use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class AuthorizationService method applyPolicy.
private boolean applyPolicy(String authorizationPolicyDn, AuthorizationContext authorizationContext) {
log.trace("Apply policy dn: '{}' ...", authorizationPolicyDn);
final CustomScriptConfiguration customScriptConfiguration = externalUmaAuthorizationPolicyService.getAuthorizationPolicyByDn(authorizationPolicyDn);
if (customScriptConfiguration != null) {
final boolean result = externalUmaAuthorizationPolicyService.executeExternalAuthorizeMethod(customScriptConfiguration, authorizationContext);
log.trace("Policy '{}' result: {}", authorizationPolicyDn, result);
// if false check whether "need_info" objects are set, if yes then throw WebApplicationException directly here
if (!result) {
if (authorizationContext.getNeedInfoAuthenticationContext() != null || authorizationContext.getNeedInfoRequestingPartyClaims() != null) {
final String jsonEntity = NeedInfoResponseBuilder.entityForResponse(authorizationContext.getNeedInfoAuthenticationContext(), authorizationContext.getNeedInfoRequestingPartyClaims());
throwForbiddenException(jsonEntity);
}
}
return result;
} else {
log.error("Unable to load custom script dn: '{}'", authorizationPolicyDn);
}
return false;
}
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.
the class CustomScriptManager method groupCustomScriptConfigurationsByScriptType.
private Map<CustomScriptType, List<CustomScriptConfiguration>> groupCustomScriptConfigurationsByScriptType(Map<String, CustomScriptConfiguration> customScriptConfigurations) {
Map<CustomScriptType, List<CustomScriptConfiguration>> newCustomScriptConfigurationsByScriptType = new HashMap<CustomScriptType, List<CustomScriptConfiguration>>();
for (CustomScriptType customScriptType : this.supportedCustomScriptTypes) {
List<CustomScriptConfiguration> customConfigurationsByScriptType = new ArrayList<CustomScriptConfiguration>();
newCustomScriptConfigurationsByScriptType.put(customScriptType, customConfigurationsByScriptType);
}
for (CustomScriptConfiguration customScriptConfiguration : customScriptConfigurations.values()) {
CustomScriptType customScriptType = customScriptConfiguration.getCustomScript().getScriptType();
List<CustomScriptConfiguration> customConfigurationsByScriptType = newCustomScriptConfigurationsByScriptType.get(customScriptType);
customConfigurationsByScriptType.add(customScriptConfiguration);
}
return newCustomScriptConfigurationsByScriptType;
}
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class LogoutAction method processExternalAuthenticatorLogOut.
private ExternalLogoutResult processExternalAuthenticatorLogOut(SessionState sessionState) {
if ((sessionState != null) && sessionState.getSessionAttributes().containsKey(EXTERNAL_LOGOUT)) {
log.debug("Detected callback from external system. Resuming logout.");
return ExternalLogoutResult.SUCCESS;
}
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
if (authorizationGrant == null) {
Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
}
}
if ((authorizationGrant == null) && (sessionState == null)) {
return ExternalLogoutResult.FAILURE;
}
String acrValues;
if (authorizationGrant == null) {
acrValues = sessionStateService.getAcr(sessionState);
} else {
acrValues = authorizationGrant.getAcrValues();
}
boolean isExternalAuthenticatorLogoutPresent = StringHelper.isNotEmpty(acrValues);
if (isExternalAuthenticatorLogoutPresent) {
log.debug("Attemptinmg to execute logout method of '{}' external authenticator.", acrValues);
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues);
if (customScriptConfiguration == null) {
log.error("Failed to get ExternalAuthenticatorConfiguration. acr_values: {}", acrValues);
return ExternalLogoutResult.FAILURE;
} else {
boolean scriptExternalLogoutResult = externalAuthenticationService.executeExternalLogout(customScriptConfiguration, null);
ExternalLogoutResult externalLogoutResult = scriptExternalLogoutResult ? ExternalLogoutResult.SUCCESS : ExternalLogoutResult.FAILURE;
log.debug("Logout result is '{}' for session '{}', userDn: '{}'", externalLogoutResult, sessionState.getId(), sessionState.getUserDn());
int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
if (apiVersion < 3) {
// Not support redirect to external system at logout
return externalLogoutResult;
}
log.trace("According to API version script supports logout redirects");
String logoutExternalUrl = externalAuthenticationService.getLogoutExternalUrl(customScriptConfiguration, null);
log.debug("External logout result is '{}' for user '{}'", logoutExternalUrl, sessionState.getUserDn());
if (StringHelper.isEmpty(logoutExternalUrl)) {
return externalLogoutResult;
}
// Store in session parameters needed to call end_session
try {
storeLogoutParametersInSession(sessionState);
} catch (IOException ex) {
log.debug("Failed to persist logout parameters in session", ex);
return ExternalLogoutResult.FAILURE;
}
// Redirect to external URL
facesService.redirectToExternalURL(logoutExternalUrl);
return ExternalLogoutResult.REDIRECT;
}
} else {
return ExternalLogoutResult.SUCCESS;
}
}
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method clientAuthentication.
