Java Code Examples for org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext#getProperty()
The following examples show how to use
org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext#getProperty() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DefaultClaimHandler.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* Set federated subject's SP Subject Claim URI as a property
*/
private void setSubjectClaimForFederatedClaims(Map<String, String> attributesMap,
String spStandardDialect,
AuthenticationContext context) {
String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
if (subjectURI != null && !subjectURI.isEmpty()) {
if (spStandardDialect != null) {
setSubjectClaim(null, null, attributesMap, spStandardDialect, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst locally mapped " +
"unfiltered remote claims");
}
} else {
setSubjectClaim(null, null, attributesMap, null, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst service provider mapped " +
"unfiltered remote claims");
}
}
}
}
Example 2
| Source File: PostAuthAssociationHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* To get the claim mapping based on user local.
*
* @param context Authentication Context.
* @param mappedAttrs Mapped user attributes.
* @return claim mapping.
*/
@SuppressWarnings("unchecked")
private Map<ClaimMapping, String> getClaimMapping(AuthenticationContext context, Map<String, String> mappedAttrs) {
Map<ClaimMapping, String> mappedClaims = null;
Map<String, String> localClaimValues = (Map<String, String>) context
.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
Map<String, String> idpClaimValues = (Map<String, String>) context
.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
// if no requested claims are selected, send all local mapped claim values or idp claim values
if (context.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings() == null || context
.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings().isEmpty()) {
if (MapUtils.isNotEmpty(localClaimValues)) {
mappedAttrs = localClaimValues;
} else if (MapUtils.isNotEmpty(idpClaimValues)) {
mappedAttrs = idpClaimValues;
}
}
if (MapUtils.isNotEmpty(mappedAttrs)) {
mappedClaims = FrameworkUtils.buildClaimMappings(mappedAttrs);
}
return mappedClaims;
}
Example 3
| Source File: PostAuthenticatedSubjectIdentifierHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
@Override
public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context) {
if (!FrameworkUtils.isStepBasedSequenceHandlerExecuted(context)) {
return SUCCESS_COMPLETED;
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
String subjectClaimURI = sequenceConfig.getApplicationConfig().getSubjectClaimUri();
String subjectValue = (String) context.getProperty(FrameworkConstants.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE);
if (StringUtils.isNotBlank(subjectClaimURI)) {
if (subjectValue != null) {
handleUserStoreAndTenantDomain(sequenceConfig, subjectValue);
} else {
log.warn("Subject claim could not be found. Defaulting to Name Identifier.");
setAuthenticatedSujectIdentifierBasedOnUserName(sequenceConfig);
}
} else {
setAuthenticatedSujectIdentifierBasedOnUserName(sequenceConfig);
}
return SUCCESS_COMPLETED;
}
Example 4
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private void modifyCurrentNodeAsPreviousStep(AuthenticationContext context) {
context.removeProperty(BACK_TO_PREVIOUS_STEP);
if (context.getProperty(PROP_CURRENT_NODE) != null) {
//Identifier first should be the first step. Other steps will be determine dynamically.
for (int i = 2; i <= context.getSequenceConfig().getStepMap().size(); i++) {
context.getSequenceConfig().getStepMap().remove(i);
}
AuthGraphNode parentNode = ((AuthGraphNode) context.getProperty(PROP_CURRENT_NODE)).getParent();
while (parentNode != null && !isIdentifierFirstStep((parentNode))) {
if (parentNode instanceof DynamicDecisionNode) {
((DynamicDecisionNode) parentNode).setDefaultEdge(new EndStep());
}
parentNode = parentNode.getParent();
}
context.setProperty(PROP_CURRENT_NODE, parentNode);
if (log.isDebugEnabled()) {
log.debug("Modified current node a parent node which can handle the Identifier First requests.");
}
}
}
Example 5
| Source File: FrameworkUtils.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* @deprecated This method is a temporary solution and might get changed in the future.
