Java Code Examples for org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils#getClaimMappings()
The following examples show how to use
org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils#getClaimMappings() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JsClaims.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Sets the remote claim value that is mapped to the give local claim
*
* @param localClaimURI Local claim URI
* @param claimValue Value to be set
*/
private void setLocalMappedClaim(String localClaimURI, Object claimValue) {
Map<ClaimMapping, String> idpAttributesMap = authenticatedUser.getUserAttributes();
Map<String, String> remoteMapping = FrameworkUtils.getClaimMappings(idpAttributesMap, false);
String mappedRemoteClaim = getRemoteClaimMappedToLocalClaim(localClaimURI, remoteMapping);
if (mappedRemoteClaim != null) {
setFederatedClaim(mappedRemoteClaim, String.valueOf(claimValue));
}
}
Example 2
| Source File: JsClaims.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Check if the user has a federated claim with given name.
*
* @param claimUri Federated claim URI
* @return <code>true</code> if the IdP is federated and it has a claim for user with given URI.
* <code>false</code> otherwise
*/
private boolean hasFederatedClaim(String claimUri) {
if (isFederatedIdP()) {
Map<ClaimMapping, String> attributesMap = authenticatedUser.getUserAttributes();
Map<String, String> remoteMapping = FrameworkUtils.getClaimMappings(attributesMap, false);
return remoteMapping.containsKey(claimUri);
}
// Can be a case where step is not set (e.g. associated local user)
return false;
}
Example 3
| Source File: JsClaims.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Get the claim by federated claim URI.
*
* @param claimUri Federated claim URI
* @return Claim value if the Idp is a federated Idp, and has a claim by given url for the user.
* <code>null</code> otherwise.
*/
private String getFederatedClaim(String claimUri) {
// If the idp is local, return null
if (isFederatedIdP()) {
Map<ClaimMapping, String> attributesMap = authenticatedUser.getUserAttributes();
Map<String, String> remoteMapping = FrameworkUtils.getClaimMappings(attributesMap, false);
return remoteMapping.get(claimUri);
}
// Can be a case where step is not set (e.g. associated local user)
return null;
}
Example 4
| Source File: JsClaims.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Gets the mapped remote claim value for the given local claim URI
*
* @param claimUri Local claim URI
* @return Mapped remote claim value from IdP
*/
private String getLocalMappedClaim(String claimUri) {
Map<ClaimMapping, String> idpAttributesMap = authenticatedUser.getUserAttributes();
Map<String, String> remoteMapping = FrameworkUtils.getClaimMappings(idpAttributesMap, false);
String remoteMappedClaim = getRemoteClaimMappedToLocalClaim(claimUri, remoteMapping);
if (remoteMappedClaim != null) {
return remoteMapping.get(remoteMappedClaim);
}
return null;
}
Example 5
| Source File: JITProvisioningPostAuthenticationHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* To handle the request flow of the post authentication handler.
*
* @param response HttpServlet response.
* @param context Authentication context
* @return Status of this post authentication handler flow.
* @throws PostAuthenticationFailedException Exception that will be thrown in case of failure.
*/
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context) throws PostAuthenticationFailedException {
SequenceConfig sequenceConfig = context.getSequenceConfig();
boolean isUserCreated = false;
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
//May have skipped from the script
//ex: Different authentication sequences evaluated by the script
continue;
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (authenticator instanceof FederatedApplicationAuthenticator) {
ExternalIdPConfig externalIdPConfig;
String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
context.setExternalIdP(externalIdPConfig);
Map<String, String> localClaimValues = (Map<String, String>) context
.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
if (localClaimValues == null || localClaimValues.size() == 0) {
Map<ClaimMapping, String> userAttributes = stepConfig.getAuthenticatedUser().getUserAttributes();
localClaimValues = FrameworkUtils.getClaimMappings
(userAttributes, false);
}
if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
if (localClaimValues == null) {
localClaimValues = new HashMap<>();
}
String associatedLocalUser =
getLocalUserAssociatedForFederatedIdentifier(stepConfig.getAuthenticatedIdP(),
stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier(), context.getTenantDomain());
String username;
String userIdClaimUriInLocalDialect = getUserIdClaimUriInLocalDialect(externalIdPConfig);
if (isUserNameFoundFromUserIDClaimURI(localClaimValues, userIdClaimUriInLocalDialect)) {
username = localClaimValues.get(userIdClaimUriInLocalDialect);
} else {
username = associatedLocalUser;
}
// If associatedLocalUser is null, that means relevant association not exist already.
if (StringUtils.isEmpty(associatedLocalUser) && !isUserCreated) {
if (log.isDebugEnabled()) {
log.debug(sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
+ externalIdPConfig.getIdPName() + " do not have a local account, hence redirecting"
+ " to the UI to sign up.");
}
if (externalIdPConfig.isPromptConsentEnabled()) {
if (StringUtils.isEmpty(username)) {
// If there is no subject claim URI configured in the IDP, get the authenticated
// username.
