Java Code Examples for org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext#setProperty()
The following examples show how to use
org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext#setProperty() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DefaultRequestCoordinator.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private void handleIdentifierRequestInPreviousSteps(AuthenticationContext context) {
boolean isIDFAuthenticatorFound = false;
int currentStep = context.getCurrentStep();
if (log.isDebugEnabled()) {
log.debug("Started to handle the IDF request as previous steps since the current steps cannot handle the" +
" IDF request");
}
while (currentStep > 1 && !isIDFAuthenticatorFound) {
currentStep = currentStep - 1;
isIDFAuthenticatorFound = isIDFAuthenticatorFoundInStep(context.getSequenceConfig().getStepMap().get(currentStep));
}
if (isIDFAuthenticatorFound) {
context.setCurrentStep(currentStep);
context.setProperty(BACK_TO_PREVIOUS_STEP, true);
//IDF should be the first step.
context.getCurrentAuthenticatedIdPs().clear();
} else {
if (log.isDebugEnabled()) {
log.debug("IDF requests cannot handle in any of the previous steps.");
}
}
}
Example 2
| Source File: AbstractLocalApplicationAuthenticator.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* To decide whether need to redirect the user to login page to retry authentication.
*
* @param request the httpServletRequest
* @param response the httpServletResponse
* @param context the authentication context
* @param e the authentication failed exception
* @return authentication flow status
* @throws AuthenticationFailedException the exception in the authentication flow
*/
protected AuthenticatorFlowStatus handleRetryOnFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationContext context,
AuthenticationFailedException e)
throws AuthenticationFailedException {
boolean sendToMultiOptionPage =
isStepHasMultiOption(context) && isRedirectToMultiOptionPageOnFailure();
if (retryAuthenticationEnabled(context) && !sendToMultiOptionPage) {
// The Authenticator will re-initiate the authentication and retry.
context.setRetrying(true);
return initiateAuthenticationFlow(request, response, context);
} else {
context.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, getName());
/*
By throwing this exception step handler will redirect to multi options page if
multi-option are available in the step.
*/
throw e;
}
}
Example 3
| Source File: DefaultClaimHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private void setSubjectClaimForStandardDialect(String tenantAwareUserId, UserStoreManager userStore,
AuthenticationContext context, String subjectURI) {
try {
String value = userStore.getUserClaimValue(tenantAwareUserId, subjectURI, null);
if (value != null) {
context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, value);
if (log.isDebugEnabled()) {
log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value " +
"from user store " + value);
}
} else {
if (log.isDebugEnabled()) {
log.debug("Subject claim for " + tenantAwareUserId + " not found in user store");
}
}
} catch (UserStoreException e) {
log.error("Error occurred while retrieving " + subjectURI + " claim value for user " + tenantAwareUserId,
e);
}
}
Example 4
| Source File: DefaultClaimHandler.java From carbon-identity with Apache License 2.0 | 6 votes |
|
private void setSubjectClaimForStandardDialect(String tenantAwareUserId, UserStoreManager userStore,
AuthenticationContext context, String subjectURI) {
try {
String value = userStore.getUserClaimValue(tenantAwareUserId, subjectURI, null);
if (value != null) {
context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, value);
if (log.isDebugEnabled()) {
log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value " +
"from user store " + value);
}
} else {
if(log.isDebugEnabled()) {
log.debug("Subject claim for " + tenantAwareUserId + " not found in user store");
}
}
} catch (UserStoreException e) {
log.error("Error occurred while retrieving " + subjectURI + " claim value for user " + tenantAwareUserId,
e);
}
}
Example 5
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private void gotoToNextNode(AuthenticationContext context, SequenceConfig sequenceConfig,
AuthGraphNode currentNode) {
AuthGraphNode nextNode = null;
if (currentNode instanceof StepConfigGraphNode) {
nextNode = ((StepConfigGraphNode) currentNode).getNext();
