@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Trying SAML2 auth for user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); if (userAccount == null || userAccount.getSource() != User.Source.SAML2) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId + ", or user source is not SAML2"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } else { User user = _userDao.getUser(userAccount.getId()); if (user != null && user.getSource() == User.Source.SAML2 && user.getExternalEntity() != null) { return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); } } // Deny all by default return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); }
@Override public void execute() { List<UserVO> users = new ArrayList<UserVO>(); if (getUserId() != null) { UserVO user = _userDao.getUser(getUserId()); if (user != null) { Account account = _accountService.getAccount(user.getAccountId()); _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.ListEntry, true, account); users.add(user); } } else if (CallContext.current().getCallingAccount().getType() == Account.ACCOUNT_TYPE_ADMIN) { users = _userDao.listAll(); } ListResponse<SamlAuthorizationResponse> response = new ListResponse<SamlAuthorizationResponse>(); List<SamlAuthorizationResponse> authorizationResponses = new ArrayList<SamlAuthorizationResponse>(); for (User user: users) { SamlAuthorizationResponse authorizationResponse = new SamlAuthorizationResponse(user.getUuid(), user.getSource().equals(User.Source.SAML2), user.getExternalEntity()); authorizationResponse.setObjectName("samlauthorization"); authorizationResponses.add(authorizationResponse); } response.setResponses(authorizationResponses); response.setResponseName(getCommandName()); setResponseObject(response); } }
accountResponse.setDomainPath(domain.getPath()); accountResponse.setAccountName(userAccount.getAccountName()); accountResponse.setIdpId(user.getExternalEntity()); accountResponses.add(accountResponse);