Java Code Examples for org.wso2.carbon.identity.application.common.model.ClaimMapping#isRequested()
The following examples show how to use
org.wso2.carbon.identity.application.common.model.ClaimMapping#isRequested() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CacheBackedApplicationDAO.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
public List<String> getAllRequestedClaimsByServiceProvider(String serviceProviderName, String tenantDomain)
throws IdentityApplicationManagementException {
ServiceProvider applicationFromCache = getApplicationFromCache(serviceProviderName, tenantDomain);
if (applicationFromCache != null) {
List<String> requestedLocalClaims = new ArrayList<>();
ClaimConfig claimConfig = applicationFromCache.getClaimConfig();
ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
for (ClaimMapping claimMapping : claimMappings) {
if (claimMapping.isRequested()) {
requestedLocalClaims.add(claimMapping.getLocalClaim().getClaimUri());
}
}
return requestedLocalClaims;
}
return appDAO.getAllRequestedClaimsByServiceProvider(serviceProviderName, tenantDomain);
}
Example 2
| Source File: DefaultClaimHandler.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
private void setClaimsWhenLocalClaimNotExists(Map<String, String> claimMappings,
Map<String, String> requestedClaims,
Map<String, String> mandatoryClaims, ClaimMapping claim) {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), null);
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
if (claim.isMandatory()) {
mandatoryClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
}
Example 3
| Source File: DefaultClaimHandler.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
private void setClaimsWhenLocalClaimExists(Map<String, String> claimMappings, Map<String, String> requestedClaims,
Map<String, String> mandatoryClaims, ClaimMapping claim) {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
if (claim.isMandatory()) {
mandatoryClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
}
Example 4
| Source File: FileBasedApplicationDAO.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
@Override
public List<String> getAllRequestedClaimsByServiceProvider(String serviceProviderName,
String tenantDomain)
throws IdentityApplicationManagementException {
ServiceProvider serviceProvider = ApplicationManagementServiceComponent.getFileBasedSPs()
.get(serviceProviderName);
List<String> requestedClaimList = new ArrayList<String>();
if (serviceProvider == null || serviceProvider.getClaimConfig() == null) {
return requestedClaimList;
}
ClaimMapping[] claimMappings = serviceProvider.getClaimConfig().getClaimMappings();
if (claimMappings != null && claimMappings.length > 0) {
for (ClaimMapping mapping : claimMappings) {
if (mapping.isRequested()) {
if (mapping.getRemoteClaim() != null
&& mapping.getRemoteClaim().getClaimUri() != null) {
requestedClaimList.add(mapping.getRemoteClaim().getClaimUri());
} else if (mapping.getLocalClaim() != null
&& mapping.getLocalClaim().getClaimUri() != null) {
requestedClaimList.add(mapping.getLocalClaim().getClaimUri());
}
}
}
}
return requestedClaimList;
}
Example 5
| Source File: IdPManagementDAO.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* @param conn
* @param idPId
* @param tenantId
* @param claimMappings
* @throws SQLException
* @throws IdentityProviderManagementException
*/
private void addDefaultClaimValuesForLocalIdP(Connection conn, int idPId, int tenantId,
ClaimMapping[] claimMappings) throws SQLException,
IdentityProviderManagementException {
PreparedStatement prepStmt = null;
ResultSet rs = null;
String sqlStmt;
try {
if (claimMappings == null || claimMappings.length == 0) {
return;
}
sqlStmt = IdPManagementConstants.SQLQueries.ADD_LOCAL_IDP_DEFAULT_CLAIM_VALUES_SQL;
prepStmt = conn.prepareStatement(sqlStmt);
for (ClaimMapping mapping : claimMappings) {
if (mapping != null && mapping.getLocalClaim() != null
