Java Code Examples for org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext#getProperty()

The following examples show how to use org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext#getProperty() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultClaimHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Set federated subject's SP Subject Claim URI as a property
 */
private void setSubjectClaimForFederatedClaims(Map<String, String> attributesMap,
                                               String spStandardDialect,
                                               AuthenticationContext context) {

    String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
    if (subjectURI != null && !subjectURI.isEmpty()) {
        if (spStandardDialect != null) {
            setSubjectClaim(null, null, attributesMap, spStandardDialect, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst locally mapped " +
                         "unfiltered remote claims");
            }
        } else {
            setSubjectClaim(null, null, attributesMap, null, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst service provider mapped " +
                         "unfiltered remote claims");
            }
        }
    }
}
 
Example 2
Source File: PostAuthAssociationHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * To get the claim mapping based on user local.
 *
 * @param context    Authentication Context.
 * @param mappedAttrs    Mapped user attributes.
 * @return claim mapping.
 */
@SuppressWarnings("unchecked")
private Map<ClaimMapping, String> getClaimMapping(AuthenticationContext context, Map<String, String> mappedAttrs) {

    Map<ClaimMapping, String> mappedClaims = null;
    Map<String, String> localClaimValues = (Map<String, String>) context
            .getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
    Map<String, String> idpClaimValues = (Map<String, String>) context
            .getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
    // if no requested claims are selected, send all local mapped claim values or idp claim values
    if (context.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings() == null || context
            .getSequenceConfig().getApplicationConfig().getRequestedClaimMappings().isEmpty()) {
        if (MapUtils.isNotEmpty(localClaimValues)) {
            mappedAttrs = localClaimValues;
        } else if (MapUtils.isNotEmpty(idpClaimValues)) {
            mappedAttrs = idpClaimValues;
        }
    }
    if (MapUtils.isNotEmpty(mappedAttrs)) {
        mappedClaims = FrameworkUtils.buildClaimMappings(mappedAttrs);
    }
    return mappedClaims;
}
 
Example 3
Source File: PostAuthenticatedSubjectIdentifierHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
@Override
public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServletResponse response,
        AuthenticationContext context) {

    if (!FrameworkUtils.isStepBasedSequenceHandlerExecuted(context)) {
        return SUCCESS_COMPLETED;
    }
    SequenceConfig sequenceConfig = context.getSequenceConfig();
    String subjectClaimURI = sequenceConfig.getApplicationConfig().getSubjectClaimUri();
    String subjectValue = (String) context.getProperty(FrameworkConstants.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE);
    if (StringUtils.isNotBlank(subjectClaimURI)) {
        if (subjectValue != null) {
            handleUserStoreAndTenantDomain(sequenceConfig, subjectValue);
        } else {
            log.warn("Subject claim could not be found. Defaulting to Name Identifier.");
            setAuthenticatedSujectIdentifierBasedOnUserName(sequenceConfig);
        }
    } else {
        setAuthenticatedSujectIdentifierBasedOnUserName(sequenceConfig);

    }
    return SUCCESS_COMPLETED;
}
 
Example 4
Source File: GraphBasedSequenceHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
private void modifyCurrentNodeAsPreviousStep(AuthenticationContext context) {

        context.removeProperty(BACK_TO_PREVIOUS_STEP);
        if (context.getProperty(PROP_CURRENT_NODE) != null) {
            //Identifier first should be the first step. Other steps will be determine dynamically.
            for (int i = 2; i <= context.getSequenceConfig().getStepMap().size(); i++) {
                context.getSequenceConfig().getStepMap().remove(i);
            }
            AuthGraphNode parentNode = ((AuthGraphNode) context.getProperty(PROP_CURRENT_NODE)).getParent();
            while (parentNode != null && !isIdentifierFirstStep((parentNode))) {
                if (parentNode instanceof DynamicDecisionNode) {
                    ((DynamicDecisionNode) parentNode).setDefaultEdge(new EndStep());
                }
                parentNode = parentNode.getParent();
            }
            context.setProperty(PROP_CURRENT_NODE, parentNode);
            if (log.isDebugEnabled()) {
                log.debug("Modified current node a parent node which can handle the Identifier First requests.");
            }
        }
    }
 
