Search in sources :

Example 1 with UserStoreClientException

use of org.wso2.carbon.user.api.UserStoreClientException in project carbon-identity-framework by wso2.

the class UserStoreConfigServiceImpl method getUserStore.

@Override
public UserStoreDTO getUserStore(String domain) throws IdentityUserStoreMgtException {
    UserStoreDTO[] userStoreDTOS = new UserStoreDTO[0];
    Map<String, AbstractUserStoreDAOFactory> userStoreDAOFactories = UserStoreConfigListenersHolder.getInstance().getUserStoreDAOFactories();
    for (Map.Entry<String, AbstractUserStoreDAOFactory> entry : userStoreDAOFactories.entrySet()) {
        if (SecondaryUserStoreConfigurationUtil.isUserStoreRepositorySeparationEnabled() && StringUtils.equals(entry.getKey(), DB_BASED_REPOSITORY_CLASS)) {
            return entry.getValue().getInstance().getUserStore(domain);
        }
        try {
            userStoreDTOS = SecondaryUserStoreConfigurationUtil.getFileBasedUserStoreDAOFactory().getUserStores();
        } catch (UserStoreException e) {
            throw new IdentityUserStoreMgtException("Error occurred while retrieving the user stores from file" + " based system.", e);
        }
    }
    if (userStoreDTOS != null) {
        for (UserStoreDTO userStoreDTO : userStoreDTOS) {
            if (userStoreDTO.getDomainId().equals(domain)) {
                // Trigger post get listeners.
                try {
                    triggerListenersOnUserStorePostGet(userStoreDTO);
                } catch (UserStoreClientException e) {
                    throw buildIdentityUserStoreClientException("Userstore " + domain + " cannot be retrieved.", e);
                } catch (UserStoreException e) {
                    throw new IdentityUserStoreMgtException("Error occurred while triggering userstore post get " + "listener. " + e.getMessage(), e);
                }
                return userStoreDTO;
            }
        }
    }
    return null;
}
Also used : AbstractUserStoreDAOFactory(org.wso2.carbon.identity.user.store.configuration.dao.AbstractUserStoreDAOFactory) IdentityUserStoreMgtException(org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException) SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException(org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException) IdentityUserStoreClientException(org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreClientException) UserStoreClientException(org.wso2.carbon.user.api.UserStoreClientException) UserStoreDTO(org.wso2.carbon.identity.user.store.configuration.dto.UserStoreDTO) UserStoreException(org.wso2.carbon.user.api.UserStoreException) Map(java.util.Map)

Example 2 with UserStoreClientException

use of org.wso2.carbon.user.api.UserStoreClientException in project carbon-identity-framework by wso2.

the class DefaultStepHandler method doAuthentication.