* It is recommended not use this method.
*
* @param context AuthenticationContext.
* @return true if the handlers need to be executed, otherwise false.
*/
@Deprecated
public static boolean isStepBasedSequenceHandlerExecuted(AuthenticationContext context) {
boolean isNeeded = true;
SequenceConfig sequenceConfig = context.getSequenceConfig();
AuthenticatedUser authenticatedUser = sequenceConfig.getAuthenticatedUser();
Object isDefaultStepBasedSequenceHandlerTriggered = context
.getProperty(FrameworkConstants.STEP_BASED_SEQUENCE_HANDLER_TRIGGERED);
// If authenticated user is null or if step based sequence handler is not trigged, exit the flow.
if (authenticatedUser == null || isDefaultStepBasedSequenceHandlerTriggered == null
|| !(boolean) isDefaultStepBasedSequenceHandlerTriggered) {
isNeeded = false;
}
return isNeeded;
}
Example 6
| Source File: DefaultClaimHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* Set federated subject's SP Subject Claim URI as a property
*/
private void setSubjectClaimForFederatedClaims(Map<String, String> attributesMap,
String spStandardDialect,
AuthenticationContext context) {
String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
if (subjectURI != null && !subjectURI.isEmpty()) {
if (spStandardDialect != null) {
setSubjectClaim(null, null, attributesMap, spStandardDialect, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst locally mapped " +
"unfiltered remote claims");
}
} else {
setSubjectClaim(null, null, attributesMap, null, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst service provider mapped " +
"unfiltered remote claims");
}
}
}
}
Example 7
| Source File: DefaultClaimHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* Set federated subject's SP Subject Claim URI as a property
*/
private void setSubjectClaimForLocalClaims(String tenantAwareUserId,
UserStoreManager userStore,
Map<String, String> attributesMap,
String spStandardDialect,
AuthenticationContext context) {
String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
if (subjectURI != null && !subjectURI.isEmpty()) {
if (spStandardDialect != null) {
setSubjectClaim(tenantAwareUserId, userStore, attributesMap, spStandardDialect, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst unfiltered local claims");
}
} else {
setSubjectClaim(tenantAwareUserId, userStore, attributesMap, null, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst service provider mapped " +
"unfiltered local claims");
}
}
}
}
Example 8
| Source File: DefaultClaimHandler.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* Set federated subject's SP Subject Claim URI as a property
*/
private void setSubjectClaimForLocalClaims(String tenantAwareUserId,
UserStoreManager userStore,
Map<String, String> attributesMap,
String spStandardDialect,
AuthenticationContext context) {
String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
if (subjectURI != null && !subjectURI.isEmpty()) {
if (spStandardDialect != null) {
setSubjectClaim(tenantAwareUserId, userStore, attributesMap, spStandardDialect, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst unfiltered local claims");
}
} else {
setSubjectClaim(tenantAwareUserId, userStore, attributesMap, null, context);
if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
log.warn("Subject claim could not be found amongst service provider mapped " +
"unfiltered local claims");
}
}
}
}
Example 9
| Source File: ConsentMgtPostAuthnHandler.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
private Map<String, String> getSPToCarbonClaimMappings(AuthenticationContext context) {
Object mapping = context.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
if (mapping != null && mapping instanceof HashMap) {
return (Map<String, String>) mapping;
}
return new HashMap<>();
}
Example 10
| Source File: PostAuthnMissingClaimHandler.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
private boolean isPostAuthRequestTriggered(AuthenticationContext context) {
Object object = context.getProperty(POST_AUTHENTICATION_REDIRECTION_TRIGGERED);
boolean postAuthRequestTriggered = false;
if (object != null && object instanceof Boolean) {
postAuthRequestTriggered = (boolean) object;
}
return postAuthRequestTriggered;
}
Example 11
| Source File: DefaultSequenceHandlerUtils.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Get the standard claim dialect of the service provider in the
* authentication context.
