Search in sources :

Example 86 with Role

use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.

the class IdPManagementDAOTest method updateIdPData.

@DataProvider
public Object[][] updateIdPData() {
    // Initialize Test Identity Provider 1.
    IdentityProvider idp1 = new IdentityProvider();
    idp1.setIdentityProviderName("testIdP1");
    idp1.setHomeRealmId("1");
    idp1.setEnable(true);
    idp1.setPrimary(true);
    idp1.setFederationHub(true);
    idp1.setCertificate("");
    FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    federatedAuthenticatorConfig.setDisplayName("DisplayName1");
    federatedAuthenticatorConfig.setName("Name");
    federatedAuthenticatorConfig.setEnabled(true);
    Property property1 = new Property();
    property1.setName("Property1");
    property1.setValue("value1");
    property1.setConfidential(true);
    federatedAuthenticatorConfig.setProperties(new Property[] { property1 });
    idp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
    ProvisioningConnectorConfig provisioningConnectorConfig = new ProvisioningConnectorConfig();
    provisioningConnectorConfig.setName("ProvisiningConfig1");
    provisioningConnectorConfig.setProvisioningProperties(new Property[] { property1 });
    idp1.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { provisioningConnectorConfig });
    // Initialize Test Identity Provider 2.
    IdentityProvider idp2 = new IdentityProvider();
    idp2.setIdentityProviderName("testIdP2");
    idp2.setHomeRealmId("2");
    ClaimConfig claimConfig2 = new ClaimConfig();
    claimConfig2.setLocalClaimDialect(true);
    claimConfig2.setRoleClaimURI("http://wso2.org/claims/role");
    claimConfig2.setUserClaimURI("http://wso2.org/claims/fullname");
    ClaimMapping claimMapping2 = new ClaimMapping();
    Claim localClaim2 = new Claim();
    localClaim2.setClaimId(0);
    localClaim2.setClaimUri("http://wso2.org/claims/fullname");
    claimMapping2.setLocalClaim(localClaim2);
    claimConfig2.setClaimMappings(new ClaimMapping[] { claimMapping2 });
    idp2.setClaimConfig(claimConfig2);
    // Initialize Test Identity Provider 3.
    IdentityProvider idp3 = new IdentityProvider();
    idp3.setIdentityProviderName("testIdP3");
    // Initialize New Test Identity Provider 1.
    IdentityProvider idp1New = new IdentityProvider();
    idp1New.setIdentityProviderName("testIdP1New");
    idp1New.setEnable(true);
    idp1New.setPrimary(true);
    idp1New.setFederationHub(true);
    idp1New.setCertificate("");
    RoleMapping newRoleMapping1 = new RoleMapping();
    newRoleMapping1.setRemoteRole("Role1New");
    newRoleMapping1.setLocalRole(new LocalRole("1", "LocalRole1"));
    RoleMapping newRoleMapping2 = new RoleMapping();
    newRoleMapping2.setRemoteRole("Role2New");
    newRoleMapping2.setLocalRole(new LocalRole("2", "LocalRole2"));
    PermissionsAndRoleConfig newPermissionsAndRoleConfig = new PermissionsAndRoleConfig();
    newPermissionsAndRoleConfig.setIdpRoles(new String[] { "Role1New", "Role2New" });
    newPermissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { newRoleMapping1, newRoleMapping2 });
    idp1New.setPermissionAndRoleConfig(newPermissionsAndRoleConfig);
    FederatedAuthenticatorConfig newFederatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    newFederatedAuthenticatorConfig.setDisplayName("DisplayName1New");
    newFederatedAuthenticatorConfig.setName("Name");
    newFederatedAuthenticatorConfig.setEnabled(true);
    Property property1New = new Property();
    property1New.setName("Property1New");
    property1New.setValue("value1New");
    property1New.setConfidential(false);
    Property property2New = new Property();
    property2New.setName("Property2New");
    property2New.setValue("value2New");
    property2New.setConfidential(false);
    newFederatedAuthenticatorConfig.setProperties(new Property[] { property1New, property2New });
    idp1New.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { newFederatedAuthenticatorConfig });
    ProvisioningConnectorConfig newProvisioningConnectorConfig1 = new ProvisioningConnectorConfig();
    newProvisioningConnectorConfig1.setName("ProvisiningConfig1");
    newProvisioningConnectorConfig1.setProvisioningProperties(new Property[] { property1New });
    ProvisioningConnectorConfig newProvisioningConnectorConfig2 = new ProvisioningConnectorConfig();
    newProvisioningConnectorConfig2.setName("ProvisiningConfig2");
    newProvisioningConnectorConfig2.setProvisioningProperties(new Property[] { property2New });
    newProvisioningConnectorConfig2.setEnabled(true);
    newProvisioningConnectorConfig2.setBlocking(true);
    idp1New.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { newProvisioningConnectorConfig1, newProvisioningConnectorConfig2 });
    ClaimConfig newClaimConfig = new ClaimConfig();
    newClaimConfig.setLocalClaimDialect(false);
    newClaimConfig.setRoleClaimURI("Country");
    newClaimConfig.setUserClaimURI("Country");
    ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
    Claim remoteClaim = new Claim();
    remoteClaim.setClaimId(0);
    remoteClaim.setClaimUri("Country");
    newClaimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
    newClaimConfig.setIdpClaims(new Claim[] { remoteClaim });
    idp1New.setClaimConfig(newClaimConfig);
    // Initialize New Test Identity Provider 2.
    IdentityProvider idp2New = new IdentityProvider();
    idp2New.setIdentityProviderName("testIdP2New");
    // Initialize New Test Identity Provider 3.
    IdentityProvider idp3New = new IdentityProvider();
    idp3New.setIdentityProviderName("testIdP3New");
    return new Object[][] { // Update PermissionsAndRoleConfig,FederatedAuthenticatorConfig,ProvisioningConnectorConfig,ClaimConfig.
    { idp1, idp1New, SAMPLE_TENANT_ID }, // Update name, LocalClaimDialect, ClaimConfig.
    { idp2, idp2New, SAMPLE_TENANT_ID }, // Update name.
    { idp3, idp3New, SAMPLE_TENANT_ID2 } };
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) Property(org.wso2.carbon.identity.application.common.model.Property) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig) Claim(org.wso2.carbon.identity.application.common.model.Claim) DataProvider(org.testng.annotations.DataProvider)

