org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants Java Examples

The following examples show how to use org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: IdPMgtValidationListener.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
@Override
public boolean doPreDeleteIdP(String idPName, String tenantDomain) throws IdentityProviderManagementException {

    if (StringUtils.isEmpty(idPName)) {
        throw new IllegalArgumentException("Invalid argument: Identity Provider Name value is empty");
    }

    String loggedInTenant = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();

    if (IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME.equals(idPName)) {
        if (StringUtils.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, tenantDomain)) {
            throw new IdentityProviderManagementException("Cannot delete Resident Identity Provider of Super " +
                    "Tenant");
        } else if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME != loggedInTenant) {
            throw new IdentityProviderManagementException("Tenant user of " + loggedInTenant + " cannot delete " +
                    "Resident Identity Provider of tenant " + tenantDomain);
        } else {
            log.warn("Deleting Resident Identity Provider for tenant " + tenantDomain);
        }
    }

    return true;
}
 
Example #2
Source File: SAML2SSOFederatedAuthenticatorConfig.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public boolean isValid() {

    if (IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID) != null
            && !"".equals(IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID))
            && IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID) != null
            && !"".equals(IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID))
            && IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL) != null
            && !"".equals(IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL))) {
        return true;
    }
    return false;
}
 
Example #3
Source File: RandomPasswordProcessor.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Remove original passwords with random passwords when sending password properties to UI front-end
 *
 * @param properties
 */
public Property[] removeOriginalPasswords(Property[] properties) {

    if (ArrayUtils.isEmpty(properties)) {
        return new Property[0];
    }

    properties = addUniqueIdProperty(properties);
    String uuid = IdentityApplicationManagementUtil
            .getPropertyValue(properties, IdentityApplicationConstants.UNIQUE_ID_CONSTANT);
    String randomPhrase = IdentityApplicationConstants.RANDOM_PHRASE_PREFIX + uuid;
    RandomPassword[] randomPasswords = replaceOriginalPasswordsWithRandomPasswords(
            randomPhrase, properties);
    if (!ArrayUtils.isEmpty(randomPasswords)) {
        addPasswordContainerToCache(randomPasswords, uuid);
    }

    return properties;
}
 
Example #4
Source File: RandomPasswordProcessor.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Remove random passwords with original passwords when sending password properties to Service Back-end
 * @param properties
 */
public Property[] removeRandomPasswords(Property[] properties, boolean withCacheClear) {

    if (ArrayUtils.isEmpty(properties)) {
        return new Property[0];
    }

    String uuid = IdentityApplicationManagementUtil.getPropertyValue(properties,
                                                                     IdentityApplicationConstants.UNIQUE_ID_CONSTANT);
    if (StringUtils.isBlank(uuid)) {
        if (log.isDebugEnabled()) {
            log.debug("Cache Key not found for Random Password Container");
        }
    } else {
        properties = removeUniqueIdProperty(properties);
        RandomPassword[] randomPasswords = getRandomPasswordContainerFromCache(uuid, withCacheClear);
        if (!ArrayUtils.isEmpty(randomPasswords)) {
            replaceRandomPasswordsWithOriginalPasswords(properties,
                                                        randomPasswords);
        }
    }
    return properties;
}
 
Example #5
Source File: RandomPasswordProcessor.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Remove original passwords with random passwords when sending password properties to UI front-end
 * @param properties
 */
public Property[] removeOriginalPasswords(Property[] properties){

    if (ArrayUtils.isEmpty(properties)){
        return new Property[0];
    }

    properties = addUniqueIdProperty(properties);
    String uuid = IdentityApplicationManagementUtil
            .getPropertyValue(properties, IdentityApplicationConstants.UNIQUE_ID_CONSTANT);
    String randomPhrase = IdentityApplicationConstants.RANDOM_PHRASE_PREFIX + uuid;
    RandomPassword[] randomPasswords = replaceOriginalPasswordsWithRandomPasswords(
            randomPhrase, properties);
    if (!ArrayUtils.isEmpty(randomPasswords)) {
        addPasswordContainerToCache(randomPasswords, uuid);
    }

    return properties;
}
 
Example #6
Source File: IdPManagementUtil.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
public static int getRememberMeTimeout(String tenantDomain) {

