From d9f9c0b319f0e441f10ac328a8cc1fca8a6bf500 Mon Sep 17 00:00:00 2001 From: thisarawelmilla Date: Mon, 12 Aug 2024 15:38:05 +0530 Subject: [PATCH] Improve auth framework with authenticator type. --- .../framework/ApplicationAuthenticator.java | 10 ++++++++++ .../JITProvisioningPostAuthenticationHandler.java | 10 +++++++--- .../request/impl/PostAuthAssociationHandler.java | 6 ++++-- .../impl/DefaultStepBasedSequenceHandler.java | 7 +++++-- .../handler/step/impl/DefaultStepHandler.java | 10 +++++++--- .../framework/util/FrameworkConstants.java | 13 +++++++++++++ .../framework/util/FrameworkUtils.java | 6 ++++-- ...ITProvisioningPostAuthenticationHandlerTest.java | 5 +++++ .../impl/PostAuthAssociationHandlerTest.java | 5 +++++ 9 files changed, 60 insertions(+), 12 deletions(-) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java index 6c974a31d83b..3fc84a72765f 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java @@ -23,6 +23,7 @@ import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException; import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData; +import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants; import org.wso2.carbon.identity.application.common.model.Property; import java.io.Serializable; @@ -171,4 +172,13 @@ default String getI18nKey() { return StringUtils.EMPTY; } + /** + * Get the authenticator type (LOCAL, FEDERATED or CUSTOM) + * + * @return Authenticator Type. + */ + default FrameworkConstants.AuthenticatorType getAuthenticatorType() { + + return FrameworkConstants.AuthenticatorType.UNDEFINED; + } } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java index 8a9939ea241d..d30eb2d42520 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java @@ -34,7 +34,6 @@ import org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput; import org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; -import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig; @@ -93,6 +92,7 @@ import static org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.ALLOW_LOGIN_TO_IDP; +import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.SEND_ONLY_LOCALLY_MAPPED_ROLES_OF_IDP; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.EMAIL_ADDRESS_CLAIM; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_ENCRYPTING_TOTP_SECRET_KEY; @@ -187,7 +187,9 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator(); ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { String externalIdPConfigName = stepConfig.getAuthenticatedIdP(); ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context); context.setExternalIdP(externalIdPConfig); @@ -295,7 +297,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, } ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) && + stepConfig.getAuthenticatedUser().isFederatedUser())) { String externalIdPConfigName = stepConfig.getAuthenticatedIdP(); ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context); context.setExternalIdP(externalIdPConfig); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java index ce831f298fd2..9ee2332eac16 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java @@ -24,7 +24,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; -import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig; @@ -53,6 +52,7 @@ import javax.servlet.http.HttpServletResponse; import static org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED; +import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.USER_TENANT_DOMAIN; /** @@ -114,7 +114,9 @@ public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServlet } ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) && + stepConfig.getAuthenticatedUser().isFederatedUser())) { if (stepConfig.isSubjectIdentifierStep()) { if (log.isDebugEnabled()) { log.debug(authenticator.getName() + " has been set up for subject identifier step."); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java index 3b5b4634cb38..981df0dedf59 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java @@ -25,7 +25,6 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler; -import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade; import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; @@ -60,8 +59,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CONFIG_ALLOW_SP_REQUESTED_FED_CLAIMS_ONLY; + /** * Default implementation of step based sequence handler. */ @@ -289,7 +290,9 @@ protected void handlePostAuthentication(HttpServletRequest request, stepCount++; - if (authenticator instanceof FederatedApplicationAuthenticator) { + if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) && + stepConfig.getAuthenticatedUser().isFederatedUser())) { ExternalIdPConfig externalIdPConfig = null; try { diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java index 3633d3c01097..fa392e49f88f 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java @@ -30,7 +30,6 @@ import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler; import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus; -import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade; import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder; @@ -87,6 +86,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.BASIC_AUTH_MECHANISM; import static org.wso2.carbon.identity.base.IdentityConstants.FEDERATED_IDP_SESSION_ID; @@ -713,7 +713,9 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse } String idpName = FrameworkConstants.LOCAL_IDP_NAME; - if (context.getExternalIdP() != null && authenticator instanceof FederatedApplicationAuthenticator) { + if (context.getExternalIdP() != null && + (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()))) { idpName = context.getExternalIdP().getIdPName(); } // Add Diagnostic Logs for the selected authenticator by the user. @@ -771,7 +773,9 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse context.getSubject().setAccessingOrganization(userResidentOrganization); } - if (authenticator instanceof FederatedApplicationAuthenticator) { + if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) + && context.getSubject().isFederatedUser())) { if (context.getSubject().getUserName() == null) { // Set subject identifier as the default username for federated users diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java index 63c5f26feb60..f94972bf2cf3 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java @@ -817,4 +817,17 @@ public enum AuthenticatorMessageType { INFO, ERROR } + + /** + * Default application related constants. + */ + public enum AuthenticatorType { + + LOCAL, + FEDERATED, + REQUEST_PATH, + FLOW_HANDLER, + CUSTOM, + UNDEFINED + } } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java index a26498b63943..b1b0a63bd1c1 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java @@ -41,7 +41,6 @@ import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler; import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus; -import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache; import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheEntry; import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheKey; @@ -201,6 +200,7 @@ import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.CONSOLE_APP_PATH; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.MY_ACCOUNT_APP; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.MY_ACCOUNT_APP_PATH; +import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CONTEXT_PROP_INVALID_EMAIL_USERNAME; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.AUTHENTICATION_CONTEXT_EXPIRY_VALIDATION; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.SKIP_LOCAL_USER_SEARCH_FOR_AUTHENTICATION_FLOW_HANDLERS; @@ -3395,7 +3395,9 @@ public static boolean isJITProvisioningEnabled(AuthenticationContext context) } ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) || + (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { ExternalIdPConfig externalIdPConfig; String externalIdPConfigName = stepConfig.getAuthenticatedIdP(); externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java index 7fe64ac03758..8f5e4def04da 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java @@ -195,6 +195,11 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider if (isFederated) { applicationAuthenticator = mock(FederatedApplicationAuthenticator.class); + lenient().when(applicationAuthenticator.getAuthenticatorType()) + .thenReturn(FrameworkConstants.AuthenticatorType.FEDERATED); + } else { + lenient().when(applicationAuthenticator.getAuthenticatorType()) + .thenReturn(FrameworkConstants.AuthenticatorType.LOCAL); } lenient().when(applicationAuthenticator.getName()).thenReturn("Authenticator1"); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java index 9c172b60891f..a99aee58e8a6 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java @@ -211,6 +211,11 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider if (isFederated) { applicationAuthenticator = mock(FederatedApplicationAuthenticator.class); + when(applicationAuthenticator.getAuthenticatorType()) + .thenReturn(FrameworkConstants.AuthenticatorType.FEDERATED); + } else { + when(applicationAuthenticator.getAuthenticatorType()) + .thenReturn(FrameworkConstants.AuthenticatorType.LOCAL); } when(applicationAuthenticator.getName()).thenReturn("Authenticator1");