Example 1 with FederatedAssociationManager
use of org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager in project carbon-identity-framework by wso2.
the class IdentityUserProfileServiceComponent method activate.
@Activate
protected void activate(ComponentContext ctxt) {
try {
if (log.isDebugEnabled()) {
log.debug("User Profile Mgt bundle is activated ");
}
ServiceRegistration userStoreConfigEventSR = ctxt.getBundleContext().registerService(UserStoreConfigListener.class.getName(), new UserStoreConfigListenerImpl(), null);
if (userStoreConfigEventSR != null) {
if (log.isDebugEnabled()) {
log.debug("User profile management - UserStoreConfigListener registered.");
}
} else {
log.error("User profile management - UserStoreConfigListener could not be registered.");
}
ServiceRegistration profileMgtEventSR = ctxt.getBundleContext().registerService(UserOperationEventListener.class.getName(), new ProfileMgtEventListener(), null);
// Check whether the IDN tables exist at the beginning.
ServiceHodler.setIsIDNTableExist(isIDNTablesExist());
if (log.isDebugEnabled()) {
log.debug("Is IDN_ASSOCIATED_ID table exist: " + ServiceHodler.isIDNTableExist());
}
if (profileMgtEventSR != null) {
if (log.isDebugEnabled()) {
log.debug("User profile management - ProfileMgtEventListener registered.");
}
} else {
log.error("User profile management - ProfileMgtEventListener could not be registered.");
}
FederatedAssociationManager federatedAssociationManager = new FederatedAssociationManagerImpl();
ServiceRegistration federatedAssociationManagerSR = ctxt.getBundleContext().registerService(FederatedAssociationManager.class.getName(), federatedAssociationManager, null);
if (federatedAssociationManagerSR != null) {
if (log.isDebugEnabled()) {
log.debug("User profile management - FederatedAssociationManager registered.");
}
IdentityUserProfileServiceDataHolder.getInstance().setFederatedAssociationManager(federatedAssociationManager);
} else {
log.error("User profile management - FederatedAssociationManager could not be registered.");
}
} catch (Throwable e) {
log.error("Failed to activate ProfileMgt bundle ", e);
}
}
Also used :
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener)
ProfileMgtEventListener(org.wso2.carbon.identity.user.profile.mgt.listener.ProfileMgtEventListener)
FederatedAssociationManagerImpl(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManagerImpl)
UserStoreConfigListener(org.wso2.carbon.identity.user.store.configuration.listener.UserStoreConfigListener)
ServiceRegistration(org.osgi.framework.ServiceRegistration)
Activate(org.osgi.service.component.annotations.Activate)
Example 2 with FederatedAssociationManager
use of org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager in project carbon-identity-framework by wso2.
the class PostAuthnMissingClaimHandler method handlePostAuthenticationForMissingClaimsResponse.
protected void handlePostAuthenticationForMissingClaimsResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
if (log.isDebugEnabled()) {
log.debug("Starting to process the response with missing claims");
}
Map<String, String> claims = new HashMap<String, String>();
Map<String, String> claimsForContext = new HashMap<String, String>();
Map<String, String[]> requestParams = request.getParameterMap();
boolean persistClaims = false;
AuthenticatedUser user = context.getSequenceConfig().getAuthenticatedUser();
Map<String, String> carbonToSPClaimMapping = new HashMap<>();
Object spToCarbonClaimMappingObject = context.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
if (spToCarbonClaimMappingObject instanceof Map) {
Map<String, String> spToCarbonClaimMapping = (Map<String, String>) spToCarbonClaimMappingObject;
for (Map.Entry<String, String> entry : spToCarbonClaimMapping.entrySet()) {
carbonToSPClaimMapping.put(entry.getValue(), entry.getKey());
}
}
boolean doMandatoryClaimsExist = false;
for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
doMandatoryClaimsExist = true;
break;
}
}
if (!doMandatoryClaimsExist) {
// Check whether mandatory claims exist in the request. If not throw error.
