use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class AuthenticationService method configureSessionUser.
public SessionState configureSessionUser(SessionState sessionState, Map<String, String> sessionIdAttributes) {
log.trace("configureSessionUser: credentials: '{}', sessionState: '{}', credentials.userName: '{}', authenticatedUser.userId: '{}'", System.identityHashCode(credentials), sessionState, credentials.getUsername(), getAuthenticatedUserId());
User user = getAuthenticatedUser();
SessionState newSessionState;
if (sessionState == null) {
newSessionState = sessionStateService.generateAuthenticatedSessionState(user.getDn(), sessionIdAttributes);
} else {
// TODO: Remove after 2.4.5
String sessionAuthUser = sessionIdAttributes.get(Constants.AUTHENTICATED_USER);
log.trace("configureSessionUser sessionState: '{}', sessionState.auth_user: '{}'", sessionState, sessionAuthUser);
newSessionState = sessionStateService.setSessionStateAuthenticated(sessionState, user.getDn());
}
configureEventUserContext(newSessionState);
return newSessionState;
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class U2fRegistrationWS method isCurrentAuthenticationLevelCorrespondsToU2fLevel.
private boolean isCurrentAuthenticationLevelCorrespondsToU2fLevel(String session) {
SessionState sessionState = sessionStateService.getSessionState(session);
if (sessionState == null)
return false;
String acrValuesStr = sessionStateService.getAcr(sessionState);
if (acrValuesStr == null)
return false;
CustomScriptConfiguration u2fScriptConfiguration = service.getCustomScriptConfigurationByName("u2f");
if (u2fScriptConfiguration == null)
return false;
String[] acrValuesArray = acrValuesStr.split(" ");
for (String acrValue : acrValuesArray) {
CustomScriptConfiguration currentScriptConfiguration = service.getCustomScriptConfigurationByName(acrValue);
if (currentScriptConfiguration == null)
continue;
if (currentScriptConfiguration.getLevel() >= u2fScriptConfiguration.getLevel())
return true;
}
return false;
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceImpl method httpBased.
public Response httpBased(String postLogoutRedirectUri, String state, Pair<SessionState, AuthorizationGrant> pair) {
SessionState sessionState = pair.getFirst();
AuthorizationGrant authorizationGrant = pair.getSecond();
// Validate redirectUri
String redirectUri;
if (authorizationGrant == null) {
redirectUri = redirectionUriService.validatePostLogoutRedirectUri(sessionState, postLogoutRedirectUri);
} else {
redirectUri = redirectionUriService.validatePostLogoutRedirectUri(authorizationGrant.getClient().getClientId(), postLogoutRedirectUri);
}
final Set<String> frontchannelLogoutUris = getRpFrontchannelLogoutUris(pair);
final String html = constructPage(frontchannelLogoutUris, redirectUri, state);
log.debug("Constructed http logout page: " + html);
return Response.ok().cacheControl(ServerUtil.cacheControl(true, true)).header("Pragma", "no-cache").type(MediaType.TEXT_HTML_TYPE).entity(html).build();
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceImpl method endSession.
private Pair<SessionState, AuthorizationGrant> endSession(String idTokenHint, String sessionState, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext sec) {
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
if (authorizationGrant == null) {
Boolean endSessionWithAccessToken = appConfiguration.getEndSessionWithAccessToken();
if ((endSessionWithAccessToken != null) && endSessionWithAccessToken) {
authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(idTokenHint);
}
}
SessionState ldapSessionState = removeSessionState(sessionState, httpRequest, httpResponse);
if ((authorizationGrant == null) && (ldapSessionState == null)) {
log.info("Failed to find out authorization grant for id_token_hint '{}' and session_state '{}'", idTokenHint, sessionState);
errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
}
boolean isExternalLogoutPresent;
boolean externalLogoutResult = false;
isExternalLogoutPresent = externalApplicationSessionService.isEnabled();
if (isExternalLogoutPresent && (ldapSessionState != null)) {
String userName = ldapSessionState.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
externalLogoutResult = externalApplicationSessionService.executeExternalEndSessionMethods(httpRequest, ldapSessionState);
log.info("End session result for '{}': '{}'", userName, "logout", externalLogoutResult);
}
boolean isGrantAndExternalLogoutSuccessful = isExternalLogoutPresent && externalLogoutResult;
if (isExternalLogoutPresent && !isGrantAndExternalLogoutSuccessful) {
errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
}
if (ldapSessionState != null) {
grantService.removeAllTokensBySession(ldapSessionState.getDn());
}
if (identity != null) {
identity.logout();
}
return new Pair<SessionState, AuthorizationGrant>(ldapSessionState, authorizationGrant);
}
use of org.xdi.oxauth.model.common.SessionState in project oxAuth by GluuFederation.
the class EndSessionRestWebServiceImpl method getRpFrontchannelLogoutUris.
private Set<String> getRpFrontchannelLogoutUris(Pair<SessionState, AuthorizationGrant> pair) {
final Set<String> result = Sets.newHashSet();
SessionState sessionState = pair.getFirst();
AuthorizationGrant authorizationGrant = pair.getSecond();
if (sessionState == null) {
log.error("session_state is not passed to endpoint (as cookie or manually). Therefore unable to match clients for session_state." + "Http based html will contain no iframes.");
return result;
}
final Set<Client> clientsByDns = sessionState.getPermissionGrantedMap() != null ? clientService.getClient(sessionState.getPermissionGrantedMap().getClientIds(true), true) : Sets.<Client>newHashSet();
if (authorizationGrant != null) {
clientsByDns.add(authorizationGrant.getClient());
}
for (Client client : clientsByDns) {
String[] logoutUris = client.getFrontChannelLogoutUri();
if (logoutUris == null) {
continue;
}
for (String logoutUri : logoutUris) {
if (Util.isNullOrEmpty(logoutUri)) {
// skip client if logout_uri is blank
continue;
}
if (client.getFrontChannelLogoutSessionRequired() != null && client.getFrontChannelLogoutSessionRequired()) {
if (logoutUri.contains("?")) {
logoutUri = logoutUri + "&sid=" + sessionState.getId();
} else {
logoutUri = logoutUri + "?sid=" + sessionState.getId();
}
}
result.add(logoutUri);
}
}
return result;
}
Aggregations