        IdentityProviderManager identityProviderManager = IdentityProviderManager.getInstance();
        int rememberMeTimeout = Integer.parseInt(IdentityApplicationConstants.REMEMBER_ME_TIME_OUT_DEFAULT);

        try {
            IdentityProvider identityProvider = identityProviderManager.getResidentIdP(tenantDomain);
            IdentityProviderProperty idpProperty = IdentityApplicationManagementUtil.getProperty(
                    identityProvider.getIdpProperties(), IdentityApplicationConstants.REMEMBER_ME_TIME_OUT);
            if (idpProperty != null) {
                rememberMeTimeout = Integer.parseInt(idpProperty.getValue());
            }
        } catch (IdentityProviderManagementException e) {
            log.error("Error when accessing the IdentityProviderManager for tenant : " + tenantDomain, e);
        }
        return rememberMeTimeout * 60;
    }
 
Example #7
Source File: CellerySignedJWTValidator.java    From cellery-security with Apache License 2.0 6 votes vote down vote up
private IdentityProvider getLocalIdpForIssuer(String jwtIssuer,
                                              String tenantDomain) throws IdentityOAuth2Exception {

    String residentIdpIssuer = null;
    IdentityProvider residentIdentityProvider;
    try {
        residentIdentityProvider = IdentityProviderManager.getInstance().getResidentIdP(tenantDomain);
    } catch (IdentityProviderManagementException e) {
        throw new IdentityOAuth2Exception("Error retrieving resident IDP information for issuer: " + jwtIssuer +
                " of tenantDomain: " + tenantDomain, e);
    }

    FederatedAuthenticatorConfig[] fedAuthnConfigs = residentIdentityProvider.getFederatedAuthenticatorConfigs();
    FederatedAuthenticatorConfig oauthAuthenticatorConfig =
            IdentityApplicationManagementUtil.getFederatedAuthenticator(fedAuthnConfigs,
                    IdentityApplicationConstants.Authenticator.OIDC.NAME);
    if (oauthAuthenticatorConfig != null) {
        residentIdpIssuer = IdentityApplicationManagementUtil.getProperty(oauthAuthenticatorConfig.getProperties(),
                Utils.OPENID_IDP_ENTITY_ID).getValue();
    }
    return StringUtils.equalsIgnoreCase(residentIdpIssuer, jwtIssuer) ? residentIdentityProvider : null;
}
 
Example #8
Source File: IdentityProviderManager.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * @param idPName
 * @param tenantDomain
 * @param ignoreFileBasedIdps
 * @return
 * @throws IdentityProviderManagementException
 */
public IdentityProvider getIdPByName(String idPName, String tenantDomain,
                                     boolean ignoreFileBasedIdps) throws IdentityProviderManagementException {

    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    if (StringUtils.isEmpty(idPName)) {
        String msg = "Invalid argument: Identity Provider Name value is empty";
        throw new IdentityProviderManagementException(msg);
    }

    IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);

    if (!ignoreFileBasedIdps) {

        if (identityProvider == null) {
            identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
        }

        if (identityProvider == null) {
            identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
                    IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
        }
    }

    return identityProvider;
}
 
Example #9
Source File: IdPManagementUtil.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
public static int getRememberMeTimeout(String tenantDomain) {