}
if (nextNode == null) {
if (log.isDebugEnabled()) {
log.debug("No Next node found for the current graph node : " + currentNode.getName() +
", Service Provider: " + context.getServiceProviderName() +
" . Ending the authentication flow.");
}
nextNode = new EndStep();
}
context.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, nextNode);
}
Example 6
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private boolean handleNode(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context,
SequenceConfig sequenceConfig, AuthGraphNode currentNode) throws FrameworkException {
context.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, currentNode);
boolean isInterrupt = false;
if (currentNode instanceof ShowPromptNode) {
isInterrupt = handlePrompt(request, response, context, sequenceConfig, (ShowPromptNode) currentNode);
} else if (currentNode instanceof LongWaitNode) {
isInterrupt = handleLongWait(request, response, context, sequenceConfig, (LongWaitNode) currentNode);
} else if (currentNode instanceof DynamicDecisionNode) {
handleDecisionPoint(request, response, context, sequenceConfig, (DynamicDecisionNode) currentNode);
} else if (currentNode instanceof StepConfigGraphNode) {
isInterrupt = handleAuthenticationStep(request, response, context, sequenceConfig,
(StepConfigGraphNode) currentNode);
if (!isInterrupt) {
gotoToNextNode(context, sequenceConfig, currentNode);
}
} else if (currentNode instanceof EndStep) {
handleEndOfSequence(request, response, context, sequenceConfig);
} else if (currentNode instanceof FailNode) {
handleAuthFail(request, response, context, sequenceConfig, (FailNode)currentNode);
}
return isInterrupt;
}
Example 7
| Source File: GraphBasedSequenceHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
private void modifyCurrentNodeAsPreviousStep(AuthenticationContext context) {
context.removeProperty(BACK_TO_PREVIOUS_STEP);
if (context.getProperty(PROP_CURRENT_NODE) != null) {
//Identifier first should be the first step. Other steps will be determine dynamically.
for (int i = 2; i <= context.getSequenceConfig().getStepMap().size(); i++) {
context.getSequenceConfig().getStepMap().remove(i);
}
AuthGraphNode parentNode = ((AuthGraphNode) context.getProperty(PROP_CURRENT_NODE)).getParent();
while (parentNode != null && !isIdentifierFirstStep((parentNode))) {
if (parentNode instanceof DynamicDecisionNode) {
((DynamicDecisionNode) parentNode).setDefaultEdge(new EndStep());
}
parentNode = parentNode.getParent();
}
context.setProperty(PROP_CURRENT_NODE, parentNode);
if (log.isDebugEnabled()) {
log.debug("Modified current node a parent node which can handle the Identifier First requests.");
}
}
}
Example 8
| Source File: GraphBasedStepHandler.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
@Override
protected void handleFailedAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context, AuthenticatorConfig authenticatorConfig,
User user) {
super.handleFailedAuthentication(request, response, context, authenticatorConfig, user);
if (user != null) {
AuthenticatedUser lastAttemptedUser = buildAuthenticatedUser(user);
context.setProperty(FrameworkConstants.JSAttributes.JS_LAST_LOGIN_FAILED_USER, lastAttemptedUser);
if (log.isDebugEnabled()) {
log.debug("Last attempted user : " + lastAttemptedUser.toFullQualifiedUsername() + " is set in the " +
"authentication context for failed login attempt to service provider: " +
context.getServiceProviderName());
}
}
request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.FAIL_COMPLETED);
if (log.isDebugEnabled()) {
log.debug("Authentication flow status set to '" + AuthenticatorFlowStatus.FAIL_COMPLETED + "' for " +
"authentication attempt made to service provider: " + context.getServiceProviderName());
}
}
Example 9
| Source File: DefaultAuthenticationRequestHandlerTest.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
private void setUser(AuthenticationContext context, String userName) {
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
authenticatedUser.setAuthenticatedSubjectIdentifier(userName);
context.setProperty("user-tenant-domain", MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
context.getSequenceConfig().setAuthenticatedUser(authenticatedUser);
}
Example 10
| Source File: DefaultRequestCoordinator.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Associates the transient request data to the Authentication Context.
