/** * To handle exceptions. * * @param errorMessage Error Message * @param errorCode Error Code. * @param e Exception that is thrown during a failure. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void handleExceptions(String errorMessage, String errorCode, Exception e) throws PostAuthenticationFailedException { throw new PostAuthenticationFailedException(errorCode, errorMessage, e); }
/** * To handle exceptions. * * @param errorMessage Error Message * @param errorCode Error Code. * @param e Exception that is thrown during a failure. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void handleExceptions(String errorMessage, String errorCode, Exception e) throws PostAuthenticationFailedException { throw new PostAuthenticationFailedException(errorCode, errorMessage, e); }
private void redirectToConsentPage(HttpServletResponse response, AuthenticationContext context, String requestedLocalClaims, String mandatoryLocalClaims) throws PostAuthenticationFailedException { URIBuilder uriBuilder; try { uriBuilder = getUriBuilder(context, requestedLocalClaims, mandatoryLocalClaims); response.sendRedirect(uriBuilder.build().toString()); } catch (IOException e) { throw new PostAuthenticationFailedException("Authentication failed. Error while processing consent " + "requirements.", "Error while redirecting to consent page.", e); } catch (URISyntaxException e) { throw new PostAuthenticationFailedException("Authentication failed. Error while processing consent " + "requirements.", "Error while building redirect URI.", e); } }
private void redirectToConsentPage(HttpServletResponse response, AuthenticationContext context, String requestedLocalClaims, String mandatoryLocalClaims) throws PostAuthenticationFailedException { URIBuilder uriBuilder; try { uriBuilder = getUriBuilder(context, requestedLocalClaims, mandatoryLocalClaims); response.sendRedirect(uriBuilder.build().toString()); } catch (IOException e) { throw new PostAuthenticationFailedException("Authentication failed. Error while processing consent " + "requirements.", "Error while redirecting to consent page.", e); } catch (URISyntaxException e) { throw new PostAuthenticationFailedException("Authentication failed. Error while processing consent " + "requirements.", "Error while building redirect URI.", e); } }
private UserRealm getUserRealm(String tenantDomain) throws PostAuthenticationFailedException { UserRealm realm; try { realm = AnonymousSessionUtil.getRealmByTenantDomain( FrameworkServiceComponent.getRegistryService(), FrameworkServiceComponent.getRealmService(), tenantDomain); } catch (CarbonException e) { throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error occurred while retrieving the Realm for " + tenantDomain + " to handle local claims", e); } return realm; }
private UserRealm getUserRealm(String tenantDomain) throws PostAuthenticationFailedException { UserRealm realm; try { realm = AnonymousSessionUtil.getRealmByTenantDomain( FrameworkServiceComponent.getRegistryService(), FrameworkServiceComponent.getRealmService(), tenantDomain); } catch (CarbonException e) { throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error occurred while retrieving the Realm for " + tenantDomain + " to handle local claims", e); } return realm; }
private void validatePASTRCookie(AuthenticationContext context, HttpServletRequest request) throws PostAuthenticationFailedException { Object pstrCookieObj = context.getParameter(FrameworkConstants.PASTR_COOKIE); if (pstrCookieObj != null) { String storedPastrCookieValue = (String) pstrCookieObj; Cookie pastrCookie = FrameworkUtils .getCookie(request, FrameworkUtils.getPASTRCookieName(context.getContextIdentifier())); if (pastrCookie != null && StringUtils.equals(storedPastrCookieValue, pastrCookie.getValue())) { if (log.isDebugEnabled()) { log.debug("pastr cookie validated successfully for sequence : " + context.getContextIdentifier()); } return; } else { throw new PostAuthenticationFailedException( "Invalid Request: Your authentication flow is ended or " + "invalid. Please initiate again.", "Post authentication sequence tracking" + " cookie not found in request with context id : " + context.getContextIdentifier()); } } else { if (log.isDebugEnabled()) { log.debug( "No stored pastr cookie found in authentication context for : " + context.getContextIdentifier() + " . Hence returning without validating"); } } }
