public static String getAuthenticatorIdPMappingString(List<AuthenticatorConfig> authConfigList) { StringBuilder authenticatorIdPStr = new StringBuilder(""); for (AuthenticatorConfig authConfig : authConfigList) { StringBuilder idpsOfAuthenticatorStr = new StringBuilder(""); for (String idpName : authConfig.getIdpNames()) { if (idpName != null) { if (idpsOfAuthenticatorStr.length() != 0) { idpsOfAuthenticatorStr.append(":"); } IdentityProvider idp = authConfig.getIdps().get(idpName); if (idp.isFederationHub()) { idpName += ".hub"; } idpsOfAuthenticatorStr.append(idpName); } } if (authenticatorIdPStr.length() != 0) { authenticatorIdPStr.append(";"); } authenticatorIdPStr.append(authConfig.getName()).append(":").append(idpsOfAuthenticatorStr); } return authenticatorIdPStr.toString(); }
/** @param identityProvider */ public ExternalIdPConfig(IdentityProvider identityProvider) { this.identityProvider = identityProvider; claimConfiguration = identityProvider.getClaimConfig(); roleConfiguration = identityProvider.getPermissionAndRoleConfig(); justInTimeProConfig = identityProvider.getJustInTimeProvisioningConfig(); RoleMapping[] mappings = roleConfiguration.getRoleMappings(); if (mappings != null && mappings.length > 0) { for (RoleMapping roleMapping : mappings) { this.roleMappings.put( roleMapping.getRemoteRole(), roleMapping.getLocalRole().getLocalRoleName()); } } }
/** * Add the default Resident Identity Provider entry when a new tenant is registered. * * @param tenantInfo Information about the newly created tenant */ public void onTenantCreate(TenantInfoBean tenantInfo) throws StratosException { try { String tenantDomain = tenantInfo.getTenantDomain(); IdentityProvider identityProvider = new IdentityProvider(); identityProvider.setIdentityProviderName( IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME); identityProvider.setHomeRealmId("localhost"); identityProvider.setPrimary(true); IdentityProviderManager.getInstance().addResidentIdP(identityProvider, tenantDomain); } catch (IdentityApplicationManagementException e) { String message = "Error when adding Resident Identity Provider entry for tenant " + tenantInfo.getTenantDomain(); log.error(message, e); throw new StratosException(message); } }
/* * Find the Subject identifier among federated claims */ public static String getFederatedSubjectFromClaims( IdentityProvider identityProvider, Map<ClaimMapping, String> claimMappings) { String userIdClaimURI = identityProvider.getClaimConfig().getUserClaimURI(); ClaimMapping claimMapping = new ClaimMapping(); Claim claim = new Claim(); claim.setClaimUri(userIdClaimURI); claimMapping.setRemoteClaim(claim); claimMapping.setLocalClaim(claim); return claimMappings.get(claimMapping); }
private void removeRandomPasswords(IdentityProvider identityProvider) { for (ProvisioningConnectorConfig provisioningConnectorConfig : identityProvider.getProvisioningConnectorConfigs()) { Property[] properties = provisioningConnectorConfig.getProvisioningProperties(); if (ArrayUtils.isEmpty(properties)) { continue; } properties = RandomPasswordProcessor.getInstance().removeRandomPasswords(properties); provisioningConnectorConfig.setProvisioningProperties(properties); } }
/** * Adds an Identity Provider to the logged-in tenant * * @param identityProvider <code>IdentityProvider</code> new Identity Provider information * @throws IdentityProviderManagementException Error when adding Identity Provider */ public void addIdP(IdentityProvider identityProvider) throws IdentityProviderManagementException { // The following check is applicable only for the IdPs added from UI/Service call and should not // be // applicable for IdPs added from file. hence the check is moved from listener to the service if (identityProvider != null && identityProvider.getIdentityProviderName() != null && identityProvider .getIdentityProviderName() .startsWith(IdPManagementConstants.SHARED_IDP_PREFIX)) { throw new IdentityProviderManagementException( "Identity provider name cannot have " + IdPManagementConstants.SHARED_IDP_PREFIX + " as prefix."); } String tenantDomain = ""; try { tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); IdentityProviderManager.getInstance().addIdP(identityProvider, tenantDomain); } catch (IdentityProviderManagementException idpException) { log.error( "Error while adding Identity provider in tenantDomain : " + tenantDomain, idpException); throw idpException; } }
/** * Validate the signature of a SAML2 Response and Assertion * * @param response SAML2 Response * @return true, if signature is valid. */ private void validateSignature(Response response, Assertion assertion) throws SAMLSSOException { if (SSOUtils.isAuthnResponseSigned(properties)) { if (identityProvider.getCertificate() == null || identityProvider.getCertificate().isEmpty()) { throw new SAMLSSOException( "SAMLResponse signing is enabled, but IdP doesn't have a certificate"); } if (response.getSignature() == null) { throw new SAMLSSOException( "SAMLResponse signing is enabled, but signature element " + "not found in SAML Response element."); } else { try { X509Credential credential = new X509CredentialImpl(tenantDomain, identityProvider.getCertificate()); SignatureValidator validator = new SignatureValidator(credential); validator.validate(response.getSignature()); } catch (ValidationException e) { throw new SAMLSSOException("Signature validation failed for SAML Response", e); } } } if (SSOUtils.isAssertionSigningEnabled(properties)) { if (identityProvider.getCertificate() == null || identityProvider.getCertificate().isEmpty()) { throw new SAMLSSOException( "SAMLAssertion signing is enabled, but IdP doesn't have a certificate"); } if (assertion.getSignature() == null) { throw new SAMLSSOException( "SAMLAssertion signing is enabled, but signature element " + "not found in SAML Assertion element."); } else { try { X509Credential credential = new X509CredentialImpl(tenantDomain, identityProvider.getCertificate()); SignatureValidator validator = new SignatureValidator(credential); validator.validate(assertion.getSignature()); } catch (ValidationException e) { throw new SAMLSSOException("Signature validation failed for SAML Assertion", e); } } } }
/** @return */ public String getDomain() { return identityProvider.getHomeRealmId(); }
/** @return */ public String getName() { return identityProvider.getIdentityProviderName(); }
/** @return */ public boolean isPrimary() { return identityProvider.isPrimary(); }
/** @return */ public String getPublicCert() { return identityProvider.getCertificate(); }
/** @return */ public String getUserIdClaimUri() { if (identityProvider.getClaimConfig() != null) { return identityProvider.getClaimConfig().getUserClaimURI(); } return null; }
/** @return */ public String getTokenEndpointAlias() { return identityProvider.getAlias(); }
public boolean isFederationHubIdP() { return identityProvider.isFederationHub(); }