Java Code Examples for org.wso2.carbon.user.core.UserRealm#getUserStoreManager()

The following examples show how to use org.wso2.carbon.user.core.UserRealm#getUserStoreManager() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultClaimHandler.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
private UserStoreManager getUserStoreManager(String tenantDomain, UserRealm realm, String userDomain) throws
        FrameworkException {
    UserStoreManager userStore = null;
    try {
        userStore = realm.getUserStoreManager();
        if (StringUtils.isNotBlank(userDomain)) {
            userStore = realm.getUserStoreManager().getSecondaryUserStoreManager(userDomain);
        }

        if (userStore == null) {
            // To avoid NPEs
            throw new FrameworkException("Invalid user store domain name : " + userDomain + " in tenant : "
                    + tenantDomain);
        }
    } catch (UserStoreException e) {
        throw new FrameworkException("Error occurred while retrieving the UserStoreManager " +
                                     "from Realm for " + tenantDomain + " to handle local claims", e);
    }
    return userStore;
}
 
Example 2
Source File: DefaultClaimHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
private UserStoreManager getUserStoreManager(String tenantDomain, UserRealm realm, String userDomain) throws
        FrameworkException {
    UserStoreManager userStore = null;
    try {
        userStore = realm.getUserStoreManager();
        if (StringUtils.isNotBlank(userDomain)) {
            userStore = realm.getUserStoreManager().getSecondaryUserStoreManager(userDomain);
        }

        if (userStore == null) {
            // To avoid NPEs
            throw new FrameworkException("Invalid user store domain name : " + userDomain + " in tenant : "
                    + tenantDomain);
        }
    } catch (UserStoreException e) {
        throw new FrameworkException("Error occurred while retrieving the UserStoreManager " +
                                     "from Realm for " + tenantDomain + " to handle local claims", e);
    }
    return userStore;
}
 
Example 3
Source File: UserRegistrationService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * This service method will return back all available password validation regular expressions
 * against the corresponding domain names.
 *
 * @return
 * @throws IdentityException
 */
public PasswordRegExDTO[] getPasswordRegularExpressions() throws IdentityException {
    UserRealm realm = null;
    realm = IdentityTenantUtil.getRealm(null, null);
    List<PasswordRegExDTO> passwordRegExList = new ArrayList<PasswordRegExDTO>();
    PasswordRegExDTO passwordRegEx;

    try {
        UserStoreManager manager = realm.getUserStoreManager();
        String domainName;
        String regEx;

        while (manager != null) {
            domainName = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
            regEx = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_JS_REG_EX);
            if (regEx != null && regEx.length() > 0) {
                passwordRegEx = new PasswordRegExDTO();
                passwordRegEx.setDomainName(domainName);
                passwordRegEx.setRegEx(regEx);
                passwordRegExList.add(passwordRegEx);
            }
            manager = manager.getSecondaryUserStoreManager();
        }
    } catch (UserStoreException e) {
        log.error(e);
        throw IdentityException.error(
                "Error occured while loading password validation regular expressions.");
    }
    return passwordRegExList.toArray(new PasswordRegExDTO[passwordRegExList.size()]);
}
 
Example 4
Source File: DefaultProvisioningHandler.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private UserStoreManager getUserStoreManager(UserRealm realm, String userStoreDomain)
        throws UserStoreException, FrameworkException {
    UserStoreManager userStoreManager;
    if (userStoreDomain != null && !userStoreDomain.isEmpty()) {
        userStoreManager = realm.getUserStoreManager().getSecondaryUserStoreManager(
                userStoreDomain);
    } else {
        userStoreManager = realm.getUserStoreManager();
    }

    if (userStoreManager == null) {
        throw new FrameworkException("Specified user store is invalid");
    }
    return userStoreManager;
}
 
Example 5
Source File: UserStoreManagerService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
private UserStoreManager getUserStoreManager() throws UserStoreException {
    try {
        UserRealm realm = super.getUserRealm();
        if (realm == null) {
            throw new UserStoreException(NULL_REALM_MESSAGE);
        }
        return realm.getUserStoreManager();
    } catch (Exception e) {
        throw new UserStoreException(e);
    }
}
 