&& mapping.getLocalClaim().getClaimUri() != null) {
prepStmt.setInt(1, idPId);
prepStmt.setString(2, mapping.getLocalClaim().getClaimUri());
prepStmt.setString(3, mapping.getDefaultValue());
prepStmt.setInt(4, tenantId);
if (mapping.isRequested()) {
prepStmt.setString(5, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(5, IdPManagementConstants.IS_FALSE_VALUE);
}
prepStmt.addBatch();
}
}
prepStmt.executeBatch();
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs, prepStmt);
}
}
Example 6
| Source File: FileBasedApplicationDAO.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public List<String> getAllRequestedClaimsByServiceProvider(String serviceProviderName,
String tenantDomain) throws IdentityApplicationManagementException {
ServiceProvider serviceProvider = ApplicationManagementServiceComponent.getFileBasedSPs()
.get(serviceProviderName);
List<String> requestedClaimList = new ArrayList<String>();
if (serviceProvider == null || serviceProvider.getClaimConfig() == null) {
return requestedClaimList;
}
ClaimMapping[] claimMappings = serviceProvider.getClaimConfig().getClaimMappings();
if (claimMappings != null && claimMappings.length > 0) {
for (ClaimMapping mapping : claimMappings) {
if (mapping.isRequested()) {
if (mapping.getRemoteClaim() != null
&& mapping.getRemoteClaim().getClaimUri() != null) {
requestedClaimList.add(mapping.getRemoteClaim().getClaimUri());
} else if (mapping.getLocalClaim() != null
&& mapping.getLocalClaim().getClaimUri() != null) {
requestedClaimList.add(mapping.getLocalClaim().getClaimUri());
}
}
}
}
return requestedClaimList;
}
Example 7
| Source File: IdPManagementDAO.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param conn
* @param idPId
* @param tenantId
* @param claimMappings
* @throws SQLException
* @throws IdentityProviderManagementException
*/
private void addDefaultClaimValuesForLocalIdP(Connection conn, int idPId, int tenantId,
ClaimMapping[] claimMappings) throws SQLException,
IdentityProviderManagementException {
PreparedStatement prepStmt = null;
ResultSet rs = null;
String sqlStmt;
try {
if (claimMappings == null || claimMappings.length == 0) {
return;
}
sqlStmt = IdPManagementConstants.SQLQueries.ADD_LOCAL_IDP_DEFAULT_CLAIM_VALUES_SQL;
prepStmt = conn.prepareStatement(sqlStmt);
for (ClaimMapping mapping : claimMappings) {
if (mapping != null && mapping.getLocalClaim() != null
&& mapping.getLocalClaim().getClaimUri() != null) {
prepStmt.setInt(1, idPId);
prepStmt.setString(2, mapping.getLocalClaim().getClaimUri());
prepStmt.setString(3, mapping.getDefaultValue());
prepStmt.setInt(4, tenantId);
if (mapping.isRequested()) {
prepStmt.setString(5, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(5, IdPManagementConstants.IS_FALSE_VALUE);
}
prepStmt.addBatch();
}
}
prepStmt.executeBatch();
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs, prepStmt);
}
}
Example 8
| Source File: ServerIdpManagementService.java From identity-api-server with Apache License 2.0 | 4 votes |
|
private Claims createClaimResponse(ClaimConfig claimConfig) {
Claims apiClaims = new Claims();
List<org.wso2.carbon.identity.api.server.idp.v1.model.ClaimMapping> apiMappings = new ArrayList<>();
List<ProvisioningClaim> provClaims = new ArrayList<>();
if (claimConfig != null) {
if (claimConfig.getClaimMappings() != null) {
for (ClaimMapping mapping : claimConfig.getClaimMappings()) {
org.wso2.carbon.identity.api.server.idp.v1.model.ClaimMapping apiMapping = new org.wso2.carbon
.identity.api.server.idp.v1.model.ClaimMapping();
Claim localClaim = new Claim();
localClaim.setId(base64URLEncode(mapping.getLocalClaim().getClaimUri()));
localClaim.setUri(mapping.getLocalClaim().getClaimUri());
localClaim.setDisplayName(getDisplayNameOfLocalClaim(mapping.getLocalClaim().getClaimUri()));
apiMapping.setLocalClaim(localClaim);
// As the provisioning claims are added as claim mappings without any remote claim internally, we
// need to validate this here.