        IdentityProviderManager identityProviderManager = IdentityProviderManager.getInstance();
        int rememberMeTimeout = Integer.parseInt(IdentityApplicationConstants.REMEMBER_ME_TIME_OUT_DEFAULT);

        try {
            IdentityProvider identityProvider = identityProviderManager.getResidentIdP(tenantDomain);
            IdentityProviderProperty idpProperty = IdentityApplicationManagementUtil.getProperty(
                    identityProvider.getIdpProperties(), IdentityApplicationConstants.REMEMBER_ME_TIME_OUT);
            if (idpProperty != null) {
                rememberMeTimeout = Integer.parseInt(idpProperty.getValue());
            }
        } catch (IdentityProviderManagementException e) {
            log.error("Error when accessing the IdentityProviderManager for tenant : " + tenantDomain, e);
        }
        return rememberMeTimeout * 60;
    }
 
Example #10
Source File: IdPManagementUtil.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
public static int getIdleSessionTimeOut(String tenantDomain) {

        IdentityProviderManager identityProviderManager = IdentityProviderManager.getInstance();
        int timeout = Integer.parseInt(IdentityApplicationConstants.SESSION_IDLE_TIME_OUT_DEFAULT);

        try {
            IdentityProvider identityProvider = identityProviderManager.getResidentIdP(tenantDomain);
            IdentityProviderProperty idpProperty = IdentityApplicationManagementUtil.getProperty(
                    identityProvider.getIdpProperties(), IdentityApplicationConstants.SESSION_IDLE_TIME_OUT);
            if (idpProperty != null) {
                timeout = Integer.parseInt(idpProperty.getValue());
            }
        } catch (IdentityProviderManagementException e) {
            log.error("Error when accessing the IdentityProviderManager for tenant : " + tenantDomain, e);
        }
        return timeout * 60;
    }
 
Example #11
Source File: RandomPasswordProcessor.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
private Property[] addUniqueIdProperty(Property[] properties) {

        if (ArrayUtils.isEmpty(properties)) {
            return new Property[0];
        }

        String uuid = UUID.randomUUID().toString();
        Property uniqueIdProperty = new Property();
        uniqueIdProperty.setName(IdentityApplicationConstants.UNIQUE_ID_CONSTANT);
        uniqueIdProperty.setValue(uuid);
        if (log.isDebugEnabled()) {
            log.debug("Adding uniqueId property: " + uuid);
        }
        properties = (Property[]) ArrayUtils.add(properties, uniqueIdProperty);

        return properties;
    }
 
Example #12
Source File: ApplicationMgtValidator.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
public void validateSPConfigurations(ServiceProvider serviceProvider, String tenantDomain,
                                     String userName) throws IdentityApplicationManagementException {

    List<String> validationErrors = new ArrayList<>();
    validateDiscoverabilityConfigs(validationErrors, serviceProvider);
    validateInboundAuthenticationConfig(serviceProvider.getInboundAuthenticationConfig(), tenantDomain,
            serviceProvider.getApplicationID());
    validateLocalAndOutBoundAuthenticationConfig(validationErrors,
            serviceProvider.getLocalAndOutBoundAuthenticationConfig(),
            tenantDomain);
    validateRequestPathAuthenticationConfig(validationErrors, serviceProvider.getRequestPathAuthenticatorConfigs(),
            tenantDomain);
    validateOutBoundProvisioning(validationErrors, serviceProvider.getOutboundProvisioningConfig(), tenantDomain);
    validateClaimsConfigs(validationErrors, serviceProvider.getClaimConfig(),
            serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null ? serviceProvider
                    .getLocalAndOutBoundAuthenticationConfig().getSubjectClaimUri() : null,
            tenantDomain, serviceProvider.getApplicationName());
    validateRoleConfigs(validationErrors, serviceProvider.getPermissionAndRoleConfig(), tenantDomain);

    if (!validationErrors.isEmpty()) {
        String code = IdentityApplicationConstants.Error.INVALID_REQUEST.getCode();
        throw new IdentityApplicationManagementValidationException(code, validationErrors.toArray(new String[0]));
    }
}
 
