig1.setProvisioningProperties(new Property[] { property1 });
ProvisioningConnectorConfig provisioningConnectorConfig2 = new ProvisioningConnectorConfig();
provisioningConnectorConfig2.setName("ProvisiningConfig2");
provisioningConnectorConfig2.setProvisioningProperties(new Property[] { property2 });
provisioningConnectorConfig2.setEnabled(true);
provisioningConnectorConfig2.setBlocking(true);
idp1.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { provisioningConnectorConfig1, provisioningConnectorConfig2 });
IdentityProviderProperty identityProviderProperty = new IdentityProviderProperty();
identityProviderProperty.setDisplayName("idpDisplayName");
identityProviderProperty.setName("idpPropertyName");
identityProviderProperty.setValue("idpPropertyValue");
idp1.setIdpProperties(new IdentityProviderProperty[] { identityProviderProperty });
ClaimConfig claimConfig = new ClaimConfig();
claimConfig.setLocalClaimDialect(false);
claimConfig.setRoleClaimURI("Country");
claimConfig.setUserClaimURI("Country");
ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
Claim remoteClaim = new Claim();
remoteClaim.setClaimId(0);
remoteClaim.setClaimUri("Country");
claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
claimConfig.setIdpClaims(new Claim[] { remoteClaim });
idp1.setClaimConfig(claimConfig);
// Initialize Test Identity Provider 2.
IdentityProvider idp2 = new IdentityProvider();
idp2.setIdentityProviderName("testIdP2");
idp2.setHomeRealmId("2");
ClaimConfig claimConfig2 = new ClaimConfig();
claimConfig2.setLocalClaimDialect(true);
claimConfig2.setRoleClaimURI("http://wso2.org/claims/role");
claimConfig2.setUserClaimURI("http://wso2.org/claims/fullname");
ClaimMapping claimMapping2 = new ClaimMapping();
Claim localClaim2 = new Claim();
localClaim2.setClaimId(0);
localClaim2.setClaimUri("http://wso2.org/claims/fullname");
claimMapping2.setLocalClaim(localClaim2);
claimConfig2.setClaimMappings(new ClaimMapping[] { claimMapping2 });
idp2.setClaimConfig(claimConfig2);
// Initialize Test Identity Provider 3.
IdentityProvider idp3 = new IdentityProvider();
idp3.setIdentityProviderName("testIdP3");
idp3.setHomeRealmId("3");
// IDP with PermissionsAndRoleConfig, FederatedAuthenticatorConfigs, ProvisioningConnectorConfigs, ClaimConfigs.
idPManagementDAO.addIdP(idp1, SAMPLE_TENANT_ID);
// IDP with Local Cliam Dialect ClaimConfigs.
idPManagementDAO.addIdP(idp2, SAMPLE_TENANT_ID);
// IDP with Only name.
idPManagementDAO.addIdP(idp3, SAMPLE_TENANT_ID2);
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)
ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Property(org.wso2.carbon.identity.application.common.model.Property)
IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)
ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)
Claim(org.wso2.carbon.identity.application.common.model.Claim)
Example 88 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class IdPManagementDAOTest method addIdPData.
@DataProvider
public Object[][] addIdPData() {
// Initialize Test Identity Provider 1.