protected void doAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context, AuthenticatorConfig authenticatorConfig) throws FrameworkException {
    SequenceConfig sequenceConfig = context.getSequenceConfig();
    int currentStep = context.getCurrentStep();
    StepConfig stepConfig = sequenceConfig.getStepMap().get(currentStep);
    ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
    if (authenticator == null) {
        LOG.error("Authenticator is null for AuthenticatorConfig: " + authenticatorConfig.getName());
        return;
    }
    String idpName = FrameworkConstants.LOCAL_IDP_NAME;
    if (context.getExternalIdP() != null && authenticator instanceof FederatedApplicationAuthenticator) {
        idpName = context.getExternalIdP().getIdPName();
    }
    try {
        context.setAuthenticatorProperties(FrameworkUtils.getAuthenticatorPropertyMapFromIdP(context.getExternalIdP(), authenticator.getName()));
        AuthenticatorFlowStatus status = authenticator.process(request, response, context);
        request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, status);
        if (LOG.isDebugEnabled()) {
            LOG.debug(authenticator.getName() + " returned: " + status.toString());
        }
        if (status == AuthenticatorFlowStatus.INCOMPLETE) {
            context.setCurrentAuthenticator(authenticator.getName());
            if (LOG.isDebugEnabled()) {
                LOG.debug(authenticator.getName() + " is redirecting");
            }
            return;
        }
        if (authenticator instanceof FederatedApplicationAuthenticator) {
            if (context.getSubject().getUserName() == null) {
                // Set subject identifier as the default username for federated users
                String authenticatedSubjectIdentifier = context.getSubject().getAuthenticatedSubjectIdentifier();
                context.getSubject().setUserName(authenticatedSubjectIdentifier);
            }
            if (context.getSubject().getFederatedIdPName() == null && context.getExternalIdP() != null) {
                // Setting identity provider's name
                context.getSubject().setFederatedIdPName(idpName);
            }
            if (context.getSubject().getTenantDomain() == null) {
                // Setting service provider's tenant domain as the default tenant for federated users
                String tenantDomain = context.getTenantDomain();
                context.getSubject().setTenantDomain(tenantDomain);
            }
            try {
                // Check if the user id is available for the user. If the user id is not available or cannot be
                // resolved, UserIdNotFoundException is thrown.
                String userId = context.getSubject().getUserId();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("User id is available for user: " + userId);
                }
            } catch (UserIdNotFoundException e) {
                String tenantDomain = context.getSubject().getTenantDomain();
                int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
                String authenticatedSubjectIdentifier = context.getSubject().getAuthenticatedSubjectIdentifier();
                String federatedIdPName = context.getSubject().getFederatedIdPName();
                try {
                    int idpId = UserSessionStore.getInstance().getIdPId(federatedIdPName, tenantId);
                    String userId = UserSessionStore.getInstance().getFederatedUserId(authenticatedSubjectIdentifier, tenantId, idpId);
                    try {
                        if (userId == null) {
                            userId = UUID.randomUUID().toString();
                            UserSessionStore.getInstance().storeUserData(userId, authenticatedSubjectIdentifier, tenantId, idpId);
                        }
                    } catch (DuplicatedAuthUserException e1) {
                        String msg = "User authenticated is already persisted. Username: " + authenticatedSubjectIdentifier + " Tenant Domain:" + tenantDomain + " IdP: " + federatedIdPName;
                        LOG.warn(msg);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug(msg, e1);
                        }
                        // Since duplicate entry was found, let's try to get the ID again.
                        userId = UserSessionStore.getInstance().getFederatedUserId(authenticatedSubjectIdentifier, tenantId, idpId);
                    }
                    context.getSubject().setUserId(userId);
                } catch (UserSessionException e2) {
                    LOG.error("Error while resolving the user id for federated user.", e2);
                }
            }
        }
        AuthenticatedIdPData authenticatedIdPData = getAuthenticatedIdPData(context, idpName);
        // store authenticated user
        AuthenticatedUser authenticatedUser = context.getSubject();
        stepConfig.setAuthenticatedUser(authenticatedUser);
        authenticatedIdPData.setUser(authenticatedUser);
        authenticatorConfig.setAuthenticatorStateInfo(context.getStateInfo());
        stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
        // store authenticated idp
        stepConfig.setAuthenticatedIdP(idpName);
        authenticatedIdPData.setIdpName(idpName);
        authenticatedIdPData.addAuthenticator(authenticatorConfig);
        // add authenticated idp data to the session wise map
        context.getCurrentAuthenticatedIdPs().put(idpName, authenticatedIdPData);
        // Add SAML federated idp session index into the authentication step history.
        String idpSessionIndex = null;
        String parameterName = FEDERATED_IDP_SESSION_ID + idpName;