*
* @param context AuthenticationContext.
* @return The claim dialect of the service provider.
*/
private static String getSPStandardDialect(AuthenticationContext context) {
ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
String spStandardDialect;
if (context.getProperties().containsKey(FrameworkConstants.SP_STANDARD_DIALECT)) {
spStandardDialect = (String) context.getProperty(FrameworkConstants.SP_STANDARD_DIALECT);
} else {
spStandardDialect = FrameworkUtils.getStandardDialect(context.getRequestType(), appConfig);
}
return spStandardDialect;
}
Example 12
| Source File: LoginContextManagementUtil.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Returns whether post authentication handler execution is ended or not.
*
* @param authenticationContext Authentication context.
* @return True if post authentication handlers have finished execution on this context. else false.
*/
public static boolean isPostAuthenticationExtensionCompleted(AuthenticationContext authenticationContext) {
Object object = authenticationContext.getProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED);
if (object != null && object instanceof Boolean) {
return (Boolean) object;
} else {
return false;
}
}
Example 13
| Source File: JsGraphBuilderFactory.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
public static void restoreCurrentContext(AuthenticationContext context, ScriptEngine engine)
throws FrameworkException {
Map<String, Object> map = (Map<String, Object>) context.getProperty(JS_BINDING_CURRENT_CONTEXT);
Bindings bindings = engine.getBindings(ScriptContext.ENGINE_SCOPE);
if (map != null) {
for (Map.Entry<String, Object> entry : map.entrySet()) {
Object deserializedValue = FrameworkUtils.fromJsSerializable(entry.getValue(), engine);
if (deserializedValue instanceof AbstractJSObjectWrapper) {
((AbstractJSObjectWrapper) deserializedValue).initializeContext(context);
}
bindings.put(entry.getKey(), deserializedValue);
}
}
}
Example 14
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
private boolean isBackToPreviousStep(AuthenticationContext context) {
return context.getProperty(BACK_TO_PREVIOUS_STEP) != null && Boolean.parseBoolean(context.getProperty
(BACK_TO_PREVIOUS_STEP).toString());
}
Example 15
| Source File: DefaultRequestPathBasedSequenceHandler.java From carbon-identity with Apache License 2.0 | 4 votes |
|
protected void handlePostAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationContext context,
AuthenticatedIdPData authenticatedIdPData) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Handling Post Authentication tasks");
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
Map<String, String> mappedAttrs;
StringBuilder jsonBuilder = new StringBuilder();
// build the authenticated idps JWT to send to the calling servlet.
jsonBuilder.append("\"idps\":");
jsonBuilder.append("[");
// build the JSON object for this step
jsonBuilder.append("{");
jsonBuilder.append("\"idp\":\"").append(authenticatedIdPData.getIdpName()).append("\",");
jsonBuilder
.append("\"authenticator\":\"")
.append(authenticatedIdPData.getAuthenticator().getApplicationAuthenticator()
.getName()).append("\"");
// wrap up the JSON object
jsonBuilder.append("}");
jsonBuilder.append("]");
sequenceConfig
.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder
.toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));
mappedAttrs = handleClaimMappings(context);
String spRoleUri = getSpRoleClaimUri(sequenceConfig.getApplicationConfig());
String roleAttr = mappedAttrs.get(spRoleUri);
if (roleAttr != null && roleAttr.trim().length() > 0) {
String[] roles = roleAttr.split(",");
mappedAttrs.put(spRoleUri,
getServiceProviderMappedUserRoles(sequenceConfig, Arrays.asList(roles)));
}
sequenceConfig.getAuthenticatedUser().setUserAttributes(FrameworkUtils.buildClaimMappings(mappedAttrs));
if (context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri() != null
&& context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim()
.length() > 0) {
Map<String, String> unfilteredClaimValues = (Map<String, String>) context
.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
String subjectValue = null;
if (unfilteredClaimValues != null) {
subjectValue = unfilteredClaimValues.get(context.getSequenceConfig()