if (StringUtils.isNotBlank(mapping.getRemoteClaim().getClaimUri())) {
apiMapping.setIdpClaim(mapping.getRemoteClaim().getClaimUri());
apiMappings.add(apiMapping);
}
if (StringUtils.isNotBlank(mapping.getDefaultValue()) && mapping.isRequested()) {
ProvisioningClaim provClaimResponse = new ProvisioningClaim();
Claim provClaim = new Claim();
if (StringUtils.isNotBlank(mapping.getRemoteClaim().getClaimUri())) {
provClaim.setUri(mapping.getRemoteClaim().getClaimUri());
} else {
provClaim.setId(base64URLEncode(mapping.getLocalClaim().getClaimUri()));
provClaim.setUri(mapping.getLocalClaim().getClaimUri());
provClaim.setDisplayName(getDisplayNameOfLocalClaim(mapping.getLocalClaim().getClaimUri()));
}
provClaimResponse.setClaim(provClaim);
provClaimResponse.setDefaultValue(mapping.getDefaultValue());
provClaims.add(provClaimResponse);
}
}
}
Claim roleClaim = new Claim();
if (getLocalClaim(claimConfig.getRoleClaimURI()) != null) {
roleClaim.setId(base64URLEncode(claimConfig.getRoleClaimURI()));
roleClaim.setDisplayName(getDisplayNameOfLocalClaim(claimConfig.getRoleClaimURI()));
}
roleClaim.setUri(claimConfig.getRoleClaimURI());
apiClaims.setRoleClaim(roleClaim);
Claim userIdClaim = new Claim();
if (getLocalClaim(claimConfig.getUserClaimURI()) != null) {
userIdClaim.setId(base64URLEncode(claimConfig.getUserClaimURI()));
userIdClaim.setDisplayName(getDisplayNameOfLocalClaim(claimConfig.getUserClaimURI()));
}
userIdClaim.setUri(claimConfig.getUserClaimURI());
apiClaims.setUserIdClaim(userIdClaim);
}
apiClaims.setMappings(apiMappings);
apiClaims.setProvisioningClaims(provClaims);
return apiClaims;
}
Example 9
| Source File: SSOConsentServiceImpl.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* Get consent required claims for a given service from a user.
*
* @param serviceProvider Service provider requesting consent.
* @param authenticatedUser Authenticated user requesting consent form.
* @param useExistingConsents Use existing consent given by the user.
* @return ConsentClaimsData which contains mandatory and required claims for consent.
* @throws SSOConsentServiceException If error occurs while building claim information.
*/
protected ConsentClaimsData getConsentRequiredClaims(ServiceProvider serviceProvider,
AuthenticatedUser authenticatedUser,
boolean useExistingConsents)
throws SSOConsentServiceException {
if (!isSSOConsentManagementEnabled(serviceProvider)) {
String message = "Consent management for SSO is disabled.";
throw new SSOConsentDisabledException(message, message);
}
if (serviceProvider == null) {
throw new SSOConsentServiceException("Service provider cannot be null.");
}
String spName = serviceProvider.getApplicationName();
String spTenantDomain = getSPTenantDomain(serviceProvider);
String subject = buildSubjectWithUserStoreDomain(authenticatedUser);
ClaimMapping[] claimMappings = getSpClaimMappings(serviceProvider);
List<String> requestedClaims = new ArrayList<>();
List<String> mandatoryClaims = new ArrayList<>();
Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
String subjectClaimUri = getSubjectClaimUri(serviceProvider);
if (isPassThroughScenario(claimMappings, userAttributes)) {
for (Map.Entry<ClaimMapping, String> userAttribute : userAttributes.entrySet()) {
String remoteClaimUri = userAttribute.getKey().getRemoteClaim().getClaimUri();
if (subjectClaimUri.equals(remoteClaimUri) ||
IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR.equals(remoteClaimUri)) {
continue;
}
mandatoryClaims.add(remoteClaimUri);
}
} else {
boolean isCustomClaimMapping = isCustomClaimMapping(serviceProvider);
for (ClaimMapping claimMapping : claimMappings) {
if (isCustomClaimMapping) {
if (subjectClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
subjectClaimUri = claimMapping.getLocalClaim().getClaimUri();
continue;
}
} else {
if (subjectClaimUri.equals(claimMapping.getLocalClaim().getClaimUri())) {
continue;
}
}
if (claimMapping.isMandatory()) {
mandatoryClaims.add(claimMapping.getLocalClaim().getClaimUri());
} else if (claimMapping.isRequested()) {
requestedClaims.add(claimMapping.getLocalClaim().getClaimUri());
}
}
}
List<ClaimMetaData> receiptConsentMetaData = new ArrayList<>();
Receipt receipt = getConsentReceiptOfUser(serviceProvider, authenticatedUser, spName, spTenantDomain, subject);
if (useExistingConsents && receipt != null) {
receiptConsentMetaData = getConsentClaimsFromReceipt(receipt);
List<String> claimsWithConsent = getClaimsFromConsentMetaData(receiptConsentMetaData);
mandatoryClaims.removeAll(claimsWithConsent);
// Only request consent for mandatory claims without consent when a receipt already exist for the user.