        AuthHistory authHistory = new AuthHistory(authenticator.getName(), idpName);
        if (context.getParameters() != null && context.getParameters().containsKey(parameterName)) {
            Object idpSessionIndexParamValue = context.getParameter(parameterName);
            if (idpSessionIndexParamValue != null) {
                idpSessionIndex = idpSessionIndexParamValue.toString();
            }
        }
        if (StringUtils.isNotBlank(context.getCurrentAuthenticator()) && StringUtils.isNotBlank(idpSessionIndex)) {
            authHistory.setIdpSessionIndex(idpSessionIndex);
            authHistory.setRequestType(context.getRequestType());
        }
        Serializable startTime = context.getAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME);
        if (startTime instanceof Long) {
            authHistory.setDuration((long) startTime - System.currentTimeMillis());
        }
        authHistory.setSuccess(true);
        context.addAuthenticationStepHistory(authHistory);
        String initiator = null;
        if (stepConfig.getAuthenticatedUser() != null) {
            initiator = stepConfig.getAuthenticatedUser().toFullQualifiedUsername();
        }
        String data = "Step: " + stepConfig.getOrder() + ", IDP: " + stepConfig.getAuthenticatedIdP() + ", Authenticator:" + stepConfig.getAuthenticatedAutenticator().getName();
        if (!isLegacyAuditLogsDisabled()) {
            audit.info(String.format(AUDIT_MESSAGE, initiator, "Authenticate", "ApplicationAuthenticationFramework", data, SUCCESS));
        }
    } catch (InvalidCredentialsException e) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("A login attempt was failed due to invalid credentials", e);
        }
        String data = "Step: " + stepConfig.getOrder() + ", IDP: " + idpName + ", Authenticator:" + authenticatorConfig.getName();
        String initiator = null;
        if (e.getUser() != null) {
            initiator = e.getUser().toFullQualifiedUsername();
        } else if (context.getSubject() != null) {
            initiator = context.getSubject().toFullQualifiedUsername();
        }
        if (!isLegacyAuditLogsDisabled()) {
            audit.warn(String.format(AUDIT_MESSAGE, initiator, "Authenticate", "ApplicationAuthenticationFramework", data, FAILURE));
        }
        handleFailedAuthentication(request, response, context, authenticatorConfig, e.getUser());
    } catch (AuthenticationFailedException e) {
        IdentityErrorMsgContext errorContext = IdentityUtil.getIdentityErrorMsg();
        if (errorContext != null) {
            Throwable rootCause = ExceptionUtils.getRootCause(e);
            if (!IdentityCoreConstants.ADMIN_FORCED_USER_PASSWORD_RESET_VIA_OTP_ERROR_CODE.equals(errorContext.getErrorCode()) && !(rootCause instanceof UserStoreClientException) && !IdentityCoreConstants.USER_ACCOUNT_LOCKED_ERROR_CODE.equals(errorContext.getErrorCode()) && !IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE.equals(errorContext.getErrorCode()) && !IdentityCoreConstants.USER_ACCOUNT_NOT_CONFIRMED_ERROR_CODE.equals(errorContext.getErrorCode())) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authentication failed exception!", e);
                }
                LOG.error("Authentication failed exception! " + e.getMessage());
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Authentication failed exception!", e);
                }
            }
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Authentication failed exception!", e);
            }
            LOG.error("Authentication failed exception! " + e.getMessage());
        }
        String data = "Step: " + stepConfig.getOrder() + ", IDP: " + idpName + ", Authenticator:" + authenticatorConfig.getName();
        String initiator = null;
        if (e.getUser() != null) {
            initiator = e.getUser().toFullQualifiedUsername();
        } else if (context.getSubject() != null) {
            initiator = context.getSubject().toFullQualifiedUsername();
        }
        if (!isLegacyAuditLogsDisabled()) {
            audit.warn(String.format(AUDIT_MESSAGE, initiator, "Authenticate", "ApplicationAuthenticationFramework", data, FAILURE));
        }
        handleFailedAuthentication(request, response, context, authenticatorConfig, e.getUser());
    } catch (LogoutFailedException e) {
        throw new FrameworkException(e.getMessage(), e);
    }
    stepConfig.setCompleted(true);
}
Also used : Serializable(java.io.Serializable) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) UserStoreClientException(org.wso2.carbon.user.core.UserStoreClientException) DuplicatedAuthUserException(org.wso2.carbon.identity.application.authentication.framework.exception.DuplicatedAuthUserException) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException) LogoutFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException) FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator) UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) IdentityErrorMsgContext(org.wso2.carbon.identity.core.model.IdentityErrorMsgContext) FederatedApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator) LocalApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator) ApplicationAuthenticator(org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator) InvalidCredentialsException(org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException) SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig) AuthenticatorFlowStatus(org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus) AuthHistory(org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory) AuthenticatedIdPData(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData)