Example 87 with Role

use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.

the class IdPManagementDAOTest method addTestIdps.

private void addTestIdps() throws IdentityProviderManagementException {
    // Initialize Test Identity Provider 1.
    IdentityProvider idp1 = new IdentityProvider();
    idp1.setIdentityProviderName("testIdP1");
    idp1.setHomeRealmId("1");
    idp1.setEnable(true);
    idp1.setPrimary(true);
    idp1.setFederationHub(true);
    idp1.setCertificate("");
    RoleMapping roleMapping1 = new RoleMapping();
    roleMapping1.setRemoteRole("Role1");
    roleMapping1.setLocalRole(new LocalRole("1", "LocalRole1"));
    RoleMapping roleMapping2 = new RoleMapping();
    roleMapping2.setRemoteRole("Role2");
    roleMapping2.setLocalRole(new LocalRole("2", "LocalRole2"));
    PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
    permissionsAndRoleConfig.setIdpRoles(new String[] { "Role1", "Role2" });
    permissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { roleMapping1, roleMapping2 });
    idp1.setPermissionAndRoleConfig(permissionsAndRoleConfig);
    FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    federatedAuthenticatorConfig.setDisplayName("DisplayName1");
    federatedAuthenticatorConfig.setName("Name");
    federatedAuthenticatorConfig.setEnabled(true);
    Property property1 = new Property();
    property1.setName("Property1");
    property1.setValue("value1");
    property1.setConfidential(true);
    Property property2 = new Property();
    property2.setName("Property2");
    property2.setValue("value2");
    property2.setConfidential(false);
    federatedAuthenticatorConfig.setProperties(new Property[] { property1, property2 });
    idp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
    ProvisioningConnectorConfig provisioningConnectorConfig1 = new ProvisioningConnectorConfig();
    provisioningConnectorConfig1.setName("ProvisiningConfig1");
    provisioningConnectorConfig1.setProvisioningProperties(new Property[] { property1 });
    ProvisioningConnectorConfig provisioningConnectorConfig2 = new ProvisioningConnectorConfig();
    provisioningConnectorConfig2.setName("ProvisiningConfig2");
    provisioningConnectorConfig2.setProvisioningProperties(new Property[] { property2 });
    provisioningConnectorConfig2.setEnabled(true);
    provisioningConnectorConfig2.setBlocking(true);
    idp1.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { provisioningConnectorConfig1, provisioningConnectorConfig2 });
    IdentityProviderProperty identityProviderProperty = new IdentityProviderProperty();
    identityProviderProperty.setDisplayName("idpDisplayName");
    identityProviderProperty.setName("idpPropertyName");
    identityProviderProperty.setValue("idpPropertyValue");
    idp1.setIdpProperties(new IdentityProviderProperty[] { identityProviderProperty });
    ClaimConfig claimConfig = new ClaimConfig();
    claimConfig.setLocalClaimDialect(false);
    claimConfig.setRoleClaimURI("Country");
    claimConfig.setUserClaimURI("Country");
    ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
    Claim remoteClaim = new Claim();
    remoteClaim.setClaimId(0);
    remoteClaim.setClaimUri("Country");
    claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
    claimConfig.setIdpClaims(new Claim[] { remoteClaim });
    idp1.setClaimConfig(claimConfig);
    // Initialize Test Identity Provider 2.
    IdentityProvider idp2 = new IdentityProvider();
    idp2.setIdentityProviderName("testIdP2");
    idp2.setHomeRealmId("2");
    ClaimConfig claimConfig2 = new ClaimConfig();
    claimConfig2.setLocalClaimDialect(true);
    claimConfig2.setRoleClaimURI("http://wso2.org/claims/role");
    claimConfig2.setUserClaimURI("http://wso2.org/claims/fullname");
    ClaimMapping claimMapping2 = new ClaimMapping();
    Claim localClaim2 = new Claim();
    localClaim2.setClaimId(0);
    localClaim2.setClaimUri("http://wso2.org/claims/fullname");
    claimMapping2.setLocalClaim(localClaim2);
    claimConfig2.setClaimMappings(new ClaimMapping[] { claimMapping2 });
    idp2.setClaimConfig(claimConfig2);
    // Initialize Test Identity Provider 3.
    IdentityProvider idp3 = new IdentityProvider();
    idp3.setIdentityProviderName("testIdP3");
    idp3.setHomeRealmId("3");
    // IDP with PermissionsAndRoleConfig, FederatedAuthenticatorConfigs, ProvisioningConnectorConfigs, ClaimConfigs.
    idPManagementDAO.addIdP(idp1, SAMPLE_TENANT_ID);
    // IDP with Local Cliam Dialect ClaimConfigs.
    idPManagementDAO.addIdP(idp2, SAMPLE_TENANT_ID);
    // IDP with Only name.
    idPManagementDAO.addIdP(idp3, SAMPLE_TENANT_ID2);
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) Property(org.wso2.carbon.identity.application.common.model.Property) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig) Claim(org.wso2.carbon.identity.application.common.model.Claim)

Example 88 with Role

use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.

the class IdPManagementDAOTest method addIdPData.

