Java Code Examples for org.wso2.carbon.identity.core.util.IdentityTenantUtil#getRealm()

The following examples show how to use org.wso2.carbon.identity.core.util.IdentityTenantUtil#getRealm() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
public void addUser(UserDTO user) throws Exception {
    UserFieldDTO[] userFieldDTOs = null;
    Map<String, String> userClaims = null;

    userFieldDTOs = user.getUserFields();
    userClaims = new HashMap<String, String>();

    if (userFieldDTOs != null) {
        for (UserFieldDTO userFieldDTO : userFieldDTOs) {
            userClaims.put(userFieldDTO.getClaimUri(), userFieldDTO.getFieldValue());
        }
    }

    UserRealm realm = null;
    String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(user.getUserName());
    String tenantName = MultitenantUtils.getTenantDomain(user.getUserName());
    realm = IdentityTenantUtil.getRealm(tenantName, null);
    addUser(tenantAwareUserName, user.getPassword(), userClaims, null, realm);
}
 
Example 2
Source File: UserRegistrationService.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
public void addUser(UserDTO user) throws Exception {
    UserFieldDTO[] userFieldDTOs = null;
    Map<String, String> userClaims = null;

    userFieldDTOs = user.getUserFields();
    userClaims = new HashMap<String, String>();

    if (userFieldDTOs != null) {
        for (UserFieldDTO userFieldDTO : userFieldDTOs) {
            userClaims.put(userFieldDTO.getClaimUri(), userFieldDTO.getFieldValue());
        }
    }

    UserRealm realm = null;
    String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(user.getUserName());
    String tenantName = MultitenantUtils.getTenantDomain(user.getUserName());
    realm = IdentityTenantUtil.getRealm(tenantName, null);
    Registry registry = IdentityTenantUtil.getRegistry(null, null);
    addUser(tenantAwareUserName, user.getPassword(), userClaims, null, realm);
}
 
Example 3
Source File: UserInformationRecoveryService.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * This returns the user supported claims.
 *
 * @param dialect
 * @return
 * @throws IdentityException
 */
public UserIdentityClaimDTO[] getUserIdentitySupportedClaims(String dialect)
        throws IdentityException {
    IdentityClaimManager claimManager = null;
    Claim[] claims = null;
    UserRealm realm = null;

    claimManager = IdentityClaimManager.getInstance();
    realm = IdentityTenantUtil.getRealm(null, null);
    claims = claimManager.getAllSupportedClaims(dialect, realm);

    if (claims == null || claims.length == 0) {
        log.warn("Could not find any matching claims for requested dialect : " + dialect);
        return new UserIdentityClaimDTO[0];
    }

    List<UserIdentityClaimDTO> claimList = new ArrayList<UserIdentityClaimDTO>();

    for (int i = 0; i < claims.length; i++) {
        if (claims[i].getDisplayTag() != null
                && !IdentityConstants.PPID_DISPLAY_VALUE.equals(claims[i].getDisplayTag())) {
            if (UserCoreConstants.ClaimTypeURIs.ACCOUNT_STATUS.equals(claims[i].getClaimUri())) {
                continue;
            }
            if (claims[i].isSupportedByDefault() && (!claims[i].isReadOnly())) {

                UserIdentityClaimDTO claimDto = new UserIdentityClaimDTO();
                claimDto.setClaimUri(claims[i].getClaimUri());
                claimDto.setClaimValue(claims[i].getValue());
                claimDto.setRequired(claims[i].isRequired());
                claimDto.setDisplayName(claims[i].getDisplayTag());
                claimList.add(claimDto);
            }
        }
    }

    return claimList.toArray(new UserIdentityClaimDTO[claimList.size()]);
}
 
Example 4
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * This service method will return back all available password validation regular expressions
 * against the corresponding domain names.
 *
 * @return
 * @throws IdentityException
 */
public PasswordRegExDTO[] getPasswordRegularExpressions() throws IdentityException {
    UserRealm realm = null;
    realm = IdentityTenantUtil.getRealm(null, null);
    List<PasswordRegExDTO> passwordRegExList = new ArrayList<PasswordRegExDTO>();
    PasswordRegExDTO passwordRegEx;

    try {
        UserStoreManager manager = realm.getUserStoreManager();
        String domainName;
        String regEx;

        while (manager != null) {
            domainName = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
            regEx = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_JS_REG_EX);
            if (regEx != null && regEx.length() > 0) {
                passwordRegEx = new PasswordRegExDTO();
                passwordRegEx.setDomainName(domainName);
                passwordRegEx.setRegEx(regEx);
                passwordRegExList.add(passwordRegEx);
            }
            manager = manager.getSecondaryUserStoreManager();
        }
    } catch (UserStoreException e) {
        log.error(e);
        throw IdentityException.error(
                "Error occured while loading password validation regular expressions.");
    }
    return passwordRegExList.toArray(new PasswordRegExDTO[passwordRegExList.size()]);
}
 