.getApplicationConfig().getSubjectClaimUri().trim());
} else {
subjectValue = mappedAttrs.get(context.getSequenceConfig().getApplicationConfig()
.getSubjectClaimUri().trim());
}
if (subjectValue != null) {
AuthenticatedUser authenticatedUser = sequenceConfig.getAuthenticatedUser();
authenticatedUser.setAuthenticatedSubjectIdentifier(subjectValue);
if (log.isDebugEnabled()) {
log.debug("Authenticated User: " +
sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
}
}
}
}
Example 16
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
private boolean handleLongWait(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context, SequenceConfig sequenceConfig,
LongWaitNode longWaitNode) throws FrameworkException {
boolean isWaiting;
LongWaitStatusStoreService longWaitStatusStoreService =
FrameworkServiceDataHolder.getInstance().getLongWaitStatusStoreService();
LongWaitStatus longWaitStatus = longWaitStatusStoreService.getWait(context.getContextIdentifier());
if (longWaitStatus == null || longWaitStatus.getStatus() == LongWaitStatus.Status.UNKNOWN) {
//This is a initiation of long wait
longWaitStatus = new LongWaitStatus();
int tenantId = IdentityTenantUtil.getTenantId(context.getTenantDomain());
longWaitStatusStoreService.addWait(tenantId, context.getContextIdentifier(), longWaitStatus);
isWaiting = callExternalSystem(request, response, context, sequenceConfig, longWaitNode);
if (promptOnLongWait()) {
if (isWaiting) {
displayLongWait(context, request, response);
}
}
} else {
context.setReturning(false);
// This is a continuation of long wait
isWaiting = LongWaitStatus.Status.COMPLETED != longWaitStatus.getStatus();
longWaitStatusStoreService.removeWait(context.getContextIdentifier());
String outcomeName = (String) context.getProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
Map<String, Object> data = (Map<String, Object>) context.getProperty(
FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
AuthGraphNode nextNode;
if (outcomeName != null) {
executeFunction(outcomeName, longWaitNode, context, data);
nextNode = longWaitNode.getDefaultEdge();
if (nextNode == null) {
log.error("Authentication script does not have applicable event handler for outcome "
+ outcomeName + " from the long wait process : " + context.getContextIdentifier()
+ ". So ending the authentication flow. Add the correspoding event handler to the script");
nextNode = new FailNode();
}
} else {
log.error("The outcome from the long wait process " + context.getContextIdentifier()
+ " is null. Because asyncReturn.accept() has not been used properly in the async process flow"
+ " of the custom function. So ending the authentication flow. Check the flow in the async"
+ " process flow of the custom function and add asyncReturn.accept() with the corresponding"
+ " outcome.");
nextNode = new FailNode();
}
context.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, nextNode);
}
return isWaiting;
}
Example 17
| Source File: JITProvisioningPostAuthenticationHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* This method is used to handle response flow, after going through password provisioning.
*
* @param request HttpServlet request.
* @param context Authentication context
* @return Status of PostAuthnHandler flow.
* @throws PostAuthenticationFailedException Post Authentication Failed Exception
*/
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request, AuthenticationContext context)
throws PostAuthenticationFailedException {
SequenceConfig sequenceConfig = context.getSequenceConfig();
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (authenticator instanceof FederatedApplicationAuthenticator) {
ExternalIdPConfig externalIdPConfig;
String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
context.setExternalIdP(externalIdPConfig);
if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
if (log.isDebugEnabled()) {
log.debug("JIT provisioning response flow has hit for the IDP " + externalIdPConfigName + " "
+ "for the user, " + sequenceConfig.getAuthenticatedUser().getUserName());
}
final Map<String, String> localClaimValues;
Object unfilteredLocalClaimValues = context
.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
localClaimValues = unfilteredLocalClaimValues == null ?