@DataProvider
public Object[][] addIdPData() {
    // Initialize Test Identity Provider 1.
    IdentityProvider idp1 = new IdentityProvider();
    idp1.setIdentityProviderName("testIdP1");
    idp1.setEnable(true);
    idp1.setPrimary(true);
    idp1.setFederationHub(true);
    idp1.setCertificate("");
    RoleMapping roleMapping1 = new RoleMapping(new LocalRole("1", "LocalRole1"), "Role1");
    RoleMapping roleMapping2 = new RoleMapping(new LocalRole("2", "LocalRole2"), "Role2");
    PermissionsAndRoleConfig permissionsAndRoleConfig = new PermissionsAndRoleConfig();
    permissionsAndRoleConfig.setIdpRoles(new String[] { "Role1", "Role2" });
    permissionsAndRoleConfig.setRoleMappings(new RoleMapping[] { roleMapping1, roleMapping2 });
    idp1.setPermissionAndRoleConfig(permissionsAndRoleConfig);
    FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
    federatedAuthenticatorConfig.setDisplayName("DisplayName1");
    federatedAuthenticatorConfig.setName("Name");
    federatedAuthenticatorConfig.setEnabled(true);
    Property property1 = new Property();
    property1.setName("Property1");
    property1.setValue("value1");
    property1.setConfidential(false);
    Property property2 = new Property();
    property2.setName("Property2");
    property2.setValue("value2");
    property2.setConfidential(true);
    federatedAuthenticatorConfig.setProperties(new Property[] { property1, property2 });
    idp1.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[] { federatedAuthenticatorConfig });
    ProvisioningConnectorConfig provisioningConnectorConfig1 = new ProvisioningConnectorConfig();
    provisioningConnectorConfig1.setName("ProvisiningConfig1");
    provisioningConnectorConfig1.setProvisioningProperties(new Property[] { property1 });
    ProvisioningConnectorConfig provisioningConnectorConfig2 = new ProvisioningConnectorConfig();
    provisioningConnectorConfig2.setName("ProvisiningConfig2");
    provisioningConnectorConfig2.setProvisioningProperties(new Property[] { property2 });
    provisioningConnectorConfig2.setEnabled(true);
    provisioningConnectorConfig2.setBlocking(true);
    idp1.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { provisioningConnectorConfig1, provisioningConnectorConfig2 });
    ClaimConfig claimConfig = new ClaimConfig();
    claimConfig.setLocalClaimDialect(false);
    claimConfig.setRoleClaimURI("Country");
    claimConfig.setUserClaimURI("Country");
    ClaimMapping claimMapping = ClaimMapping.build("http://wso2.org/claims/country", "Country", "", true);
    claimConfig.setClaimMappings(new ClaimMapping[] { claimMapping });
    Claim remoteClaim = new Claim();
    remoteClaim.setClaimId(0);
    remoteClaim.setClaimUri("Country");
    claimConfig.setIdpClaims(new Claim[] { remoteClaim });
    idp1.setClaimConfig(claimConfig);
    // Initialize Test Identity Provider 2.
    IdentityProvider idp2 = new IdentityProvider();
    idp2.setIdentityProviderName("testIdP2");
    ClaimConfig claimConfig2 = new ClaimConfig();
    claimConfig2.setLocalClaimDialect(true);
    claimConfig2.setRoleClaimURI("http://wso2.org/claims/role");
    claimConfig2.setUserClaimURI("http://wso2.org/claims/fullname");
    ClaimMapping claimMapping2 = new ClaimMapping();
    Claim localClaim2 = new Claim();
    localClaim2.setClaimId(0);
    localClaim2.setClaimUri("http://wso2.org/claims/fullname");
    claimMapping2.setLocalClaim(localClaim2);
    claimConfig2.setClaimMappings(new ClaimMapping[] { claimMapping2 });
    idp2.setClaimConfig(claimConfig2);
    // Initialize Test Identity Provider 3.
    IdentityProvider idp3 = new IdentityProvider();
    idp3.setIdentityProviderName("testIdP3");
    return new Object[][] { // IDP with PermissionsAndRoleConfig,FederatedAuthenticatorConfigs,ProvisioningConnectorConfigs,Claims.
    { idp1, SAMPLE_TENANT_ID }, // IDP with Local Cliam Dialect ClaimConfigs.
    { idp2, SAMPLE_TENANT_ID }, // IDP with Only name.
    { idp3, SAMPLE_TENANT_ID2 } };
}
Also used : ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) ClaimConfig(org.wso2.carbon.identity.application.common.model.ClaimConfig) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) LocalRole(org.wso2.carbon.identity.application.common.model.LocalRole) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) Property(org.wso2.carbon.identity.application.common.model.Property) IdentityProviderProperty(org.wso2.carbon.identity.application.common.model.IdentityProviderProperty) ProvisioningConnectorConfig(org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig) Claim(org.wso2.carbon.identity.application.common.model.Claim) DataProvider(org.testng.annotations.DataProvider)

Example 89 with Role

use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.

the class OutboundProvisioningManager method provision.