requestedClaims.clear();
}
ConsentClaimsData consentClaimsData = getConsentRequiredClaimData(mandatoryClaims, requestedClaims,
spTenantDomain);
consentClaimsData.setClaimsWithConsent(receiptConsentMetaData);
return consentClaimsData;
}
Example 10
| Source File: ApplicationConfig.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
public ApplicationConfig(ServiceProvider application) {
this.serviceProvider = application;
applicationID = application.getApplicationID();
applicationName = application.getApplicationName();
isSaaSApp = application.isSaasApp();
LocalAndOutboundAuthenticationConfig outboundAuthConfig = application.getLocalAndOutBoundAuthenticationConfig();
if (outboundAuthConfig != null) {
subjectClaimUri = outboundAuthConfig.getSubjectClaimUri();
setUseTenantDomainInLocalSubjectIdentifier(outboundAuthConfig.isUseTenantDomainInLocalSubjectIdentifier());
setUseUserstoreDomainInLocalSubjectIdentifier(outboundAuthConfig
.isUseUserstoreDomainInLocalSubjectIdentifier());
setEnableAuthorization(outboundAuthConfig.isEnableAuthorization());
setUseUserstoreDomainInRole(outboundAuthConfig.isUseUserstoreDomainInRoles());
}
ClaimConfig claimConfig = application.getClaimConfig();
if (claimConfig != null) {
roleClaim = claimConfig.getRoleClaimURI();
alwaysSendMappedLocalSubjectId = claimConfig.isAlwaysSendMappedLocalSubjectId();
List<ClaimMapping> spClaimMappings = new ArrayList<>(Arrays.asList(claimConfig.getClaimMappings()));
setSpDialectClaims(claimConfig, spClaimMappings);
if (CollectionUtils.isNotEmpty(spClaimMappings)) {
for (ClaimMapping claim : spClaimMappings) {
if (claim.getRemoteClaim() != null
&& claim.getRemoteClaim().getClaimUri() != null) {
if (claim.getLocalClaim() != null) {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
if (claim.isMandatory()) {
mandatoryClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
} else {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), null);
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
if (claim.isMandatory()) {
mandatoryClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
}
}
}
}
}
PermissionsAndRoleConfig permissionRoleConfiguration;
permissionRoleConfiguration = application.getPermissionAndRoleConfig();
if (permissionRoleConfiguration != null) {
ApplicationPermission[] permissionList = permissionRoleConfiguration.getPermissions();
if (permissionList == null) {
permissionList = new ApplicationPermission[0];
}
permissions = new String[permissionList.length];
for (int i = 0; i < permissionList.length; i++) {
ApplicationPermission permission = permissionList[i];
permissions[i] = permission.getValue();
}
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
if (tempRoleMappings != null && tempRoleMappings.length > 0) {
for (RoleMapping roleMapping : tempRoleMappings) {
this.roleMappings.put(roleMapping.getLocalRole().getLocalRoleName(),
roleMapping.getRemoteRole());
}
}
}
}
Example 11
| Source File: IdPManagementDAO.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* @param conn
* @param idPId
* @param tenantId
* @param claimMappings
* @throws SQLException
* @throws IdentityProviderManagementException
*/
private void addIdPClaimMappings(Connection conn, int idPId, int tenantId,
ClaimMapping[] claimMappings) throws SQLException,
IdentityProviderManagementException {
Map<String, Integer> claimIdMap = new HashMap<String, Integer>();
PreparedStatement prepStmt = null;
ResultSet rs = null;
try {
if (claimMappings == null || claimMappings.length == 0) {
return;
}
String sqlStmt = IdPManagementConstants.SQLQueries.GET_IDP_CLAIMS_SQL;
prepStmt = conn.prepareStatement(sqlStmt);
prepStmt.setInt(1, idPId);
rs = prepStmt.executeQuery();
while (rs.next()) {
int id = rs.getInt("ID");
String claim = rs.getString("CLAIM");
claimIdMap.put(claim, id);
}
prepStmt.clearParameters();
if (claimIdMap.isEmpty()) {
String message = "No Identity Provider claim URIs defined for tenant " + tenantId;
throw new IdentityProviderManagementException(message);