new HashMap<>() :
(Map<String, String>) unfilteredLocalClaimValues;
Map<String, String> combinedLocalClaims = getCombinedClaims(request, localClaimValues, context);
if (externalIdPConfig.isPasswordProvisioningEnabled()) {
combinedLocalClaims
.put(FrameworkConstants.PASSWORD, request.getParameter(FrameworkConstants.PASSWORD));
}
String username = sequenceConfig.getAuthenticatedUser().getUserName();
if (context.getProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED) != null) {
username = request.getParameter(FrameworkConstants.USERNAME);
}
callDefaultProvisioningHandler(username, context, externalIdPConfig, combinedLocalClaims,
stepConfig);
handleConsents(request, stepConfig, context.getTenantDomain());
}
}
}
return SUCCESS_COMPLETED;
}
Example 18
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context)
throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Executing the Step Based Authentication...");
}
if (isBackToPreviousStep(context)) {
modifyCurrentNodeAsPreviousStep(context);
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
String authenticationType = sequenceConfig.getApplicationConfig().getServiceProvider()
.getLocalAndOutBoundAuthenticationConfig().getAuthenticationType();
AuthenticationGraph graph = sequenceConfig.getAuthenticationGraph();
if (graph == null || !graph.isEnabled() || (!ApplicationConstants.AUTH_TYPE_FLOW.equals(authenticationType) &&
!ApplicationConstants.AUTH_TYPE_DEFAULT.equals(authenticationType))) {
//Handle pre-configured step array
if (log.isDebugEnabled()) {
log.debug("Authentication Graph not defined for the application. "
+ "Performing Step based authentication. Service Provider :" + sequenceConfig
.getApplicationId());
}
DefaultStepBasedSequenceHandler.getInstance().handle(request, response, context);
return;
}
if (!graph.isBuildSuccessful()) {
throw new FrameworkException(
"Error while building graph from Javascript. Nested exception is: " + graph.getErrorReason());
}
boolean isInterrupted = false;
while (!isInterrupted && !context.getSequenceConfig().isCompleted()) {
AuthGraphNode currentNode = (AuthGraphNode) context
.getProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE);
if (currentNode == null) {
isInterrupted = handleInitialize(request, response, context, sequenceConfig, graph);
} else {
isInterrupted = handleNode(request, response, context, sequenceConfig, currentNode);
}
}
}
Example 19
| Source File: DefaultRequestPathBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
protected void handlePostAuthentication(HttpServletRequest request,
HttpServletResponse response, AuthenticationContext context,
AuthenticatedIdPData authenticatedIdPData) throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Handling Post Authentication tasks");
}
SequenceConfig sequenceConfig = context.getSequenceConfig();
Map<String, String> mappedAttrs;
StringBuilder jsonBuilder = new StringBuilder();
// build the authenticated idps JWT to send to the calling servlet.