/**
 * Outbound provisioning method.
 *
 * @param provisioningEntity        Provisioning entity.
 * @param serviceProviderIdentifier Identifier of the service provider.
 * @param inboundClaimDialect       Inbound claim dialect.
 * @param spTenantDomainName        Tenant domain of the service provider.
 * @param jitProvisioning           Is JIT provisioning enabled.
 * @throws IdentityProvisioningException if error occurred while user provisioning.
 */
public void provision(ProvisioningEntity provisioningEntity, String serviceProviderIdentifier, String inboundClaimDialect, String spTenantDomainName, boolean jitProvisioning) throws IdentityProvisioningException {
    try {
        if (provisioningEntity.getEntityName() == null) {
            setProvisioningEntityName(provisioningEntity);
        }
        // get details about the service provider.any in-bound provisioning request via
        // the SOAP based API (or the management console) - or SCIM API with HTTP Basic
        // Authentication is considered as coming from the local service provider.
        ServiceProvider serviceProvider = ApplicationManagementService.getInstance().getServiceProvider(serviceProviderIdentifier, spTenantDomainName);
        if (serviceProvider == null) {
            throw new IdentityProvisioningException("Invalid service provider name : " + serviceProviderIdentifier);
        }
        String provisioningEntityTenantDomainName = spTenantDomainName;
        if (serviceProvider.isSaasApp() && isUserTenantBasedOutboundProvisioningEnabled()) {
            provisioningEntityTenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        }
        ClaimMapping[] spClaimMappings = null;
        // if we know the serviceProviderClaimDialect - we do not need to find it again.
        if (inboundClaimDialect == null && serviceProvider.getClaimConfig() != null) {
            spClaimMappings = serviceProvider.getClaimConfig().getClaimMappings();
        }
        // get all the provisioning connectors associated with local service provider for
        // out-bound provisioning.
        // TODO: stop loading connectors all the time.
        Map<String, RuntimeProvisioningConfig> connectors = getOutboundProvisioningConnectors(serviceProvider, spTenantDomainName);
        ProvisioningEntity outboundProEntity;
        ExecutorService executors = null;
        if (MapUtils.isNotEmpty(connectors)) {
            executors = Executors.newFixedThreadPool(connectors.size());
        }
        for (Iterator<Entry<String, RuntimeProvisioningConfig>> iterator = connectors.entrySet().iterator(); iterator.hasNext(); ) {
            Entry<String, RuntimeProvisioningConfig> entry = iterator.next();
            Entry<String, AbstractOutboundProvisioningConnector> connectorEntry = entry.getValue().getProvisioningConnectorEntry();
            AbstractOutboundProvisioningConnector connector = connectorEntry.getValue();
            String connectorType = connectorEntry.getKey();
            String idPName = entry.getKey();
            IdentityProvider provisioningIdp = IdentityProviderManager.getInstance().getIdPByName(idPName, spTenantDomainName);
            if (provisioningIdp == null) {
                // by its name.
                throw new IdentityProvisioningException("Invalid identity provider name : " + idPName);
            }
            String outboundClaimDialect = connector.getClaimDialectUri();
            if (outboundClaimDialect == null && (provisioningIdp.getClaimConfig() == null || provisioningIdp.getClaimConfig().isLocalClaimDialect())) {
                outboundClaimDialect = IdentityProvisioningConstants.WSO2_CARBON_DIALECT;
            }
            ClaimMapping[] idpClaimMappings = null;
            if (provisioningIdp.getClaimConfig() != null) {
                idpClaimMappings = provisioningIdp.getClaimConfig().getClaimMappings();
            }
            // TODO: this should happen asynchronously in a different thread.
            // create a new provisioning entity object for each provisioning identity
            // provider.
            Map<ClaimMapping, List<String>> mapppedClaims;
            // get mapped claims.
            mapppedClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, provisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
            if (provisioningIdp.getPermissionAndRoleConfig() != null) {
                // update with mapped user groups.
                updateProvisioningUserWithMappedRoles(provisioningEntity, provisioningIdp.getPermissionAndRoleConfig().getRoleMappings());
            }
            // check whether we already have the provisioned identifier - if
            // so set it.
            ProvisionedIdentifier provisionedIdentifier;
            provisionedIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, provisioningEntity, spTenantDomainName);
            ProvisioningOperation provisioningOp = provisioningEntity.getOperation();
            if (ProvisioningOperation.DELETE.equals(provisioningOp) && (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null)) {
                // send outbound delete request. Skip the flow
                return;
            }
            if (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) {
