Example 6 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.
the class CustomScriptManager method groupCustomScriptConfigurationsByScriptType.
private Map<CustomScriptType, List<CustomScriptConfiguration>> groupCustomScriptConfigurationsByScriptType(Map<String, CustomScriptConfiguration> customScriptConfigurations) {
Map<CustomScriptType, List<CustomScriptConfiguration>> newCustomScriptConfigurationsByScriptType = new HashMap<CustomScriptType, List<CustomScriptConfiguration>>();
for (CustomScriptType customScriptType : this.supportedCustomScriptTypes) {
List<CustomScriptConfiguration> customConfigurationsByScriptType = new ArrayList<CustomScriptConfiguration>();
newCustomScriptConfigurationsByScriptType.put(customScriptType, customConfigurationsByScriptType);
}
for (CustomScriptConfiguration customScriptConfiguration : customScriptConfigurations.values()) {
CustomScriptType customScriptType = customScriptConfiguration.getCustomScript().getScriptType();
List<CustomScriptConfiguration> customConfigurationsByScriptType = newCustomScriptConfigurationsByScriptType.get(customScriptType);
customConfigurationsByScriptType.add(customScriptConfiguration);
}
return newCustomScriptConfigurationsByScriptType;
}
Also used :
HashMap(java.util.HashMap)
CustomScriptType(org.xdi.model.custom.script.CustomScriptType)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Example 7 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.
the class CustomScriptManager method reloadCustomScriptConfigurations.
private ReloadResult reloadCustomScriptConfigurations(Map<String, CustomScriptConfiguration> customScriptConfigurations, List<CustomScript> newCustomScripts) {
Map<String, CustomScriptConfiguration> newCustomScriptConfigurations;
boolean modified = false;
if (customScriptConfigurations == null) {
newCustomScriptConfigurations = new HashMap<String, CustomScriptConfiguration>();
modified = true;
} else {
// Clone old map to avoid reload not changed scripts because it's time and CPU consuming process
newCustomScriptConfigurations = new HashMap<String, CustomScriptConfiguration>(customScriptConfigurations);
}
List<String> newSupportedCustomScriptInums = new ArrayList<String>();
for (CustomScript newCustomScript : newCustomScripts) {
if (!newCustomScript.isEnabled()) {
continue;
}
if (ScriptLocationType.FILE == newCustomScript.getLocationType()) {
// Replace script revision with file modification time. This should allow to reload script automatically after changing location_type
long fileModifiactionTime = getFileModificationTime(newCustomScript.getLocationPath());
newCustomScript.setRevision(fileModifiactionTime);
}
String newSupportedCustomScriptInum = StringHelper.toLowerCase(newCustomScript.getInum());
newSupportedCustomScriptInums.add(newSupportedCustomScriptInum);
CustomScriptConfiguration prevCustomScriptConfiguration = newCustomScriptConfigurations.get(newSupportedCustomScriptInum);
if ((prevCustomScriptConfiguration == null) || (prevCustomScriptConfiguration.getCustomScript().getRevision() != newCustomScript.getRevision())) {
// Destroy old version properly before creating new one
if (prevCustomScriptConfiguration != null) {
destroyCustomScript(prevCustomScriptConfiguration);
}
// Load script entry with all attributes
CustomScript loadedCustomScript = customScriptService.getCustomScriptByDn(newCustomScript.getScriptType().getCustomScriptModel(), newCustomScript.getDn());
// Prepare configuration attributes
Map<String, SimpleCustomProperty> newConfigurationAttributes = new HashMap<String, SimpleCustomProperty>();
List<SimpleCustomProperty> simpleCustomProperties = loadedCustomScript.getConfigurationProperties();
if (simpleCustomProperties == null) {
simpleCustomProperties = new ArrayList<SimpleCustomProperty>(0);
}
for (SimpleCustomProperty simpleCustomProperty : simpleCustomProperties) {
newConfigurationAttributes.put(simpleCustomProperty.getValue1(), simpleCustomProperty);
}
if (ScriptLocationType.FILE == loadedCustomScript.getLocationType()) {
// Replace script revision with file modification time. This should allow to reload script automatically after changing location_type
long fileModifiactionTime = getFileModificationTime(loadedCustomScript.getLocationPath());
loadedCustomScript.setRevision(fileModifiactionTime);
if (fileModifiactionTime != 0) {
String scriptFromFile = loadFromFile(loadedCustomScript.getLocationPath());
if (StringHelper.isNotEmpty(scriptFromFile)) {
loadedCustomScript.setScript(scriptFromFile);
}
}
}
// Create authenticator
BaseExternalType newCustomScriptExternalType = createExternalType(loadedCustomScript, newConfigurationAttributes);
CustomScriptConfiguration newCustomScriptConfiguration = new CustomScriptConfiguration(loadedCustomScript, newCustomScriptExternalType, newConfigurationAttributes);
// Store configuration and authenticator
newCustomScriptConfigurations.put(newSupportedCustomScriptInum, newCustomScriptConfiguration);
modified = true;
}
}