IdentityProvider idp1 = new IdentityProvider();
idp1.setIdentityProviderName("testIdP1");
idp1.setEnable(true);
idp1.setPrimary(true);
idp1.setFederationHub(true);
idp1.setCertificate("");
RoleMapping roleMapping1 = new RoleMapping(new LocalRole("1", "LocalRole1"), "Role1");
RoleMapping roleMapping2 = new RoleMapping(new LocalRole("2", "LocalRole2"), "Role2");
PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
permissionsAndRoleConfig.setIdpRoles(new String[] { "Role1", "Role2" });
permissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { roleMapping1, roleMapping2 });
idp1.setPermissionAndRoleConfig(permissionsAndRoleConfig);
FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
federatedAuthenticatorConfig.setDisplayName("DisplayName1");
federatedAuthenticatorConfig.setName("Name");
federatedAuthenticatorConfig.setEnabled(true);
Property property1 = new Property();
property1.setName("Property1");
property1.setValue("value1");
property1.setConfidential(false);
Property property2 = new Property();
property2.setName("Property2");
property2.setValue("value2");
property2.setConfidential(true);
federatedAuthenticatorConfig.setProperties(new Property[] { property1, property2 });
idp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
ProvisioningConnectorConfig provisioningConnectorConfig1 = new ProvisioningConnectorConfig();
provisioningConnectorConfig1.setName("ProvisiningConfig1");
provisioningConnectorConfig1.setProvisioningProperties(new Property[] { property1 });
ProvisioningConnectorConfig provisioningConnectorConfig2 = new ProvisioningConnectorConfig();
provisioningConnectorConfig2.setName("ProvisiningConfig2");
provisioningConnectorConfig2.setProvisioningProperties(new Property[] { property2 });
provisioningConnectorConfig2.setEnabled(true);
provisioningConnectorConfig2.setBlocking(true);
idp1.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { provisioningConnectorConfig1, provisioningConnectorConfig2 });
ClaimConfig claimConfig = new ClaimConfig();
claimConfig.setLocalClaimDialect(false);
claimConfig.setRoleClaimURI("Country");
claimConfig.setUserClaimURI("Country");
ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
Claim remoteClaim = new Claim();
remoteClaim.setClaimId(0);
remoteClaim.setClaimUri("Country");
claimConfig.setIdpClaims(new Claim[] { remoteClaim });
idp1.setClaimConfig(claimConfig);
// Initialize Test Identity Provider 2.
IdentityProvider idp2 = new IdentityProvider();
idp2.setIdentityProviderName("testIdP2");
ClaimConfig claimConfig2 = new ClaimConfig();
claimConfig2.setLocalClaimDialect(true);
claimConfig2.setRoleClaimURI("http://wso2.org/claims/role");
claimConfig2.setUserClaimURI("http://wso2.org/claims/fullname");
ClaimMapping claimMapping2 = new ClaimMapping();
Claim localClaim2 = new Claim();
localClaim2.setClaimId(0);
localClaim2.setClaimUri("http://wso2.org/claims/fullname");
claimMapping2.setLocalClaim(localClaim2);
claimConfig2.setClaimMappings(new ClaimMapping[] { claimMapping2 });
idp2.setClaimConfig(claimConfig2);
// Initialize Test Identity Provider 3.
IdentityProvider idp3 = new IdentityProvider();
idp3.setIdentityProviderName("testIdP3");
return new Object[][] { // IDP with PermissionsAndRoleConfig,FederatedAuthenticatorConfigs,ProvisioningConnectorConfigs,Claims.
{ idp1, SAMPLE_TENANT_ID }, // IDP with Local Cliam Dialect ClaimConfigs.
{ idp2, SAMPLE_TENANT_ID }, // IDP with Only name.
{ idp3, SAMPLE_TENANT_ID2 } };
}
Also used :
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig)
ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Property(org.wso2.carbon.identity.application.common.model.Property)
IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty)
ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig)
Claim(org.wso2.carbon.identity.application.common.model.Claim)
DataProvider(org.testng.annotations.DataProvider)
Example 89 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class OutboundProvisioningManager method provision.
/**
* Outbound provisioning method.
*
* @param provisioningEntity Provisioning entity.
* @param serviceProviderIdentifier Identifier of the service provider.
* @param inboundClaimDialect Inbound claim dialect.
* @param spTenantDomainName Tenant domain of the service provider.
* @param jitProvisioning Is JIT provisioning enabled.
* @throws IdentityProvisioningException if error occurred while user provisioning.
