Search in sources :

Example 6 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.

the class CustomScriptManager method groupCustomScriptConfigurationsByScriptType.

private Map<CustomScriptType, List<CustomScriptConfiguration>> groupCustomScriptConfigurationsByScriptType(Map<String, CustomScriptConfiguration> customScriptConfigurations) {
    Map<CustomScriptType, List<CustomScriptConfiguration>> newCustomScriptConfigurationsByScriptType = new HashMap<CustomScriptType, List<CustomScriptConfiguration>>();
    for (CustomScriptType customScriptType : this.supportedCustomScriptTypes) {
        List<CustomScriptConfiguration> customConfigurationsByScriptType = new ArrayList<CustomScriptConfiguration>();
        newCustomScriptConfigurationsByScriptType.put(customScriptType, customConfigurationsByScriptType);
    }
    for (CustomScriptConfiguration customScriptConfiguration : customScriptConfigurations.values()) {
        CustomScriptType customScriptType = customScriptConfiguration.getCustomScript().getScriptType();
        List<CustomScriptConfiguration> customConfigurationsByScriptType = newCustomScriptConfigurationsByScriptType.get(customScriptType);
        customConfigurationsByScriptType.add(customScriptConfiguration);
    }
    return newCustomScriptConfigurationsByScriptType;
}
Also used : HashMap(java.util.HashMap) CustomScriptType(org.xdi.model.custom.script.CustomScriptType) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 7 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.

the class CustomScriptManager method reloadCustomScriptConfigurations.

private ReloadResult reloadCustomScriptConfigurations(Map<String, CustomScriptConfiguration> customScriptConfigurations, List<CustomScript> newCustomScripts) {
    Map<String, CustomScriptConfiguration> newCustomScriptConfigurations;
    boolean modified = false;
    if (customScriptConfigurations == null) {
        newCustomScriptConfigurations = new HashMap<String, CustomScriptConfiguration>();
        modified = true;
    } else {
        // Clone old map to avoid reload not changed scripts because it's time and CPU consuming process
        newCustomScriptConfigurations = new HashMap<String, CustomScriptConfiguration>(customScriptConfigurations);
    }
    List<String> newSupportedCustomScriptInums = new ArrayList<String>();
    for (CustomScript newCustomScript : newCustomScripts) {
        if (!newCustomScript.isEnabled()) {
            continue;
        }
        if (ScriptLocationType.FILE == newCustomScript.getLocationType()) {
            // Replace script revision with file modification time. This should allow to reload script automatically after changing location_type
            long fileModifiactionTime = getFileModificationTime(newCustomScript.getLocationPath());
            newCustomScript.setRevision(fileModifiactionTime);
        }
        String newSupportedCustomScriptInum = StringHelper.toLowerCase(newCustomScript.getInum());
        newSupportedCustomScriptInums.add(newSupportedCustomScriptInum);
        CustomScriptConfiguration prevCustomScriptConfiguration = newCustomScriptConfigurations.get(newSupportedCustomScriptInum);
        if ((prevCustomScriptConfiguration == null) || (prevCustomScriptConfiguration.getCustomScript().getRevision() != newCustomScript.getRevision())) {
            // Destroy old version properly before creating new one
            if (prevCustomScriptConfiguration != null) {
                destroyCustomScript(prevCustomScriptConfiguration);
            }
            // Load script entry with all attributes
            CustomScript loadedCustomScript = customScriptService.getCustomScriptByDn(newCustomScript.getScriptType().getCustomScriptModel(), newCustomScript.getDn());
            // Prepare configuration attributes
            Map<String, SimpleCustomProperty> newConfigurationAttributes = new HashMap<String, SimpleCustomProperty>();
            List<SimpleCustomProperty> simpleCustomProperties = loadedCustomScript.getConfigurationProperties();
            if (simpleCustomProperties == null) {
                simpleCustomProperties = new ArrayList<SimpleCustomProperty>(0);
            }
            for (SimpleCustomProperty simpleCustomProperty : simpleCustomProperties) {
                newConfigurationAttributes.put(simpleCustomProperty.getValue1(), simpleCustomProperty);
            }
            if (ScriptLocationType.FILE == loadedCustomScript.getLocationType()) {
                // Replace script revision with file modification time. This should allow to reload script automatically after changing location_type
                long fileModifiactionTime = getFileModificationTime(loadedCustomScript.getLocationPath());
                loadedCustomScript.setRevision(fileModifiactionTime);
                if (fileModifiactionTime != 0) {
                    String scriptFromFile = loadFromFile(loadedCustomScript.getLocationPath());
                    if (StringHelper.isNotEmpty(scriptFromFile)) {
                        loadedCustomScript.setScript(scriptFromFile);
                    }
                }
            }
            // Create authenticator
            BaseExternalType newCustomScriptExternalType = createExternalType(loadedCustomScript, newConfigurationAttributes);
            CustomScriptConfiguration newCustomScriptConfiguration = new CustomScriptConfiguration(loadedCustomScript, newCustomScriptExternalType, newConfigurationAttributes);
            // Store configuration and authenticator
            newCustomScriptConfigurations.put(newSupportedCustomScriptInum, newCustomScriptConfiguration);
            modified = true;
        }
    }
    // Remove old external authenticator configurations
    for (Iterator<Entry<String, CustomScriptConfiguration>> it = newCustomScriptConfigurations.entrySet().iterator(); it.hasNext(); ) {
        Entry<String, CustomScriptConfiguration> externalAuthenticatorConfigurationEntry = it.next();
        String prevSupportedCustomScriptInum = externalAuthenticatorConfigurationEntry.getKey();
        if (!newSupportedCustomScriptInums.contains(prevSupportedCustomScriptInum)) {
            // Destroy old authentication method
            destroyCustomScript(externalAuthenticatorConfigurationEntry.getValue());
            it.remove();
            modified = true;
        }
    }
    return new ReloadResult(newCustomScriptConfigurations, modified);
}
Also used : CustomScript(org.xdi.model.custom.script.model.CustomScript) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Entry(java.util.Map.Entry) BaseExternalType(org.xdi.model.custom.script.type.BaseExternalType) SimpleCustomProperty(org.xdi.model.SimpleCustomProperty) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 8 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class LogoutAction method processExternalAuthenticatorLogOut.