*
* @param request
* @param response
* @param context
*/
private void associateTransientRequestData(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context) {
if(context == null) {
return;
}
// set current request and response to the authentication context.
context.setProperty(FrameworkConstants.RequestAttribute.HTTP_REQUEST, new TransientObjectWrapper(request));
context.setProperty(FrameworkConstants.RequestAttribute.HTTP_RESPONSE, new TransientObjectWrapper(response));
}
Example 11
| Source File: AbstractLocalApplicationAuthenticator.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* To check whether user domain and tenant domain equal for non SaaS application.
*
* @param context the authentication context
* @throws AuthenticationFailedException the exception in the authentication flow
*/
protected void validateNonSaasAppLogin(AuthenticationContext context) throws AuthenticationFailedException {
String userTenantDomain = context.getSubject().getTenantDomain();
String spTenantDomain = context.getTenantDomain();
if (!StringUtils.equals(userTenantDomain, spTenantDomain)) {
context.setProperty(FrameworkConstants.USER_TENANT_DOMAIN_MISMATCH, true);
throw new AuthenticationFailedException("Service Provider tenant domain must be " +
"equal to user tenant domain for non-SaaS applications", context.getSubject());
}
}
Example 12
| Source File: JsAuthenticationContextTest.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
@Test
public void testGetLastLoginFailedUserNullFromWrappedContext() throws Exception {
AuthenticationContext authenticationContext = new AuthenticationContext();
authenticationContext.setProperty(FrameworkConstants.JSAttributes.JS_LAST_LOGIN_FAILED_USER, null);
JsAuthenticationContext jsAuthenticationContext = new JsAuthenticationContext(authenticationContext);
Bindings bindings = scriptEngine.getBindings(ScriptContext.GLOBAL_SCOPE);
bindings.put("context", jsAuthenticationContext);
Object result = scriptEngine.eval("context.lastLoginFailedUser");
assertNull(result);
}
Example 13
| Source File: AbstractApplicationAuthenticator.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
protected void publishAuthenticationStepAttempt(HttpServletRequest request, AuthenticationContext context,
User user, boolean success) {
AuthenticationDataPublisher authnDataPublisherProxy = FrameworkServiceDataHolder.getInstance()
.getAuthnDataPublisherProxy();
if (authnDataPublisherProxy != null && authnDataPublisherProxy.isEnabled(context)) {
boolean isFederated = this instanceof FederatedApplicationAuthenticator;
Map<String, Object> paramMap = new HashMap<>();
paramMap.put(FrameworkConstants.AnalyticsAttributes.USER, user);
if (isFederated) {
// Setting this value to authentication context in order to use in AuthenticationSuccess Event
context.setProperty(FrameworkConstants.AnalyticsAttributes.HAS_FEDERATED_STEP, true);
paramMap.put(FrameworkConstants.AnalyticsAttributes.IS_FEDERATED, true);
paramMap.put(FrameworkConstants.AUTHENTICATOR, getName());
if (user != null) {
user.setTenantDomain(context.getTenantDomain());
}
} else {
// Setting this value to authentication context in order to use in AuthenticationSuccess Event
context.setProperty(FrameworkConstants.AnalyticsAttributes.HAS_LOCAL_STEP, true);
paramMap.put(FrameworkConstants.AnalyticsAttributes.IS_FEDERATED, false);
}
Map<String, Object> unmodifiableParamMap = Collections.unmodifiableMap(paramMap);
if (success) {
authnDataPublisherProxy.publishAuthenticationStepSuccess(request, context,
unmodifiableParamMap);
} else {
authnDataPublisherProxy.publishAuthenticationStepFailure(request, context,
unmodifiableParamMap);
}
}
}
Example 14
| Source File: JITProvisioningPostAuthenticationHandlerTest.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* To get the authentication context and to call the handle method of the PostJitProvisioningHandler.