}
sqlStmt = IdPManagementConstants.SQLQueries.ADD_IDP_CLAIM_MAPPINGS_SQL;
prepStmt = conn.prepareStatement(sqlStmt);
for (ClaimMapping mapping : claimMappings) {
if (mapping != null && mapping.getRemoteClaim() != null
&& claimIdMap.containsKey(mapping.getRemoteClaim().getClaimUri())) {
int idpClaimId = claimIdMap.get(mapping.getRemoteClaim().getClaimUri());
String localClaimURI = mapping.getLocalClaim().getClaimUri();
prepStmt.setInt(1, idpClaimId);
prepStmt.setInt(2, tenantId);
prepStmt.setString(3, localClaimURI);
prepStmt.setString(4, mapping.getDefaultValue());
if (mapping.isRequested()) {
prepStmt.setString(5, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(5, IdPManagementConstants.IS_FALSE_VALUE);
}
prepStmt.addBatch();
} else {
throw new IdentityProviderManagementException("Cannot find Identity Provider claim mapping for " +
"tenant "
+ tenantId);
}
}
prepStmt.executeBatch();
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs, prepStmt);
}
}
Example 12
| Source File: ApplicationConfig.java From carbon-identity with Apache License 2.0 | 4 votes |
|
public ApplicationConfig(ServiceProvider application) {
this.serviceProvider = application;
applicationID = application.getApplicationID();
applicationName = application.getApplicationName();
isSaaSApp = application.isSaasApp();
LocalAndOutboundAuthenticationConfig outboundAuthConfig = application.getLocalAndOutBoundAuthenticationConfig();
if (outboundAuthConfig != null) {
subjectClaimUri = outboundAuthConfig.getSubjectClaimUri();
setUseTenantDomainInLocalSubjectIdentifier(outboundAuthConfig.isUseTenantDomainInLocalSubjectIdentifier());
setUseUserstoreDomainInLocalSubjectIdentifier(outboundAuthConfig
.isUseUserstoreDomainInLocalSubjectIdentifier());
}
ClaimConfig claimConfig = application.getClaimConfig();
if (claimConfig != null) {
roleClaim = claimConfig.getRoleClaimURI();
alwaysSendMappedLocalSubjectId = claimConfig.isAlwaysSendMappedLocalSubjectId();
ClaimMapping[] claimMapping = claimConfig.getClaimMappings();
requestedClaims = new HashMap<String, String>();
if (claimMapping != null && claimMapping.length > 0) {
claimMappings = new HashMap<String, String>();
for (ClaimMapping claim : claimMapping) {
if (claim.getRemoteClaim() != null
&& claim.getRemoteClaim().getClaimUri() != null) {
if (claim.getLocalClaim() != null) {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), claim
.getLocalClaim().getClaimUri());
}
} else {
claimMappings.put(claim.getRemoteClaim().getClaimUri(), null);
if (claim.isRequested()) {
requestedClaims.put(claim.getRemoteClaim().getClaimUri(), null);
}
}
}
}
}
}
PermissionsAndRoleConfig permissionRoleConfiguration;
permissionRoleConfiguration = application.getPermissionAndRoleConfig();
if (permissionRoleConfiguration != null) {
ApplicationPermission[] permissionList = permissionRoleConfiguration.getPermissions();
if (permissionList == null) {
permissionList = new ApplicationPermission[0];
}
permissions = new String[permissionList.length];
for (int i = 0; i < permissionList.length; i++) {
ApplicationPermission permission = permissionList[i];
permissions[i] = permission.getValue();
}
RoleMapping[] tempRoleMappings = permissionRoleConfiguration.getRoleMappings();
if (tempRoleMappings != null && tempRoleMappings.length > 0) {
this.roleMappings = new HashMap<String, String>();
for (RoleMapping roleMapping : tempRoleMappings) {
this.roleMappings.put(roleMapping.getLocalRole().getLocalRoleName(),
roleMapping.getRemoteRole());
}
}
}
}
Example 13
| Source File: SAMLAssertionClaimsCallback.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* Get claims from user store
*
* @param requestMsgCtx Token request message context
* @return Users claim map
* @throws Exception
*/
private static Map<String, Object> getClaimsFromUserStore(OAuthTokenReqMessageContext requestMsgCtx)
throws UserStoreException, IdentityApplicationManagementException, IdentityException {