Example 5
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public UserFieldDTO[] readUserFieldsForUserRegistration(String dialect)
        throws IdentityException {

    IdentityClaimManager claimManager = null;
    Claim[] claims = null;
    List<UserFieldDTO> claimList = null;
    UserRealm realm = null;

    claimManager = IdentityClaimManager.getInstance();
    realm = IdentityTenantUtil.getRealm(null, null);
    claims = claimManager.getAllSupportedClaims(dialect, realm);

    if (claims == null || claims.length == 0) {
        return new UserFieldDTO[0];
    }

    claimList = new ArrayList<UserFieldDTO>();

    for (Claim claim : claims) {
        if (claim.getDisplayTag() != null
                && !IdentityConstants.PPID_DISPLAY_VALUE.equals(claim.getDisplayTag())) {
            if (UserCoreConstants.ClaimTypeURIs.ACCOUNT_STATUS.equals(claim.getClaimUri())) {
                continue;
            }
            if (!claim.isReadOnly()) {
                claimList.add(getUserFieldDTO(claim.getClaimUri(), claim.getDisplayTag(), claim.isRequired(),
                        claim.getDisplayOrder(), claim.getRegEx(), claim.isSupportedByDefault()));
            }
        }
    }
    return claimList.toArray(new UserFieldDTO[claimList.size()]);
}
 
Example 6
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public boolean isAddUserEnabled() throws Exception {

        UserRealm userRealm = IdentityTenantUtil.getRealm(null, null);
        if (userRealm != null) {
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            if (userStoreManager != null) {
                return !userStoreManager.isReadOnly();
            }
        }
        return false;
    }
 
Example 7
Source File: OpenIDProviderService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param userName
 * @return
 * @throws IdentityProviderException
 */
public OpenIDProviderInfoDTO getOpenIDProviderInfo(String userName, String openid)
        throws IdentityProviderException {

    OpenIDProviderInfoDTO providerInfo = new OpenIDProviderInfoDTO();
    String domain = null;
    UserRealm realm = null;

    try {
        domain = MultitenantUtils.getDomainNameFromOpenId(openid);
        realm = IdentityTenantUtil.getRealm(domain, userName);
    } catch (IdentityException e) {
        if (log.isDebugEnabled()) {
            log.debug("Ignoring IdentityException", e);
        }
    }
    if (realm == null) {
        return providerInfo;
    }

    providerInfo.setSubDomain(domain);
    String tenantFreeUsername = MultitenantUtils.getTenantAwareUsername(userName);

    providerInfo.setOpenIDProviderServerUrl(OpenIDUtil.getOpenIDServerURL());
    providerInfo.setOpenID(OpenIDUtil.getOpenIDUserPattern() + "/" + tenantFreeUsername);

    return providerInfo;
}
 
Example 8
Source File: OpenIDProviderService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Get Profile details of an user
 *
 * @param openId
 * @return
 * @throws IdentityProviderException
 */
public OpenIDUserProfileDTO[] getUserProfiles(String openId, OpenIDParameterDTO[] requredClaims)
        throws IdentityProviderException {
    String userName = null;
    UserRealm realm = null;
    UserStoreManager reader = null;
    String tenatUser = null;
    String domainName = null;

    try {
        userName = OpenIDUtil.getUserName(openId);
        tenatUser = MultitenantUtils.getTenantAwareUsername(userName);
        domainName = MultitenantUtils.getDomainNameFromOpenId(openId);
        realm = IdentityTenantUtil.getRealm(domainName, userName);
        reader = realm.getUserStoreManager();
        String[] profileNames = reader.getProfileNames(tenatUser);
        OpenIDUserProfileDTO[] profileDtoSet = new OpenIDUserProfileDTO[profileNames.length];