private void validatePASTRCookie(AuthenticationContext context, HttpServletRequest request) throws PostAuthenticationFailedException { Object pstrCookieObj = context.getParameter(FrameworkConstants.PASTR_COOKIE); if (pstrCookieObj != null) { String storedPastrCookieValue = (String) pstrCookieObj; Cookie pastrCookie = FrameworkUtils .getCookie(request, FrameworkUtils.getPASTRCookieName(context.getContextIdentifier())); if (pastrCookie != null && StringUtils.equals(storedPastrCookieValue, pastrCookie.getValue())) { if (log.isDebugEnabled()) { log.debug("pastr cookie validated successfully for sequence : " + context.getContextIdentifier()); } return; } else { throw new PostAuthenticationFailedException( "Invalid Request: Your authentication flow is ended or " + "invalid. Please initiate again.", "Post authentication sequence tracking" + " cookie not found in request with context id : " + context.getContextIdentifier()); } } else { if (log.isDebugEnabled()) { log.debug( "No stored pastr cookie found in authentication context for : " + context.getContextIdentifier() + " . Hence returning without validating"); } } }
private List<String> getSPMandatoryLocalClaims(AuthenticationContext context) throws PostAuthenticationFailedException { List<String> spMandatoryLocalClaims = new ArrayList<>(); ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig(); if (applicationConfig == null) { ServiceProvider serviceProvider = getServiceProvider(context); String error = "Application configs are null in AuthenticationContext for SP: " + serviceProvider .getApplicationName() + " in tenant domain: " + getSPTenantDomain(serviceProvider); throw new PostAuthenticationFailedException("Authentication failed. Error while processing application " + "claim configurations.", error); } Map<String, String> claimMappings = applicationConfig.getMandatoryClaimMappings(); if (isNotEmpty(claimMappings) && isNotEmpty(claimMappings.values())) { spMandatoryLocalClaims = new ArrayList<>(claimMappings.values()); } String subjectClaimUri = getSubjectClaimUri(applicationConfig); if (!spMandatoryLocalClaims.contains(subjectClaimUri)) { spMandatoryLocalClaims.add(subjectClaimUri); } if (isDebugEnabled()) { String message = String.format("Mandatory claims for SP: %s - " + spMandatoryLocalClaims, applicationConfig.getApplicationName()); logDebug(message); } return spMandatoryLocalClaims; }
private List<String> getSPMandatoryLocalClaims(AuthenticationContext context) throws PostAuthenticationFailedException { List<String> spMandatoryLocalClaims = new ArrayList<>(); ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig(); if (applicationConfig == null) { ServiceProvider serviceProvider = getServiceProvider(context); String error = "Application configs are null in AuthenticationContext for SP: " + serviceProvider .getApplicationName() + " in tenant domain: " + getSPTenantDomain(serviceProvider); throw new PostAuthenticationFailedException("Authentication failed. Error while processing application " + "claim configurations.", error); } Map<String, String> claimMappings = applicationConfig.getMandatoryClaimMappings(); if (isNotEmpty(claimMappings) && isNotEmpty(claimMappings.values())) { spMandatoryLocalClaims = new ArrayList<>(claimMappings.values()); } String subjectClaimUri = getSubjectClaimUri(applicationConfig); if (!spMandatoryLocalClaims.contains(subjectClaimUri)) { spMandatoryLocalClaims.add(subjectClaimUri); } if (isDebugEnabled()) { String message = String.format("Mandatory claims for SP: %s - " + spMandatoryLocalClaims, applicationConfig.getApplicationName()); logDebug(message); } return spMandatoryLocalClaims; }
private ConsentClaimsData getConsentClaimsData(AuthenticationContext context, AuthenticatedUser authenticatedUser, ServiceProvider serviceProvider) throws PostAuthenticationFailedException { ConsentClaimsData consentClaimsData = (ConsentClaimsData) context.getParameter(CONSENT_CLAIM_META_DATA); if (consentClaimsData == null) { if (isDebugEnabled()) { logDebug("Cannot find " + CONSENT_CLAIM_META_DATA + " entry in AuthenticationContext. Retrieving from" + " SSOConsentService."); } try { consentClaimsData = getSSOConsentService().getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser); } catch (SSOConsentDisabledException e) { String error = "Authentication Failure: Consent management is disabled for SSO."; String errorDesc = "Illegal operation. Consent management is disabled, but post authentication for " + "sso consent management is invoked."; throw new PostAuthenticationFailedException(error, errorDesc, e); } catch (SSOConsentServiceException e) { String error = String.format("Error occurred while retrieving consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider)); throw new PostAuthenticationFailedException("Authentication failed. Error occurred while processing " + "user consent.", error, e); } } return consentClaimsData; }