*/
public void provision(ProvisioningEntity provisioningEntity, String serviceProviderIdentifier, String inboundClaimDialect, String spTenantDomainName, boolean jitProvisioning) throws IdentityProvisioningException {
try {
if (provisioningEntity.getEntityName() == null) {
setProvisioningEntityName(provisioningEntity);
}
// get details about the service provider.any in-bound provisioning request via
// the SOAP based API (or the management console) - or SCIM API with HTTP Basic
// Authentication is considered as coming from the local service provider.
ServiceProvider serviceProvider = ApplicationManagementService.getInstance().getServiceProvider(serviceProviderIdentifier, spTenantDomainName);
if (serviceProvider == null) {
throw new IdentityProvisioningException("Invalid service provider name : " + serviceProviderIdentifier);
}
String provisioningEntityTenantDomainName = spTenantDomainName;
if (serviceProvider.isSaasApp() && isUserTenantBasedOutboundProvisioningEnabled()) {
provisioningEntityTenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
}
ClaimMapping[] spClaimMappings = null;
// if we know the serviceProviderClaimDialect - we do not need to find it again.
if (inboundClaimDialect == null && serviceProvider.getClaimConfig() != null) {
spClaimMappings = serviceProvider.getClaimConfig().getClaimMappings();
}
// get all the provisioning connectors associated with local service provider for
// out-bound provisioning.
// TODO: stop loading connectors all the time.
Map<String, RuntimeProvisioningConfig> connectors = getOutboundProvisioningConnectors(serviceProvider, spTenantDomainName);
ProvisioningEntity outboundProEntity;
ExecutorService executors = null;
if (MapUtils.isNotEmpty(connectors)) {
executors = Executors.newFixedThreadPool(connectors.size());
}
for (Iterator<Entry<String, RuntimeProvisioningConfig>> iterator = connectors.entrySet().iterator(); iterator.hasNext(); ) {
Entry<String, RuntimeProvisioningConfig> entry = iterator.next();
Entry<String, AbstractOutboundProvisioningConnector> connectorEntry = entry.getValue().getProvisioningConnectorEntry();
AbstractOutboundProvisioningConnector connector = connectorEntry.getValue();
String connectorType = connectorEntry.getKey();
String idPName = entry.getKey();
IdentityProvider provisioningIdp = IdentityProviderManager.getInstance().getIdPByName(idPName, spTenantDomainName);
if (provisioningIdp == null) {
// by its name.
throw new IdentityProvisioningException("Invalid identity provider name : " + idPName);
}
String outboundClaimDialect = connector.getClaimDialectUri();
if (outboundClaimDialect == null && (provisioningIdp.getClaimConfig() == null || provisioningIdp.getClaimConfig().isLocalClaimDialect())) {
outboundClaimDialect = IdentityProvisioningConstants.WSO2_CARBON_DIALECT;
}
ClaimMapping[] idpClaimMappings = null;
if (provisioningIdp.getClaimConfig() != null) {
idpClaimMappings = provisioningIdp.getClaimConfig().getClaimMappings();
}
// TODO: this should happen asynchronously in a different thread.
// create a new provisioning entity object for each provisioning identity
// provider.
Map<ClaimMapping, List<String>> mapppedClaims;
// get mapped claims.
mapppedClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, provisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
if (provisioningIdp.getPermissionAndRoleConfig() != null) {
// update with mapped user groups.
updateProvisioningUserWithMappedRoles(provisioningEntity, provisioningIdp.getPermissionAndRoleConfig().getRoleMappings());
}
// check whether we already have the provisioned identifier - if
// so set it.