jsonBuilder.append("\"idps\":");
jsonBuilder.append("[");
// build the JSON object for this step
jsonBuilder.append("{");
jsonBuilder.append("\"idp\":\"").append(authenticatedIdPData.getIdpName()).append("\",");
jsonBuilder
.append("\"authenticator\":\"")
.append(authenticatedIdPData.getAuthenticator().getApplicationAuthenticator()
.getName()).append("\"");
// wrap up the JSON object
jsonBuilder.append("}");
jsonBuilder.append("]");
sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder.toString(),
sequenceConfig.getApplicationConfig().getServiceProvider()));
mappedAttrs = handleClaimMappings(context);
String spRoleUri = getSpRoleClaimUri(sequenceConfig.getApplicationConfig());
String roleAttr = mappedAttrs.get(spRoleUri);
if (StringUtils.isNotBlank(roleAttr)) {
String[] roles = roleAttr.split(Pattern.quote(FrameworkUtils.getMultiAttributeSeparator()));
mappedAttrs.put(spRoleUri, getServiceProviderMappedUserRoles(sequenceConfig, Arrays.asList(roles)));
}
sequenceConfig.getAuthenticatedUser().setUserAttributes(FrameworkUtils.buildClaimMappings(mappedAttrs));
if (StringUtils.isNotBlank(context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri())) {
Map<String, String> unfilteredClaimValues =
(Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
String subjectClaimUri = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim();
String subjectClaimValue;
if (unfilteredClaimValues != null) {
subjectClaimValue = unfilteredClaimValues.get(subjectClaimUri);
} else {
subjectClaimValue = mappedAttrs.get(subjectClaimUri);
}
if (subjectClaimValue != null) {
AuthenticatedUser authenticatedUser = sequenceConfig.getAuthenticatedUser();
authenticatedUser.setAuthenticatedSubjectIdentifier(subjectClaimValue);
if (log.isDebugEnabled()) {
log.debug("Authenticated User: " +
sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
}
}
}
}
Example 20
| Source File: JITProvisioningPostAuthenticationHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* To handle the request flow of the post authentication handler.
*
* @param response HttpServlet response.
* @param context Authentication context
* @return Status of this post authentication handler flow.
* @throws PostAuthenticationFailedException Exception that will be thrown in case of failure.
*/
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context) throws PostAuthenticationFailedException {
SequenceConfig sequenceConfig = context.getSequenceConfig();
boolean isUserCreated = false;
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
//May have skipped from the script
//ex: Different authentication sequences evaluated by the script
continue;
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (authenticator instanceof FederatedApplicationAuthenticator) {
ExternalIdPConfig externalIdPConfig;
String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
context.setExternalIdP(externalIdPConfig);
Map<String, String> localClaimValues = (Map<String, String>) context
.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
if (localClaimValues == null || localClaimValues.size() == 0) {
Map<ClaimMapping, String> userAttributes = stepConfig.getAuthenticatedUser().getUserAttributes();
localClaimValues = FrameworkUtils.getClaimMappings
(userAttributes, false);
}
if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
if (localClaimValues == null) {
localClaimValues = new HashMap<>();
}
String associatedLocalUser =
getLocalUserAssociatedForFederatedIdentifier(stepConfig.getAuthenticatedIdP(),
stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier(), context.getTenantDomain());
String username;
String userIdClaimUriInLocalDialect = getUserIdClaimUriInLocalDialect(externalIdPConfig);
if (isUserNameFoundFromUserIDClaimURI(localClaimValues, userIdClaimUriInLocalDialect)) {
username = localClaimValues.get(userIdClaimUriInLocalDialect);
} else {
username = associatedLocalUser;
}
// If associatedLocalUser is null, that means relevant association not exist already.
if (StringUtils.isEmpty(associatedLocalUser) && !isUserCreated) {
if (log.isDebugEnabled()) {
log.debug(sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
+ externalIdPConfig.getIdPName() + " do not have a local account, hence redirecting"
+ " to the UI to sign up.");
}
if (externalIdPConfig.isPromptConsentEnabled()) {
if (StringUtils.isEmpty(username)) {
// If there is no subject claim URI configured in the IDP, get the authenticated
// username.
username = getTenantDomainAppendedUserName(
sequenceConfig.getAuthenticatedUser().getUserName(), context.getTenantDomain());
}
redirectToAccountCreateUI(externalIdPConfig, context, localClaimValues, response,
username, request);
// Set the property to make sure the request is a returning one.
context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
}
if (StringUtils.isEmpty(username)) {
username = sequenceConfig.getAuthenticatedUser().getUserName();
isUserCreated = true;
}
if (log.isDebugEnabled()) {
log.debug("User : " + sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
+ externalIdPConfig.getIdPName() + " do have a local account, with the username "
+ username);
}
callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues,
stepConfig);
}
}
}
return SUCCESS_COMPLETED;
}