*
* @param sp1 Service Provider
* @return relevant authentication context.
* @throws FrameworkException Framwork Exception.
*/
private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider sp1, boolean
withAuthenticatedUser, boolean isFederated) throws FrameworkException {
AuthenticationContext context = getAuthenticationContext(sp1);
SequenceConfig sequenceConfig = configurationLoader
.getSequenceConfig(context, Collections.emptyMap(), sp1);
context.setSequenceConfig(sequenceConfig);
context.setProperty(FrameworkConstants.STEP_BASED_SEQUENCE_HANDLER_TRIGGERED, true);
ApplicationAuthenticator applicationAuthenticator = mock(ApplicationAuthenticator.class);
if (isFederated) {
applicationAuthenticator = mock(FederatedApplicationAuthenticator.class);
}
when(applicationAuthenticator.getName()).thenReturn("Authenticator1");
if (withAuthenticatedUser) {
AuthenticatedUser authenticatedUser = new AuthenticatedUser();
authenticatedUser.setUserName("test");
authenticatedUser.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
authenticatedUser.setAuthenticatedSubjectIdentifier("test");
sequenceConfig.setAuthenticatedUser(authenticatedUser);
AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
authenticatorConfig.setApplicationAuthenticator(applicationAuthenticator);
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
stepConfig.setAuthenticatedUser(authenticatedUser);
}
context.setSequenceConfig(sequenceConfig);
}
UserCoreUtil.setDomainInThreadLocal("test_domain");
return context;
}
Example 15
| Source File: DefaultClaimHandler.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* Set authenticated user's SP Subject Claim URI as a property
*/
private void setSubjectClaim(String tenantAwareUserId, UserStoreManager userStore,
Map<String, String> attributesMap, String spStandardDialect,
AuthenticationContext context) {
String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
ServiceProvider serviceProvider = applicationConfig.getServiceProvider();
ClaimConfig claimConfig = serviceProvider.getClaimConfig();
boolean isLocalClaimDialect = claimConfig.isLocalClaimDialect();
Map<String, String> spToLocalClaimMappings = applicationConfig.getClaimMappings();
if (subjectURI != null) {
if (!isLocalClaimDialect && spStandardDialect != null) {
if (spToLocalClaimMappings != null) {
subjectURI = spToLocalClaimMappings.get(subjectURI);
}
}
if (attributesMap.get(subjectURI) != null) {
context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, attributesMap.get(subjectURI));
if (log.isDebugEnabled()) {
log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value from " +
"attribute map " + attributesMap.get(subjectURI));
}
} else {
log.debug("Subject claim not found among attributes");
}
// if federated case return
if (tenantAwareUserId == null || userStore == null) {
log.debug("Tenant aware username or user store \'NULL\'. Possibly federated case");
return;
}
// standard dialect
if (spStandardDialect != null) {
setSubjectClaimForStandardDialect(tenantAwareUserId, userStore, context, subjectURI);
}
}
}
Example 16
| Source File: DefaultRequestCoordinator.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* Handles the initial request (from the calling servlet)
*
* @param request
* @param response
* @throws ServletException
* @throws IOException
* @throws
*/
protected AuthenticationContext initializeFlow(HttpServletRequest request, HttpServletResponse response)
throws FrameworkException {
if (log.isDebugEnabled()) {
log.debug("Initializing the flow");
}
// "sessionDataKey" - calling servlet maintains its state information
// using this
String callerSessionDataKey = request.getParameter(FrameworkConstants.SESSION_DATA_KEY);