private boolean clientAuthentication(Credentials credentials, boolean interactive, boolean skipPassword) {
boolean isServiceUsesExternalAuthenticator = !interactive && externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE);
if (isServiceUsesExternalAuthenticator) {
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
} else {
this.authAcr = customScriptConfiguration.getCustomScript().getName();
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
log.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), result);
if (result) {
authenticationService.configureSessionClient();
log.info("Authentication success for client: '{}'", credentials.getUsername());
return true;
}
}
}
boolean loggedIn = skipPassword;
if (!loggedIn) {
loggedIn = clientService.authenticate(credentials.getUsername(), credentials.getPassword());
}
if (loggedIn) {
authenticationService.configureSessionClient();
log.info("Authentication success for Client: '{}'", credentials.getUsername());
return true;
}
return false;
}
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method userAuthenticationInteractive.
private boolean userAuthenticationInteractive() {
SessionState sessionState = sessionStateService.getSessionState();
Map<String, String> sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
if (sessionIdAttributes == null) {
log.error("Failed to get session attributes");
authenticationFailedSessionInvalid();
return false;
}
// Set current state into identity to allow use in login form and
// authentication scripts
identity.setSessionState(sessionState);
initCustomAuthenticatorVariables(sessionIdAttributes);
boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
initCustomAuthenticatorVariables(sessionIdAttributes);
if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
log.error("Failed to determine authentication mode");
authenticationFailedSessionInvalid();
return false;
}
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return false;
}
// Check if all previous steps had passed
boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
if (!passedPreviousSteps) {
log.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return false;
}
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
log.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", credentials.getUsername(), this.authStep, result, System.identityHashCode(credentials));
int overridenNextStep = -1;
int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
if (apiVersion > 1) {
log.trace("According to API version script supports steps overriding");
overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
log.debug("Get next step from script: '{}'", apiVersion);
}
if (!result && (overridenNextStep == -1)) {
return false;
}
boolean overrideCurrentStep = false;
if (overridenNextStep > -1) {
overrideCurrentStep = true;
// Reload session state
sessionState = sessionStateService.getSessionState();
// Reset to pecified step
sessionStateService.resetToStep(sessionState, overridenNextStep);
this.authStep = overridenNextStep;
log.info("Authentication reset to step : '{}'", this.authStep);
}
// Update parameters map to allow access it from count
// authentication steps method
updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
// Determine count authentication methods
int countAuthenticationSteps = externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
// Reload from LDAP to make sure that we are updating latest session
// attributes
sessionState = sessionStateService.getSessionState();
sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
// Prepare for next step
if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
int nextStep;
if (overrideCurrentStep) {
nextStep = overridenNextStep;
} else {
nextStep = this.authStep + 1;
}
String redirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, nextStep);
if (StringHelper.isEmpty(redirectTo)) {
redirectTo = "/login.xhtml";
}
// Store/Update extra parameters in session attributes map
updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);
if (!overrideCurrentStep) {
// Update auth_step
sessionIdAttributes.put("auth_step", Integer.toString(nextStep));
// Mark step as passed
markAuthStepAsPassed(sessionIdAttributes, this.authStep);
}
if (sessionState != null) {
boolean updateResult = updateSession(sessionState, sessionIdAttributes);
if (!updateResult) {
return false;
}
}
log.trace("Redirect to page: '{}'", redirectTo);
facesService.redirect(redirectTo);
return true;
}
if (this.authStep == countAuthenticationSteps) {
SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
Principal principal = new SimplePrincipal(credentials.getUsername());
identity.acceptExternallyAuthenticatedPrincipal(principal);
identity.quietLogin();
// Redirect to authorization workflow
log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionState);
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
} else {
if (StringHelper.isNotEmpty(credentials.getUsername())) {
boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
if (authenticated) {
SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
// Redirect to authorization workflow
log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionState);
}
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
}
return false;
}
Aggregations