Example 3 with UserStoreClientException

use of org.wso2.carbon.user.api.UserStoreClientException in project carbon-identity-framework by wso2.

the class DatabaseBasedUserStoreDAOImpl method doUpdateUserStoreDomainName.

@Override
protected void doUpdateUserStoreDomainName(String domainName, UserStorePersistanceDTO userStorePersistanceDTO) throws IdentityUserStoreMgtException {
    try {
        String newDomainName = userStorePersistanceDTO.getUserStoreDTO().getDomainId();
        triggerListnersOnUserStorePreUpdate(domainName, newDomainName);
        updateUserStoreProperties(domainName, userStorePersistanceDTO);
        removeRealmFromSecondaryUserStoreManager(domainName);
        addRealmToSecondaryUserStoreManager(userStorePersistanceDTO);
        triggerListenersOnUserStorePostUpdate(domainName, newDomainName);
    } catch (UserStoreClientException e) {
        throw buildIdentityUserStoreClientException("Userstore " + domainName + " cannot be updated.", e);
    } catch (UserStoreException | XMLStreamException e) {
        throw new IdentityUserStoreMgtException("Error occured while updating the userstore.", e);
    }
}
Also used : IdentityUserStoreMgtException(org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException) XMLStreamException(javax.xml.stream.XMLStreamException) SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException(org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException) UserStoreClientException(org.wso2.carbon.user.api.UserStoreClientException) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Example 4 with UserStoreClientException

use of org.wso2.carbon.user.api.UserStoreClientException in project carbon-identity-framework by wso2.

the class FileBasedUserStoreDAOImpl method deleteUserStores.

@Override
public void deleteUserStores(String[] domains) throws IdentityUserStoreMgtException {
    int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    Path path;
    if (tenantId == MultitenantConstants.SUPER_TENANT_ID) {
        path = Paths.get(DEPLOYMENT_DIRECTORY);
    } else {
        path = Paths.get(CarbonUtils.getCarbonTenantsDirPath(), String.valueOf(tenantId), USERSTORES);
    }
    File file = path.toFile();
    for (String domainName : domains) {
        if (log.isDebugEnabled()) {
            log.debug("Deleting, .... " + domainName + " domain.");
        }
        try {
            // Run pre user-store name update listeners
            triggerListnersOnUserStorePreDelete(domainName);
            // Delete persisted domain name
            deletePersitedDomain(tenantId, domainName);
        } catch (UserStoreClientException e) {
            throw buildIdentityUserStoreClientException("Userstore " + domainName + " cannot be deleted.", e);
        } catch (UserStoreException e) {
            String errorMessage = "Error while deleting user store : " + domainName;
            log.error(errorMessage, e);
            throw new IdentityUserStoreMgtException(errorMessage);
        }
        // Delete file
        deleteFile(file, domainName.replace(".", "_").concat(".xml"));
    }
}
Also used : Path(java.nio.file.Path) IdentityUserStoreMgtException(org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException) IdentityUserStoreClientException(org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreClientException) SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException(org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException) UserStoreClientException(org.wso2.carbon.user.api.UserStoreClientException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) SecondaryUserStoreConfigurationUtil.writeUserMgtXMLFile(org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.writeUserMgtXMLFile) File(java.io.File)