Example #13
Source File: SSOUtils.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public static boolean isAuthnRequestSigned(Map<String, String> properties) {
    if (properties != null) {
        String prop = properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.IS_AUTHN_REQ_SIGNED);
        if (prop != null) {
            return Boolean.parseBoolean(prop);
        }
    }
    return false;
}
 
Example #14
Source File: GoogleOAuth2Authenticator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the Yahoo user info url.
 */
private void initUserInfoURL() {

    userInfoURL = getAuthenticatorConfig()
            .getParameterMap()
            .get(GoogleOAuth2AuthenticationConstant.GOOGLE_USERINFO_ENDPOINT);

    if (userInfoURL == null) {
        userInfoURL = IdentityApplicationConstants.GOOGLE_USERINFO_URL;
    }
}
 
Example #15
Source File: OpenIDAuthenticator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
protected void processAuthenticationResponse(HttpServletRequest request,
                                             HttpServletResponse response, AuthenticationContext context)
        throws AuthenticationFailedException {

    OpenIDManager manager = getNewOpenIDManagerInstance();

    try {
        manager.processOpenIDLoginResponse(request, response, context);

        AuthenticatedUser authenticatedSubject = context.getSubject();
        String subject = null;
        String isSubjectInClaimsProp = context.getAuthenticatorProperties().get(
                IdentityApplicationConstants.Authenticator.SAML2SSO.IS_USER_ID_IN_CLAIMS);
        if ("true".equalsIgnoreCase(isSubjectInClaimsProp)) {
            subject = getSubjectFromUserIDClaimURI(context);
        }

        if (subject == null) {
            subject = authenticatedSubject.getAuthenticatedSubjectIdentifier();
        }

        if (subject == null) {
            throw new OpenIDException("Cannot find federated User Identifier");
        }

        authenticatedSubject.setAuthenticatedSubjectIdentifier(subject);

    } catch (OpenIDException e) {
        log.error("Error when processing response from OpenID Provider", e);
        throw new AuthenticationFailedException(e.getMessage(), e);
    }
}
 
Example #16
Source File: IdentityProviderManager.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Retrieves Identity provider information about a given tenant
 *
 * @param idPName      Unique name of the IdP to which the given local roles need to be mapped
 * @param tenantDomain The tenant domain of whose local roles need to be mapped
 * @param localRoles   Local roles which need to be mapped to IdP roles
 * @throws IdentityProviderManagementException Error when getting role mappings
 */
public Set<RoleMapping> getMappedIdPRoles(String idPName, String tenantDomain,
                                          LocalRole[] localRoles) throws IdentityProviderManagementException {

    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    if (StringUtils.isEmpty(idPName)) {
        String msg = "Invalid argument: Identity Provider Name value is empty";
        throw new IdentityProviderManagementException(msg);
    }
    IdentityProvider identityProvider = dao.getIdPByName(null, idPName, tenantId, tenantDomain);

    if (identityProvider == null) {
        identityProvider = new FileBasedIdPMgtDAO().getIdPByName(idPName, tenantDomain);
    }

    if (identityProvider == null) {
        identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
                IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
    }

    PermissionsAndRoleConfig roleConfiguration = identityProvider.getPermissionAndRoleConfig();

    if (roleConfiguration != null) {
        RoleMapping[] roleMappings = roleConfiguration.getRoleMappings();

        if (roleMappings != null && roleMappings.length > 0 && localRoles != null) {
            Set<RoleMapping> returnSet = new HashSet<RoleMapping>();
            for (LocalRole localRole : localRoles) {
                for (RoleMapping roleMapping : roleMappings) {
                    if (roleMapping.getLocalRole().equals(localRole)) {
                        returnSet.add(roleMapping);
                        break;
                    }
                }
            }
            return returnSet;
        }
    }
    return new HashSet<RoleMapping>();
}
 
Example #17
Source File: FileBasedIdPMgtDAO.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param property
 * @param value
 * @param tenantDomain
 * @return
 */
public IdentityProvider getIdPByAuthenticatorPropertyValue(String property, String value, String tenantDomain) {

