Examples with IdentityProviderManagementException org.wso2.carbon.idp.mgt.IdentityProviderManagementException used on opensource projects

Example 1 with IdentityProviderManagementException

use of org.wso2.carbon.idp.mgt.IdentityProviderManagementException in project carbon-apimgt by wso2.

the class SystemScopesIssuer method configureForJWTGrant.

protected void configureForJWTGrant(OAuthTokenReqMessageContext tokReqMsgCtx) {
    SignedJWT signedJWT = null;
    JWTClaimsSet claimsSet = null;
    String[] roles = null;
    try {
        signedJWT = getSignedJWT(tokReqMsgCtx);
    } catch (IdentityOAuth2Exception e) {
        log.error("Couldn't retrieve signed JWT", e);
    }
    if (signedJWT != null) {
        claimsSet = getClaimSet(signedJWT);
    }
    String jwtIssuer = claimsSet != null ? claimsSet.getIssuer() : null;
    String tenantDomain = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getTenantDomain();
    try {
        identityProvider = IdentityProviderManager.getInstance().getIdPByName(jwtIssuer, tenantDomain);
        if (identityProvider != null) {
            if (StringUtils.equalsIgnoreCase(identityProvider.getIdentityProviderName(), "default")) {
                identityProvider = this.getResidentIDPForIssuer(tenantDomain, jwtIssuer);
                if (identityProvider == null) {
                    log.error("No Registered IDP found for the JWT with issuer name : " + jwtIssuer);
                }
            }
        } else {
            log.error("No Registered IDP found for the JWT with issuer name : " + jwtIssuer);
        }
    } catch (IdentityProviderManagementException | IdentityOAuth2Exception e) {
        log.error("Couldn't initiate identity provider instance", e);
    }
    try {
        roles = claimsSet != null ? claimsSet.getStringArrayClaim(identityProvider.getClaimConfig().getRoleClaimURI()) : null;
    } catch (ParseException e) {
        log.error("Couldn't retrieve roles:", e);
    }
    List<String> updatedRoles = new ArrayList<>();
    if (roles != null) {
        for (String role : roles) {
            String updatedRoleClaimValue = getUpdatedRoleClaimValue(identityProvider, role);
            if (updatedRoleClaimValue != null) {
                updatedRoles.add(updatedRoleClaimValue);
            } else {
                updatedRoles.add(role);
            }
        }
    }
    AuthenticatedUser user = tokReqMsgCtx.getAuthorizedUser();
    Map<ClaimMapping, String> userAttributes = user.getUserAttributes();
    String roleClaim = identityProvider.getClaimConfig().getRoleClaimURI();
    if (roleClaim != null) {
        userAttributes.put(ClaimMapping.build(roleClaim, roleClaim, null, false), updatedRoles.toString().replace(" ", ""));
        tokReqMsgCtx.addProperty(APIConstants.SystemScopeConstants.ROLE_CLAIM, roleClaim);
    }
    user.setUserAttributes(userAttributes);
    tokReqMsgCtx.setAuthorizedUser(user);
}

Example 2 with IdentityProviderManagementException

use of org.wso2.carbon.idp.mgt.IdentityProviderManagementException in project carbon-apimgt by wso2.

the class APIAdminImpl method setIdentityProviderRelatedInformation.

private void setIdentityProviderRelatedInformation(List<KeyManagerConfigurationDTO> keyManagerConfigurationsByOrganization, String organization) throws APIManagementException {
    for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurationsByOrganization) {
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
            try {
                if (keyManagerConfigurationDTO.getExternalReferenceId() != null) {
                    IdentityProvider identityProvider = IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationDTO.getExternalReferenceId(), APIUtil.getTenantDomainFromTenantId(APIUtil.getInternalOrganizationId(organization)), Boolean.FALSE);
                    keyManagerConfigurationDTO.setDescription(identityProvider.getIdentityProviderDescription());
                    keyManagerConfigurationDTO.setEnabled(identityProvider.isEnable());
                }
            } catch (IdentityProviderManagementException e) {
                // handled in this way in order to not break other key managers.
                log.error("IdP retrieval failed. ", e);
            }
        }
    }
}

Example 3 with IdentityProviderManagementException

use of org.wso2.carbon.idp.mgt.IdentityProviderManagementException in project carbon-apimgt by wso2.

the class APIAdminImpl method setAliasForTokenExchangeKeyManagers.

