Example 1 with AuthenticationResult
use of org.wso2.carbon.user.core.common.AuthenticationResult in project carbon-identity-framework by wso2.
the class FrameworkUtils method addAuthenticationResultToCache.
/**
* @param key
* @param authenticationResult
*/
public static void addAuthenticationResultToCache(String key, AuthenticationResult authenticationResult) {
AuthenticationResultCacheKey cacheKey = new AuthenticationResultCacheKey(key);
AuthenticationResultCacheEntry cacheEntry = new AuthenticationResultCacheEntry();
cacheEntry.setResult(authenticationResult);
cacheEntry.setValidityPeriod(TimeUnit.MINUTES.toNanos(IdentityUtil.getOperationCleanUpTimeout()));
AuthenticationResultCache.getInstance().addToCache(cacheKey, cacheEntry);
}
Also used :
AuthenticationResultCacheEntry(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry)
AuthenticationResultCacheKey(org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheKey)
Example 2 with AuthenticationResult
use of org.wso2.carbon.user.core.common.AuthenticationResult in project carbon-identity-framework by wso2.
the class DefaultAuthenticationRequestHandler method concludeFlow.
/**
* Sends the response to the servlet that initiated the authentication flow
*
* @param request
* @param response
* @throws ServletException
* @throws IOException
*/
protected void concludeFlow(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Concluding the Authentication Flow");
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
sequenceConfig.setCompleted(false);
AuthenticationResult authenticationResult = new AuthenticationResult();
boolean isAuthenticated = context.isRequestAuthenticated();
authenticationResult.setAuthenticated(isAuthenticated);
String authenticatedUserTenantDomain = getAuthenticatedUserTenantDomain(context, authenticationResult);
authenticationResult.setSaaSApp(sequenceConfig.getApplicationConfig().isSaaSApp());
if (isAuthenticated) {
if (!sequenceConfig.getApplicationConfig().isSaaSApp()) {
String spTenantDomain = context.getTenantDomain();
String userTenantDomain = sequenceConfig.getAuthenticatedUser().getTenantDomain();
if (StringUtils.isNotEmpty(userTenantDomain)) {
if (StringUtils.isNotEmpty(spTenantDomain) && !spTenantDomain.equals(userTenantDomain)) {
throw new FrameworkException("Service Provider tenant domain must be equal to user tenant " + "domain for non-SaaS applications");
}
}
}
authenticationResult.setSubject(new AuthenticatedUser(sequenceConfig.getAuthenticatedUser()));
ApplicationConfig appConfig = sequenceConfig.getApplicationConfig();
if (appConfig.getServiceProvider().getLocalAndOutBoundAuthenticationConfig().isAlwaysSendBackAuthenticatedListOfIdPs()) {
authenticationResult.setAuthenticatedIdPs(sequenceConfig.getAuthenticatedIdPs());
}
// SessionContext is retained across different SP requests in the same browser session.
// it is tracked by a cookie
SessionContext sessionContext = null;
String commonAuthCookie = null;
String sessionContextKey = null;
String analyticsSessionAction = null;
// When getting the cookie, it will not give the path. When paths are tenant qualified, it will only give
// the cookies matching that path.
Cookie authCookie = FrameworkUtils.getAuthCookie(request);
// Force authentication requires the creation of a new session. Therefore skip using the existing session
if (authCookie != null && !context.isForceAuthenticate()) {
commonAuthCookie = authCookie.getValue();
if (commonAuthCookie != null) {
sessionContextKey = DigestUtils.sha256Hex(commonAuthCookie);
sessionContext = FrameworkUtils.getSessionContextFromCache(sessionContextKey, context.getLoginTenantDomain());
}
}
String applicationTenantDomain = getApplicationTenantDomain(context);
// session context may be null when cache expires therefore creating new cookie as well.