Example 5 with UserStoreClientException

use of org.wso2.carbon.user.api.UserStoreClientException in project carbon-identity-framework by wso2.

the class PostAuthnMissingClaimHandler method handlePostAuthenticationForMissingClaimsResponse.

protected void handlePostAuthenticationForMissingClaimsResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws PostAuthenticationFailedException {
    if (log.isDebugEnabled()) {
        log.debug("Starting to process the response with missing claims");
    }
    Map<String, String> claims = new HashMap<String, String>();
    Map<String, String> claimsForContext = new HashMap<String, String>();
    Map<String, String[]> requestParams = request.getParameterMap();
    boolean persistClaims = false;
    AuthenticatedUser user = context.getSequenceConfig().getAuthenticatedUser();
    Map<String, String> carbonToSPClaimMapping = new HashMap<>();
    Object spToCarbonClaimMappingObject = context.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
    if (spToCarbonClaimMappingObject instanceof Map) {
        Map<String, String> spToCarbonClaimMapping = (Map<String, String>) spToCarbonClaimMappingObject;
        for (Map.Entry<String, String> entry : spToCarbonClaimMapping.entrySet()) {
            carbonToSPClaimMapping.put(entry.getValue(), entry.getKey());
        }
    }
    boolean doMandatoryClaimsExist = false;
    for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
        if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
            doMandatoryClaimsExist = true;
            break;
        }
    }
    if (!doMandatoryClaimsExist) {
        // Check whether mandatory claims exist in the request. If not throw error.
        throw new PostAuthenticationFailedException("Mandatory missing claims are not found", "Mandatory missing " + "claims are not found in the request for the session with context identifier: " + context.getContextIdentifier());
    }
    List<String> missingClaims = new ArrayList<>();
    for (Map.Entry<String, String[]> entry : requestParams.entrySet()) {
        if (entry.getKey().startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
            String localClaimURI = entry.getKey().substring(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX.length());
            if (StringUtils.isBlank(entry.getValue()[0])) {
                missingClaims.add(localClaimURI);
                continue;
            }
            claims.put(localClaimURI, entry.getValue()[0]);
            if (spToCarbonClaimMappingObject != null) {
                String spClaimURI = carbonToSPClaimMapping.get(localClaimURI);
                claimsForContext.put(spClaimURI, entry.getValue()[0]);
            } else {
                claimsForContext.put(localClaimURI, entry.getValue()[0]);
            }
        }
    }
    if (CollectionUtils.isNotEmpty(missingClaims)) {
        String missingClaimURIs = StringUtils.join(missingClaims, ",");
        if (log.isDebugEnabled()) {
            log.debug("Claim values for the mandatory claims: " + missingClaimURIs + " are empty");
        }
        throw new PostAuthenticationFailedException("Mandatory claim is not found", "Claim " + "values for the claim URIs: " + missingClaimURIs + " are empty");
    }
    Map<ClaimMapping, String> authenticatedUserAttributes = FrameworkUtils.buildClaimMappings(claimsForContext);
    authenticatedUserAttributes.putAll(user.getUserAttributes());
    for (Map.Entry<Integer, StepConfig> entry : context.getSequenceConfig().getStepMap().entrySet()) {
        StepConfig stepConfig = entry.getValue();
        if (stepConfig.isSubjectAttributeStep()) {
            if (stepConfig.getAuthenticatedUser() != null) {
                user = stepConfig.getAuthenticatedUser();
            }
            if (!user.isFederatedUser()) {
                persistClaims = true;
            } else {
                String associatedID;
                String subject = user.getAuthenticatedSubjectIdentifier();
                try {
                    FederatedAssociationManager federatedAssociationManager = FrameworkUtils.getFederatedAssociationManager();
                    associatedID = federatedAssociationManager.getUserForFederatedAssociation(context.getTenantDomain(), stepConfig.getAuthenticatedIdP(), subject);
                    if (StringUtils.isNotBlank(associatedID)) {
                        String fullQualifiedAssociatedUserId = FrameworkUtils.prependUserStoreDomainToName(associatedID + UserCoreConstants.TENANT_DOMAIN_COMBINER + context.getTenantDomain());
                        UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(associatedID));
                        user = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(fullQualifiedAssociatedUserId);
                        persistClaims = true;
                    }
                } catch (FederatedAssociationManagerException | FrameworkException e) {
