public void sendToLoginPage(HttpServletRequest request, HttpServletResponse response, String ctx) throws AuthenticationFailedException { String iwaURL = null; try { iwaURL = IdentityUtil.getServerURL(IWAConstants.IWA_AUTH_EP, false, true) + "?" + IWAConstants.IWA_PARAM_STATE + "=" + URLEncoder.encode(ctx, IWAConstants.UTF_8); response.sendRedirect(response.encodeRedirectURL(iwaURL)); } catch (IOException e) { log.error("Error when sending to the login page :" + iwaURL, e); throw new AuthenticationFailedException("Authentication failed"); } }
public void sendToLoginPage(HttpServletRequest request, HttpServletResponse response, String ctx) throws AuthenticationFailedException { String iwaURL = null; try { iwaURL = IdentityUtil.getServerURL(IWAConstants.IWA_AUTH_EP, false, true) + "?" + IWAConstants.IWA_PARAM_STATE + "=" + URLEncoder.encode(ctx, IWAConstants.UTF_8); response.sendRedirect(response.encodeRedirectURL(iwaURL)); } catch (IOException e) { log.error("Error when sending to the login page :" + iwaURL, e); throw new AuthenticationFailedException("Authentication failed"); } }
protected OAuthClientResponse getOauthResponse(OAuthClient oAuthClient, OAuthClientRequest accessRequest) throws AuthenticationFailedException { OAuthClientResponse oAuthResponse; try { oAuthResponse = oAuthClient.accessToken(accessRequest); } catch (OAuthSystemException | OAuthProblemException e) { if (log.isDebugEnabled()) { log.debug("Exception while requesting access token", e); } throw new AuthenticationFailedException(e.getMessage(), e); } return oAuthResponse; }
private OAuthClientResponse getOauthResponse(OAuthClient oAuthClient, OAuthClientRequest accessRequest) throws AuthenticationFailedException { OAuthClientResponse oAuthResponse = null; try { oAuthResponse = oAuthClient.accessToken(accessRequest); } catch (OAuthSystemException e) { if (log.isDebugEnabled()) { log.debug("Exception while requesting access token", e); } throw new AuthenticationFailedException(e.getMessage(), e); } catch (OAuthProblemException e) { if (log.isDebugEnabled()) { log.debug("Exception while requesting access token", e); } } return oAuthResponse; }
private String getAuthenticatedUserId(AuthenticationContext context, OAuthClientResponse oAuthResponse, Map<String, Object> idTokenClaims) throws AuthenticationFailedException { String authenticatedUserId; if (isUserIdFoundAmongClaims(context)) { authenticatedUserId = getSubjectFromUserIDClaimURI(context, idTokenClaims); if (StringUtils.isNotBlank(authenticatedUserId)) { if (log.isDebugEnabled()) { log.debug("Authenticated user id: " + authenticatedUserId + " was found among id_token claims."); } } else { if (log.isDebugEnabled()) { log.debug("Subject claim could not be found amongst id_token claims. Defaulting to the 'sub' " + "attribute in id_token as authenticated user id."); } // Default to userId sent as the 'sub' claim. authenticatedUserId = getAuthenticateUser(context, idTokenClaims, oAuthResponse); } } else { authenticatedUserId = getAuthenticateUser(context, idTokenClaims, oAuthResponse); if (log.isDebugEnabled()) { log.debug("Authenticated user id: " + authenticatedUserId + " retrieved from the 'sub' claim."); } } if (authenticatedUserId == null) { throw new AuthenticationFailedException( "Cannot find the userId from the id_token sent by the federated IDP."); } return authenticatedUserId; }
private static boolean isUserExists(String userName, AuthenticationContext authenticationContext) throws UserStoreException, AuthenticationFailedException { boolean isUserExist = X509CertificateUtil.getUserRealm(userName).getUserStoreManager().isExistingUser (userName); if (isUserExist) { if (log.isDebugEnabled()) { log.debug("User exists with the user name: " + userName); } return true; } else { authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.USER_NOT_FOUND); throw new AuthenticationFailedException(" Unable to find X509 Certificate's user in user store. "); } }