// "commonAuthCallerPath" - path of the calling servlet. This is the url
// response should be sent to
String callerPath = getCallerPath(request);
// "type" - type of the request. e.g. samlsso, openid, oauth, passivests
String requestType = request.getParameter(FrameworkConstants.RequestParams.TYPE);
// "relyingParty"
String relyingParty = request.getParameter(FrameworkConstants.RequestParams.ISSUER);
// tenant domain
String tenantDomain = getTenantDomain(request);
// Store the request data sent by the caller
AuthenticationContext context = new AuthenticationContext();
context.setCallerSessionKey(callerSessionDataKey);
context.setCallerPath(callerPath);
context.setRequestType(requestType);
context.setRelyingParty(relyingParty);
context.setTenantDomain(tenantDomain);
// generate a new key to hold the context data object
String contextId = UUIDGenerator.generateUUID();
context.setContextIdentifier(contextId);
if (log.isDebugEnabled()) {
log.debug("Framework contextId: " + contextId);
}
// if this a logout request from the calling servlet
if (request.getParameter(FrameworkConstants.RequestParams.LOGOUT) != null) {
if (log.isDebugEnabled()) {
log.debug("Starting a logout flow");
}
context.setLogoutRequest(true);
if (context.getRelyingParty() == null || context.getRelyingParty().trim().length() == 0) {
if (log.isDebugEnabled()) {
log.debug("relyingParty param is null. This is a possible logout scenario.");
}
Cookie cookie = FrameworkUtils.getAuthCookie(request);
String sessionContextKey = null;
if (cookie != null) {
sessionContextKey = DigestUtils.sha256Hex(cookie.getValue());
} else {
sessionContextKey = request.getParameter(SESSION_ID);
}
context.setSessionIdentifier(sessionContextKey);
return context;
}
} else {
if (log.isDebugEnabled()) {
log.debug("Starting an authentication flow");
}
}
List<ClaimMapping> requestedClaimsInRequest = (List<ClaimMapping>) request.getAttribute(REQUESTED_ATTRIBUTES);
context.setProperty(FrameworkConstants.SP_REQUESTED_CLAIMS_IN_REQUEST, requestedClaimsInRequest);
associateTransientRequestData(request, response, context);
findPreviousAuthenticatedSession(request, context);
buildOutboundQueryString(request, context);
return context;
}
Example 17
| Source File: DefaultClaimHandler.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* @param spStandardDialect
* @param remoteClaims
* @param stepConfig
* @param context
* @return
* @throws FrameworkException
*/
protected Map<String, String> handleFederatedClaims(Map<String, String> remoteClaims, String spStandardDialect,
StepConfig stepConfig, AuthenticationContext context)
throws FrameworkException {
ClaimMapping[] idPClaimMappings = context.getExternalIdP().getClaimMappings();
if (idPClaimMappings == null) {
idPClaimMappings = new ClaimMapping[0];
}
Map<String, String> spClaimMappings = context.getSequenceConfig().getApplicationConfig().
getClaimMappings();
if (spClaimMappings == null) {
spClaimMappings = new HashMap<>();
}
Map<String, String> carbonToStandardClaimMapping = new HashMap<>();
Map<String, String> spRequestedClaimMappings = context.getSequenceConfig().getApplicationConfig().
getRequestedClaimMappings();
if (StringUtils.isNotBlank(spStandardDialect) && !StringUtils.equals(spStandardDialect, ApplicationConstants
.LOCAL_IDP_DEFAULT_CLAIM_DIALECT)) {
carbonToStandardClaimMapping = getCarbonToStandardDialectMapping(spStandardDialect, context,
spRequestedClaimMappings, context.getTenantDomain());
spRequestedClaimMappings = mapRequestClaimsInStandardDialect(spRequestedClaimMappings,
carbonToStandardClaimMapping);
}
ApplicationAuthenticator authenticator = stepConfig.