                provisioningOp = ProvisioningOperation.POST;
            }
            String[] provisionByRoleList = new String[0];
            if (provisioningIdp.getProvisioningRole() != null) {
                provisionByRoleList = provisioningIdp.getProvisioningRole().trim().split("\\s*,[,\\s]*");
            }
            if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList(provisionByRoleList).contains(provisioningEntity.getEntityName())) {
                Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
                List<String> newUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false));
                List<String> deletedUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, null, null, false));
                Map<ClaimMapping, List<String>> mappedUserClaims;
                ProvisionedIdentifier provisionedUserIdentifier;
                for (String user : newUsersList) {
                    ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.POST, user);
                    provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
                    if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
                        continue;
                    }
                    mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
                    outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.POST, mappedUserClaims);
                    Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
                    outboundProEntity.setIdentifier(provisionedIdentifier);
                    outboundProEntity.setJitProvisioning(jitProvisioning);
                    boolean isBlocking = entry.getValue().isBlocking();
                    executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
                }
                for (String user : deletedUsersList) {
                    ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.DELETE, user);
                    provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
                    if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
                        mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
                        outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.DELETE, mappedUserClaims);
                        Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
                        outboundProEntity.setIdentifier(provisionedUserIdentifier);
                        outboundProEntity.setJitProvisioning(jitProvisioning);
                        boolean isBlocking = entry.getValue().isBlocking();
                        executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
                    }
                }
            } else {
                if (!canUserBeProvisioned(provisioningEntity, provisionByRoleList, provisioningEntityTenantDomainName)) {
                    if (!canUserBeDeProvisioned(provisionedIdentifier)) {
                        continue;
                    } else {
                        // This is used when user removed from the provisioning role
                        provisioningOp = ProvisioningOperation.DELETE;
                    }
                }
                if (!skipOutBoundProvisioning(provisioningOp, provisioningEntity, inboundClaimDialect)) {
                    outboundProEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), provisioningOp, mapppedClaims);
                    Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
                    outboundProEntity.setIdentifier(provisionedIdentifier);
                    outboundProEntity.setJitProvisioning(jitProvisioning);
                    boolean isAllowed = true;
                    boolean isBlocking = entry.getValue().isBlocking();
                    boolean isPolicyEnabled = entry.getValue().isPolicyEnabled();
                    if (isPolicyEnabled) {
                        isAllowed = XACMLBasedRuleHandler.getInstance().isAllowedToProvision(spTenantDomainName, provisioningEntity, serviceProvider, idPName, connectorType);
                    }
                    if (isAllowed) {
                        executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
                    }
                }
            }
        }
        if (executors != null) {
            executors.shutdown();
        }
    } catch (CarbonException | IdentityApplicationManagementException | IdentityProviderManagementException | UserStoreException e) {
        throw new IdentityProvisioningException("Error occurred while checking for user " + "provisioning", e);
    }
}
Also used : CarbonException(org.wso2.carbon.CarbonException) Entry(java.util.Map.Entry) SimpleEntry(java.util.AbstractMap.SimpleEntry) ServiceProviderProvisioningConnectorCacheEntry(org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry) UserStoreException(org.wso2.carbon.user.api.UserStoreException) List(java.util.List) ArrayList(java.util.ArrayList) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) IdentityProvider(org.wso2.carbon.identity.application.common.model.IdentityProvider) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ExecutorService(java.util.concurrent.ExecutorService) IdentityProviderManagementException(org.wso2.carbon.idp.mgt.IdentityProviderManagementException)