Example 5
Source File: FrameworkUtils.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * @deprecated This method is a temporary solution and might get changed in the future.
 * It is recommended not use this method.
 *
 * @param context AuthenticationContext.
 * @return true if the handlers need to be executed, otherwise false.
 */
@Deprecated
public static boolean isStepBasedSequenceHandlerExecuted(AuthenticationContext context) {

    boolean isNeeded = true;
    SequenceConfig sequenceConfig = context.getSequenceConfig();
    AuthenticatedUser authenticatedUser = sequenceConfig.getAuthenticatedUser();
    Object isDefaultStepBasedSequenceHandlerTriggered = context
            .getProperty(FrameworkConstants.STEP_BASED_SEQUENCE_HANDLER_TRIGGERED);
    // If authenticated user is null or if step based sequence handler is not trigged, exit the flow.
    if (authenticatedUser == null || isDefaultStepBasedSequenceHandlerTriggered == null
            || !(boolean) isDefaultStepBasedSequenceHandlerTriggered) {
        isNeeded = false;
    }
    return isNeeded;
}
 
Example 6
Source File: DefaultClaimHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Set federated subject's SP Subject Claim URI as a property
 */
private void setSubjectClaimForFederatedClaims(Map<String, String> attributesMap,
                                               String spStandardDialect,
                                               AuthenticationContext context) {

    String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
    if (subjectURI != null && !subjectURI.isEmpty()) {
        if (spStandardDialect != null) {
            setSubjectClaim(null, null, attributesMap, spStandardDialect, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst locally mapped " +
                         "unfiltered remote claims");
            }
        } else {
            setSubjectClaim(null, null, attributesMap, null, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst service provider mapped " +
                         "unfiltered remote claims");
            }
        }
    }
}
 
Example 7
Source File: DefaultClaimHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Set federated subject's SP Subject Claim URI as a property
 */
private void setSubjectClaimForLocalClaims(String tenantAwareUserId,
                                           UserStoreManager userStore,
                                           Map<String, String> attributesMap,
                                           String spStandardDialect,
                                           AuthenticationContext context) {

    String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
    if (subjectURI != null && !subjectURI.isEmpty()) {
        if (spStandardDialect != null) {
            setSubjectClaim(tenantAwareUserId, userStore, attributesMap, spStandardDialect, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst unfiltered local claims");
            }
        } else {
            setSubjectClaim(tenantAwareUserId, userStore, attributesMap, null, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst service provider mapped " +
                         "unfiltered local claims");
            }
        }
    }
}
 
Example 8
Source File: DefaultClaimHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Set federated subject's SP Subject Claim URI as a property
 */
private void setSubjectClaimForLocalClaims(String tenantAwareUserId,
                                           UserStoreManager userStore,
                                           Map<String, String> attributesMap,
                                           String spStandardDialect,
                                           AuthenticationContext context) {

    String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
    if (subjectURI != null && !subjectURI.isEmpty()) {
        if (spStandardDialect != null) {
            setSubjectClaim(tenantAwareUserId, userStore, attributesMap, spStandardDialect, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst unfiltered local claims");
            }
        } else {
            setSubjectClaim(tenantAwareUserId, userStore, attributesMap, null, context);
            if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
                log.warn("Subject claim could not be found amongst service provider mapped " +
                         "unfiltered local claims");
            }
        }
    }
}
 
Example 9
Source File: ConsentMgtPostAuthnHandler.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private Map<String, String> getSPToCarbonClaimMappings(AuthenticationContext context) {

        Object mapping = context.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
        if (mapping != null && mapping instanceof HashMap) {
            return (Map<String, String>) mapping;
        }
        return new HashMap<>();
    }
 
Example 10
Source File: PostAuthnMissingClaimHandler.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private boolean isPostAuthRequestTriggered(AuthenticationContext context) {

        Object object = context.getProperty(POST_AUTHENTICATION_REDIRECTION_TRIGGERED);
        boolean postAuthRequestTriggered = false;
        if (object != null && object instanceof Boolean) {
            postAuthRequestTriggered = (boolean) object;
        }
        return postAuthRequestTriggered;
    }
 
Example 11
Source File: DefaultSequenceHandlerUtils.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Get the standard claim dialect of the service provider in the
 * authentication context.
 *
 * @param context AuthenticationContext.
 * @return The claim dialect of the service provider.
 */
private static String getSPStandardDialect(AuthenticationContext context) {

    ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
    String spStandardDialect;
    if (context.getProperties().containsKey(FrameworkConstants.SP_STANDARD_DIALECT)) {
        spStandardDialect = (String) context.getProperty(FrameworkConstants.SP_STANDARD_DIALECT);
    } else {
        spStandardDialect = FrameworkUtils.getStandardDialect(context.getRequestType(), appConfig);
    }
    return spStandardDialect;
}
 
Example 12
Source File: LoginContextManagementUtil.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Returns whether post authentication handler execution is ended or not.
 *
 * @param authenticationContext Authentication context.
 * @return True if post authentication handlers have finished execution on this context. else false.
 */
public static boolean isPostAuthenticationExtensionCompleted(AuthenticationContext authenticationContext) {

    Object object = authenticationContext.getProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED);
    if (object != null && object instanceof Boolean) {
        return (Boolean) object;
    } else {
        return false;
    }
}
 
Example 13
Source File: JsGraphBuilderFactory.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public static void restoreCurrentContext(AuthenticationContext context, ScriptEngine engine)
    throws FrameworkException {

    Map<String, Object> map = (Map<String, Object>) context.getProperty(JS_BINDING_CURRENT_CONTEXT);
    Bindings bindings = engine.getBindings(ScriptContext.ENGINE_SCOPE);
    if (map != null) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            Object deserializedValue = FrameworkUtils.fromJsSerializable(entry.getValue(), engine);
            if (deserializedValue instanceof AbstractJSObjectWrapper) {
                ((AbstractJSObjectWrapper) deserializedValue).initializeContext(context);
            }
            bindings.put(entry.getKey(), deserializedValue);
        }
    }
}
 
Example 14
Source File: GraphBasedSequenceHandler.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
private boolean isBackToPreviousStep(AuthenticationContext context) {

        return context.getProperty(BACK_TO_PREVIOUS_STEP) != null && Boolean.parseBoolean(context.getProperty
                (BACK_TO_PREVIOUS_STEP).toString());
    }
 
Example 15
Source File: DefaultRequestPathBasedSequenceHandler.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
protected void handlePostAuthentication(HttpServletRequest request,
                                        HttpServletResponse response, AuthenticationContext context,
                                        AuthenticatedIdPData authenticatedIdPData) throws FrameworkException {

    if (log.isDebugEnabled()) {
        log.debug("Handling Post Authentication tasks");
    }

    SequenceConfig sequenceConfig = context.getSequenceConfig();
    Map<String, String> mappedAttrs;
    StringBuilder jsonBuilder = new StringBuilder();

    // build the authenticated idps JWT to send to the calling servlet.
    jsonBuilder.append("\"idps\":");
    jsonBuilder.append("[");

    // build the JSON object for this step
    jsonBuilder.append("{");
    jsonBuilder.append("\"idp\":\"").append(authenticatedIdPData.getIdpName()).append("\",");
    jsonBuilder
            .append("\"authenticator\":\"")
            .append(authenticatedIdPData.getAuthenticator().getApplicationAuthenticator()
                            .getName()).append("\"");
    // wrap up the JSON object
    jsonBuilder.append("}");
    jsonBuilder.append("]");

    sequenceConfig
            .setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder
                                                                                         .toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));

    mappedAttrs = handleClaimMappings(context);
    String spRoleUri = getSpRoleClaimUri(sequenceConfig.getApplicationConfig());
    String roleAttr = mappedAttrs.get(spRoleUri);

    if (roleAttr != null && roleAttr.trim().length() > 0) {

        String[] roles = roleAttr.split(",");
        mappedAttrs.put(spRoleUri,
                        getServiceProviderMappedUserRoles(sequenceConfig, Arrays.asList(roles)));
    }

    sequenceConfig.getAuthenticatedUser().setUserAttributes(FrameworkUtils.buildClaimMappings(mappedAttrs));

    if (context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri() != null
        && context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim()
                   .length() > 0) {
        Map<String, String> unfilteredClaimValues = (Map<String, String>) context
                .getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);

        String subjectValue = null;

        if (unfilteredClaimValues != null) {
            subjectValue = unfilteredClaimValues.get(context.getSequenceConfig()
                                                             .getApplicationConfig().getSubjectClaimUri().trim());
        } else {
            subjectValue = mappedAttrs.get(context.getSequenceConfig().getApplicationConfig()
                                                   .getSubjectClaimUri().trim());
        }
        if (subjectValue != null) {
            AuthenticatedUser authenticatedUser = sequenceConfig.getAuthenticatedUser();
            authenticatedUser.setAuthenticatedSubjectIdentifier(subjectValue);

            if (log.isDebugEnabled()) {
                log.debug("Authenticated User: " +
                          sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
                log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
            }
        }
    }
}
 