                    throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while getting association for " + subject, e);
                }
            }
            break;
        }
    }
    if (persistClaims) {
        if (log.isDebugEnabled()) {
            log.debug("Local user mapping found. Claims will be persisted");
        }
        try {
            Map<String, String> claimMapping = context.getSequenceConfig().getApplicationConfig().getClaimMappings();
            Map<String, String> localIdpClaims = new HashMap<>();
            for (Map.Entry<String, String> entry : claims.entrySet()) {
                String localClaim = claimMapping.get(entry.getKey());
                localIdpClaims.put(localClaim, entry.getValue());
            }
            if (log.isDebugEnabled()) {
                log.debug("Updating user profile of user : " + user.getLoggableUserId());
            }
            UserRealm realm = getUserRealm(user.getTenantDomain());
            AbstractUserStoreManager userStoreManager = (AbstractUserStoreManager) realm.getUserStoreManager();
            userStoreManager.setUserClaimValuesWithID(user.getUserId(), localIdpClaims, null);
        } catch (UserStoreException e) {
            if (e instanceof UserStoreClientException) {
                context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR, e.getMessage());
                if (StringUtils.isNotBlank(e.getErrorCode())) {
                    context.setProperty(POST_AUTH_MISSING_CLAIMS_ERROR_CODE, e.getErrorCode());
                }
                /*
                    When the attribute update is disabled for JIT provisioned users, the mandatory claim update
                    request will be identified through the error code and handled it.
                     */
                if (ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.equals(e.getErrorCode())) {
                    context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
                    return;
                }
            }
            if (ErrorMessages.ERROR_CODE_READONLY_USER_STORE.getCode().equals(e.getErrorCode())) {
                context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
                return;
            }
            throw new PostAuthenticationFailedException(e.getMessage(), "Error while updating claims for local user. Could not update profile", e);
        } catch (UserIdNotFoundException e) {
            throw new PostAuthenticationFailedException("User id not found", "User id not found for local user. Could not update profile", e);
        }
    }
    context.getSequenceConfig().getAuthenticatedUser().setUserAttributes(authenticatedUserAttributes);
}
Also used : HashMap(java.util.HashMap) UserStoreClientException(org.wso2.carbon.user.core.UserStoreClientException) ArrayList(java.util.ArrayList) StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig) UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException) AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) FederatedAssociationManager(org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager) UserRealm(org.wso2.carbon.user.core.UserRealm) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) PostAuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException) FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException) FederatedAssociationManagerException(org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

UserStoreException (org.wso2.carbon.user.api.UserStoreException)15 UserStoreClientException (org.wso2.carbon.user.core.UserStoreClientException)11 IdentityUserStoreMgtException (org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException)8 SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException (org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil.buildIdentityUserStoreClientException)8 UserStoreClientException (org.wso2.carbon.user.api.UserStoreClientException)8 IdentityUserStoreClientException (org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreClientException)6 BadRequestException (org.wso2.charon3.core.exceptions.BadRequestException)6 CharonException (org.wso2.charon3.core.exceptions.CharonException)5 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)4 SCIMUserStoreException (org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreException)4 User (org.wso2.charon3.core.objects.User)4 ArrayList (java.util.ArrayList)3 Map (java.util.Map)3 AuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException)3 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)3 AbstractUserStoreDAOFactory (org.wso2.carbon.identity.user.store.configuration.dao.AbstractUserStoreDAOFactory)3 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3 Path (java.nio.file.Path)2 StepConfig (org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)2 FrameworkException (org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)2