// Remove old external authenticator configurations
for (Iterator<Entry<String, CustomScriptConfiguration>> it = newCustomScriptConfigurations.entrySet().iterator(); it.hasNext(); ) {
Entry<String, CustomScriptConfiguration> externalAuthenticatorConfigurationEntry = it.next();
String prevSupportedCustomScriptInum = externalAuthenticatorConfigurationEntry.getKey();
if (!newSupportedCustomScriptInums.contains(prevSupportedCustomScriptInum)) {
// Destroy old authentication method
destroyCustomScript(externalAuthenticatorConfigurationEntry.getValue());
it.remove();
modified = true;
}
}
return new ReloadResult(newCustomScriptConfigurations, modified);
}
Also used :
CustomScript(org.xdi.model.custom.script.model.CustomScript)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Entry(java.util.Map.Entry)
BaseExternalType(org.xdi.model.custom.script.type.BaseExternalType)
SimpleCustomProperty(org.xdi.model.SimpleCustomProperty)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Example 8 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class LogoutAction method processExternalAuthenticatorLogOut.
private ExternalLogoutResult processExternalAuthenticatorLogOut(SessionState sessionState) {
if ((sessionState != null) && sessionState.getSessionAttributes().containsKey(EXTERNAL_LOGOUT)) {
log.debug("Detected callback from external system. Resuming logout.");
return ExternalLogoutResult.SUCCESS;
}
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
if (authorizationGrant == null) {
Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
}
}
if ((authorizationGrant == null) && (sessionState == null)) {
return ExternalLogoutResult.FAILURE;
}
String acrValues;
if (authorizationGrant == null) {
acrValues = sessionStateService.getAcr(sessionState);
} else {
acrValues = authorizationGrant.getAcrValues();
}
boolean isExternalAuthenticatorLogoutPresent = StringHelper.isNotEmpty(acrValues);
if (isExternalAuthenticatorLogoutPresent) {
log.debug("Attemptinmg to execute logout method of '{}' external authenticator.", acrValues);
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues);
if (customScriptConfiguration == null) {
log.error("Failed to get ExternalAuthenticatorConfiguration. acr_values: {}", acrValues);
return ExternalLogoutResult.FAILURE;
} else {
boolean scriptExternalLogoutResult = externalAuthenticationService.executeExternalLogout(customScriptConfiguration, null);
ExternalLogoutResult externalLogoutResult = scriptExternalLogoutResult ? ExternalLogoutResult.SUCCESS : ExternalLogoutResult.FAILURE;
log.debug("Logout result is '{}' for session '{}', userDn: '{}'", externalLogoutResult, sessionState.getId(), sessionState.getUserDn());
int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
if (apiVersion < 3) {
// Not support redirect to external system at logout
return externalLogoutResult;
}
log.trace("According to API version script supports logout redirects");
String logoutExternalUrl = externalAuthenticationService.getLogoutExternalUrl(customScriptConfiguration, null);
log.debug("External logout result is '{}' for user '{}'", logoutExternalUrl, sessionState.getUserDn());
if (StringHelper.isEmpty(logoutExternalUrl)) {
return externalLogoutResult;
}
// Store in session parameters needed to call end_session
try {
storeLogoutParametersInSession(sessionState);
} catch (IOException ex) {
log.debug("Failed to persist logout parameters in session", ex);
return ExternalLogoutResult.FAILURE;
}
// Redirect to external URL
facesService.redirectToExternalURL(logoutExternalUrl);
return ExternalLogoutResult.REDIRECT;
}
} else {
return ExternalLogoutResult.SUCCESS;
}
}
Also used :
IOException(java.io.IOException)
AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Example 9 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method clientAuthentication.
private boolean clientAuthentication(Credentials credentials, boolean interactive, boolean skipPassword) {
boolean isServiceUsesExternalAuthenticator = !interactive && externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE);
if (isServiceUsesExternalAuthenticator) {
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
} else {
this.authAcr = customScriptConfiguration.getCustomScript().getName();
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
log.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), result);
if (result) {
authenticationService.configureSessionClient();
log.info("Authentication success for client: '{}'", credentials.getUsername());
return true;
}
}
}
boolean loggedIn = skipPassword;
if (!loggedIn) {
loggedIn = clientService.authenticate(credentials.getUsername(), credentials.getPassword());
}
if (loggedIn) {
authenticationService.configureSessionClient();
log.info("Authentication success for Client: '{}'", credentials.getUsername());
return true;
}
return false;
}
Also used :
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Example 10 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method userAuthenticationInteractive.