Example 16
Source File: GraphBasedSequenceHandler.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
private boolean handleLongWait(HttpServletRequest request, HttpServletResponse response,
                               AuthenticationContext context, SequenceConfig sequenceConfig,
                               LongWaitNode longWaitNode) throws FrameworkException {

    boolean isWaiting;
    LongWaitStatusStoreService longWaitStatusStoreService =
            FrameworkServiceDataHolder.getInstance().getLongWaitStatusStoreService();
    LongWaitStatus longWaitStatus = longWaitStatusStoreService.getWait(context.getContextIdentifier());
    if (longWaitStatus == null || longWaitStatus.getStatus() == LongWaitStatus.Status.UNKNOWN) {
        //This is a initiation of long wait
        longWaitStatus = new LongWaitStatus();
        int tenantId = IdentityTenantUtil.getTenantId(context.getTenantDomain());
        longWaitStatusStoreService.addWait(tenantId, context.getContextIdentifier(), longWaitStatus);
        isWaiting = callExternalSystem(request, response, context, sequenceConfig, longWaitNode);
        if (promptOnLongWait()) {
            if (isWaiting) {
                displayLongWait(context, request, response);
            }
        }
    } else {
        context.setReturning(false);
        // This is a continuation of long wait
        isWaiting = LongWaitStatus.Status.COMPLETED != longWaitStatus.getStatus();
        longWaitStatusStoreService.removeWait(context.getContextIdentifier());
        String outcomeName = (String) context.getProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
        Map<String, Object> data = (Map<String, Object>) context.getProperty(
                FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
        context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_STATUS);
        context.removeProperty(FrameworkConstants.JSAttributes.JS_CALL_AND_WAIT_DATA);
        AuthGraphNode nextNode;
        if (outcomeName != null) {
            executeFunction(outcomeName, longWaitNode, context, data);
            nextNode = longWaitNode.getDefaultEdge();
            if (nextNode == null) {
                log.error("Authentication script does not have applicable event handler for outcome "
                        + outcomeName + " from the long wait process : " + context.getContextIdentifier()
                        + ". So ending the authentication flow. Add the correspoding event handler to the script");
                nextNode = new FailNode();
            }
        } else {
            log.error("The outcome from the long wait process " + context.getContextIdentifier()
                    + " is null. Because asyncReturn.accept() has not been used properly in the async process flow"
                    + " of the custom function. So ending the authentication flow. Check the flow in the async"
                    + " process flow of the custom function and add asyncReturn.accept() with the corresponding"
                    + " outcome.");
            nextNode = new FailNode();
        }
        context.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, nextNode);
    }
    return isWaiting;
}
 
Example 17
Source File: JITProvisioningPostAuthenticationHandler.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
/**
 * This method is used to handle response flow, after going through password provisioning.
 *
 * @param request        HttpServlet request.
 * @param context        Authentication context
 * @return Status of PostAuthnHandler flow.
 * @throws PostAuthenticationFailedException Post Authentication Failed Exception
 */
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request, AuthenticationContext context)
        throws PostAuthenticationFailedException {

    SequenceConfig sequenceConfig = context.getSequenceConfig();
    for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
        StepConfig stepConfig = entry.getValue();
        AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
        ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();

        if (authenticator instanceof FederatedApplicationAuthenticator) {
            ExternalIdPConfig externalIdPConfig;
            String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
            externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
            context.setExternalIdP(externalIdPConfig);