        List<String> claimList = null;
        ParameterList paramList = getParameterList(requredClaims);
        AuthRequest authReq =
                AuthRequest.createAuthRequest(paramList, OpenIDProvider.getInstance()
                                                                       .getManager()
                                                                       .getRealmVerifier());

        claimList = getRequestedAttributes(authReq);

        for (int i = 0; i < profileNames.length; i++) {
            OpenIDUserProfileDTO profileDTO = new OpenIDUserProfileDTO();
            OpenIDClaimDTO[] claimSet =
                    getOpenIDClaimValues(openId, profileNames[i], claimList);
            profileDTO.setProfileName(profileNames[i]);
            profileDTO.setClaimSet(claimSet);
            profileDtoSet[i] = profileDTO;
        }
        return profileDtoSet;
    } catch (MalformedURLException | UserStoreException | MessageException | IdentityException e) {
        throw new IdentityProviderException("Error while retrieving user profiles", e);
    }
}
 
Example 9
Source File: UserInformationRecoveryService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * This returns the user supported claims.
 *
 * @param dialect
 * @return
 * @throws IdentityException
 */
public UserIdentityClaimDTO[] getUserIdentitySupportedClaims(String dialect)
        throws IdentityException {
    IdentityClaimManager claimManager = null;
    Claim[] claims = null;
    UserRealm realm = null;

    claimManager = IdentityClaimManager.getInstance();
    realm = IdentityTenantUtil.getRealm(null, null);
    claims = claimManager.getAllSupportedClaims(dialect, realm);

    if (claims == null || claims.length == 0) {
        log.warn("Could not find any matching claims for requested dialect : " + dialect);
        return new UserIdentityClaimDTO[0];
    }

    List<UserIdentityClaimDTO> claimList = new ArrayList<UserIdentityClaimDTO>();

    for (int i = 0; i < claims.length; i++) {
        if (claims[i].getDisplayTag() != null
                && !IdentityConstants.PPID_DISPLAY_VALUE.equals(claims[i].getDisplayTag())) {
            if (UserCoreConstants.ClaimTypeURIs.ACCOUNT_STATUS.equals(claims[i].getClaimUri())) {
                continue;
            }
            if (claims[i].isSupportedByDefault() && (!claims[i].isReadOnly())) {

                UserIdentityClaimDTO claimDto = new UserIdentityClaimDTO();
                claimDto.setClaimUri(claims[i].getClaimUri());
                claimDto.setClaimValue(claims[i].getValue());
                claimList.add(claimDto);
            }
        }
    }

    return claimList.toArray(new UserIdentityClaimDTO[claimList.size()]);
}
 
Example 10
Source File: UserRegistrationService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * This service method will return back all available password validation regular expressions
 * against the corresponding domain names.
 *
 * @return
 * @throws IdentityException
 */
public PasswordRegExDTO[] getPasswordRegularExpressions() throws IdentityException {
    UserRealm realm = null;
    realm = IdentityTenantUtil.getRealm(null, null);
    List<PasswordRegExDTO> passwordRegExList = new ArrayList<PasswordRegExDTO>();
    PasswordRegExDTO passwordRegEx;

    try {
        UserStoreManager manager = realm.getUserStoreManager();
        String domainName;
        String regEx;

        while (manager != null) {
            domainName = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
            regEx = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_JS_REG_EX);
            if (regEx != null && regEx.length() > 0) {
                passwordRegEx = new PasswordRegExDTO();
                passwordRegEx.setDomainName(domainName);
                passwordRegEx.setRegEx(regEx);
                passwordRegExList.add(passwordRegEx);
            }
            manager = manager.getSecondaryUserStoreManager();
        }
    } catch (UserStoreException e) {
        log.error(e);
        throw IdentityException.error(
                "Error occured while loading password validation regular expressions.");
    }
    return passwordRegExList.toArray(new PasswordRegExDTO[passwordRegExList.size()]);
}
 
Example 11
Source File: UserRegistrationService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public UserFieldDTO[] readUserFieldsForUserRegistration(String dialect)
        throws IdentityException {

    IdentityClaimManager claimManager = null;
    Claim[] claims = null;
    List<UserFieldDTO> claimList = null;
    UserRealm realm = null;

    claimManager = IdentityClaimManager.getInstance();
    realm = IdentityTenantUtil.getRealm(null, null);
    claims = claimManager.getAllSupportedClaims(dialect, realm);

    if (claims == null || claims.length == 0) {
        return new UserFieldDTO[0];
    }

    claimList = new ArrayList<UserFieldDTO>();

    for (Claim claim : claims) {
        if (claim.getDisplayTag() != null
                && !IdentityConstants.PPID_DISPLAY_VALUE.equals(claim.getDisplayTag())) {
            if (UserCoreConstants.ClaimTypeURIs.ACCOUNT_STATUS.equals(claim.getClaimUri())) {
                continue;
            }
            if (!claim.isReadOnly()) {
                claimList.add(getUserFieldDTO(claim.getClaimUri(), claim.getDisplayTag(), claim.isRequired(),
                        claim.getDisplayOrder(), claim.getRegEx(), claim.isSupportedByDefault()));
            }
        }
    }
    return claimList.toArray(new UserFieldDTO[claimList.size()]);
}
 