    Map<String, IdentityProvider> identityProviders = IdPManagementServiceComponent.getFileBasedIdPs();
    for (Iterator<Entry<String, IdentityProvider>> iterator = identityProviders.entrySet().iterator(); iterator
            .hasNext(); ) {
        Entry<String, IdentityProvider> entry = iterator.next();
        FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = entry.getValue().
                getFederatedAuthenticatorConfigs();
        // Get SAML2 Web SSO authenticator
        FederatedAuthenticatorConfig samlAuthenticatorConfig = IdentityApplicationManagementUtil.
                getFederatedAuthenticator(
                        federatedAuthenticatorConfigs, IdentityApplicationConstants.Authenticator.SAML2SSO.NAME);

        if (samlAuthenticatorConfig != null) {
            Property samlProperty = IdentityApplicationManagementUtil.getProperty(samlAuthenticatorConfig.
                            getProperties(),
                    property);
            if (samlProperty != null) {
                if (value.equalsIgnoreCase(samlProperty.getValue())) {
                    return entry.getValue();
                }
            }
        }
    }
    return null;
}
 
Example #18
Source File: IdPManagementServiceComponent.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private static void addSuperTenantIdp() throws Exception {

        try {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setIdentityProviderName(IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME);
            identityProvider.setHomeRealmId(IdentityUtil.getHostName());
            identityProvider.setPrimary(true);
            IdentityProviderManager.getInstance()
                    .addResidentIdP(identityProvider, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        } catch (Throwable e) {
            throw new Exception("Error when adding Resident Identity Provider entry for super tenant ", e);
        }
    }
 
Example #19
Source File: GoogleOAuth2Authenticator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Get Configuration Properties
 *
 * @return
 */
@Override
public List<Property> getConfigurationProperties() {

    List<Property> configProperties = new ArrayList<Property>();

    Property clientId = new Property();
    clientId.setName(OIDCAuthenticatorConstants.CLIENT_ID);
    clientId.setDisplayName("Client Id");
    clientId.setRequired(true);
    clientId.setDescription("Enter Google IDP client identifier value");
    clientId.setDisplayOrder(1);
    configProperties.add(clientId);

    Property clientSecret = new Property();
    clientSecret.setName(OIDCAuthenticatorConstants.CLIENT_SECRET);
    clientSecret.setDisplayName("Client Secret");
    clientSecret.setRequired(true);
    clientSecret.setConfidential(true);
    clientSecret.setDescription("Enter Google IDP client secret value");
    clientSecret.setDisplayOrder(2);
    configProperties.add(clientSecret);

    Property callbackUrl = new Property();
    callbackUrl.setDisplayName("Callback Url");
    callbackUrl.setName(IdentityApplicationConstants.OAuth2.CALLBACK_URL);
    callbackUrl.setDescription("Enter value corresponding to callback url.");
    callbackUrl.setDisplayOrder(3);
    configProperties.add(callbackUrl);

    Property scope = new Property();
    scope.setDisplayName("Additional Query Parameters");
    scope.setName("AdditionalQueryParameters");
    scope.setValue("scope=openid email profile");
    scope.setDescription("Additional query parameters. e.g: paramName1=value1");
    scope.setDisplayOrder(4);
    configProperties.add(scope);

    return configProperties;
}
 
Example #20
Source File: IdPManagementDAO.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * Populate the result set.
 *
 * @param resultSet          ResultSet.
 * @param dbConnection       Database Connection.
 * @param requiredAttributes Required attributes which needs to be return.
 * @param tenantId           Tenant Id of the identity provider.
 * @return List of Identity Provider.
 * @throws SQLException Database Exception.
 */
private List<IdentityProvider> populateIdentityProviderList(ResultSet resultSet, Connection dbConnection,
                                                            List<String> requiredAttributes, int tenantId)
        throws SQLException, IdentityProviderManagementServerException {