Example 6
Source File: UserRegistrationService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public boolean isAddUserEnabled() throws Exception {

        UserRealm userRealm = IdentityTenantUtil.getRealm(null, null);
        if (userRealm != null) {
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            if (userStoreManager != null) {
                return !userStoreManager.isReadOnly();
            }
        }
        return false;
    }
 
Example 7
Source File: OutboundProvisioningManager.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param userName
 * @param tenantDomain
 * @return
 * @throws CarbonException
 * @throws UserStoreException
 */
private Map<String, String> getUserClaims(String userName, String tenantDomain) throws CarbonException,
        UserStoreException {

    Map<String, String> inboundAttributes = new HashMap<>();

    RegistryService registryService = IdentityProvisionServiceComponent.getRegistryService();
    RealmService realmService = IdentityProvisionServiceComponent.getRealmService();

    UserRealm realm = AnonymousSessionUtil.getRealmByTenantDomain(registryService,
            realmService, tenantDomain);

    UserStoreManager userstore = null;
    userstore = realm.getUserStoreManager();
    Claim[] claimArray = null;
    try {
        claimArray = userstore.getUserClaimValues(userName, null);
    } catch (UserStoreException e) {
        if (e.getMessage().contains("UserNotFound")) {
            if (log.isDebugEnabled()) {
                log.debug("User " + userName + " not found in user store");
            }
        } else {
            throw e;
        }
    }
    if (claimArray != null) {
        for (Claim claim : claimArray) {
            inboundAttributes.put(claim.getClaimUri(), claim.getValue());
        }
    }

    return inboundAttributes;
}
 
Example 8
Source File: OutboundProvisioningManager.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * @param userName
 * @param tenantDomain
 * @return
 * @throws CarbonException
 * @throws UserStoreException
 */
private List<String> getUserRoles(String userName, String tenantDomain) throws CarbonException,
        UserStoreException {

    RegistryService registryService = IdentityProvisionServiceComponent.getRegistryService();
    RealmService realmService = IdentityProvisionServiceComponent.getRealmService();

    UserRealm realm = AnonymousSessionUtil.getRealmByTenantDomain(registryService,
            realmService, tenantDomain);

    UserStoreManager userstore = null;
    userstore = realm.getUserStoreManager();
    String[] newRoles = userstore.getRoleListOfUser(userName);
    return Arrays.asList(newRoles);
}
 
Example 9
Source File: UserSignUpWorkflowExecutor.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
/**
 * Method updates Roles users with subscriber role
 * @param serverURL
 * @param adminUsername
 * @param adminPassword
 * @param userName
 * @param role
 * @throws Exception
 */
protected static void updateRolesOfUser(String serverURL, String adminUsername,
                                        String adminPassword, String userName, String role)
                                                                                           throws Exception {
	if (log.isDebugEnabled()) {
		log.debug("Adding Subscriber role to " + userName);
	}

	String url = serverURL + "UserAdmin";
	RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
	UserRealm realm = realmService.getBootstrapRealm();
	UserStoreManager manager = realm.getUserStoreManager();
	if (!manager.isExistingRole(role)){
		log.error("Could not find role " + role + " in the user store");
		throw new Exception("Could not find role " + role + " in the user store");
	}

	UserAdminStub userAdminStub = new UserAdminStub(url);
	CarbonUtils.setBasicAccessSecurityHeaders(adminUsername, adminPassword, userAdminStub._getServiceClient());
	FlaggedName[] flaggedNames = userAdminStub.getRolesOfUser(userName, "*", -1);
	List<String> roles = new ArrayList<String>();
	if (flaggedNames != null) {
		for (FlaggedName flaggedName : flaggedNames) {
			if (flaggedName.getSelected()) {
				roles.add(flaggedName.getItemName());
			}
		}
	}
	roles.add(role);
	userAdminStub.updateRolesOfUser(userName, roles.toArray(new String[roles.size()]));
}
 