String username = requestMsgCtx.getAuthorizedUser().toString();
String tenantDomain = requestMsgCtx.getAuthorizedUser().getTenantDomain();
UserRealm realm;
List<String> claimURIList = new ArrayList<String>();
Map<String, Object> mappedAppClaims = new HashMap<String, Object>();
ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
String spName = applicationMgtService
.getServiceProviderNameByClientId(requestMsgCtx.getOauth2AccessTokenReqDTO().getClientId(),
INBOUND_AUTH2_TYPE, tenantDomain);
ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
tenantDomain);
if (serviceProvider == null) {
return mappedAppClaims;
}
realm = IdentityTenantUtil.getRealm(tenantDomain, username);
if (realm == null) {
log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
+ " and user " + username);
return new HashMap<>();
}
Map<String, String> spToLocalClaimMappings;
UserStoreManager userStoreManager = realm.getUserStoreManager();
ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();
if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {
for (ClaimMapping mapping : requestedLocalClaimMap) {
if (mapping.isRequested()) {
claimURIList.add(mapping.getLocalClaim().getClaimUri());
}
}
if (log.isDebugEnabled()) {
log.debug("Requested number of local claims: " + claimURIList.size());
}
spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
SP_DIALECT, null, tenantDomain, false);
Map<String, String> userClaims = null;
try {
userClaims = userStoreManager.getUserClaimValues(
MultitenantUtils.getTenantAwareUsername(username),
claimURIList.toArray(new String[claimURIList.size()]), null);
} catch (UserStoreException e) {
if (e.getMessage().contains("UserNotFound")) {
if (log.isDebugEnabled()) {
log.debug("User " + username + " not found in user store");
}
} else {
throw e;
}
}
if (log.isDebugEnabled()) {
log.debug("Number of user claims retrieved from user store: " + userClaims.size());
}
if (MapUtils.isEmpty(userClaims)) {
return new HashMap<>();
}
for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
.hasNext(); ) {
Map.Entry<String, String> entry = iterator.next();
String value = userClaims.get(entry.getValue());
if (value != null) {
mappedAppClaims.put(entry.getKey(), value);
if (log.isDebugEnabled() &&
IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
log.debug("Mapped claim: key - " + entry.getKey() + " value -" + value);
}
}
}
String domain = IdentityUtil.extractDomainFromName(username);
RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(domain)
.getRealmConfiguration();
String claimSeparator = realmConfiguration.getUserStoreProperty(
IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
if (StringUtils.isNotBlank(claimSeparator)) {
mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
}
}
return mappedAppClaims;
}
Example 14
| Source File: SAMLAssertionClaimsCallback.java From carbon-identity with Apache License 2.0 | 4 votes |
|
private static Map<String, Object> getClaimsFromUserStore(OAuthAuthzReqMessageContext requestMsgCtx)
throws IdentityApplicationManagementException, IdentityException, UserStoreException,
ClaimManagementException {
AuthenticatedUser user = requestMsgCtx.getAuthorizationReqDTO().getUser();
String tenantDomain = requestMsgCtx.getAuthorizationReqDTO().getUser().getTenantDomain();
UserRealm realm;
List<String> claimURIList = new ArrayList<String>();
Map<String, Object> mappedAppClaims = new HashMap<String, Object>();
ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
String spName = applicationMgtService
.getServiceProviderNameByClientId(requestMsgCtx.getAuthorizationReqDTO().getConsumerKey(),
INBOUND_AUTH2_TYPE, tenantDomain);
ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
tenantDomain);
if (serviceProvider == null) {
return mappedAppClaims;
}
realm = IdentityTenantUtil.getRealm(tenantDomain, user.toString());
if (realm == null) {
log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
+ " and user " + user);
return new HashMap<>();
}
Map<String, String> spToLocalClaimMappings;