Example 12
Source File: UserRegistrationService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public boolean isAddUserEnabled() throws Exception {

        UserRealm userRealm = IdentityTenantUtil.getRealm(null, null);
        if (userRealm != null) {
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            if (userStoreManager != null) {
                return !userStoreManager.isReadOnly();
            }
        }
        return false;
    }
 
Example 13
Source File: ClaimUtil.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public static Map<String, Object> getClaimsFromUserStore(OAuth2TokenValidationResponseDTO tokenResponse) throws
        UserInfoEndpointException {
    String username = tokenResponse.getAuthorizedUser();
    String tenantDomain = MultitenantUtils.getTenantDomain(tokenResponse.getAuthorizedUser());
    UserRealm realm;
    List<String> claimURIList = new ArrayList<>();
    Map<String, Object> mappedAppClaims = new HashMap<>();

    try {
        realm = IdentityTenantUtil.getRealm(tenantDomain, username);

        if (realm == null) {
            log.warn("No valid tenant domain provider. Empty claim returned back");
            return new HashMap<>();
        }

        Map<String, String> spToLocalClaimMappings;

        UserStoreManager userstore = realm.getUserStoreManager();

        // need to get all the requested claims
        Map<String, String> requestedLocalClaimMap = ClaimManagerHandler.getInstance()
                .getMappingsMapFromOtherDialectToCarbon(SP_DIALECT, null, tenantDomain, true);
        if (MapUtils.isNotEmpty(requestedLocalClaimMap)) {
            for (String s : requestedLocalClaimMap.keySet()) {
                claimURIList.add(s);

            }
            if (log.isDebugEnabled()) {
                log.debug("Requested number of local claims: " + claimURIList.size());
            }

            spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon
                    (SP_DIALECT, null, tenantDomain, false);

            Map<String, String> userClaims = userstore.getUserClaimValues(MultitenantUtils.getTenantAwareUsername
                    (username), claimURIList.toArray(new String[claimURIList.size()]), null);
            if (log.isDebugEnabled()) {
                log.debug("User claims retrieved from user store: " + userClaims.size());
            }

            if (MapUtils.isEmpty(userClaims)) {
                return new HashMap<>();
            }

            for (Map.Entry<String, String> entry : spToLocalClaimMappings.entrySet()) {
                String value = userClaims.get(entry.getValue());
                if (value != null) {
                    mappedAppClaims.put(entry.getKey(), value);
                    if (log.isDebugEnabled() &&
                            IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                        log.debug("Mapped claim: key -  " + entry.getKey() + " value -" + value);
                    }
                }
            }
        }

    } catch (Exception e) {
        if(e instanceof UserStoreException){
            if (e.getMessage().contains("UserNotFound")) {
                if (log.isDebugEnabled()) {
                    log.debug("User " + username + " not found in user store");
                }
            }
        } else {
            log.error("Error while retrieving the claims from user store for " + username, e);
            throw new UserInfoEndpointException("Error while retrieving the claims from user store for " + username);
        }
    }
    return mappedAppClaims;
}
 
Example 14
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Get claims from user store
 *
 * @param requestMsgCtx Token request message context
 * @return Users claim map
 * @throws Exception
 */
private static Map<String, Object> getClaimsFromUserStore(OAuthTokenReqMessageContext requestMsgCtx)
        throws UserStoreException, IdentityApplicationManagementException, IdentityException {

    String username = requestMsgCtx.getAuthorizedUser().toString();
    String tenantDomain = requestMsgCtx.getAuthorizedUser().getTenantDomain();

    UserRealm realm;
    List<String> claimURIList = new ArrayList<String>();
    Map<String, Object> mappedAppClaims = new HashMap<String, Object>();

    ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
    String spName = applicationMgtService
            .getServiceProviderNameByClientId(requestMsgCtx.getOauth2AccessTokenReqDTO().getClientId(),
                                              INBOUND_AUTH2_TYPE, tenantDomain);
    ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
                                                                                                tenantDomain);
    if (serviceProvider == null) {
        return mappedAppClaims;
    }

    realm = IdentityTenantUtil.getRealm(tenantDomain, username);
    if (realm == null) {
        log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
                 + " and user " + username);
        return new HashMap<>();
    }

