Search in sources :

Example 11 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class AuthorizationService method applyPolicy.

private boolean applyPolicy(String authorizationPolicyDn, AuthorizationContext authorizationContext) {
    log.trace("Apply policy dn: '{}' ...", authorizationPolicyDn);
    final CustomScriptConfiguration customScriptConfiguration = externalUmaAuthorizationPolicyService.getAuthorizationPolicyByDn(authorizationPolicyDn);
    if (customScriptConfiguration != null) {
        final boolean result = externalUmaAuthorizationPolicyService.executeExternalAuthorizeMethod(customScriptConfiguration, authorizationContext);
        log.trace("Policy '{}' result: {}", authorizationPolicyDn, result);
        // if false check whether "need_info" objects are set, if yes then throw WebApplicationException directly here
        if (!result) {
            if (authorizationContext.getNeedInfoAuthenticationContext() != null || authorizationContext.getNeedInfoRequestingPartyClaims() != null) {
                final String jsonEntity = NeedInfoResponseBuilder.entityForResponse(authorizationContext.getNeedInfoAuthenticationContext(), authorizationContext.getNeedInfoRequestingPartyClaims());
                throwForbiddenException(jsonEntity);
            }
        }
        return result;
    } else {
        log.error("Unable to load custom script dn: '{}'", authorizationPolicyDn);
    }
    return false;
}
Also used : CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 12 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.

the class CustomScriptManager method groupCustomScriptConfigurationsByScriptType.

private Map<CustomScriptType, List<CustomScriptConfiguration>> groupCustomScriptConfigurationsByScriptType(Map<String, CustomScriptConfiguration> customScriptConfigurations) {
    Map<CustomScriptType, List<CustomScriptConfiguration>> newCustomScriptConfigurationsByScriptType = new HashMap<CustomScriptType, List<CustomScriptConfiguration>>();
    for (CustomScriptType customScriptType : this.supportedCustomScriptTypes) {
        List<CustomScriptConfiguration> customConfigurationsByScriptType = new ArrayList<CustomScriptConfiguration>();
        newCustomScriptConfigurationsByScriptType.put(customScriptType, customConfigurationsByScriptType);
    }
    for (CustomScriptConfiguration customScriptConfiguration : customScriptConfigurations.values()) {
        CustomScriptType customScriptType = customScriptConfiguration.getCustomScript().getScriptType();
        List<CustomScriptConfiguration> customConfigurationsByScriptType = newCustomScriptConfigurationsByScriptType.get(customScriptType);
        customConfigurationsByScriptType.add(customScriptConfiguration);
    }
    return newCustomScriptConfigurationsByScriptType;
}
Also used : HashMap(java.util.HashMap) CustomScriptType(org.xdi.model.custom.script.CustomScriptType) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 13 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class LogoutAction method processExternalAuthenticatorLogOut.

private ExternalLogoutResult processExternalAuthenticatorLogOut(SessionState sessionState) {
    if ((sessionState != null) && sessionState.getSessionAttributes().containsKey(EXTERNAL_LOGOUT)) {
        log.debug("Detected callback from external system. Resuming logout.");
        return ExternalLogoutResult.SUCCESS;
    }
    AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
    if (authorizationGrant == null) {
        Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
        if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
            authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
        }
    }
    if ((authorizationGrant == null) && (sessionState == null)) {
        return ExternalLogoutResult.FAILURE;
    }
    String acrValues;
    if (authorizationGrant == null) {
        acrValues = sessionStateService.getAcr(sessionState);
    } else {
        acrValues = authorizationGrant.getAcrValues();
    }
    boolean isExternalAuthenticatorLogoutPresent = StringHelper.isNotEmpty(acrValues);
    if (isExternalAuthenticatorLogoutPresent) {
        log.debug("Attemptinmg to execute logout method of '{}' external authenticator.", acrValues);
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues);
        if (customScriptConfiguration == null) {
            log.error("Failed to get ExternalAuthenticatorConfiguration. acr_values: {}", acrValues);
            return ExternalLogoutResult.FAILURE;
        } else {
            boolean scriptExternalLogoutResult = externalAuthenticationService.executeExternalLogout(customScriptConfiguration, null);
            ExternalLogoutResult externalLogoutResult = scriptExternalLogoutResult ? ExternalLogoutResult.SUCCESS : ExternalLogoutResult.FAILURE;
            log.debug("Logout result is '{}' for session '{}', userDn: '{}'", externalLogoutResult, sessionState.getId(), sessionState.getUserDn());
            int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
            if (apiVersion < 3) {
                // Not support redirect to external system at logout
                return externalLogoutResult;
            }
            log.trace("According to API version script supports logout redirects");
            String logoutExternalUrl = externalAuthenticationService.getLogoutExternalUrl(customScriptConfiguration, null);
            log.debug("External logout result is '{}' for user '{}'", logoutExternalUrl, sessionState.getUserDn());
            if (StringHelper.isEmpty(logoutExternalUrl)) {
                return externalLogoutResult;
            }
            // Store in session parameters needed to call end_session
            try {
                storeLogoutParametersInSession(sessionState);
            } catch (IOException ex) {
                log.debug("Failed to persist logout parameters in session", ex);
                return ExternalLogoutResult.FAILURE;
            }
            // Redirect to external URL
            facesService.redirectToExternalURL(logoutExternalUrl);
            return ExternalLogoutResult.REDIRECT;
        }
    } else {
        return ExternalLogoutResult.SUCCESS;
    }
}
Also used : IOException(java.io.IOException) AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 14 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class Authenticator method clientAuthentication.