            if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
                if (log.isDebugEnabled()) {
                    log.debug("JIT provisioning response flow has hit for the IDP " + externalIdPConfigName + " "
                            + "for the user, " + sequenceConfig.getAuthenticatedUser().getUserName());
                }
                final Map<String, String> localClaimValues;
                Object unfilteredLocalClaimValues = context
                        .getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
                localClaimValues = unfilteredLocalClaimValues == null ?
                        new HashMap<>() :
                        (Map<String, String>) unfilteredLocalClaimValues;
                Map<String, String> combinedLocalClaims = getCombinedClaims(request, localClaimValues, context);
                if (externalIdPConfig.isPasswordProvisioningEnabled()) {
                    combinedLocalClaims
                            .put(FrameworkConstants.PASSWORD, request.getParameter(FrameworkConstants.PASSWORD));
                }
                String username = sequenceConfig.getAuthenticatedUser().getUserName();
                if (context.getProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED) != null) {
                    username = request.getParameter(FrameworkConstants.USERNAME);
                }
                callDefaultProvisioningHandler(username, context, externalIdPConfig, combinedLocalClaims,
                        stepConfig);
               handleConsents(request, stepConfig, context.getTenantDomain());
            }
        }
    }
    return SUCCESS_COMPLETED;
}
 
Example 18
Source File: GraphBasedSequenceHandler.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context)
        throws FrameworkException {

    if (log.isDebugEnabled()) {
        log.debug("Executing the Step Based Authentication...");
    }

    if (isBackToPreviousStep(context)) {
        modifyCurrentNodeAsPreviousStep(context);
    }
    SequenceConfig sequenceConfig = context.getSequenceConfig();
    String authenticationType = sequenceConfig.getApplicationConfig().getServiceProvider()
        .getLocalAndOutBoundAuthenticationConfig().getAuthenticationType();
    AuthenticationGraph graph = sequenceConfig.getAuthenticationGraph();
    if (graph == null || !graph.isEnabled() || (!ApplicationConstants.AUTH_TYPE_FLOW.equals(authenticationType) &&
            !ApplicationConstants.AUTH_TYPE_DEFAULT.equals(authenticationType))) {
        //Handle pre-configured step array
        if (log.isDebugEnabled()) {
            log.debug("Authentication Graph not defined for the application. "
                    + "Performing Step based authentication. Service Provider :" + sequenceConfig
                    .getApplicationId());
        }
        DefaultStepBasedSequenceHandler.getInstance().handle(request, response, context);
        return;
    }
    if (!graph.isBuildSuccessful()) {
        throw new FrameworkException(
                "Error while building graph from Javascript. Nested exception is: " + graph.getErrorReason());
    }

    boolean isInterrupted = false;
    while (!isInterrupted && !context.getSequenceConfig().isCompleted()) {

        AuthGraphNode currentNode = (AuthGraphNode) context
                .getProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE);
        if (currentNode == null) {
            isInterrupted = handleInitialize(request, response, context, sequenceConfig, graph);
        } else {
            isInterrupted = handleNode(request, response, context, sequenceConfig, currentNode);
        }
    }
}
 
Example 19
Source File: DefaultRequestPathBasedSequenceHandler.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
protected void handlePostAuthentication(HttpServletRequest request,
                                        HttpServletResponse response, AuthenticationContext context,
                                        AuthenticatedIdPData authenticatedIdPData) throws FrameworkException {

    if (log.isDebugEnabled()) {
        log.debug("Handling Post Authentication tasks");
    }

    SequenceConfig sequenceConfig = context.getSequenceConfig();
    Map<String, String> mappedAttrs;
    StringBuilder jsonBuilder = new StringBuilder();

    // build the authenticated idps JWT to send to the calling servlet.
    jsonBuilder.append("\"idps\":");
    jsonBuilder.append("[");

    // build the JSON object for this step
    jsonBuilder.append("{");
    jsonBuilder.append("\"idp\":\"").append(authenticatedIdPData.getIdpName()).append("\",");
    jsonBuilder
            .append("\"authenticator\":\"")
            .append(authenticatedIdPData.getAuthenticator().getApplicationAuthenticator()
                            .getName()).append("\"");
    // wrap up the JSON object
    jsonBuilder.append("}");
    jsonBuilder.append("]");

    sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(jsonBuilder.toString(),
                    sequenceConfig.getApplicationConfig().getServiceProvider()));

    mappedAttrs = handleClaimMappings(context);
    String spRoleUri = getSpRoleClaimUri(sequenceConfig.getApplicationConfig());
    String roleAttr = mappedAttrs.get(spRoleUri);

    if (StringUtils.isNotBlank(roleAttr)) {
        String[] roles = roleAttr.split(Pattern.quote(FrameworkUtils.getMultiAttributeSeparator()));
        mappedAttrs.put(spRoleUri, getServiceProviderMappedUserRoles(sequenceConfig, Arrays.asList(roles)));
    }

    sequenceConfig.getAuthenticatedUser().setUserAttributes(FrameworkUtils.buildClaimMappings(mappedAttrs));

    if (StringUtils.isNotBlank(context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri())) {
        Map<String, String> unfilteredClaimValues =
                (Map<String, String>) context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);