username = getTenantDomainAppendedUserName(
sequenceConfig.getAuthenticatedUser().getUserName(), context.getTenantDomain());
}
redirectToAccountCreateUI(externalIdPConfig, context, localClaimValues, response,
username, request);
// Set the property to make sure the request is a returning one.
context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
}
if (StringUtils.isEmpty(username)) {
username = sequenceConfig.getAuthenticatedUser().getUserName();
isUserCreated = true;
}
if (log.isDebugEnabled()) {
log.debug("User : " + sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
+ externalIdPConfig.getIdPName() + " do have a local account, with the username "
+ username);
}
callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues,
stepConfig);
}
}
}
return SUCCESS_COMPLETED;
}
Example 6
| Source File: DefaultClaimHandler.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* @param spStandardDialect
* @param remoteClaims
* @param stepConfig
* @param context
* @return
* @throws FrameworkException
*/
protected Map<String, String> handleFederatedClaims(Map<String, String> remoteClaims, String spStandardDialect,
StepConfig stepConfig, AuthenticationContext context)
throws FrameworkException {
ClaimMapping[] idPClaimMappings = context.getExternalIdP().getClaimMappings();
if (idPClaimMappings == null) {
idPClaimMappings = new ClaimMapping[0];
}
Map<String, String> spClaimMappings = context.getSequenceConfig().getApplicationConfig().
getClaimMappings();
if (spClaimMappings == null) {
spClaimMappings = new HashMap<>();
}
Map<String, String> carbonToStandardClaimMapping = new HashMap<>();
Map<String, String> spRequestedClaimMappings = context.getSequenceConfig().getApplicationConfig().
getRequestedClaimMappings();
if (StringUtils.isNotBlank(spStandardDialect) && !StringUtils.equals(spStandardDialect, ApplicationConstants
.LOCAL_IDP_DEFAULT_CLAIM_DIALECT)) {
carbonToStandardClaimMapping = getCarbonToStandardDialectMapping(spStandardDialect, context,
spRequestedClaimMappings, context.getTenantDomain());
spRequestedClaimMappings = mapRequestClaimsInStandardDialect(spRequestedClaimMappings,
carbonToStandardClaimMapping);
}
ApplicationAuthenticator authenticator = stepConfig.
getAuthenticatedAutenticator().getApplicationAuthenticator();
String idPStandardDialect = authenticator.getClaimDialectURI();
boolean useDefaultIdpDialect = context.getExternalIdP().useDefaultLocalIdpDialect();
// set unfiltered remote claims as a property
context.setProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES, remoteClaims);
Map<String, String> localUnfilteredClaims = new HashMap<>();
Map<String, String> spUnfilteredClaims = new HashMap<>();
Map<String, String> spFilteredClaims = new HashMap<>();
// claim mapping from local IDP to remote IDP : local-claim-uri / idp-claim-uri
Map<String, String> localToIdPClaimMap = null;
Map<String, String> defaultValuesForClaims = new HashMap<>();
loadDefaultValuesForClaims(idPClaimMappings, defaultValuesForClaims);
if (idPStandardDialect != null || useDefaultIdpDialect) {
localToIdPClaimMap = getLocalToIdpClaimMappingWithStandardDialect(remoteClaims, idPClaimMappings, context,
idPStandardDialect);
} else if (idPClaimMappings.length > 0) {
localToIdPClaimMap = FrameworkUtils.getClaimMappings(idPClaimMappings, true);
} else {
log.warn("Authenticator : " + authenticator.getFriendlyName() + " does not have " +
"a standard dialect and IdP : " + context.getExternalIdP().getIdPName() +
" does not have custom claim mappings. Cannot proceed with claim mappings");
return spFilteredClaims;
}
// Loop remote claims and map to local claims
mapRemoteClaimsToLocalClaims(remoteClaims, localUnfilteredClaims, localToIdPClaimMap, defaultValuesForClaims);
// set all locally mapped unfiltered remote claims as a property
context.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, localUnfilteredClaims);
// claim mapping from local service provider to remote service provider.
Map<String, String> localToSPClaimMappings = mapLocalSpClaimsToRemoteSPClaims(spStandardDialect, context,
spClaimMappings);
// Loop through <code>localToSPClaimMappings</code> and filter
// <code>spUnfilteredClaims</code> and <code>spFilteredClaims</code>
filterSPClaims(spRequestedClaimMappings, localUnfilteredClaims, spUnfilteredClaims, spFilteredClaims,
localToSPClaimMappings);
// set all service provider mapped unfiltered remote claims as a property
context.setProperty(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES, spUnfilteredClaims);
if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(context.getRequestType())) {
spFilteredClaims = spUnfilteredClaims;
}
// set the subject claim URI as a property
if (spStandardDialect != null) {
setSubjectClaimForFederatedClaims(localUnfilteredClaims, spStandardDialect, context);
} else {
setSubjectClaimForFederatedClaims(spUnfilteredClaims, null, context);
}
return spFilteredClaims;
}
