Improve auth framework with authenticator type.

Thisara-Welmilla · Aug 18, 2024 · c54c2a7 · c54c2a7
1 parent 64f041d
commit c54c2a7
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 13 deletions.
diff --git a/...g/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java b/...g/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java
@@ -23,6 +23,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.application.common.model.Property;
 
 import java.io.Serializable;
@@ -171,4 +172,13 @@ default String getI18nKey() {
         return StringUtils.EMPTY;
     }
 
+    /**
+     * Get the authenticator type (LOCAL, FEDERATED or CUSTOM)
+     *
+     * @return Authenticator Type.
+     */
+    default FrameworkConstants.AuthenticatorType getAuthenticatorType() {
+
+        return FrameworkConstants.AuthenticatorType.UNDEFINED;
+    }
 }
diff --git a/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java
@@ -93,6 +93,7 @@
 
 import static org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.ALLOW_LOGIN_TO_IDP;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType.CUSTOM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.SEND_ONLY_LOCALLY_MAPPED_ROLES_OF_IDP;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.EMAIL_ADDRESS_CLAIM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_ENCRYPTING_TOTP_SECRET_KEY;
@@ -187,7 +188,9 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request
             AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            FrameworkConstants.AuthenticatorType authenticatorType =  authenticator.getAuthenticatorType();
+            if ((authenticator instanceof FederatedApplicationAuthenticator && !CUSTOM.equals(authenticatorType)) ||
+                    (CUSTOM.equals(authenticatorType) && stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
                 ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
                 context.setExternalIdP(externalIdPConfig);
@@ -295,7 +298,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request,
             }
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            FrameworkConstants.AuthenticatorType authenticatorType =  authenticator.getAuthenticatorType();
+            if ((authenticator instanceof FederatedApplicationAuthenticator && !CUSTOM.equals(authenticatorType))||
+                    (CUSTOM.equals(authenticatorType) && stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
                 ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
                 context.setExternalIdP(externalIdPConfig);

diff --git a/...application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java b/...application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java
@@ -53,6 +53,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import static org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType.CUSTOM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.USER_TENANT_DOMAIN;
 
 /**
@@ -114,7 +115,9 @@ public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServlet
             }
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            FrameworkConstants.AuthenticatorType authenticatorType =  authenticator.getAuthenticatorType();
+            if ((authenticator instanceof FederatedApplicationAuthenticator && !CUSTOM.equals(authenticatorType)) ||
+                    (CUSTOM.equals(authenticatorType) && stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 if (stepConfig.isSubjectIdentifierStep()) {
                     if (log.isDebugEnabled()) {
                         log.debug(authenticator.getName() + " has been set up for subject identifier step.");

diff --git a/...ation/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java b/...ation/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java
@@ -60,8 +60,10 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType.CUSTOM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CONFIG_ALLOW_SP_REQUESTED_FED_CLAIMS_ONLY;
 
+
 /**
  * Default implementation of step based sequence handler.
  */
@@ -289,7 +291,9 @@ protected void handlePostAuthentication(HttpServletRequest request,
 
             stepCount++;
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            FrameworkConstants.AuthenticatorType authenticatorType =  authenticator.getAuthenticatorType();
+            if ((authenticator instanceof FederatedApplicationAuthenticator && !CUSTOM.equals(authenticatorType)) ||
+                    (CUSTOM.equals(authenticatorType) && stepConfig.getAuthenticatedUser().isFederatedUser())) {
 
                 ExternalIdPConfig externalIdPConfig = null;
                 try {

diff --git a/...n/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java b/...n/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java
@@ -27,11 +27,7 @@
 import org.apache.http.client.utils.URIBuilder;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
-import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
-import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
-import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
+import org.wso2.carbon.identity.application.authentication.framework.*;
 import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
 import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
@@ -87,6 +83,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType.CUSTOM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.BASIC_AUTH_MECHANISM;
 import static org.wso2.carbon.identity.base.IdentityConstants.FEDERATED_IDP_SESSION_ID;
 
@@ -713,7 +710,8 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse
         }
 
         String idpName = FrameworkConstants.LOCAL_IDP_NAME;
-        if (context.getExternalIdP() != null && authenticator instanceof FederatedApplicationAuthenticator) {
+        if (context.getExternalIdP() != null && (authenticator instanceof FederatedApplicationAuthenticator
+                || CUSTOM.equals(authenticator.getAuthenticatorType()))) {
             idpName = context.getExternalIdP().getIdPName();
         }
         // Add Diagnostic Logs for the selected authenticator by the user.
@@ -771,7 +769,9 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse
                 context.getSubject().setAccessingOrganization(userResidentOrganization);
             }
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            FrameworkConstants.AuthenticatorType authenticatorType =  authenticator.getAuthenticatorType();
+            if ((authenticator instanceof FederatedApplicationAuthenticator && !CUSTOM.equals(authenticatorType)) ||
+                    (CUSTOM.equals(authenticatorType) && context.getSubject().isFederatedUser())) {
 
                 if (context.getSubject().getUserName() == null) {
                     // Set subject identifier as the default username for federated users

diff --git a/...rg/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java b/...rg/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java
@@ -817,4 +817,17 @@ public enum AuthenticatorMessageType {
         INFO,
         ERROR
     }
+
+    /**
+     * Default application related constants.
+     */
+    public enum AuthenticatorType {
+
+        LOCAL,
+        FEDERATED,
+        REQUEST_PATH,
+        FLOW_HANDLER,
+        CUSTOM,
+        UNDEFINED
+    }
 }
diff --git a/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java
@@ -41,7 +41,6 @@
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache;
 import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheEntry;
 import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheKey;
@@ -76,6 +75,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException;
+import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.handler.approles.ApplicationRolesResolver;
 import org.wso2.carbon.identity.application.authentication.framework.handler.approles.exception.ApplicationRolesException;
 import org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimHandler;
@@ -201,6 +201,7 @@
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.CONSOLE_APP_PATH;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.MY_ACCOUNT_APP;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.MY_ACCOUNT_APP_PATH;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType.CUSTOM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CONTEXT_PROP_INVALID_EMAIL_USERNAME;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.AUTHENTICATION_CONTEXT_EXPIRY_VALIDATION;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.SKIP_LOCAL_USER_SEARCH_FOR_AUTHENTICATION_FLOW_HANDLERS;
@@ -3395,7 +3396,9 @@ public static boolean isJITProvisioningEnabled(AuthenticationContext context)
             }
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            FrameworkConstants.AuthenticatorType authenticatorType =  authenticator.getAuthenticatorType();
+            if ((authenticator instanceof FederatedApplicationAuthenticator && !CUSTOM.equals(authenticatorType)) ||
+                    (CUSTOM.equals(authenticatorType) && stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 ExternalIdPConfig externalIdPConfig;
                 String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
                 externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);

diff --git a/...tication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java b/...tication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java
@@ -195,6 +195,11 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider
 
         if (isFederated) {
             applicationAuthenticator = mock(FederatedApplicationAuthenticator.class);
+            lenient().when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.FEDERATED);
+        } else {
+            lenient().when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.LOCAL);
         }
         lenient().when(applicationAuthenticator.getName()).thenReturn("Authenticator1");
 

diff --git a/...ication/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java b/...ication/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java
@@ -211,6 +211,11 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider
 
         if (isFederated) {
             applicationAuthenticator = mock(FederatedApplicationAuthenticator.class);
+            when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.FEDERATED);
+        } else {
+            when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.LOCAL);
         }
         when(applicationAuthenticator.getName()).thenReturn("Authenticator1");