getAuthenticatedAutenticator().getApplicationAuthenticator();
String idPStandardDialect = authenticator.getClaimDialectURI();
boolean useDefaultIdpDialect = context.getExternalIdP().useDefaultLocalIdpDialect();
// set unfiltered remote claims as a property
context.setProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES, remoteClaims);
Map<String, String> localUnfilteredClaims = new HashMap<>();
Map<String, String> spUnfilteredClaims = new HashMap<>();
Map<String, String> spFilteredClaims = new HashMap<>();
// claim mapping from local IDP to remote IDP : local-claim-uri / idp-claim-uri
Map<String, String> localToIdPClaimMap = null;
Map<String, String> defaultValuesForClaims = new HashMap<>();
loadDefaultValuesForClaims(idPClaimMappings, defaultValuesForClaims);
if (idPStandardDialect != null || useDefaultIdpDialect) {
localToIdPClaimMap = getLocalToIdpClaimMappingWithStandardDialect(remoteClaims, idPClaimMappings, context,
idPStandardDialect);
} else if (idPClaimMappings.length > 0) {
localToIdPClaimMap = FrameworkUtils.getClaimMappings(idPClaimMappings, true);
} else {
log.warn("Authenticator : " + authenticator.getFriendlyName() + " does not have " +
"a standard dialect and IdP : " + context.getExternalIdP().getIdPName() +
" does not have custom claim mappings. Cannot proceed with claim mappings");
return spFilteredClaims;
}
// Loop remote claims and map to local claims
mapRemoteClaimsToLocalClaims(remoteClaims, localUnfilteredClaims, localToIdPClaimMap, defaultValuesForClaims);
// set all locally mapped unfiltered remote claims as a property
context.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, localUnfilteredClaims);
// claim mapping from local service provider to remote service provider.
Map<String, String> localToSPClaimMappings = mapLocalSpClaimsToRemoteSPClaims(spStandardDialect, context,
spClaimMappings);
// Loop through <code>localToSPClaimMappings</code> and filter
// <code>spUnfilteredClaims</code> and <code>spFilteredClaims</code>
filterSPClaims(spRequestedClaimMappings, localUnfilteredClaims, spUnfilteredClaims, spFilteredClaims,
localToSPClaimMappings);
// set all service provider mapped unfiltered remote claims as a property
context.setProperty(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES, spUnfilteredClaims);
if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(context.getRequestType())) {
spFilteredClaims = spUnfilteredClaims;
}
// set the subject claim URI as a property
if (spStandardDialect != null) {
setSubjectClaimForFederatedClaims(localUnfilteredClaims, spStandardDialect, context);
} else {
setSubjectClaimForFederatedClaims(spUnfilteredClaims, null, context);
}
return spFilteredClaims;
}
Example 18
| Source File: AbstractLocalApplicationAuthenticator.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
@Override
public AuthenticatorFlowStatus process(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context) throws AuthenticationFailedException,
LogoutFailedException {
// if an authentication flow
if (!context.isLogoutRequest()) {
if (!canHandle(request)
|| Boolean.TRUE.equals(request.getAttribute(FrameworkConstants.REQ_ATTR_HANDLED))) {
context.setRetrying(false);
return initiateAuthenticationFlow(request, response, context);
} else {
try {
fireEvent(context, IdentityEventConstants.Event.PRE_AUTHENTICATION, false);
processAuthenticationResponse(request, response, context);
if (this instanceof LocalApplicationAuthenticator && !context.getSequenceConfig()
.getApplicationConfig().isSaaSApp()) {
validateNonSaasAppLogin(context);
}
request.setAttribute(FrameworkConstants.REQ_ATTR_HANDLED, true);
context.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, null);
fireEvent(context, IdentityEventConstants.Event.POST_AUTHENTICATION, true);
return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
} catch (AuthenticationFailedException e) {
if (isAccountLocked(context)) {
try {
String redirectUrl = getRedirectUrlOnAccountLock(context, response);
response.sendRedirect(redirectUrl);
} catch (IOException e1) {
throw new AuthenticationFailedException(" Error while redirecting to the retry page ", e1);
}
return AuthenticatorFlowStatus.INCOMPLETE;
}
fireEvent(context, IdentityEventConstants.Event.POST_AUTHENTICATION, false);
request.setAttribute(FrameworkConstants.REQ_ATTR_HANDLED, true);
// Decide whether we need to redirect to the login page to retry authentication.
return handleRetryOnFailure(request, response, context, e);
}
}
// else a logout flow
} else {
return processLogoutFlow(request, response, context);
}
}
Example 19
| Source File: JITProvisioningPostAuthenticationHandler.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* To handle the request flow of the post authentication handler.