private List<String> getSPRequestedLocalClaims(AuthenticationContext context) throws PostAuthenticationFailedException { List<String> spRequestedLocalClaims = new ArrayList<>(); ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig(); if (applicationConfig == null) { ServiceProvider serviceProvider = getServiceProvider(context); String error = "Application configs are null in AuthenticationContext for SP: " + serviceProvider .getApplicationName() + " in tenant domain: " + getSPTenantDomain(serviceProvider); throw new PostAuthenticationFailedException("Authentication failed. Error while processing application " + "claim configurations.", error); } Map<String, String> claimMappings = applicationConfig.getRequestedClaimMappings(); if (isNotEmpty(claimMappings) && isNotEmpty(claimMappings.values())) { spRequestedLocalClaims = new ArrayList<>(claimMappings.values()); } String subjectClaimUri = getSubjectClaimUri(applicationConfig); spRequestedLocalClaims.remove(subjectClaimUri); if (isDebugEnabled()) { String message = String.format("Requested claims for SP: %s - " + spRequestedLocalClaims, applicationConfig.getApplicationName()); logDebug(message); } return spRequestedLocalClaims; }
private List<String> getSPRequestedLocalClaims(AuthenticationContext context) throws PostAuthenticationFailedException { List<String> spRequestedLocalClaims = new ArrayList<>(); ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig(); if (applicationConfig == null) { ServiceProvider serviceProvider = getServiceProvider(context); String error = "Application configs are null in AuthenticationContext for SP: " + serviceProvider .getApplicationName() + " in tenant domain: " + getSPTenantDomain(serviceProvider); throw new PostAuthenticationFailedException("Authentication failed. Error while processing application " + "claim configurations.", error); } Map<String, String> claimMappings = applicationConfig.getRequestedClaimMappings(); if (isNotEmpty(claimMappings) && isNotEmpty(claimMappings.values())) { spRequestedLocalClaims = new ArrayList<>(claimMappings.values()); } String subjectClaimUri = getSubjectClaimUri(applicationConfig); spRequestedLocalClaims.remove(subjectClaimUri); if (isDebugEnabled()) { String message = String.format("Requested claims for SP: %s - " + spRequestedLocalClaims, applicationConfig.getApplicationName()); logDebug(message); } return spRequestedLocalClaims; }
private ConsentClaimsData getConsentClaimsData(AuthenticationContext context, AuthenticatedUser authenticatedUser, ServiceProvider serviceProvider) throws PostAuthenticationFailedException { ConsentClaimsData consentClaimsData = (ConsentClaimsData) context.getParameter(CONSENT_CLAIM_META_DATA); if (consentClaimsData == null) { if (isDebugEnabled()) { logDebug("Cannot find " + CONSENT_CLAIM_META_DATA + " entry in AuthenticationContext. Retrieving from" + " SSOConsentService."); } try { consentClaimsData = getSSOConsentService().getConsentRequiredClaimsWithExistingConsents(serviceProvider, authenticatedUser); } catch (SSOConsentDisabledException e) { String error = "Authentication Failure: Consent management is disabled for SSO."; String errorDesc = "Illegal operation. Consent management is disabled, but post authentication for " + "sso consent management is invoked."; throw new PostAuthenticationFailedException(error, errorDesc, e); } catch (SSOConsentServiceException e) { String error = String.format("Error occurred while retrieving consent data of user: %s for service " + "provider: %s in tenant domain: %s.", authenticatedUser.getAuthenticatedSubjectIdentifier(), serviceProvider.getApplicationName(), getSPTenantDomain(serviceProvider)); throw new PostAuthenticationFailedException("Authentication failed. Error occurred while processing " + "user consent.", error, e); } } return consentClaimsData; }