    List<IdentityProvider> identityProviderList = new ArrayList<>();
    while (resultSet.next()) {
        IdentityProvider identityProvider = new IdentityProvider();
        // First set the basic attributes such as id, name, description, isEnabled, image url, uuid.
        identityProvider.setId(resultSet.getString("ID"));
        identityProvider.setIdentityProviderName(resultSet.getString("NAME"));
        identityProvider.setIdentityProviderDescription(resultSet.getString("DESCRIPTION"));
        // IS_ENABLE
        if ((IdPManagementConstants.IS_TRUE_VALUE).equals(resultSet.getString("IS_ENABLED"))) {
            identityProvider.setEnable(true);
        } else {
            identityProvider.setEnable(false);
        }
        identityProvider.setImageUrl(resultSet.getString("IMAGE_URL"));
        identityProvider.setResourceId(resultSet.getString("UUID"));

        populateRequiredAttributesForIdentityProviderList(resultSet, dbConnection, requiredAttributes, tenantId,
                identityProvider);

        if (!IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME
                .equals(identityProvider.getIdentityProviderName())) {
            identityProviderList.add(identityProvider);
        }
        List<IdentityProviderProperty> propertyList = getIdentityPropertiesByIdpId(dbConnection,
                Integer.parseInt(resultSet.getString("ID")));
        identityProvider.setIdpProperties(propertyList.toArray(new IdentityProviderProperty[0]));
    }
    return identityProviderList;
}
 
Example #21
Source File: JustInTimeProvisioningConfig.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public static JustInTimeProvisioningConfig build(OMElement justInTimeProvisioningConfigOM) {
    JustInTimeProvisioningConfig justInTimeProvisioningConfig = new JustInTimeProvisioningConfig();

    if (justInTimeProvisioningConfigOM == null) {
        return justInTimeProvisioningConfig;
    }

    Iterator<?> iter = justInTimeProvisioningConfigOM.getChildElements();

    while (iter.hasNext()) {
        OMElement element = (OMElement) (iter.next());
        String elementName = element.getLocalName();

        if ("UserStoreClaimUri".equals(elementName)) {
            justInTimeProvisioningConfig.setUserStoreClaimUri(element.getText());
        } else if ("ProvisioningUserStore".equals(elementName)) {
            justInTimeProvisioningConfig.setProvisioningUserStore(element.getText());
        } else if ("IsProvisioningEnabled".equals(elementName)) {
            if (element.getText() != null && element.getText().trim().length() > 0) {
                justInTimeProvisioningConfig.setProvisioningEnabled(Boolean
                        .parseBoolean(element.getText()));
            }
        } else if (IdentityApplicationConstants.IS_PASSWORD_PROVISIONING_ENABLED_ELEMENT.equals(elementName)) {
            if (StringUtils.isNotEmpty(element.getText())) {
                justInTimeProvisioningConfig
                        .setPasswordProvisioningEnabled(Boolean.parseBoolean(element.getText()));
            }
        } else if (IdentityApplicationConstants.ALLOW_MODIFY_USERNAME_ELEMENT.equals(elementName)) {
            if (StringUtils.isNotEmpty(element.getText())) {
                justInTimeProvisioningConfig.setModifyUserNameAllowed(Boolean.parseBoolean(element.getText()));
            }
        } else if (IdentityApplicationConstants.PROMPT_CONSENT_ELEMENT.equals(elementName)) {
            if (StringUtils.isNotEmpty(element.getText())) {
                justInTimeProvisioningConfig.setPromptConsent(Boolean.parseBoolean(element.getText()));
            }
        }
    }

    return justInTimeProvisioningConfig;
}
 
Example #22
Source File: PassiveSTSFederatedAuthenticatorConfig.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isValid() {

    if (IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL) != null
            && !"".equals(IdentityApplicationManagementUtil.getProperty(properties,
            IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL))) {
        return true;
    }
    return false;
}
 