*
* @param response HttpServlet response.
* @param context Authentication context
* @return Status of this post authentication handler flow.
* @throws PostAuthenticationFailedException Exception that will be thrown in case of failure.
*/
@SuppressWarnings("unchecked")
private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context) throws PostAuthenticationFailedException {
SequenceConfig sequenceConfig = context.getSequenceConfig();
boolean isUserCreated = false;
for (Map.Entry<Integer, StepConfig> entry : sequenceConfig.getStepMap().entrySet()) {
StepConfig stepConfig = entry.getValue();
AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
if (authenticatorConfig == null) {
//May have skipped from the script
//ex: Different authentication sequences evaluated by the script
continue;
}
ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
if (authenticator instanceof FederatedApplicationAuthenticator) {
ExternalIdPConfig externalIdPConfig;
String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
context.setExternalIdP(externalIdPConfig);
Map<String, String> localClaimValues = (Map<String, String>) context
.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
if (localClaimValues == null || localClaimValues.size() == 0) {
Map<ClaimMapping, String> userAttributes = stepConfig.getAuthenticatedUser().getUserAttributes();
localClaimValues = FrameworkUtils.getClaimMappings
(userAttributes, false);
}
if (externalIdPConfig != null && externalIdPConfig.isProvisioningEnabled()) {
if (localClaimValues == null) {
localClaimValues = new HashMap<>();
}
String associatedLocalUser =
getLocalUserAssociatedForFederatedIdentifier(stepConfig.getAuthenticatedIdP(),
stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier(), context.getTenantDomain());
String username;
String userIdClaimUriInLocalDialect = getUserIdClaimUriInLocalDialect(externalIdPConfig);
if (isUserNameFoundFromUserIDClaimURI(localClaimValues, userIdClaimUriInLocalDialect)) {
username = localClaimValues.get(userIdClaimUriInLocalDialect);
} else {
username = associatedLocalUser;
}
// If associatedLocalUser is null, that means relevant association not exist already.
if (StringUtils.isEmpty(associatedLocalUser) && !isUserCreated) {
if (log.isDebugEnabled()) {
log.debug(sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
+ externalIdPConfig.getIdPName() + " do not have a local account, hence redirecting"
+ " to the UI to sign up.");
}
if (externalIdPConfig.isPromptConsentEnabled()) {
if (StringUtils.isEmpty(username)) {
// If there is no subject claim URI configured in the IDP, get the authenticated
// username.
username = getTenantDomainAppendedUserName(
sequenceConfig.getAuthenticatedUser().getUserName(), context.getTenantDomain());
}
redirectToAccountCreateUI(externalIdPConfig, context, localClaimValues, response,
username, request);
// Set the property to make sure the request is a returning one.
context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
}
if (StringUtils.isEmpty(username)) {
username = sequenceConfig.getAuthenticatedUser().getUserName();
isUserCreated = true;
}
if (log.isDebugEnabled()) {
log.debug("User : " + sequenceConfig.getAuthenticatedUser().getUserName() + " coming from "
+ externalIdPConfig.getIdPName() + " do have a local account, with the username "
+ username);
}
callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues,
stepConfig);
}
}
}
return SUCCESS_COMPLETED;
}
Example 20
| Source File: LoginContextManagementUtil.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* Mark post authentication handler execution completion on authentication context.
*
* @param authenticationContext Authentication context.
*/
public static void markPostAuthenticationCompleted(AuthenticationContext authenticationContext) {
authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED,
true);
}