private void setAliasForTokenExchangeKeyManagers(List<KeyManagerConfigurationDTO> keyManagerConfigurationsByTenant, String tenantDomain) throws APIManagementException {
    for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurationsByTenant) {
        if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
            if (keyManagerConfigurationDTO.getExternalReferenceId() != null) {
                IdentityProvider identityProvider;
                try {
                    identityProvider = IdentityProviderManager.getInstance().getIdPByResourceId(keyManagerConfigurationDTO.getExternalReferenceId(), tenantDomain, Boolean.FALSE);
                } catch (IdentityProviderManagementException e) {
                    throw new APIManagementException("IdP retrieval failed. " + e.getMessage(), e, ExceptionCodes.IDP_RETRIEVAL_FAILED);
                }
                // Set alias value since this will be used from the Devportal side.
                keyManagerConfigurationDTO.setAlias(identityProvider.getAlias());
            }
        }
    }
}

Example 4 with IdentityProviderManagementException

use of org.wso2.carbon.idp.mgt.IdentityProviderManagementException in project carbon-apimgt by wso2.

the class SystemScopesIssuer method getResidentIDPForIssuer.

private IdentityProvider getResidentIDPForIssuer(String tenantDomain, String jwtIssuer) throws IdentityOAuth2Exception {
    String issuer = "";
    IdentityProvider residentIdentityProvider;
    try {
        residentIdentityProvider = IdentityProviderManager.getInstance().getResidentIdP(tenantDomain);
    } catch (IdentityProviderManagementException var7) {
        String errorMsg = String.format("Error while getting Resident Identity Provider of '%s' tenant.", tenantDomain);
        throw new IdentityOAuth2Exception(errorMsg, var7);
    }
    FederatedAuthenticatorConfig[] fedAuthnConfigs = residentIdentityProvider.getFederatedAuthenticatorConfigs();
    FederatedAuthenticatorConfig oauthAuthenticatorConfig = IdentityApplicationManagementUtil.getFederatedAuthenticator(fedAuthnConfigs, "openidconnect");
    if (oauthAuthenticatorConfig != null) {
        issuer = IdentityApplicationManagementUtil.getProperty(oauthAuthenticatorConfig.getProperties(), "IdPEntityId").getValue();
    }
    return jwtIssuer.equals(issuer) ? residentIdentityProvider : null;
}

Example 5 with IdentityProviderManagementException

use of org.wso2.carbon.idp.mgt.IdentityProviderManagementException in project carbon-apimgt by wso2.

the class APIAdminImpl method addKeyManagerConfiguration.

@Override
public KeyManagerConfigurationDTO addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
    if (apiMgtDAO.isKeyManagerConfigurationExistByName(keyManagerConfigurationDTO.getName(), keyManagerConfigurationDTO.getOrganization())) {
        throw new APIManagementException("Key manager Already Exist by Name " + keyManagerConfigurationDTO.getName() + " in tenant " + keyManagerConfigurationDTO.getOrganization(), ExceptionCodes.KEY_MANAGER_ALREADY_EXIST);
    }
    if (!KeyManagerConfiguration.TokenType.valueOf(keyManagerConfigurationDTO.getTokenType().toUpperCase()).equals(KeyManagerConfiguration.TokenType.EXCHANGED)) {
        validateKeyManagerConfiguration(keyManagerConfigurationDTO);
        validateKeyManagerEndpointConfiguration(keyManagerConfigurationDTO);
    }
    if (StringUtils.equals(KeyManagerConfiguration.TokenType.EXCHANGED.toString(), keyManagerConfigurationDTO.getTokenType()) || StringUtils.equals(KeyManagerConfiguration.TokenType.BOTH.toString(), keyManagerConfigurationDTO.getTokenType())) {
        keyManagerConfigurationDTO.setUuid(UUID.randomUUID().toString());
        try {
            IdentityProvider identityProvider = IdentityProviderManager.getInstance().addIdPWithResourceId(createIdp(keyManagerConfigurationDTO), APIUtil.getInternalOrganizationDomain(keyManagerConfigurationDTO.getOrganization()));
            keyManagerConfigurationDTO.setExternalReferenceId(identityProvider.getResourceId());
        } catch (IdentityProviderManagementException e) {
            throw new APIManagementException("IdP adding failed. " + e.getMessage(), e, ExceptionCodes.IDP_ADDING_FAILED);
        }
    }
    if (StringUtils.isBlank(keyManagerConfigurationDTO.getUuid())) {
        keyManagerConfigurationDTO.setUuid(UUID.randomUUID().toString());
    }
    KeyManagerConfigurationDTO keyManagerConfigurationToStore = new KeyManagerConfigurationDTO(keyManagerConfigurationDTO);
    encryptKeyManagerConfigurationValues(null, keyManagerConfigurationToStore);
    apiMgtDAO.addKeyManagerConfiguration(keyManagerConfigurationToStore);
    new KeyMgtNotificationSender().notify(keyManagerConfigurationDTO, APIConstants.KeyManager.KeyManagerEvent.ACTION_ADD);
    return keyManagerConfigurationDTO;
}