ProvisionedIdentifier provisionedIdentifier;
provisionedIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, provisioningEntity, spTenantDomainName);
ProvisioningOperation provisioningOp = provisioningEntity.getOperation();
if (ProvisioningOperation.DELETE.equals(provisioningOp) && (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null)) {
// send outbound delete request. Skip the flow
return;
}
if (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) {
provisioningOp = ProvisioningOperation.POST;
}
String[] provisionByRoleList = new String[0];
if (provisioningIdp.getProvisioningRole() != null) {
provisionByRoleList = provisioningIdp.getProvisioningRole().trim().split("\\s*,[,\\s]*");
}
if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList(provisionByRoleList).contains(provisioningEntity.getEntityName())) {
Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
List<String> newUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false));
List<String> deletedUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, null, null, false));
Map<ClaimMapping, List<String>> mappedUserClaims;
ProvisionedIdentifier provisionedUserIdentifier;
for (String user : newUsersList) {
ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.POST, user);
provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
continue;
}
mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.POST, mappedUserClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isBlocking = entry.getValue().isBlocking();
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
for (String user : deletedUsersList) {
ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.DELETE, user);
provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.DELETE, mappedUserClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedUserIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isBlocking = entry.getValue().isBlocking();
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
}
} else {
if (!canUserBeProvisioned(provisioningEntity, provisionByRoleList, provisioningEntityTenantDomainName)) {
if (!canUserBeDeProvisioned(provisionedIdentifier)) {
continue;
} else {
// This is used when user removed from the provisioning role
provisioningOp = ProvisioningOperation.DELETE;
}
}
if (!skipOutBoundProvisioning(provisioningOp, provisioningEntity, inboundClaimDialect)) {
outboundProEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), provisioningOp, mapppedClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isAllowed = true;
boolean isBlocking = entry.getValue().isBlocking();
boolean isPolicyEnabled = entry.getValue().isPolicyEnabled();
if (isPolicyEnabled) {
isAllowed = XACMLBasedRuleHandler.getInstance().isAllowedToProvision(spTenantDomainName, provisioningEntity, serviceProvider, idPName, connectorType);
}
if (isAllowed) {
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
}
}
}
if (executors != null) {
executors.shutdown();
}
} catch (CarbonException | IdentityApplicationManagementException | IdentityProviderManagementException | UserStoreException e) {
throw new IdentityProvisioningException("Error occurred while checking for user " + "provisioning", e);
}
}
Also used :
CarbonException(org.wso2.carbon.CarbonException)
Entry(java.util.Map.Entry)
SimpleEntry(java.util.AbstractMap.SimpleEntry)
ServiceProviderProvisioningConnectorCacheEntry(org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
List(java.util.List)
ArrayList(java.util.ArrayList)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
ExecutorService(java.util.concurrent.ExecutorService)
IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)
Example 90 with Role
use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.
the class OutboundProvisioningManager method getMappedGroups.
/**
* Get mapped idp roles for given role list
*
* @param groupList
* @param idPRoleMapping
* @return
*/
private List<String> getMappedGroups(List<String> groupList, RoleMapping[] idPRoleMapping) {
if (CollectionUtils.isEmpty(groupList)) {
return new ArrayList<>();
}
Map<String, String> mappedRoles = new HashMap<>();
for (RoleMapping mapping : idPRoleMapping) {
mappedRoles.put(mapping.getLocalRole().getLocalRoleName(), mapping.getRemoteRole());
}
List<String> mappedUserGroups = new ArrayList<>();
for (Iterator<String> iterator = groupList.iterator(); iterator.hasNext(); ) {
String userGroup = iterator.next();
String mappedGroup = null;
if ((mappedGroup = mappedRoles.get(userGroup)) != null) {
mappedUserGroups.add(mappedGroup);
}
}
return mappedUserGroups;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)
Aggregations
Test (org.testng.annotations.Test)85
ArrayList (java.util.ArrayList)74
UserStoreException (org.wso2.carbon.user.api.UserStoreException)56
HashMap (java.util.HashMap)52
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)42
Connection (java.sql.Connection)36
SQLException (java.sql.SQLException)34
Role (org.wso2.charon3.core.objects.Role)33
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)31
CharonException (org.wso2.charon3.core.exceptions.CharonException)29
RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)26
PreparedStatement (java.sql.PreparedStatement)25
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)24
RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)24
ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)23
HashSet (java.util.HashSet)20
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)20
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)19
IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)19
Matchers.anyString (org.mockito.Matchers.anyString)18