Example 10
Source File: DefaultProvisioningHandler.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
private UserStoreManager getUserStoreManager(UserRealm realm, String userStoreDomain)
        throws UserStoreException, FrameworkException {
    UserStoreManager userStoreManager;
    if (userStoreDomain != null && !userStoreDomain.isEmpty()) {
        userStoreManager = realm.getUserStoreManager().getSecondaryUserStoreManager(
                userStoreDomain);
    } else {
        userStoreManager = realm.getUserStoreManager();
    }

    if (userStoreManager == null) {
        throw new FrameworkException("Specified user store is invalid");
    }
    return userStoreManager;
}
 
Example 11
Source File: UserProfileAdmin.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public boolean isAddProfileEnabled() throws UserProfileException {
    UserRealm realm = getUserRealm();
    UserStoreManager userStoreManager = null;
    try {
        userStoreManager = realm.getUserStoreManager();
    } catch (UserStoreException e) {
        String errorMessage = "Error in obtaining UserStoreManager.";
        log.error(errorMessage, e);
        throw new UserProfileException(errorMessage, e);
    }
    return userStoreManager.isMultipleProfilesAllowed();
}
 
Example 12
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public boolean isAddUserEnabled() throws Exception {

        UserRealm userRealm = IdentityTenantUtil.getRealm(null, null);
        if (userRealm != null) {
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            if (userStoreManager != null) {
                return !userStoreManager.isReadOnly();
            }
        }
        return false;
    }
 
Example 13
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * This service method will return back all available password validation regular expressions
 * against the corresponding domain names.
 *
 * @return
 * @throws IdentityException
 */
public PasswordRegExDTO[] getPasswordRegularExpressions() throws IdentityException {
    UserRealm realm = null;
    realm = IdentityTenantUtil.getRealm(null, null);
    List<PasswordRegExDTO> passwordRegExList = new ArrayList<PasswordRegExDTO>();
    PasswordRegExDTO passwordRegEx;

    try {
        UserStoreManager manager = realm.getUserStoreManager();
        String domainName;
        String regEx;

        while (manager != null) {
            domainName = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
            regEx = manager.getRealmConfiguration().getUserStoreProperty(
                    UserCoreConstants.RealmConfig.PROPERTY_JS_REG_EX);
            if (regEx != null && regEx.length() > 0) {
                passwordRegEx = new PasswordRegExDTO();
                passwordRegEx.setDomainName(domainName);
                passwordRegEx.setRegEx(regEx);
                passwordRegExList.add(passwordRegEx);
            }
            manager = manager.getSecondaryUserStoreManager();
        }
    } catch (UserStoreException e) {
        log.error(e);
        throw IdentityException.error(
                "Error occured while loading password validation regular expressions.");
    }
    return passwordRegExList.toArray(new PasswordRegExDTO[passwordRegExList.size()]);
}
 
Example 14
Source File: UserProfileAdmin.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public boolean isAddProfileEnabled() throws UserProfileException {
    UserRealm realm = getUserRealm();
    UserStoreManager userStoreManager = null;
    try {
        userStoreManager = realm.getUserStoreManager();
    } catch (UserStoreException e) {
        String errorMessage = "Error in obtaining UserStoreManager.";
        log.error(errorMessage, e);
        throw new UserProfileException(errorMessage, e);
    }
    return userStoreManager.isMultipleProfilesAllowed();
}
 