private boolean clientAuthentication(Credentials credentials, boolean interactive, boolean skipPassword) {
    boolean isServiceUsesExternalAuthenticator = !interactive && externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE);
    if (isServiceUsesExternalAuthenticator) {
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
        if (customScriptConfiguration == null) {
            log.error("Failed to get CustomScriptConfiguration. acr: '{}'", this.authAcr);
        } else {
            this.authAcr = customScriptConfiguration.getCustomScript().getName();
            boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
            log.info("Authentication result for user '{}', result: '{}'", credentials.getUsername(), result);
            if (result) {
                authenticationService.configureSessionClient();
                log.info("Authentication success for client: '{}'", credentials.getUsername());
                return true;
            }
        }
    }
    boolean loggedIn = skipPassword;
    if (!loggedIn) {
        loggedIn = clientService.authenticate(credentials.getUsername(), credentials.getPassword());
    }
    if (loggedIn) {
        authenticationService.configureSessionClient();
        log.info("Authentication success for Client: '{}'", credentials.getUsername());
        return true;
    }
    return false;
}
Also used : CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 15 with CustomScriptConfiguration

use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.

the class Authenticator method userAuthenticationInteractive.

private boolean userAuthenticationInteractive() {
    SessionState sessionState = sessionStateService.getSessionState();
    Map<String, String> sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
    if (sessionIdAttributes == null) {
        log.error("Failed to get session attributes");
        authenticationFailedSessionInvalid();
        return false;
    }
    // Set current state into identity to allow use in login form and
    // authentication scripts
    identity.setSessionState(sessionState);
    initCustomAuthenticatorVariables(sessionIdAttributes);
    boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
    if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
        initCustomAuthenticatorVariables(sessionIdAttributes);
        if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
            log.error("Failed to determine authentication mode");
            authenticationFailedSessionInvalid();
            return false;
        }
        CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
        if (customScriptConfiguration == null) {
            log.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return false;
        }
        // Check if all previous steps had passed
        boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
        if (!passedPreviousSteps) {
            log.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
            return false;
        }
        boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
        log.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", credentials.getUsername(), this.authStep, result, System.identityHashCode(credentials));
        int overridenNextStep = -1;
        int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
        if (apiVersion > 1) {
            log.trace("According to API version script supports steps overriding");
            overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
            log.debug("Get next step from script: '{}'", apiVersion);
        }
        if (!result && (overridenNextStep == -1)) {
            return false;
        }
        boolean overrideCurrentStep = false;
        if (overridenNextStep > -1) {
            overrideCurrentStep = true;
            // Reload session state
            sessionState = sessionStateService.getSessionState();
            // Reset to pecified step
            sessionStateService.resetToStep(sessionState, overridenNextStep);
            this.authStep = overridenNextStep;
            log.info("Authentication reset to step : '{}'", this.authStep);
        }
        // Update parameters map to allow access it from count
        // authentication steps method
        updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
        // Determine count authentication methods
        int countAuthenticationSteps = externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
        // Reload from LDAP to make sure that we are updating latest session
        // attributes
        sessionState = sessionStateService.getSessionState();
        sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
        // Prepare for next step
        if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
            int nextStep;
            if (overrideCurrentStep) {
                nextStep = overridenNextStep;
            } else {
                nextStep = this.authStep + 1;
            }
            String redirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, nextStep);
            if (StringHelper.isEmpty(redirectTo)) {
                redirectTo = "/login.xhtml";
            }
            // Store/Update extra parameters in session attributes map
            updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);
            if (!overrideCurrentStep) {
                // Update auth_step
                sessionIdAttributes.put("auth_step", Integer.toString(nextStep));
                // Mark step as passed
                markAuthStepAsPassed(sessionIdAttributes, this.authStep);
            }
            if (sessionState != null) {
                boolean updateResult = updateSession(sessionState, sessionIdAttributes);
                if (!updateResult) {
                    return false;
                }
            }
            log.trace("Redirect to page: '{}'", redirectTo);
            facesService.redirect(redirectTo);
            return true;
        }
        if (this.authStep == countAuthenticationSteps) {
            SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
            Principal principal = new SimplePrincipal(credentials.getUsername());
            identity.acceptExternallyAuthenticatedPrincipal(principal);
            identity.quietLogin();
            // Redirect to authorization workflow
            log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
            authenticationService.onSuccessfulLogin(eventSessionState);
            log.info("Authentication success for User: '{}'", credentials.getUsername());
            return true;
        }
    } else {
        if (StringHelper.isNotEmpty(credentials.getUsername())) {
            boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
            if (authenticated) {
                SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
                // Redirect to authorization workflow
                log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
                authenticationService.onSuccessfulLogin(eventSessionState);
            }
            log.info("Authentication success for User: '{}'", credentials.getUsername());
            return true;
        }
    }
    return false;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration) SimplePrincipal(org.xdi.model.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.xdi.model.security.SimplePrincipal)

Aggregations

CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)19 SessionState (org.xdi.oxauth.model.common.SessionState)4 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 AuthenticationScriptUsageType (org.xdi.model.AuthenticationScriptUsageType)2 SimpleCustomProperty (org.xdi.model.SimpleCustomProperty)2 CustomScript (org.xdi.model.custom.script.model.CustomScript)2 IOException (java.io.IOException)1 Principal (java.security.Principal)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Entry (java.util.Map.Entry)1 Set (java.util.Set)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1 SimpleExtendedCustomProperty (org.xdi.model.SimpleExtendedCustomProperty)1 CustomScriptType (org.xdi.model.custom.script.CustomScriptType)1 AuthenticationCustomScript (org.xdi.model.custom.script.model.auth.AuthenticationCustomScript)1 BaseExternalType (org.xdi.model.custom.script.type.BaseExternalType)1 PersonAuthenticationType (org.xdi.model.custom.script.type.auth.PersonAuthenticationType)1