throw new PostAuthenticationFailedException("Mandatory missing claims are not found", "Mandatory missing " + "claims are not found in the request for the session with context identifier: " + context.getContextIdentifier());
}
List<String> missingClaims = new ArrayList<>();
for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
String localClaimURI = entry.getKey().substring(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX.length());
if (StringUtils.isBlank(entry.getValue()[0])) {
missingClaims.add(localClaimURI);
continue;
}
claims.put(localClaimURI, entry.getValue()[0]);
if (spToCarbonClaimMappingObject != null) {
String spClaimURI = carbonToSPClaimMapping.get(localClaimURI);
claimsForContext.put(spClaimURI, entry.getValue()[0]);
} else {
claimsForContext.put(localClaimURI, entry.getValue()[0]);
}
}
}
if (CollectionUtils.isNotEmpty(missingClaims)) {
String missingClaimURIs = StringUtils.join(missingClaims, ",");
if (log.isDebugEnabled()) {
log.debug("Claim values for the mandatory claims: " + missingClaimURIs + " are empty");
}
throw new PostAuthenticationFailedException("Mandatory claim is not found", "Claim " + "values for the claim URIs: " + missingClaimURIs + " are empty");
}
Map<ClaimMapping, String> authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(claimsForContext);
authenticatedUserAttributes.putAll(user.getUserAttributes());
for (Map.Entry<Integer, StepConfig> entry : context.getSequenceConfig().getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
if (stepConfig.isSubjectAttributeStep()) {
if (stepConfig.getAuthenticatedUser() != null) {
user = stepConfig.getAuthenticatedUser();
}
if (!user.isFederatedUser()) {
persistClaims = true;
} else {
String associatedID;
String subject = user.getAuthenticatedSubjectIdentifier();
try {
FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
associatedID = federatedAssociationManager.getUserForFederatedAssociation(context.getTenantDomain(), stepConfig.getAuthenticatedIdP(), subject);
if (StringUtils.isNotBlank(associatedID)) {
String fullQualifiedAssociatedUserId = FrameworkUtils.prependUserStoreDomainToName(associatedID + UserCoreConstants.TENANT_DOMAIN_COMBINER + context.getTenantDomain());
UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(associatedID));
user = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(fullQualifiedAssociatedUserId);
persistClaims = true;
}
} catch (FederatedAssociationManagerException | FrameworkException e) {
throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while getting association for " + subject, e);
}
}
break;
}
}
if (persistClaims) {
if (log.isDebugEnabled()) {
log.debug("Local user mapping found. Claims will be persisted");
}
try {
Map<String, String> claimMapping = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
Map<String, String> localIdpClaims = new HashMap<>();
for (Map.Entry<String, String> entry : claims.entrySet()) {
String localClaim = claimMapping.get(entry.getKey());
localIdpClaims.put(localClaim, entry.getValue());
}
if (log.isDebugEnabled()) {
log.debug("Updating user profile of user : " + user.getLoggableUserId());
}
UserRealm realm = getUserRealm(user.getTenantDomain());
AbstractUserStoreManager userStoreManager = (AbstractUserStoreManager) realm.getUserStoreManager();
userStoreManager.setUserClaimValuesWithID(user.getUserId(), localIdpClaims, null);
} catch (UserStoreException e) {
if (e instanceof UserStoreClientException) {
context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR, e.getMessage());
if (StringUtils.isNotBlank(e.getErrorCode())) {
context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE, e.getErrorCode());
}
/*
When the attribute update is disabled for JIT provisioned users, the mandatory claim update
request will be identified through the error code and handled it.
*/
if (ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.equals(e.getErrorCode())) {
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
return;
}
}
if (ErrorMessages.ERROR_CODE_READONLY_USER_STORE.getCode().equals(e.getErrorCode())) {
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
return;
}
throw new PostAuthenticationFailedException(e.getMessage(), "Error while updating claims for local user. Could not update profile", e);
} catch (UserIdNotFoundException e) {
throw new PostAuthenticationFailedException("User id not found", "User id not found for local user. Could not update profile", e);
}
}
context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
Also used :
HashMap(java.util.HashMap)
UserStoreClientException(org.wso2.carbon.user.core.UserStoreClientException)
ArrayList(java.util.ArrayList)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
UserRealm(org.wso2.carbon.user.core.UserRealm)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)
ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 3 with FederatedAssociationManager
use of org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager in project carbon-identity-framework by wso2.
the class JITProvisioningPostAuthenticationHandlerTest method testHandleWithAuthenticatedUserWithFederatedIdp.