if (sessionContext != null) {
analyticsSessionAction = FrameworkConstants.AnalyticsAttributes.SESSION_UPDATE;
sessionContext.getAuthenticatedSequences().put(appConfig.getApplicationName(), sequenceConfig);
sessionContext.getAuthenticatedIdPs().putAll(context.getCurrentAuthenticatedIdPs());
if (!context.isPassiveAuthenticate()) {
setAuthenticatedIDPsOfApp(sessionContext, context.getCurrentAuthenticatedIdPs(), appConfig.getApplicationName());
}
sessionContext.getSessionAuthHistory().resetHistory(AuthHistory.merge(sessionContext.getSessionAuthHistory().getHistory(), context.getAuthenticationStepHistory()));
populateAuthenticationContextHistory(authenticationResult, context, sessionContext);
long updatedSessionTime = System.currentTimeMillis();
if (!context.isPreviousAuthTime()) {
sessionContext.addProperty(FrameworkConstants.UPDATED_TIMESTAMP, updatedSessionTime);
}
authenticationResult.addProperty(FrameworkConstants.AnalyticsAttributes.SESSION_ID, sessionContextKey);
List<AuthenticationContextProperty> authenticationContextProperties = new ArrayList<>();
// Authentication context properties from already authenticated IdPs
if (sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) != null) {
List<AuthenticationContextProperty> existingAuthenticationContextProperties = (List<AuthenticationContextProperty>) sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES);
for (AuthenticationContextProperty contextProperty : existingAuthenticationContextProperties) {
for (StepConfig stepConfig : context.getSequenceConfig().getStepMap().values()) {
if (stepConfig.getAuthenticatedIdP().equals(contextProperty.getIdPName())) {
authenticationContextProperties.add(contextProperty);
break;
}
}
}
}
Long createdTime = (Long) sessionContext.getProperty(FrameworkConstants.CREATED_TIMESTAMP);
if (createdTime != null) {
authenticationResult.addProperty(FrameworkConstants.CREATED_TIMESTAMP, createdTime);
}
// Authentication context properties received from newly authenticated IdPs
if (context.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) != null) {
authenticationContextProperties.addAll((List<AuthenticationContextProperty>) context.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
if (sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) == null) {
sessionContext.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, authenticationContextProperties);
} else {
List<AuthenticationContextProperty> existingAuthenticationContextProperties = (List<AuthenticationContextProperty>) sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES);
existingAuthenticationContextProperties.addAll((List<AuthenticationContextProperty>) context.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
}
}
if (!authenticationContextProperties.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("AuthenticationContextProperties are available.");
}
authenticationResult.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, authenticationContextProperties);
}
FrameworkUtils.updateSessionLastAccessTimeMetadata(sessionContextKey, updatedSessionTime);
/*
* In the default configuration, the expiry time of the commonAuthCookie is fixed when rememberMe
* option is selected. With this config, the expiry time will increase at every authentication.
*/
if (sessionContext.isRememberMe() && Boolean.parseBoolean(IdentityUtil.getProperty(IdentityConstants.ServerConfig.EXTEND_REMEMBER_ME_SESSION_ON_AUTH))) {
context.setRememberMe(sessionContext.isRememberMe());
setAuthCookie(request, response, context, commonAuthCookie, applicationTenantDomain);
}
if (context.getRuntimeClaims().size() > 0) {
sessionContext.addProperty(FrameworkConstants.RUNTIME_CLAIMS, context.getRuntimeClaims());
}
handleSessionContextUpdate(context.getRequestType(), sessionContextKey, sessionContext, request, response, context);
// TODO add to cache?
// store again. when replicate cache is used. this may be needed.
FrameworkUtils.addSessionContextToCache(sessionContextKey, sessionContext, applicationTenantDomain, context.getLoginTenantDomain());
} else {
analyticsSessionAction = FrameworkConstants.AnalyticsAttributes.SESSION_CREATE;
sessionContext = new SessionContext();
// To identify first login
context.setProperty(FrameworkConstants.AnalyticsAttributes.IS_INITIAL_LOGIN, true);
sessionContext.getAuthenticatedSequences().put(appConfig.getApplicationName(), sequenceConfig);
sessionContext.setAuthenticatedIdPs(context.getCurrentAuthenticatedIdPs());
setAuthenticatedIDPsOfApp(sessionContext, context.getCurrentAuthenticatedIdPs(), appConfig.getApplicationName());
sessionContext.setRememberMe(context.isRememberMe());
if (context.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) != null) {
if (log.isDebugEnabled()) {
log.debug("AuthenticationContextProperties are available.");
}
authenticationResult.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, context.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
// Add to session context
sessionContext.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, context.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
}
String sessionKey = UUIDGenerator.generateUUID();
sessionContextKey = DigestUtils.sha256Hex(sessionKey);
sessionContext.addProperty(FrameworkConstants.AUTHENTICATED_USER, authenticationResult.getSubject());
sessionContext.addProperty(FrameworkUtils.TENANT_DOMAIN, context.getLoginTenantDomain());