private boolean userAuthenticationInteractive() {
SessionState sessionState = sessionStateService.getSessionState();
Map<String, String> sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
if (sessionIdAttributes == null) {
log.error("Failed to get session attributes");
authenticationFailedSessionInvalid();
return false;
}
// Set current state into identity to allow use in login form and
// authentication scripts
identity.setSessionState(sessionState);
initCustomAuthenticatorVariables(sessionIdAttributes);
boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
initCustomAuthenticatorVariables(sessionIdAttributes);
if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
log.error("Failed to determine authentication mode");
authenticationFailedSessionInvalid();
return false;
}
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return false;
}
// Check if all previous steps had passed
boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
if (!passedPreviousSteps) {
log.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return false;
}
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
log.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", credentials.getUsername(), this.authStep, result, System.identityHashCode(credentials));
int overridenNextStep = -1;
int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
if (apiVersion > 1) {
log.trace("According to API version script supports steps overriding");
overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
log.debug("Get next step from script: '{}'", apiVersion);
}
if (!result && (overridenNextStep == -1)) {
return false;
}
boolean overrideCurrentStep = false;
if (overridenNextStep > -1) {
overrideCurrentStep = true;
// Reload session state
sessionState = sessionStateService.getSessionState();
// Reset to pecified step
sessionStateService.resetToStep(sessionState, overridenNextStep);
this.authStep = overridenNextStep;
log.info("Authentication reset to step : '{}'", this.authStep);
}
// Update parameters map to allow access it from count
// authentication steps method
updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
// Determine count authentication methods
int countAuthenticationSteps = externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
// Reload from LDAP to make sure that we are updating latest session
// attributes
sessionState = sessionStateService.getSessionState();
sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
// Prepare for next step
if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
int nextStep;
if (overrideCurrentStep) {
nextStep = overridenNextStep;
} else {
nextStep = this.authStep + 1;
}
String redirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, nextStep);
if (StringHelper.isEmpty(redirectTo)) {
redirectTo = "/login.xhtml";
}
// Store/Update extra parameters in session attributes map
updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);
if (!overrideCurrentStep) {
// Update auth_step
sessionIdAttributes.put("auth_step", Integer.toString(nextStep));
// Mark step as passed
markAuthStepAsPassed(sessionIdAttributes, this.authStep);
}
if (sessionState != null) {
boolean updateResult = updateSession(sessionState, sessionIdAttributes);
if (!updateResult) {
return false;
}
}
log.trace("Redirect to page: '{}'", redirectTo);
facesService.redirect(redirectTo);
return true;
}
if (this.authStep == countAuthenticationSteps) {
SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
Principal principal = new SimplePrincipal(credentials.getUsername());
identity.acceptExternallyAuthenticatedPrincipal(principal);
identity.quietLogin();
// Redirect to authorization workflow
log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionState);
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
} else {
if (StringHelper.isNotEmpty(credentials.getUsername())) {
boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
if (authenticated) {
SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
// Redirect to authorization workflow
log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionState);
}
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
}
return false;
}
Also used :
SessionState(org.xdi.oxauth.model.common.SessionState)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
SimplePrincipal(org.xdi.model.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.xdi.model.security.SimplePrincipal)
Aggregations
CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)19
SessionState (org.xdi.oxauth.model.common.SessionState)4
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
AuthenticationScriptUsageType (org.xdi.model.AuthenticationScriptUsageType)2
SimpleCustomProperty (org.xdi.model.SimpleCustomProperty)2
CustomScript (org.xdi.model.custom.script.model.CustomScript)2
IOException (java.io.IOException)1
Principal (java.security.Principal)1
HashSet (java.util.HashSet)1
List (java.util.List)1
Entry (java.util.Map.Entry)1
Set (java.util.Set)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1
CustomScriptType (org.xdi.model.custom.script.CustomScriptType)1
AuthenticationCustomScript (org.xdi.model.custom.script.model.auth.AuthenticationCustomScript)1
BaseExternalType (org.xdi.model.custom.script.type.BaseExternalType)1
PersonAuthenticationType (org.xdi.model.custom.script.type.auth.PersonAuthenticationType)1
SimplePrincipal (org.xdi.model.security.SimplePrincipal)1