Example 15
Source File: APIManagerComponent.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
private void setupSelfRegistration(APIManagerConfiguration config) throws APIManagementException {
    boolean enabled = Boolean.parseBoolean(config.getFirstProperty(APIConstants.SELF_SIGN_UP_ENABLED));
    if (!enabled) {
        return;
    }
    String role = config.getFirstProperty(APIConstants.SELF_SIGN_UP_ROLE);
    if (role == null) {
        // Required parameter missing - Throw an exception and interrupt startup
        throw new APIManagementException("Required subscriber role parameter missing " + "in the self sign up configuration");
    }
    try {
        RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
        UserRealm realm = realmService.getBootstrapRealm();
        UserStoreManager manager = realm.getUserStoreManager();
        if (!manager.isExistingRole(role)) {
            if (log.isDebugEnabled()) {
                log.debug("Creating subscriber role: " + role);
            }
            Permission[] subscriberPermissions = new Permission[] { new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION), new Permission(APIConstants.Permissions.API_SUBSCRIBE, UserMgtConstants.EXECUTE_ACTION) };
            String superTenantName = ServiceReferenceHolder.getInstance().getRealmService().getBootstrapRealmConfiguration().getAdminUserName();
            String[] userList = new String[] { superTenantName };
            manager.addRole(role, userList, subscriberPermissions);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while creating subscriber role: " + role + " - " + "Self registration might not function properly.", e);
    }
}
 
Example 16
Source File: OutboundProvisioningManager.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * @param userName
 * @param tenantDomain
 * @return
 * @throws CarbonException
 * @throws UserStoreException
 */
private Map<String, String> getUserClaims(String userName, String tenantDomain) throws CarbonException,
                                                                                       UserStoreException {

    Map<String, String> inboundAttributes = new HashMap<>();

    RegistryService registryService = IdentityProvisionServiceComponent.getRegistryService();
    RealmService realmService = IdentityProvisionServiceComponent.getRealmService();

    UserRealm realm = AnonymousSessionUtil.getRealmByTenantDomain(registryService,
                                                                  realmService, tenantDomain);

    UserStoreManager userstore = null;
    userstore = realm.getUserStoreManager();
    Claim[] claimArray = null;
    try {
        claimArray = userstore.getUserClaimValues(userName, null);
    } catch (UserStoreException e) {
        if (e.getMessage().contains("UserNotFound")) {
            if (log.isDebugEnabled()) {
                log.debug("User " + userName + " not found in user store");
            }
        } else {
            throw e;
        }
    }
    if (claimArray != null) {
        for (Claim claim : claimArray) {
            inboundAttributes.put(claim.getClaimUri(), claim.getValue());
        }
    }

    return inboundAttributes;
}
 
Example 17
Source File: OutboundProvisioningManager.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * @param userName
 * @param tenantDomain
 * @return
 * @throws CarbonException
 * @throws UserStoreException
 */
private List<String> getUserRoles(String userName, String tenantDomain) throws CarbonException,
                                                                               UserStoreException {

    RegistryService registryService = IdentityProvisionServiceComponent.getRegistryService();
    RealmService realmService = IdentityProvisionServiceComponent.getRealmService();

    UserRealm realm = AnonymousSessionUtil.getRealmByTenantDomain(registryService,
            realmService, tenantDomain);

    UserStoreManager userstore = null;
    userstore = realm.getUserStoreManager();
    String[] newRoles = userstore.getRoleListOfUser(userName);
    return Arrays.asList(newRoles);
}
 
Example 18
Source File: UserRegistrationService.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
private void addUser(String userName, String password, Map<String, String> claimList,
                     String profileName, UserRealm realm) throws IdentityException {
    UserStoreManager admin = null;
    Permission permission = null;
    try {
        // get config from tenant registry
        TenantRegistrationConfig tenantConfig = getTenantSignUpConfig(realm.getUserStoreManager().getTenantId());
        // set tenant config specific sign up domain
        if (tenantConfig != null && !"".equals(tenantConfig.getSignUpDomain())) {
            int index = userName.indexOf(UserCoreConstants.DOMAIN_SEPARATOR);
            if (index > 0) {
                userName = tenantConfig.getSignUpDomain().toUpperCase() + UserCoreConstants.DOMAIN_SEPARATOR
                        + userName.substring(index + 1);
            } else {
                userName = tenantConfig.getSignUpDomain().toUpperCase() + UserCoreConstants.DOMAIN_SEPARATOR
                        + userName;
            }
        }