Long createdTimeMillis = System.currentTimeMillis();
sessionContext.addProperty(FrameworkConstants.CREATED_TIMESTAMP, createdTimeMillis);
authenticationResult.addProperty(FrameworkConstants.CREATED_TIMESTAMP, createdTimeMillis);
authenticationResult.addProperty(FrameworkConstants.AnalyticsAttributes.SESSION_ID, sessionContextKey);
sessionContext.getSessionAuthHistory().resetHistory(AuthHistory.merge(sessionContext.getSessionAuthHistory().getHistory(), context.getAuthenticationStepHistory()));
populateAuthenticationContextHistory(authenticationResult, context, sessionContext);
if (context.getRuntimeClaims().size() > 0) {
sessionContext.addProperty(FrameworkConstants.RUNTIME_CLAIMS, context.getRuntimeClaims());
}
handleInboundSessionCreate(context.getRequestType(), sessionContextKey, sessionContext, request, response, context);
FrameworkUtils.addSessionContextToCache(sessionContextKey, sessionContext, applicationTenantDomain, context.getLoginTenantDomain());
setAuthCookie(request, response, context, sessionKey, applicationTenantDomain);
if (FrameworkServiceDataHolder.getInstance().isUserSessionMappingEnabled()) {
try {
storeSessionMetaData(sessionContextKey, request);
} catch (UserSessionException e) {
log.error("Storing session meta data failed.", e);
}
}
}
if (authenticatedUserTenantDomain == null) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
}
if (FrameworkServiceDataHolder.getInstance().isUserSessionMappingEnabled()) {
try {
storeSessionData(context, sessionContextKey);
} catch (UserSessionException e) {
throw new FrameworkException("Error while storing session details of the authenticated user to " + "the database", e);
}
}
// store the saml index with the session context key for the single logout.
if (context.getAuthenticationStepHistory() != null) {
UserSessionStore userSessionStore = UserSessionStore.getInstance();
for (AuthHistory authHistory : context.getAuthenticationStepHistory()) {
if (StringUtils.isNotBlank(authHistory.getIdpSessionIndex()) && StringUtils.isNotBlank(authHistory.getIdpName())) {
try {
if (!userSessionStore.hasExistingFederatedAuthSession(authHistory.getIdpSessionIndex())) {
userSessionStore.storeFederatedAuthSessionInfo(sessionContextKey, authHistory);
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("Federated auth session with the id: %s already exists", authHistory.getIdpSessionIndex()));
}
userSessionStore.updateFederatedAuthSessionInfo(sessionContextKey, authHistory);
}
} catch (UserSessionException e) {
throw new FrameworkException("Error while storing federated authentication session details " + "of the authenticated user to the database", e);
}
}
}
}
FrameworkUtils.publishSessionEvent(sessionContextKey, request, context, sessionContext, sequenceConfig.getAuthenticatedUser(), analyticsSessionAction);
publishAuthenticationSuccess(request, context, sequenceConfig.getAuthenticatedUser());
}
// authenticator in multi steps scenario. Ex. Fido
if (FrameworkUtils.getCacheDisabledAuthenticators().contains(context.getRequestType()) && (response instanceof CommonAuthResponseWrapper) && !((CommonAuthResponseWrapper) response).isWrappedByFramework()) {
// Set the result as request attribute
request.setAttribute("sessionDataKey", context.getCallerSessionKey());
addAuthenticationResultToRequest(request, authenticationResult);
} else {
FrameworkUtils.addAuthenticationResultToCache(context.getCallerSessionKey(), authenticationResult);
}
/*
* TODO Cache retaining is a temporary fix. Remove after Google fixes
* http://code.google.com/p/gdata-issues/issues/detail?id=6628
*/
String retainCache = System.getProperty("retainCache");
if (retainCache == null) {
FrameworkUtils.removeAuthenticationContextFromCache(context.getContextIdentifier());
}
sendResponse(request, response, context);
}
Also used :
SessionNonceCookieUtil.removeNonceCookie(org.wso2.carbon.identity.application.authentication.framework.util.SessionNonceCookieUtil.removeNonceCookie)
SessionNonceCookieUtil.addNonceCookie(org.wso2.carbon.identity.application.authentication.framework.util.SessionNonceCookieUtil.addNonceCookie)
SessionNonceCookieUtil.validateNonceCookie(org.wso2.carbon.identity.application.authentication.framework.util.SessionNonceCookieUtil.validateNonceCookie)
Cookie(javax.servlet.http.Cookie)
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
UserSessionStore(org.wso2.carbon.identity.application.authentication.framework.store.UserSessionStore)
ArrayList(java.util.ArrayList)
StepConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
UserSessionException(org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException)
AuthenticationResult(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult)
ApplicationConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig)
SessionContext(org.wso2.carbon.identity.application.authentication.framework.context.SessionContext)
SequenceConfig(org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig)
List(java.util.List)
ArrayList(java.util.ArrayList)
AuthHistory(org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory)
AuthenticationContextProperty(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationContextProperty)
CommonAuthResponseWrapper(org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper)
Example 3 with AuthenticationResult
use of org.wso2.carbon.user.core.common.AuthenticationResult in project carbon-identity-framework by wso2.