private ExternalLogoutResult processExternalAuthenticatorLogOut(SessionState sessionState) {
    if ((sessionState != null) && sessionState.getSessionAttributes().containsKey(EXTERNAL_LOGOUT)) {
        log.debug("Detected callback from external system. Resuming logout.");
        return ExternalLogoutResult.SUCCESS;
    }
    AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
    if (authorizationGrant == null) {
        Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
        if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
            authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
        }
    }
    if ((authorizationGrant == null) && (sessionState == null)) {
        return ExternalLogoutResult.FAILURE;
    }
    String acrValues;
    if (authorizationGrant == null) {
        acrValues = sessionStateService.getAcr(sessionState);
    } else {
        acrValues = authorizationGrant.getAcrValues();
    }
    boolean isExternalAuthenticatorLogoutPresent = StringHelper.isNotEmpty(acrValues);
    if (isExternalAuthenticatorLogoutPresent) {
        log.debug("Attemptinmg to execute logout method of '{}' external authenticator.", acrValues);
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues);
        if (customScriptConfiguration == null) {
            log.error("Failed to get ExternalAuthenticatorConfiguration. acr_values: {}", acrValues);
            return ExternalLogoutResult.FAILURE;
        } else {
            boolean scriptExternalLogoutResult = externalAuthenticationService.executeExternalLogout(customScriptConfiguration, null);
            ExternalLogoutResult externalLogoutResult = scriptExternalLogoutResult ? ExternalLogoutResult.SUCCESS : ExternalLogoutResult.FAILURE;
            log.debug("Logout result is '{}' for session '{}', userDn: '{}'", externalLogoutResult, sessionState.getId(), sessionState.getUserDn());
            int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
            if (apiVersion < 3) {
                // Not support redirect to external system at logout
                return externalLogoutResult;
            }
            log.trace("According to API version script supports logout redirects");
            String logoutExternalUrl = externalAuthenticationService.getLogoutExternalUrl(customScriptConfiguration, null);
            log.debug("External logout result is '{}' for user '{}'", logoutExternalUrl, sessionState.getUserDn());
            if (StringHelper.isEmpty(logoutExternalUrl)) {
                return externalLogoutResult;
            }
            // Store in session parameters needed to call end_session
            try {
                storeLogoutParametersInSession(sessionState);
            } catch (IOException ex) {
                log.debug("Failed to persist logout parameters in session", ex);
                return ExternalLogoutResult.FAILURE;
            }
            // Redirect to external URL
            facesService.redirectToExternalURL(logoutExternalUrl);
            return ExternalLogoutResult.REDIRECT;
        }
    } else {
        return ExternalLogoutResult.SUCCESS;
    }
}
Also used : IOException(java.io.IOException) AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 9 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class Authenticator method clientAuthentication.

private boolean clientAuthentication(Credentials credentials, boolean interactive, boolean skipPassword) {
    boolean isServiceUsesExternalAuthenticator = !interactive && externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE);
    if (isServiceUsesExternalAuthenticator) {
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
        if (customScriptConfiguration == null) {
            log.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
        } else {
            this.authAcr = customScriptConfiguration.getCustomScript().getName();
            boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
            log.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), result);
            if (result) {
                authenticationService.configureSessionClient();
                log.info("Authentication success for client: '{}'", credentials.getUsername());
                return true;
            }
        }
    }
    boolean loggedIn = skipPassword;
    if (!loggedIn) {
        loggedIn = clientService.authenticate(credentials.getUsername(), credentials.getPassword());
    }
    if (loggedIn) {
        authenticationService.configureSessionClient();
        log.info("Authentication success for Client: '{}'", credentials.getUsername());
        return true;
    }
    return false;
}
Also used : CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 10 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class Authenticator method userAuthenticationInteractive.