        // add user to the relevant user store

        admin = realm.getUserStoreManager();
        if (!isUserNameWithAllowedDomainName(userName, realm)) {
            throw IdentityException.error("Domain does not permit self registration");
        }
        // add user
        admin.addUser(userName, password, null, claimList, profileName);

        // after adding the user, assign specif roles
        List<String> roleNamesArr = getRoleName(userName, tenantConfig);
        if (claimList.get(SelfRegistrationConstants.SIGN_UP_ROLE_CLAIM_URI) != null) {
            // check is a user role is specified as a claim by the client, if so add it to the roles list
            if (tenantConfig != null) {
                roleNamesArr.add(tenantConfig.getSignUpDomain().toUpperCase()
                        + UserCoreConstants.DOMAIN_SEPARATOR
                        + claimList.get(SelfRegistrationConstants.SIGN_UP_ROLE_CLAIM_URI));
            } else {
                roleNamesArr.add(UserCoreConstants.INTERNAL_DOMAIN
                        + UserCoreConstants.DOMAIN_SEPARATOR
                        + claimList.get(SelfRegistrationConstants.SIGN_UP_ROLE_CLAIM_URI));
            }
        }
        String[] identityRoleNames = roleNamesArr.toArray(new String[roleNamesArr.size()]);

        for (int i = 0; i < identityRoleNames.length; i++) {
            // if this is the first time a user signs up, needs to create role
            doAddUser(i, admin, identityRoleNames, userName, permission);
        }
    } catch (UserStoreException e) {
        throw IdentityException.error("Error occurred while adding user : " + userName + ". " + e.getMessage(), e);
    }
}
 
Example 19
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Get claims from user store
 *
 * @param requestMsgCtx Token request message context
 * @return Users claim map
 * @throws Exception
 */
private static Map<String, Object> getClaimsFromUserStore(OAuthTokenReqMessageContext requestMsgCtx)
        throws UserStoreException, IdentityApplicationManagementException, IdentityException {

    String username = requestMsgCtx.getAuthorizedUser().toString();
    String tenantDomain = requestMsgCtx.getAuthorizedUser().getTenantDomain();

    UserRealm realm;
    List<String> claimURIList = new ArrayList<String>();
    Map<String, Object> mappedAppClaims = new HashMap<String, Object>();

    ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
    String spName = applicationMgtService
            .getServiceProviderNameByClientId(requestMsgCtx.getOauth2AccessTokenReqDTO().getClientId(),
                                              INBOUND_AUTH2_TYPE, tenantDomain);
    ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
                                                                                                tenantDomain);
    if (serviceProvider == null) {
        return mappedAppClaims;
    }

    realm = IdentityTenantUtil.getRealm(tenantDomain, username);
    if (realm == null) {
        log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
                 + " and user " + username);
        return new HashMap<>();
    }

    Map<String, String> spToLocalClaimMappings;
    UserStoreManager userStoreManager = realm.getUserStoreManager();
    ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();

    if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {

        for (ClaimMapping mapping : requestedLocalClaimMap) {
            if (mapping.isRequested()) {
                claimURIList.add(mapping.getLocalClaim().getClaimUri());
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Requested number of local claims: " + claimURIList.size());
        }

        spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
                SP_DIALECT, null, tenantDomain, false);

        Map<String, String> userClaims = null;
        try {
            userClaims = userStoreManager.getUserClaimValues(
                    MultitenantUtils.getTenantAwareUsername(username),
                    claimURIList.toArray(new String[claimURIList.size()]), null);
        } catch (UserStoreException e) {
            if (e.getMessage().contains("UserNotFound")) {
                if (log.isDebugEnabled()) {
                    log.debug("User " + username + " not found in user store");
                }
            } else {
                throw e;
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Number of user claims retrieved from user store: " + userClaims.size());
        }

        if (MapUtils.isEmpty(userClaims)) {
            return new HashMap<>();
        }

        for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
                .hasNext(); ) {
            Map.Entry<String, String> entry = iterator.next();
            String value = userClaims.get(entry.getValue());
            if (value != null) {
                mappedAppClaims.put(entry.getKey(), value);
                if (log.isDebugEnabled() &&
                        IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                    log.debug("Mapped claim: key -  " + entry.getKey() + " value -" + value);
                }
            }
        }