the class GraphBasedSequenceHandler method displayPrompt.
private void displayPrompt(AuthenticationContext context, HttpServletRequest request, HttpServletResponse response, ShowPromptNode promptNode) throws FrameworkException {
try {
String promptPage = ConfigurationFacade.getInstance().getAuthenticationEndpointPromptURL();
String tenantDomainQueryString = null;
if (!IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
tenantDomainQueryString = "tenantDomain=" + context.getTenantDomain();
promptPage = FrameworkUtils.appendQueryParamsStringToUrl(promptPage, tenantDomainQueryString);
}
String redirectUrl = FrameworkUtils.appendQueryParamsStringToUrl(promptPage, "templateId=" + URLEncoder.encode(promptNode.getTemplateId(), StandardCharsets.UTF_8.name()) + "&promptId=" + context.getContextIdentifier());
if (promptNode.getData() != null) {
context.addEndpointParams(promptNode.getData());
}
response.sendRedirect(redirectUrl);
AuthenticationResult authenticationResult = new AuthenticationResult();
request.setAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT, authenticationResult);
request.setAttribute(RESPONSE_HANDLED_BY_FRAMEWORK, Boolean.TRUE);
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
} catch (UnsupportedEncodingException e) {
throw new FrameworkException("Error while encoding the data to send to prompt page with session data key" + context.getContextIdentifier(), e);
} catch (IOException e) {
throw new FrameworkException("Error while redirecting the user for prompt page with session data key" + context.getContextIdentifier(), e);
}
}
Also used :
FrameworkException(org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IOException(java.io.IOException)
AuthenticationResult(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult)
Example 4 with AuthenticationResult
use of org.wso2.carbon.user.core.common.AuthenticationResult in project carbon-identity-framework by wso2.
the class IdentityUserNameResolverListener method doPostAuthenticateWithID.
@Override
public boolean doPostAuthenticateWithID(List<LoginIdentifier> loginIdentifiers, AuthenticationResult authenticationResult, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
String userName;
boolean authenticated = authenticationResult.getAuthenticationStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS;
if (authenticated) {
userName = authenticationResult.getAuthenticatedUser().get().getUsername();
} else {
return true;
}
for (UserOperationEventListener listener : getUserStoreManagerListeners()) {
if (isNotAResolverListener(listener)) {
if (!listener.doPostAuthenticate(userName, authenticated, userStoreManager)) {
return false;
}
}
}
return true;
}
Also used :
UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener)
AbstractIdentityUserOperationEventListener(org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener)
Example 5 with AuthenticationResult
use of org.wso2.carbon.user.core.common.AuthenticationResult in project carbon-identity-framework by wso2.
the class IdentityUserNameResolverListener method doPostAuthenticateWithID.
@Override
public boolean doPostAuthenticateWithID(String userID, AuthenticationResult authenticationResult, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
String userName;
boolean authenticated = authenticationResult.getAuthenticationStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS;
if (authenticated) {
userName = authenticationResult.getAuthenticatedUser().get().getUsername();
} else {
userName = getUserNameFromUserID(userID, (AbstractUserStoreManager) userStoreManager);
}
for (UserOperationEventListener listener : getUserStoreManagerListeners()) {
if (isNotAResolverListener(listener)) {
if (!listener.doPostAuthenticate(userName, authenticated, userStoreManager)) {
return false;
}
}
}
return true;
}
Also used :
UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener)
AbstractIdentityUserOperationEventListener(org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
Aggregations
AuthenticationResult (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8
Test (org.testng.annotations.Test)8
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)7
AuthenticationResult (org.wso2.carbon.user.core.common.AuthenticationResult)6
AuthenticationResultCacheEntry (org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry)5
OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)5
HashMap (java.util.HashMap)4
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4
AfterTest (org.testng.annotations.AfterTest)4
BeforeTest (org.testng.annotations.BeforeTest)4
RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)3
Response (javax.ws.rs.core.Response)3
OAuthResponse (org.apache.oltu.oauth2.common.message.OAuthResponse)3
Matchers.anyString (org.mockito.Matchers.anyString)3
CommonAuthResponseWrapper (org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper)3
AbstractIdentityUserOperationEventListener (org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener)3
ResolvedUserResult (org.wso2.carbon.identity.multi.attribute.login.mgt.ResolvedUserResult)3