@Test(description = "This test case tests the Post JIT provisioning handling flow with an authenticated user")
public void testHandleWithAuthenticatedUserWithFederatedIdp() throws FrameworkException, FederatedAssociationManagerException, AccountLockServiceException, UserStoreException {
AuthenticationContext context = processAndGetAuthenticationContext(sp, true, true);
FederatedAssociationManager federatedAssociationManager = mock(FederatedAssociationManagerImpl.class);
when(FrameworkUtils.getFederatedAssociationManager()).thenReturn(federatedAssociationManager);
doReturn("test").when(federatedAssociationManager).getUserForFederatedAssociation(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
when(FrameworkUtils.getStepBasedSequenceHandler()).thenReturn(Mockito.mock(StepBasedSequenceHandler.class));
mockStatic(FrameworkServiceDataHolder.class);
PowerMockito.when(FrameworkServiceDataHolder.getInstance()).thenReturn(frameworkServiceDataHolder);
mockStatic(AccountLockService.class);
when(frameworkServiceDataHolder.getAccountLockService()).thenReturn(accountLockService);
when(accountLockService.isAccountLocked(anyString(), anyString())).thenReturn(false);
RealmService mockRealmService = mock(RealmService.class);
PowerMockito.when(FrameworkServiceDataHolder.getInstance().getRealmService()).thenReturn(mockRealmService);
UserRealm mockUserRealm = mock(UserRealm.class);
UserStoreManager mockUserStoreManager = mock(UserStoreManager.class);
Map<String, String> mockClaimValues = mock(HashMap.class);
mockStatic(IdentityTenantUtil.class);
when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(1);
when(mockRealmService.getTenantUserRealm(anyInt())).thenReturn(mockUserRealm);
when(mockUserRealm.getUserStoreManager()).thenReturn(mockUserStoreManager);
when(mockUserStoreManager.getUserClaimValues(anyString(), eq(new String[] { AccountConstants.ACCOUNT_DISABLED_CLAIM }), eq(UserCoreConstants.DEFAULT_PROFILE))).thenReturn(mockClaimValues);
when(mockClaimValues.get(AccountConstants.ACCOUNT_DISABLED_CLAIM)).thenReturn("false");
PostAuthnHandlerFlowStatus postAuthnHandlerFlowStatus = postJITProvisioningHandler.handle(request, response, context);
Assert.assertEquals(postAuthnHandlerFlowStatus, PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED, "Post JIT provisioning handler executed while having a authenticated user without federated " + "authenticator");
}
Also used :
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
UserRealm(org.wso2.carbon.user.core.UserRealm)
RealmService(org.wso2.carbon.user.core.service.RealmService)
UserStoreManager(org.wso2.carbon.user.core.UserStoreManager)
Mockito.anyString(org.mockito.Mockito.anyString)
StepBasedSequenceHandler(org.wso2.carbon.identity.application.authentication.framework.handler.sequence.StepBasedSequenceHandler)
PostAuthnHandlerFlowStatus(org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus)
Test(org.testng.annotations.Test)
AbstractFrameworkTest(org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 4 with FederatedAssociationManager
use of org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager in project carbon-identity-framework by wso2.
the class PostAuthAssociationHandlerTest method testHandleWithAuthenticatedUserWithFederatedIdpAssociatedToSecondaryUserStore.