        String domain = IdentityUtil.extractDomainFromName(username);
        RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(domain)
                .getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(
                IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
    return mappedAppClaims;
}
 
Example 20
Source File: SAMLAssertionClaimsCallback.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
private static Map<String, Object> getClaimsFromUserStore(OAuthAuthzReqMessageContext requestMsgCtx)
        throws IdentityApplicationManagementException, IdentityException, UserStoreException,
        ClaimManagementException {

    AuthenticatedUser user = requestMsgCtx.getAuthorizationReqDTO().getUser();
    String tenantDomain = requestMsgCtx.getAuthorizationReqDTO().getUser().getTenantDomain();

    UserRealm realm;
    List<String> claimURIList = new ArrayList<String>();
    Map<String, Object> mappedAppClaims = new HashMap<String, Object>();

    ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
    String spName = applicationMgtService
            .getServiceProviderNameByClientId(requestMsgCtx.getAuthorizationReqDTO().getConsumerKey(),
                    INBOUND_AUTH2_TYPE, tenantDomain);
    ServiceProvider serviceProvider = applicationMgtService.getApplicationExcludingFileBasedSPs(spName,
            tenantDomain);
    if (serviceProvider == null) {
        return mappedAppClaims;
    }

    realm = IdentityTenantUtil.getRealm(tenantDomain, user.toString());
    if (realm == null) {
        log.warn("No valid tenant domain provider. Empty claim returned back for tenant " + tenantDomain
                + " and user " + user);
        return new HashMap<>();
    }

    Map<String, String> spToLocalClaimMappings;
    UserStoreManager userStoreManager = realm.getUserStoreManager();
    ClaimMapping[] requestedLocalClaimMap = serviceProvider.getClaimConfig().getClaimMappings();

    if (requestedLocalClaimMap != null && requestedLocalClaimMap.length > 0) {

        for (ClaimMapping mapping : requestedLocalClaimMap) {
            if (mapping.isRequested()) {
                claimURIList.add(mapping.getLocalClaim().getClaimUri());
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Requested number of local claims: " + claimURIList.size());
        }

        spToLocalClaimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(
                SP_DIALECT, null, tenantDomain, false);

        Map<String, String> userClaims = null;
        try {
            userClaims = userStoreManager.getUserClaimValues(UserCoreUtil.addDomainToName(user.getUserName(),
                    user.getUserStoreDomain()), claimURIList.toArray(new String[claimURIList.size()]),null);
        } catch (UserStoreException e) {
            if (e.getMessage().contains("UserNotFound")) {
                if (log.isDebugEnabled()) {
                    log.debug("User " + user + " not found in user store");
                }
            } else {
                throw e;
            }
        }

        if (log.isDebugEnabled()) {
            log.debug("Number of user claims retrieved from user store: " + userClaims.size());
        }

        if (MapUtils.isEmpty(userClaims)) {
            return new HashMap<>();
        }

        for (Iterator<Map.Entry<String, String>> iterator = spToLocalClaimMappings.entrySet().iterator(); iterator
                .hasNext(); ) {
            Map.Entry<String, String> entry = iterator.next();
            String value = userClaims.get(entry.getValue());
            if (value != null) {
                mappedAppClaims.put(entry.getKey(), value);
                if (log.isDebugEnabled() &&
                        IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
                    log.debug("Mapped claim: key -  " + entry.getKey() + " value -" + value);
                }
            }
        }

        RealmConfiguration realmConfiguration = userStoreManager.getSecondaryUserStoreManager(user.getUserStoreDomain())
                .getRealmConfiguration();

        String claimSeparator = realmConfiguration.getUserStoreProperty(
                IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
        if (StringUtils.isNotBlank(claimSeparator)) {
            mappedAppClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
        }
    }
    return mappedAppClaims;
}