/** * Get the user realm of the logged in user. * * @param username the username * @return the userRealm for given username * @throws AuthenticationFailedException */ public static UserRealm getUserRealm(String username) throws AuthenticationFailedException { UserRealm userRealm = null; if (log.isDebugEnabled()) { log.debug("Getting userRealm for user: " + username); } try { if (StringUtils.isNotEmpty(username)) { String tenantDomain = MultitenantUtils.getTenantDomain(username); int tenantId = IdentityTenantUtil.getTenantId(tenantDomain); RealmService realmService = X509CertificateRealmServiceComponent.getRealmService(); userRealm = realmService.getTenantUserRealm(tenantId); } } catch (UserStoreException e) { throw new AuthenticationFailedException("Cannot find the user realm for the username: " + username, e); } return userRealm; }
private static void deleteCertificate(String username) throws AuthenticationFailedException { String[] claims = new String[1]; UserRealm userRealm = getUserRealm(username); try { if (userRealm != null) { claims[0] = getClaimUri(); String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username); userRealm.getUserStoreManager().deleteUserClaimValues(tenantAwareUsername, claims, X509CertificateConstants.DEFAULT); } else { if (log.isDebugEnabled()) { log.debug("UserRealm is null for username: " + username); } throw new AuthenticationFailedException("Cannot find the user realm for the given tenant domain : " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain()); } } catch (UserStoreException e) { throw new AuthenticationFailedException("Error while deleting certificate of user: " + username, e); } if (log.isDebugEnabled()) { log.debug("X509 certificate is deleted for user: " + username); } }
authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_NOT_VALIDATED_ERROR_CODE); throw new AuthenticationFailedException("Error in validating the user certificate", e); authenticationContext.setProperty(X509CertificateConstants.X509_CERTIFICATE_ERROR_CODE, X509CertificateConstants.X509_CERTIFICATE_NOT_VALID_ERROR_CODE); throw new AuthenticationFailedException("X509Certificate is not valid");
/** * To check whether user domain and tenant domain equal for non SaaS application. * * @param context the authentication context * @throws AuthenticationFailedException the exception in the authentication flow */ protected void validateNonSaasAppLogin(AuthenticationContext context) throws AuthenticationFailedException { String userTenantDomain = context.getSubject().getTenantDomain(); String spTenantDomain = context.getTenantDomain(); if (!StringUtils.equals(userTenantDomain, spTenantDomain)) { context.setProperty(FrameworkConstants.USER_TENANT_DOMAIN_MISMATCH, true); throw new AuthenticationFailedException("Service Provider tenant domain must be " + "equal to user tenant domain for non-SaaS applications", context.getSubject()); } }
/** * To check whether user domain and tenant domain equal for non SaaS application. * * @param context the authentication context * @throws AuthenticationFailedException the exception in the authentication flow */ protected void validateNonSaasAppLogin(AuthenticationContext context) throws AuthenticationFailedException { String userTenantDomain = context.getSubject().getTenantDomain(); String spTenantDomain = context.getTenantDomain(); if (!StringUtils.equals(userTenantDomain, spTenantDomain)) { context.setProperty(FrameworkConstants.USER_TENANT_DOMAIN_MISMATCH, true); throw new AuthenticationFailedException("Service Provider tenant domain must be " + "equal to user tenant domain for non-SaaS applications", context.getSubject()); } }
} catch (IOException e) { log.error("Exception while sending to the login page.", e); throw new AuthenticationFailedException(e.getMessage(), e); } catch (OAuthSystemException e) { log.error("Exception while building authorization code request.", e); throw new AuthenticationFailedException(e.getMessage(), e);
} catch (IOException e) { log.error("Exception while sending to the login page.", e); throw new AuthenticationFailedException(e.getMessage(), e); } catch (OAuthSystemException e) { log.error("Exception while building authorization code request.", e); throw new AuthenticationFailedException(e.getMessage(), e);
} catch (IOException e) { log.error("Exception while sending to the login page.", e); throw new AuthenticationFailedException(e.getMessage(), e); } catch (OAuthSystemException e) { log.error("Exception while building authorization code request.", e); throw new AuthenticationFailedException(e.getMessage(), e);
