Search in sources :

Example 26 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class AuthenticationService method configureSessionUser.

public SessionState configureSessionUser(SessionState sessionState, Map<String, String> sessionIdAttributes) {
    log.trace("configureSessionUser: credentials: '{}', sessionState: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", System.identityHashCode(credentials), sessionState, credentials.getUsername(), getAuthenticatedUserId());
    User user = getAuthenticatedUser();
    SessionState newSessionState;
    if (sessionState == null) {
        newSessionState = sessionStateService.generateAuthenticatedSessionState(user.getDn(), sessionIdAttributes);
    } else {
        // TODO: Remove after 2.4.5
        String sessionAuthUser = sessionIdAttributes.get(Constants.AUTHENTICATED_USER);
        log.trace("configureSessionUser sessionState: '{}', sessionState.auth_user: '{}'", sessionState, sessionAuthUser);
        newSessionState = sessionStateService.setSessionStateAuthenticated(sessionState, user.getDn());
    }
    configureEventUserContext(newSessionState);
    return newSessionState;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) User(org.xdi.oxauth.model.common.User) SimpleUser(org.xdi.oxauth.model.common.SimpleUser)

Example 27 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class U2fRegistrationWS method isCurrentAuthenticationLevelCorrespondsToU2fLevel.

private boolean isCurrentAuthenticationLevelCorrespondsToU2fLevel(String session) {
    SessionState sessionState = sessionStateService.getSessionState(session);
    if (sessionState == null)
        return false;
    String acrValuesStr = sessionStateService.getAcr(sessionState);
    if (acrValuesStr == null)
        return false;
    CustomScriptConfiguration u2fScriptConfiguration = service.getCustomScriptConfigurationByName("u2f");
    if (u2fScriptConfiguration == null)
        return false;
    String[] acrValuesArray = acrValuesStr.split(" ");
    for (String acrValue : acrValuesArray) {
        CustomScriptConfiguration currentScriptConfiguration = service.getCustomScriptConfigurationByName(acrValue);
        if (currentScriptConfiguration == null)
            continue;
        if (currentScriptConfiguration.getLevel() >= u2fScriptConfiguration.getLevel())
            return true;
    }
    return false;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)

Example 28 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method httpBased.

public Response httpBased(String postLogoutRedirectUri, String state, Pair<SessionState, AuthorizationGrant> pair) {
    SessionState sessionState = pair.getFirst();
    AuthorizationGrant authorizationGrant = pair.getSecond();
    // Validate redirectUri
    String redirectUri;
    if (authorizationGrant == null) {
        redirectUri = redirectionUriService.validatePostLogoutRedirectUri(sessionState, postLogoutRedirectUri);
    } else {
        redirectUri = redirectionUriService.validatePostLogoutRedirectUri(authorizationGrant.getClient().getClientId(), postLogoutRedirectUri);
    }
    final Set<String> frontchannelLogoutUris = getRpFrontchannelLogoutUris(pair);
    final String html = constructPage(frontchannelLogoutUris, redirectUri, state);
    log.debug("Constructed http logout page: " + html);
    return Response.ok().cacheControl(ServerUtil.cacheControl(true, true)).header("Pragma", "no-cache").type(MediaType.TEXT_HTML_TYPE).entity(html).build();
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)

Example 29 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method endSession.

private Pair<SessionState, AuthorizationGrant> endSession(String idTokenHint, String sessionState, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext sec) {
    AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
    if (authorizationGrant == null) {
        Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
        if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
            authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
        }
    }
    SessionState ldapSessionState = removeSessionState(sessionState, httpRequest, httpResponse);
    if ((authorizationGrant == null) && (ldapSessionState == null)) {
        log.info("Failed to find out authorization grant for id_token_hint '{}' and session_state '{}'", idTokenHint, sessionState);
        errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
    }
    boolean isExternalLogoutPresent;
    boolean externalLogoutResult = false;
    isExternalLogoutPresent = externalApplicationSessionService.isEnabled();
    if (isExternalLogoutPresent && (ldapSessionState != null)) {
        String userName = ldapSessionState.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
        externalLogoutResult = externalApplicationSessionService.executeExternalEndSessionMethods(httpRequest, ldapSessionState);
        log.info("End session result for '{}': '{}'", userName, "logout", externalLogoutResult);
    }
    boolean isGrantAndExternalLogoutSuccessful = isExternalLogoutPresent && externalLogoutResult;
    if (isExternalLogoutPresent && !isGrantAndExternalLogoutSuccessful) {
        errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
    }
    if (ldapSessionState != null) {
        grantService.removeAllTokensBySession(ldapSessionState.getDn());
    }
    if (identity != null) {
        identity.logout();
    }
    return new Pair<SessionState, AuthorizationGrant>(ldapSessionState, authorizationGrant);
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant) Pair(org.xdi.util.Pair)

Example 30 with SessionState

use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method getRpFrontchannelLogoutUris.

private Set<String> getRpFrontchannelLogoutUris(Pair<SessionState, AuthorizationGrant> pair) {
    final Set<String> result = Sets.newHashSet();
    SessionState sessionState = pair.getFirst();
    AuthorizationGrant authorizationGrant = pair.getSecond();
    if (sessionState == null) {
        log.error("session_state is not passed to endpoint (as cookie or manually). Therefore unable to match clients for session_state." + "Http based html will contain no iframes.");
        return result;
    }
    final Set<Client> clientsByDns = sessionState.getPermissionGrantedMap() != null ? clientService.getClient(sessionState.getPermissionGrantedMap().getClientIds(true), true) : Sets.<Client>newHashSet();
    if (authorizationGrant != null) {
        clientsByDns.add(authorizationGrant.getClient());
    }
    for (Client client : clientsByDns) {
        String[] logoutUris = client.getFrontChannelLogoutUri();
        if (logoutUris == null) {
            continue;
        }
        for (String logoutUri : logoutUris) {
            if (Util.isNullOrEmpty(logoutUri)) {
                // skip client if logout_uri is blank
                continue;
            }
            if (client.getFrontChannelLogoutSessionRequired() != null && client.getFrontChannelLogoutSessionRequired()) {
                if (logoutUri.contains("?")) {
                    logoutUri = logoutUri + "&sid=" + sessionState.getId();
                } else {
                    logoutUri = logoutUri + "?sid=" + sessionState.getId();
                }
            }
            result.add(logoutUri);
        }
    }
    return result;
}
Also used : SessionState(org.xdi.oxauth.model.common.SessionState) Client(org.xdi.oxauth.model.registration.Client) AuthorizationGrant(org.xdi.oxauth.model.common.AuthorizationGrant)

Aggregations

SessionState (org.xdi.oxauth.model.common.SessionState)30 AuthorizationGrant (org.xdi.oxauth.model.common.AuthorizationGrant)5 User (org.xdi.oxauth.model.common.User)5 CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)4 Date (java.util.Date)3 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)3 Parameters (org.testng.annotations.Parameters)3 Test (org.testng.annotations.Test)3 BaseComponentTest (org.xdi.oxauth.BaseComponentTest)3 SimpleUser (org.xdi.oxauth.model.common.SimpleUser)3 AcrChangedException (org.xdi.oxauth.model.exception.AcrChangedException)3 Client (org.xdi.oxauth.model.registration.Client)3 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)2 Prompt (org.xdi.oxauth.model.common.Prompt)2 InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)2 ClientAuthorizations (org.xdi.oxauth.model.ldap.ClientAuthorizations)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)1