Example #23
Source File: SAML2SSOFederatedAuthenticatorConfig.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public SAML2SSOFederatedAuthenticatorConfig(FederatedAuthenticatorConfig federatedAuthenticatorConfig) {
    for (Property property : federatedAuthenticatorConfig.getProperties()) {
        if (IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID.equals(property.getName())) {
            idpEntityId = property.getValue();
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID.equals(property.getName())) {
            spEntityId = property.getValue();
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL.equals(property.getName())) {
            saml2SSOUrl = property.getValue();
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_AUTHN_REQ_SIGNED.equals(
                property.getName())) {
            isAuthnRequestSigned = Boolean.parseBoolean(property.getValue());
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_LOGOUT_ENABLED.equals(
                property.getName())) {
            isLogoutEnabled = Boolean.parseBoolean(property.getValue());
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_LOGOUT_REQ_SIGNED.equals(
                property.getName())) {
            isLogoutRequestSigned = Boolean.parseBoolean(property.getValue());
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL.equals(property.getName())) {
            logoutRequestUrl = property.getValue();
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_AUTHN_RESP_SIGNED.equals(
                property.getName())) {
            isAuthnResponseSigned = Boolean.parseBoolean(property.getValue());
        } else if (IdentityApplicationConstants.Authenticator.SAML2SSO.IS_ENABLE_ASSERTION_ENCRYPTION.equals(
                property.getName())) {
            isAuthnResponseEncrypted = Boolean.parseBoolean(property.getValue());
        }
    }
}
 
Example #24
Source File: CacheBackedIdPMgtDAO.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param realmId
 * @param tenantId
 * @param tenantDomain
 * @return
 * @throws IdentityProviderManagementException
 */
public IdentityProvider getIdPByRealmId(String realmId, int tenantId,
                                        String tenantDomain) throws IdentityProviderManagementException {

    IdPHomeRealmIdCacheKey cacheKey = new IdPHomeRealmIdCacheKey(realmId, tenantDomain);
    IdPCacheEntry entry = idPCacheByHRI.getValueFromCache(cacheKey);
    if (entry != null) {
        log.debug("Cache entry found for Identity Provider with Home Realm ID " + realmId);
        return entry.getIdentityProvider();
    } else {
        log.debug("Cache entry not found for Identity Provider with Home Realm ID " + realmId
                + ". Fetching entry from DB");
    }

    IdentityProvider identityProvider = idPMgtDAO.getIdPByRealmId(realmId, tenantId, tenantDomain);

    if (identityProvider != null) {
        log.debug("Entry fetched from DB for Identity Provider with Home Realm ID " + realmId
                + ". Updating cache");
        idPCacheByHRI.addToCache(cacheKey, new IdPCacheEntry(identityProvider));
        IdPNameCacheKey idPNameCacheKey = new IdPNameCacheKey(
                identityProvider.getIdentityProviderName(), tenantDomain);
        idPCacheByName.addToCache(idPNameCacheKey, new IdPCacheEntry(identityProvider));
        if (identityProvider.isPrimary()) {
            primaryIdPs.put(tenantDomain, identityProvider);
        }
        if (IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME.equals(
                identityProvider.getIdentityProviderName())) {
            residentIdPs.put(tenantDomain, identityProvider);
        }
    } else {
        log.debug("Entry for Identity Provider with Home Realm ID " + realmId
                + " not found in cache or DB");
    }

    return identityProvider;
}
 
Example #25
Source File: IdentityProviderManager.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private boolean validateIdPEntityId(FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs,
                                    int tenantId, String tenantDomain) throws IdentityProviderManagementException {