throw new AuthenticationFailedException(" Error in accessing user store ", e); } catch (IdentityEventException e) { throw new AuthenticationFailedException(" Error while firing the events ", e);
private OAuthClientRequest getAccessRequest(String tokenEndPoint, String clientId, String code, String clientSecret, String callbackurl) throws AuthenticationFailedException { OAuthClientRequest accessRequest = null; try { accessRequest = OAuthClientRequest.tokenLocation(tokenEndPoint) .setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(clientId) .setClientSecret(clientSecret).setRedirectURI(callbackurl).setCode(code) .buildBodyMessage(); } catch (OAuthSystemException e) { if (log.isDebugEnabled()) { log.debug("Exception while building request for request access token", e); } throw new AuthenticationFailedException(e.getMessage(), e); } return accessRequest; }
throw new AuthenticationFailedException(" Error in accessing user store ", e); } catch (IdentityEventException e) { throw new AuthenticationFailedException(" Error while firing the events ", e);
@Override protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException { OpenIDManager manager = getNewOpenIDManagerInstance(); try { manager.processOpenIDLoginResponse(request, response, context); AuthenticatedUser authenticatedSubject = context.getSubject(); String subject = null; String isSubjectInClaimsProp = context.getAuthenticatorProperties().get( IdentityApplicationConstants.Authenticator.SAML2SSO.IS_USER_ID_IN_CLAIMS); if ("true".equalsIgnoreCase(isSubjectInClaimsProp)) { subject = getSubjectFromUserIDClaimURI(context); } if (subject == null) { subject = authenticatedSubject.getAuthenticatedSubjectIdentifier(); } if (subject == null) { throw new OpenIDException("Cannot find federated User Identifier"); } authenticatedSubject.setAuthenticatedSubjectIdentifier(subject); } catch (OpenIDException e) { log.error("Error when processing response from OpenID Provider", e); throw new AuthenticationFailedException(e.getMessage(), context.getSubject(), e); } }
@Override protected void processAuthenticationResponse(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context) throws AuthenticationFailedException { OpenIDManager manager = getNewOpenIDManagerInstance(); try { manager.processOpenIDLoginResponse(request, response, context); AuthenticatedUser authenticatedSubject = context.getSubject(); String subject = null; String isSubjectInClaimsProp = context.getAuthenticatorProperties().get( IdentityApplicationConstants.Authenticator.SAML2SSO.IS_USER_ID_IN_CLAIMS); if ("true".equalsIgnoreCase(isSubjectInClaimsProp)) { subject = getSubjectFromUserIDClaimURI(context); } if (subject == null) { subject = authenticatedSubject.getAuthenticatedSubjectIdentifier(); } if (subject == null) { throw new OpenIDException("Cannot find federated User Identifier"); } authenticatedSubject.setAuthenticatedSubjectIdentifier(subject); } catch (OpenIDException e) { log.error("Error when processing response from OpenID Provider", e); throw new AuthenticationFailedException(e.getMessage(), context.getSubject(), e); } }
private String getMultiAttributeSeparator(AuthenticationContext context, String authenticatedUserId) throws AuthenticationFailedException { String attributeSeparator = null; try { String tenantDomain = context.getTenantDomain(); if (StringUtils.isBlank(tenantDomain)) { tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME; } int tenantId = OpenIDConnectAuthenticatorDataHolder.getInstance().getRealmService().getTenantManager() .getTenantId(tenantDomain); UserRealm userRealm = OpenIDConnectAuthenticatorDataHolder.getInstance().getRealmService() .getTenantUserRealm(tenantId); if (userRealm != null) { UserStoreManager userStore = (UserStoreManager) userRealm.getUserStoreManager(); attributeSeparator = userStore.getRealmConfiguration() .getUserStoreProperty(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR); if (log.isDebugEnabled()) { log.debug("For the claim mapping: " + attributeSeparator + " is used as the attributeSeparator in tenant: " + tenantDomain); } } } catch (UserStoreException e) { throw new AuthenticationFailedException("Error while retrieving multi attribute separator", AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(authenticatedUserId), e); } return attributeSeparator; }