        String subjectClaimUri = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri().trim();
        String subjectClaimValue;
        if (unfilteredClaimValues != null) {
            subjectClaimValue = unfilteredClaimValues.get(subjectClaimUri);
        } else {
            subjectClaimValue = mappedAttrs.get(subjectClaimUri);
        }
        if (subjectClaimValue != null) {
            AuthenticatedUser authenticatedUser = sequenceConfig.getAuthenticatedUser();
            authenticatedUser.setAuthenticatedSubjectIdentifier(subjectClaimValue);

            if (log.isDebugEnabled()) {
                log.debug("Authenticated User: " +
                          sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
                log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
            }
        }
    }
}
 
Example 20
Source File: JITProvisioningPostAuthenticationHandler.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
/**
 * To handle the request flow of the post authentication handler.
 *
 * @param response       HttpServlet response.
 * @param context        Authentication context
 * @return Status of this post authentication handler flow.
 * @throws PostAuthenticationFailedException Exception that will be thrown in case of failure.
 */
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, HttpServletResponse response,
        AuthenticationContext context) throws PostAuthenticationFailedException {

    SequenceConfig sequenceConfig = context.getSequenceConfig();
    boolean isUserCreated = false;
    for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
        StepConfig stepConfig = entry.getValue();
        AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
        if (authenticatorConfig == null) {
            //May have skipped from the script
            //ex: Different authentication sequences evaluated by the script
            continue;
        }
        ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();

        if (authenticator instanceof FederatedApplicationAuthenticator) {
            ExternalIdPConfig externalIdPConfig;
            String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
            externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
            context.setExternalIdP(externalIdPConfig);
            Map<String, String> localClaimValues = (Map<String, String>) context
                    .getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
            if (localClaimValues == null || localClaimValues.size() == 0) {
                Map<ClaimMapping, String> userAttributes = stepConfig.getAuthenticatedUser().getUserAttributes();
                localClaimValues = FrameworkUtils.getClaimMappings
                        (userAttributes, false);
            }

            if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
                if (localClaimValues == null) {
                    localClaimValues = new HashMap<>();
                }

                String associatedLocalUser =
                        getLocalUserAssociatedForFederatedIdentifier(stepConfig.getAuthenticatedIdP(),
                                stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier(), context.getTenantDomain());

                String username;
                String userIdClaimUriInLocalDialect = getUserIdClaimUriInLocalDialect(externalIdPConfig);
                if (isUserNameFoundFromUserIDClaimURI(localClaimValues, userIdClaimUriInLocalDialect)) {
                    username = localClaimValues.get(userIdClaimUriInLocalDialect);
                } else {
                    username = associatedLocalUser;
                }

                // If associatedLocalUser is null, that means relevant association not exist already.
                if (StringUtils.isEmpty(associatedLocalUser) && !isUserCreated) {
                    if (log.isDebugEnabled()) {
                        log.debug(sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
                                + externalIdPConfig.getIdPName() + " do not have a local account, hence redirecting"
                                + " to the UI to sign up.");
                    }

                    if (externalIdPConfig.isPromptConsentEnabled()) {
                        if (StringUtils.isEmpty(username)) {
                            // If there is no subject claim URI configured in the IDP, get the authenticated
                            // username.
                            username = getTenantDomainAppendedUserName(
                                    sequenceConfig.getAuthenticatedUser().getUserName(), context.getTenantDomain());
                        }
                        redirectToAccountCreateUI(externalIdPConfig, context, localClaimValues, response,
                                username, request);
                        // Set the property to make sure the request is a returning one.
                        context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
                        return PostAuthnHandlerFlowStatus.INCOMPLETE;
                    }
                }
                if (StringUtils.isEmpty(username)) {
                    username = sequenceConfig.getAuthenticatedUser().getUserName();
                    isUserCreated = true;
                }
                if (log.isDebugEnabled()) {
                    log.debug("User : " + sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
                            + externalIdPConfig.getIdPName() + " do have a local account, with the username "
                            + username);
                }
                callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues,
                        stepConfig);
            }
        }
    }
    return SUCCESS_COMPLETED;
}