    if (federatedAuthenticatorConfigs != null) {
        for (FederatedAuthenticatorConfig authConfig : federatedAuthenticatorConfigs) {
            if (IdentityApplicationConstants.Authenticator.SAML2SSO.FED_AUTH_NAME.equals(authConfig.getName()) ||
                    IdentityApplicationConstants.Authenticator.SAML2SSO.NAME.equals(authConfig.getName())) {
                Property[] properties = authConfig.getProperties();
                if (properties != null) {
                    for (Property property : properties) {
                        if (IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID.equals(
                                property.getName())) {
                            if (dao.isIdPAvailableForAuthenticatorProperty(authConfig.getName(),
                                    IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID,
                                    property.getValue(), tenantId)) {
                                String msg =
                                        "An Identity Provider Entity ID has already been registered with the " +
                                                "name '" + property.getValue() + "' for tenant '" + tenantDomain +
                                                "'";
                                throw new IdentityProviderManagementException(msg);
                            }
                            return true;
                        }
                    }
                }
            }
        }
    }
    return true;
}
 
Example #26
Source File: GoogleOAuth2Authenticator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Initiate tokenEndpoint
 */
private void initTokenEndpoint() {
    this.tokenEndpoint = getAuthenticatorConfig().getParameterMap().get(GoogleOAuth2AuthenticationConstant
            .GOOGLE_TOKEN_ENDPOINT);
    if (StringUtils.isBlank(this.tokenEndpoint)) {
        this.tokenEndpoint = IdentityApplicationConstants.GOOGLE_TOKEN_URL;
    }
}
 
Example #27
Source File: GoogleOAuth2Authenticator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Initiate authorization server endpoint
 */
private void initOAuthEndpoint() {
    this.oAuthEndpoint = getAuthenticatorConfig().getParameterMap().get(GoogleOAuth2AuthenticationConstant
            .GOOGLE_AUTHZ_ENDPOINT);
    if (StringUtils.isBlank(this.oAuthEndpoint)) {
        this.oAuthEndpoint = IdentityApplicationConstants.GOOGLE_OAUTH_URL;
    }
}
 
Example #28
Source File: IdPManagementServiceComponent.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
private static void addSuperTenantIdp() throws Exception {

        try {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setIdentityProviderName(IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME);
            identityProvider.setHomeRealmId(IdentityUtil.getHostName());
            identityProvider.setPrimary(true);
            IdentityProviderManager.getInstance()
                    .addResidentIdP(identityProvider, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        } catch (Throwable e) {
            throw new Exception("Error when adding Resident Identity Provider entry for super tenant ", e);
        }
    }
 
Example #29
Source File: FacebookAuthenticator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Initiate authorization server endpoint
 */
private void initOAuthEndpoint() {
    this.oAuthEndpoint = getAuthenticatorConfig().getParameterMap().get(FacebookAuthenticatorConstants
            .FB_AUTHZ_URL);
    if (StringUtils.isBlank(this.oAuthEndpoint)) {
        this.oAuthEndpoint = IdentityApplicationConstants.FB_AUTHZ_URL;
    }
}
 
Example #30
Source File: IdentityProviderManager.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
@Override
public IdentityProvider getIdPById(String id, String tenantDomain,
                                   boolean ignoreFileBasedIdps) throws IdentityProviderManagementException {

    if (StringUtils.isEmpty(id)) {
        String msg = "Invalid argument: Identity Provider ID value is empty";
        throw new IdentityProviderManagementException(msg);
    }
    int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
    Integer intId;
    IdentityProvider identityProvider = null;

    try {
        intId = Integer.parseInt(id);
        identityProvider = dao.getIdPById(null, intId, tenantId, tenantDomain);
    } catch (NumberFormatException e) {
        // Ignore this.
    }
    if (!ignoreFileBasedIdps) {

        if (identityProvider == null) {
            identityProvider = new FileBasedIdPMgtDAO().getIdPByName(id, tenantDomain);
        }

        if (identityProvider == null) {
            identityProvider = IdPManagementServiceComponent.getFileBasedIdPs().get(
                    IdentityApplicationConstants.DEFAULT_IDP_CONFIG);
        }
    }

    return identityProvider;
}