UserStoreManager userStoreManager = realm.getUserStoreManager();
ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();
if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {
for (ClaimMapping mapping : requestedLocalClaimMap) {
if (mapping.isRequested()) {
claimURIList.add(mapping.getLocalClaim().getClaimUri());
}
}
if (log.isDebugEnabled()) {
log.debug("Requested number of local claims: " + claimURIList.size());
}
spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
SP_DIALECT, null, tenantDomain, false);
Map<String, String> userClaims = null;
try {
userClaims = userStoreManager.getUserClaimValues(UserCoreUtil.addDomainToName(user.getUserName(),
user.getUserStoreDomain()), claimURIList.toArray(new String[claimURIList.size()]),null);
} catch (UserStoreException e) {
if (e.getMessage().contains("UserNotFound")) {
if (log.isDebugEnabled()) {
log.debug("User " + user + " not found in user store");
}
} else {
throw e;
}
}
if (log.isDebugEnabled()) {
log.debug("Number of user claims retrieved from user store: " + userClaims.size());
}
if (MapUtils.isEmpty(userClaims)) {
return new HashMap<>();
}
for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
.hasNext(); ) {
Map.Entry<String, String> entry = iterator.next();
String value = userClaims.get(entry.getValue());
if (value != null) {
mappedAppClaims.put(entry.getKey(), value);
if (log.isDebugEnabled() &&
IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
log.debug("Mapped claim: key - " + entry.getKey() + " value -" + value);
}
}
}
RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(user.getUserStoreDomain())
.getRealmConfiguration();
String claimSeparator = realmConfiguration.getUserStoreProperty(
IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
if (StringUtils.isNotBlank(claimSeparator)) {
mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
}
}
return mappedAppClaims;
}
Example 15
| Source File: IdPManagementDAO.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* @param conn
* @param idPId
* @param tenantId
* @param claimMappings
* @throws SQLException
* @throws IdentityProviderManagementException
*/
private void addIdPClaimMappings(Connection conn, int idPId, int tenantId,
ClaimMapping[] claimMappings) throws SQLException,
IdentityProviderManagementException {
Map<String, Integer> claimIdMap = new HashMap<String, Integer>();
PreparedStatement prepStmt = null;
ResultSet rs = null;
try {
if (claimMappings == null || claimMappings.length == 0) {
return;
}
String sqlStmt = IdPManagementConstants.SQLQueries.GET_IDP_CLAIMS_SQL;
prepStmt = conn.prepareStatement(sqlStmt);
prepStmt.setInt(1, idPId);
rs = prepStmt.executeQuery();
while (rs.next()) {
int id = rs.getInt("ID");
String claim = rs.getString("CLAIM");
claimIdMap.put(claim, id);
}
prepStmt.clearParameters();
if (claimIdMap.isEmpty()) {
String message = "No Identity Provider claim URIs defined for tenant " + tenantId;
throw new IdentityProviderManagementException(message);
}
sqlStmt = IdPManagementConstants.SQLQueries.ADD_IDP_CLAIM_MAPPINGS_SQL;
prepStmt = conn.prepareStatement(sqlStmt);
for (ClaimMapping mapping : claimMappings) {
if (mapping != null && mapping.getRemoteClaim() != null
&& claimIdMap.containsKey(mapping.getRemoteClaim().getClaimUri())) {
int idpClaimId = claimIdMap.get(mapping.getRemoteClaim().getClaimUri());
String localClaimURI = mapping.getLocalClaim().getClaimUri();
prepStmt.setInt(1, idpClaimId);
prepStmt.setInt(2, tenantId);
prepStmt.setString(3, localClaimURI);
prepStmt.setString(4, mapping.getDefaultValue());
if (mapping.isRequested()) {
prepStmt.setString(5, IdPManagementConstants.IS_TRUE_VALUE);
} else {
prepStmt.setString(5, IdPManagementConstants.IS_FALSE_VALUE);
}
prepStmt.addBatch();
} else {
throw new IdentityProviderManagementException("Cannot find Identity Provider claim mapping for tenant "
+ tenantId);
}
}
prepStmt.executeBatch();
} finally {
IdentityDatabaseUtil.closeAllConnections(null, rs, prepStmt);
}
}