Example 90 with Role

use of org.wso2.carbon.identity.role.mgt.core.Role in project carbon-identity-framework by wso2.

the class OutboundProvisioningManager method getMappedGroups.

/**
 * Get mapped idp roles for given role list
 *
 * @param groupList
 * @param idPRoleMapping
 * @return
 */
private List<String> getMappedGroups(List<String> groupList, RoleMapping[] idPRoleMapping) {
    if (CollectionUtils.isEmpty(groupList)) {
        return new ArrayList<>();
    }
    Map<String, String> mappedRoles = new HashMap<>();
    for (RoleMapping mapping : idPRoleMapping) {
        mappedRoles.put(mapping.getLocalRole().getLocalRoleName(), mapping.getRemoteRole());
    }
    List<String> mappedUserGroups = new ArrayList<>();
    for (Iterator<String> iterator = groupList.iterator(); iterator.hasNext(); ) {
        String userGroup = iterator.next();
        String mappedGroup = null;
        if ((mappedGroup = mappedRoles.get(userGroup)) != null) {
            mappedUserGroups.add(mappedGroup);
        }
    }
    return mappedUserGroups;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping)

Aggregations

Test (org.testng.annotations.Test)85 ArrayList (java.util.ArrayList)74 UserStoreException (org.wso2.carbon.user.api.UserStoreException)56 HashMap (java.util.HashMap)52 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)42 Connection (java.sql.Connection)36 SQLException (java.sql.SQLException)34 Role (org.wso2.charon3.core.objects.Role)33 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)31 CharonException (org.wso2.charon3.core.exceptions.CharonException)29 RoleBasicInfo (org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo)26 PreparedStatement (java.sql.PreparedStatement)25 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)24 RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)24 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)23 HashSet (java.util.HashSet)20 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)20 IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)19 IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)19 Matchers.anyString (org.mockito.Matchers.anyString)18