@Test(description = "This test case tests the Post Authentication Association handling flow with an authenticated" + " user via federated IDP", dataProvider = "provideTestScenarios")
public void testHandleWithAuthenticatedUserWithFederatedIdpAssociatedToSecondaryUserStore(boolean hasSpRoleMapping) throws Exception {
PowerMockito.spy(AdminServicesUtil.class);
PowerMockito.doReturn(null).when(AdminServicesUtil.class, "getUserRealm");
AuthenticationContext context = processAndGetAuthenticationContext(sp, true, true, hasSpRoleMapping);
FederatedAssociationManager federatedAssociationManager = mock(FederatedAssociationManagerImpl.class);
when(FrameworkUtils.getFederatedAssociationManager()).thenReturn(federatedAssociationManager);
doReturn(SECONDARY + "/" + LOCAL_USER).when(federatedAssociationManager).getUserForFederatedAssociation(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
PowerMockito.when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(1);
when(FrameworkUtils.getStepBasedSequenceHandler()).thenReturn(Mockito.mock(StepBasedSequenceHandler.class));
PostAuthnHandlerFlowStatus postAuthnHandlerFlowStatus = postAuthAssociationHandler.handle(request, response, context);
AuthenticatedUser authUser = context.getSequenceConfig().getAuthenticatedUser();
Assert.assertEquals(authUser.getUserName(), LOCAL_USER, "Post Association handler failed to set associated " + "username");
Assert.assertEquals(authUser.getUserStoreDomain(), SECONDARY, "Post Association handler failed to set " + "associated user's domain");
Assert.assertEquals(postAuthnHandlerFlowStatus, PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED, "Post Association handler failed to execute with an associated user in a secondary user store.");
if (hasSpRoleMapping) {
Assert.assertTrue(isSpRoleMappingSuccessful(authUser.getUserAttributes()), "SP role mapping failed.");
}
}
Also used :
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
AuthenticationContext(org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)
StepBasedSequenceHandler(org.wso2.carbon.identity.application.authentication.framework.handler.sequence.StepBasedSequenceHandler)
PostAuthnHandlerFlowStatus(org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Test(org.testng.annotations.Test)
AbstractFrameworkTest(org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 5 with FederatedAssociationManager
use of org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager in project carbon-identity-framework by wso2.
the class DefaultProvisioningHandler method associateUser.
protected void associateUser(String username, String userStoreDomain, String tenantDomain, String subject, String idp) throws FrameworkException {
String usernameWithUserstoreDomain = UserCoreUtil.addDomainToName(username, userStoreDomain);
try {
// start tenant flow
FrameworkUtils.startTenantFlow(tenantDomain);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(usernameWithUserstoreDomain);
if (!StringUtils.isEmpty(idp) && !StringUtils.isEmpty(subject)) {
FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
User user = getAssociatedUser(tenantDomain, userStoreDomain, username);
federatedAssociationManager.createFederatedAssociation(user, idp, subject);
if (log.isDebugEnabled()) {
log.debug("Associated local user: " + usernameWithUserstoreDomain + " in tenant: " + tenantDomain + " to the federated subject : " + subject + " in IdP: " + idp);
}
} else {
throw new FrameworkException("Error while associating local user: " + usernameWithUserstoreDomain + " in tenant: " + tenantDomain + " to the federated subject : " + subject + " in IdP: " + idp);
}
} catch (FederatedAssociationManagerException e) {
if (isUserAlreadyAssociated(e)) {
log.info("An association already exists for user: " + subject + ". Skip association while JIT " + "provisioning");
} else {
throw new FrameworkException("Error while associating local user: " + usernameWithUserstoreDomain + " in tenant: " + tenantDomain + " to the federated subject: " + subject + " in IdP: " + idp, e);
}
} finally {
// end tenant flow
FrameworkUtils.endTenantFlow();
}
}
Also used :
FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)
User(org.wso2.carbon.identity.application.common.model.User)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)
Aggregations
FederatedAssociationManager (org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager)7
FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)4
FederatedAssociationManagerException (org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException)4
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2
Test (org.testng.annotations.Test)2
AbstractFrameworkTest (org.wso2.carbon.identity.application.authentication.framework.AbstractFrameworkTest)2
AuthenticationContext (org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext)2
PostAuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException)2
PostAuthnHandlerFlowStatus (org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus)2
StepBasedSequenceHandler (org.wso2.carbon.identity.application.authentication.framework.handler.sequence.StepBasedSequenceHandler)2
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)2
UserRealm (org.wso2.carbon.user.core.UserRealm)2
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
Mockito.anyString (org.mockito.Mockito.anyString)1
ServiceRegistration (org.osgi.framework.ServiceRegistration)1
Activate (org.osgi.service.component.annotations.Activate)1
StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)1
UserIdNotFoundException (org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)1