private boolean userAuthenticationInteractive() {
    SessionState sessionState = sessionStateService.getSessionState();
    Map<String, String> sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
    if (sessionIdAttributes == null) {
        log.error("Failed to get session attributes");
        authenticationFailedSessionInvalid();
        return false;
    }
    // Set current state into identity to allow use in login form and
    // authentication scripts
    identity.setSessionState(sessionState);
    initCustomAuthenticatorVariables(sessionIdAttributes);
    boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
    if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
        initCustomAuthenticatorVariables(sessionIdAttributes);
        if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
            log.error("Failed to determine authentication mode");
            authenticationFailedSessionInvalid();
            return false;
        }
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            log.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return false;
        }
        // Check if all previous steps had passed
        boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
        if (!passedPreviousSteps) {
            log.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return false;
        }
        boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
        log.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", credentials.getUsername(), this.authStep, result, System.identityHashCode(credentials));
        int overridenNextStep = -1;
        int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
        if (apiVersion > 1) {
            log.trace("According to API version script supports steps overriding");
            overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
            log.debug("Get next step from script: '{}'", apiVersion);
        }
        if (!result && (overridenNextStep == -1)) {
            return false;
        }
        boolean overrideCurrentStep = false;
        if (overridenNextStep > -1) {
            overrideCurrentStep = true;
            // Reload session state
            sessionState = sessionStateService.getSessionState();
            // Reset to pecified step
            sessionStateService.resetToStep(sessionState, overridenNextStep);
            this.authStep = overridenNextStep;
            log.info("Authentication reset to step : '{}'", this.authStep);
        }
        // Update parameters map to allow access it from count
        // authentication steps method
        updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
        // Determine count authentication methods
        int countAuthenticationSteps = externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
        // Reload from LDAP to make sure that we are updating latest session
        // attributes
        sessionState = sessionStateService.getSessionState();
        sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
        // Prepare for next step
        if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
            int nextStep;
            if (overrideCurrentStep) {
                nextStep = overridenNextStep;
            } else {
                nextStep = this.authStep + 1;
            }
            String redirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, nextStep);
            if (StringHelper.isEmpty(redirectTo)) {
                redirectTo = "/login.xhtml";
            }
            // Store/Update extra parameters in session attributes map
            updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);
            if (!overrideCurrentStep) {
                // Update auth_step
                sessionIdAttributes.put("auth_step", Integer.toString(nextStep));
                // Mark step as passed
                markAuthStepAsPassed(sessionIdAttributes, this.authStep);
            }
            if (sessionState != null) {
                boolean updateResult = updateSession(sessionState, sessionIdAttributes);
                if (!updateResult) {
                    return false;
                }
            }
            log.trace("Redirect to page: '{}'", redirectTo);
            facesService.redirect(redirectTo);
            return true;
        }
        if (this.authStep == countAuthenticationSteps) {
            SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
            Principal principal = new SimplePrincipal(credentials.getUsername());
            identity.acceptExternallyAuthenticatedPrincipal(principal);
            identity.quietLogin();
            // Redirect to authorization workflow
            log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
            authenticationService.onSuccessfulLogin(eventSessionState);
            log.info("Authentication success for User: '{}'", credentials.getUsername());
            return true;
        }
    } else {
        if (StringHelper.isNotEmpty(credentials.getUsername())) {
            boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
            if (authenticated) {
                SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
                // Redirect to authorization workflow
                log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
                authenticationService.onSuccessfulLogin(eventSessionState);
            }
            log.info("Authentication success for User: '{}'", credentials.getUsername());
            return true;
        }
    }
    return false;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration) SimplePrincipal(org.xdi.model.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.xdi.model.security.SimplePrincipal)

Aggregations

CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)19 SessionState (org.xdi.oxauth.model.common.SessionState)4 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 AuthenticationScriptUsageType (org.xdi.model.AuthenticationScriptUsageType)2 SimpleCustomProperty (org.xdi.model.SimpleCustomProperty)2 CustomScript (org.xdi.model.custom.script.model.CustomScript)2 IOException (java.io.IOException)1 Principal (java.security.Principal)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Entry (java.util.Map.Entry)1 Set (java.util.Set)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1 CustomScriptType (org.xdi.model.custom.script.CustomScriptType)1 AuthenticationCustomScript (org.xdi.model.custom.script.model.auth.AuthenticationCustomScript)1 BaseExternalType (org.xdi.model.custom.script.type.BaseExternalType)1 PersonAuthenticationType (org.xdi.model.custom.script.type.auth.PersonAuthenticationType)1 SimplePrincipal (org.xdi.model.security.SimplePrincipal)1