    Map<String, String> spToLocalClaimMappings;
    UserStoreManager userStoreManager = realm.getUserStoreManager();
    ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();

    if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {

        for (ClaimMapping mapping : requestedLocalClaimMap) {
            if (mapping.isRequested()) {
                claimURIList.add(mapping.getLocalClaim().getClaimUri());
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Requested number of local claims: " + claimURIList.size());
        }

        spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
                SP_DIALECT, null, tenantDomain, false);

        Map<String, String> userClaims = null;
        try {
            userClaims = userStoreManager.getUserClaimValues(
                    MultitenantUtils.getTenantAwareUsername(username),
                    claimURIList.toArray(new String[claimURIList.size()]), null);
        } catch (UserStoreException e) {
            if (e.getMessage().contains("UserNotFound")) {
                if (log.isDebugEnabled()) {
                    log.debug("User " + username + " not found in user store");
                }
            } else {
                throw e;
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Number of user claims retrieved from user store: " + userClaims.size());
        }

        if (MapUtils.isEmpty(userClaims)) {
            return new HashMap<>();
        }

        for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
                .hasNext(); ) {
            Map.Entry<String, String> entry = iterator.next();
            String value = userClaims.get(entry.getValue());
            if (value != null) {
                mappedAppClaims.put(entry.getKey(), value);
                if (log.isDebugEnabled() &&
                        IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                    log.debug("Mapped claim: key -  " + entry.getKey() + " value -" + value);
                }
            }
        }

        String domain = IdentityUtil.extractDomainFromName(username);
        RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(domain)
                .getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(
                IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
    return mappedAppClaims;
}
 
Example 15
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private static Map<String, Object> getClaimsFromUserStore(OAuthAuthzReqMessageContext requestMsgCtx)
        throws IdentityApplicationManagementException, IdentityException, UserStoreException,
        ClaimManagementException {

    AuthenticatedUser user = requestMsgCtx.getAuthorizationReqDTO().getUser();
    String tenantDomain = requestMsgCtx.getAuthorizationReqDTO().getUser().getTenantDomain();

    UserRealm realm;
    List<String> claimURIList = new ArrayList<String>();
    Map<String, Object> mappedAppClaims = new HashMap<String, Object>();

    ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
    String spName = applicationMgtService
            .getServiceProviderNameByClientId(requestMsgCtx.getAuthorizationReqDTO().getConsumerKey(),
                    INBOUND_AUTH2_TYPE, tenantDomain);
    ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
            tenantDomain);
    if (serviceProvider == null) {
        return mappedAppClaims;
    }

    realm = IdentityTenantUtil.getRealm(tenantDomain, user.toString());
    if (realm == null) {
        log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
                + " and user " + user);
        return new HashMap<>();
    }

    Map<String, String> spToLocalClaimMappings;
    UserStoreManager userStoreManager = realm.getUserStoreManager();
    ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();

    if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {

        for (ClaimMapping mapping : requestedLocalClaimMap) {
            if (mapping.isRequested()) {
                claimURIList.add(mapping.getLocalClaim().getClaimUri());
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Requested number of local claims: " + claimURIList.size());
        }

        spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
                SP_DIALECT, null, tenantDomain, false);

        Map<String, String> userClaims = null;
        try {
            userClaims = userStoreManager.getUserClaimValues(UserCoreUtil.addDomainToName(user.getUserName(),
                    user.getUserStoreDomain()), claimURIList.toArray(new String[claimURIList.size()]),null);
        } catch (UserStoreException e) {
            if (e.getMessage().contains("UserNotFound")) {
                if (log.isDebugEnabled()) {
                    log.debug("User " + user + " not found in user store");
                }
            } else {
                throw e;
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Number of user claims retrieved from user store: " + userClaims.size());
        }

        if (MapUtils.isEmpty(userClaims)) {
            return new HashMap<>();
        }

        for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
                .hasNext(); ) {
            Map.Entry<String, String> entry = iterator.next();
            String value = userClaims.get(entry.getValue());
            if (value != null) {
                mappedAppClaims.put(entry.getKey(), value);
                if (log.isDebugEnabled() &&
                        IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                    log.debug("Mapped claim: key -  " + entry.getKey() + " value -" + value);
                }
            }
        }

        RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(user.getUserStoreDomain())
                .getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(
                IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
    return mappedAppClaims;
}