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
/** * Persist the consents received from the user, while user creation. * * @param receiptInput Relevant receipt input representing consent data. * @param tenantDomain Relevant tenant domain. * @throws PostAuthenticationFailedException Post Authentication Failed Exception. */ private void addConsent(ReceiptInput receiptInput, String tenantDomain) throws PostAuthenticationFailedException { ConsentManager consentManager = FrameworkServiceDataHolder.getInstance().getConsentManager(); if (receiptInput.getServices().size() == 0) { throw new PostAuthenticationFailedException(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain)); } // There should be one receipt ReceiptServiceInput receiptServiceInput = receiptInput.getServices().get(0); receiptServiceInput.setTenantDomain(tenantDomain); try { setIDPData(tenantDomain, receiptServiceInput); receiptInput.setTenantDomain(tenantDomain); consentManager.addConsent(receiptInput); } catch (ConsentManagementException e) { handleExceptions(String.format(ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getMessage(), tenantDomain), ErrorMessages.ERROR_WHILE_ADDING_CONSENT.getCode(), e); } }
private UserConsent processUserConsent(HttpServletRequest request, AuthenticationContext context) throws PostAuthenticationFailedException { String consentClaimsPrefix = "consent_"; UserConsent userConsent = new UserConsent(); ConsentClaimsData consentClaimsData = (ConsentClaimsData) context.getParameter(CONSENT_CLAIM_META_DATA); Map<String, String[]> requestParams = request.getParameterMap(); List<ClaimMetaData> approvedClamMetaData = buildApprovedClaimList(consentClaimsPrefix, requestParams, consentClaimsData); List<ClaimMetaData> consentRequiredClaimMetaData = getConsentRequiredClaimMetaData(consentClaimsData); List<ClaimMetaData> disapprovedClaims = buildDisapprovedClaimList(consentRequiredClaimMetaData, approvedClamMetaData); if (isMandatoryClaimsDisapproved(consentClaimsData.getMandatoryClaims(), disapprovedClaims)) { throw new PostAuthenticationFailedException("Authentication failed. Consent denied for mandatory " + "attributes.", "User denied consent to share mandatory " + "attributes."); } userConsent.setApprovedClaims(approvedClamMetaData); userConsent.setDisapprovedClaims(disapprovedClaims); return userConsent; }
private UserConsent processUserConsent(HttpServletRequest request, AuthenticationContext context) throws PostAuthenticationFailedException { String consentClaimsPrefix = "consent_"; UserConsent userConsent = new UserConsent(); ConsentClaimsData consentClaimsData = (ConsentClaimsData) context.getParameter(CONSENT_CLAIM_META_DATA); Map<String, String[]> requestParams = request.getParameterMap(); List<ClaimMetaData> approvedClamMetaData = buildApprovedClaimList(consentClaimsPrefix, requestParams, consentClaimsData); List<ClaimMetaData> consentRequiredClaimMetaData = getConsentRequiredClaimMetaData(consentClaimsData); List<ClaimMetaData> disapprovedClaims = buildDisapprovedClaimList(consentRequiredClaimMetaData, approvedClamMetaData); if (isMandatoryClaimsDisapproved(consentClaimsData.getMandatoryClaims(), disapprovedClaims)) { throw new PostAuthenticationFailedException("Authentication failed. Consent denied for mandatory " + "attributes.", "User denied consent to share mandatory " + "attributes."); } userConsent.setApprovedClaims(approvedClamMetaData); userConsent.setDisapprovedClaims(disapprovedClaims); return userConsent; }
mappedAttrs = FrameworkUtils.getClaimHandler().handleClaimMappings(stepConfig, context, null, false); } catch (FrameworkException e) { throw new PostAuthenticationFailedException(FrameworkErrorConstants.ErrorMessages. ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getCode(), String.format(FrameworkErrorConstants.ErrorMessages. ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getMessage(),
mappedAttrs = FrameworkUtils.getClaimHandler().handleClaimMappings(stepConfig, context, null, false); } catch (FrameworkException e) { throw new PostAuthenticationFailedException(FrameworkErrorConstants.ErrorMessages. ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getCode(), String.format(FrameworkErrorConstants.ErrorMessages. ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getMessage(),