private IdSearchControl getSearchControl(
IdSearchOpModifier modifier, Map<String, Set<String>> avMap) {
IdSearchControl control = new IdSearchControl();
control.setMaxResults(1);
control.setSearchModifiers(modifier, avMap);
return control;
}
/**
* Returns the <code>AMIdentity</code> object for the given parameters. If there is no such
* identity, or there is more then one matching identity, then an AuthException will be thrown.
*
* @param idType Identity Type.
* @param idName Identity Name.
* @param orgName organization name.
* @return <code>AMIdentity</code> object.
* @throws AuthException if there was no result, or if there was more results then one.
*/
public AMIdentity getIdentity(IdType idType, String idName, String orgName) throws AuthException {
if (debug.messageEnabled()) {
debug.message("IdType is :" + idType);
debug.message("IdName is :" + idName);
debug.message("orgName is :" + orgName);
}
AMIdentity amIdentity = null;
// Try getting the identity using IdUtils.getIdentity(...)
try {
if (debug.messageEnabled()) {
debug.message("AuthD.getIdentity() from IdUtils Name: " + idName + " Org: " + orgName);
}
amIdentity = IdUtils.getIdentity(getSSOAuthSession(), idName, orgName);
if ((amIdentity != null)
&& (amIdentity.isExists())
&& (amIdentity.getType().equals(idType))
&& (amIdentity.getAttributes() != null)) {
if (debug.messageEnabled()) {
debug.message(
"AuthD.getIdentity obtained identity" + "using IdUtil.getIdentity: " + amIdentity);
}
return (amIdentity);
}
} catch (IdRepoException e) {
// Ignore this exception and continue with search
if (debug.messageEnabled()) {
debug.message(
"AuthD.getIdentity: Got IdRepoException while "
+ "getting Identity from IdUtils: "
+ e.getMessage());
}
} catch (SSOException ssoe) {
// Ignore this exception and continue with search
if (debug.messageEnabled()) {
debug.message(
"AuthD.getIdentity: Got SSOException while "
+ "getting Identity from IdUtils: "
+ ssoe.getMessage());
}
}
// Obtain AMIdentity object by searching within IdRepo
try {
amIdentity = null;
idName = DNUtils.DNtoName(idName);
AMIdentityRepository amIdRepo = getAMIdentityRepository(orgName);
IdSearchControl idsc = new IdSearchControl();
idsc.setRecursive(true);
idsc.setTimeOut(0);
idsc.setMaxResults(0);
idsc.setAllReturnAttributes(false);
IdSearchResults searchResults = amIdRepo.searchIdentities(idType, idName, idsc);
Set results = Collections.EMPTY_SET;
if (searchResults != null) {
results = searchResults.getSearchResults();
}
if ((results != null) && (results.size() > 1)) {
// multiple user match found, throw exception,
// user need to login as super admin to fix it
debug.error("getIdentity: Multiple matches found for " + "user '" + idName);
throw new AuthException(AMAuthErrorCode.AUTH_ERROR, null);
}
Iterator users = results.iterator();
if (users.hasNext()) {
amIdentity = (AMIdentity) users.next();
}
} catch (SSOException sso) {
if (debug.messageEnabled()) {
debug.message("getIdentity error " + sso.getMessage());
}
} catch (IdRepoException ide) {
if (debug.messageEnabled()) {
debug.message("IdRepoException error " + ide.getMessage());
}
}
if (amIdentity == null) {
throw new AuthException(AMAuthErrorCode.AUTH_PROFILE_ERROR, null);
}
return amIdentity;
}