diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java index 6c974a31d83b..b78e85aa6f49 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java @@ -171,4 +171,17 @@ default String getI18nKey() { return StringUtils.EMPTY; } + default AuthenticatorType getAuthenticatorType() { + + return AuthenticatorType.SYSTEM; + } + + /** + * The Authentication Type - SYSTEM: system define authenticator, CUSTOM: user defined authentication extension. + */ + enum AuthenticatorType { + + SYSTEM, + CUSTOM + } } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java index 8a9939ea241d..e073603d863d 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java @@ -34,6 +34,7 @@ import org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput; import org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; +import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator.AuthenticatorType; import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; @@ -187,7 +188,11 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator(); ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + AuthenticatorType authenticatorType = authenticator.getAuthenticatorType(); + if ((AuthenticatorType.SYSTEM.equals(authenticatorType) && authenticator instanceof + FederatedApplicationAuthenticator) || (AuthenticatorType.CUSTOM.equals(authenticatorType) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { + String externalIdPConfigName = stepConfig.getAuthenticatedIdP(); ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context); context.setExternalIdP(externalIdPConfig); @@ -295,7 +300,11 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, } ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + AuthenticatorType authenticatorType = authenticator.getAuthenticatorType(); + if ((AuthenticatorType.SYSTEM.equals(authenticatorType) && authenticator instanceof + FederatedApplicationAuthenticator) || (AuthenticatorType.CUSTOM.equals(authenticatorType) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { + String externalIdPConfigName = stepConfig.getAuthenticatedIdP(); ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context); context.setExternalIdP(externalIdPConfig); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java index ce831f298fd2..ff759fcb2392 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java @@ -24,6 +24,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; +import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator.AuthenticatorType; import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig; @@ -114,7 +115,11 @@ public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServlet } ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + AuthenticatorType authenticatorType = authenticator.getAuthenticatorType(); + if ((AuthenticatorType.SYSTEM.equals(authenticatorType) && authenticator instanceof + FederatedApplicationAuthenticator) || (AuthenticatorType.CUSTOM.equals(authenticatorType) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { + if (stepConfig.isSubjectIdentifierStep()) { if (log.isDebugEnabled()) { log.debug(authenticator.getName() + " has been set up for subject identifier step."); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java index 3b5b4634cb38..5dc981a0c69a 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java @@ -24,6 +24,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; +import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator.AuthenticatorType; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler; import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade; @@ -289,7 +290,10 @@ protected void handlePostAuthentication(HttpServletRequest request, stepCount++; - if (authenticator instanceof FederatedApplicationAuthenticator) { + AuthenticatorType authenticatorType = authenticator.getAuthenticatorType(); + if ((AuthenticatorType.SYSTEM.equals(authenticatorType) && authenticator instanceof + FederatedApplicationAuthenticator) || (AuthenticatorType.CUSTOM.equals(authenticatorType) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { ExternalIdPConfig externalIdPConfig = null; try { diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java index 3633d3c01097..d8ed4e2f4ede 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java @@ -28,6 +28,7 @@ import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; +import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator.AuthenticatorType; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler; import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus; import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator; @@ -771,7 +772,10 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse context.getSubject().setAccessingOrganization(userResidentOrganization); } - if (authenticator instanceof FederatedApplicationAuthenticator) { + AuthenticatorType authenticatorType = authenticator.getAuthenticatorType(); + if ((AuthenticatorType.SYSTEM.equals(authenticatorType) && authenticator instanceof + FederatedApplicationAuthenticator) || (AuthenticatorType.CUSTOM.equals(authenticatorType) + && context.getSubject().isFederatedUser())) { if (context.getSubject().getUserName() == null) { // Set subject identifier as the default username for federated users diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java index 88c9a095f651..b79c71165b99 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java @@ -38,6 +38,7 @@ import org.wso2.carbon.core.util.CryptoException; import org.wso2.carbon.core.util.CryptoUtil; import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator; +import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator.AuthenticatorType; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher; import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler; import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus; @@ -3395,7 +3396,11 @@ public static boolean isJITProvisioningEnabled(AuthenticationContext context) } ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator(); - if (authenticator instanceof FederatedApplicationAuthenticator) { + AuthenticatorType authenticatorType = authenticator.getAuthenticatorType(); + if ((AuthenticatorType.SYSTEM.equals(authenticatorType) && authenticator instanceof + FederatedApplicationAuthenticator) || (AuthenticatorType.CUSTOM.equals(authenticatorType) + && stepConfig.getAuthenticatedUser().isFederatedUser())) { + ExternalIdPConfig externalIdPConfig; String externalIdPConfigName = stepConfig.getAuthenticatedIdP(); externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java index 7fe64ac03758..8264e30cc127 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java @@ -66,7 +66,6 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.anyString; -import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mockStatic; @@ -165,7 +164,8 @@ public void testHandleWithAuthenticatedUserWithFederatedIdp() throws FrameworkEx configurationFacade.when(ConfigurationFacade::getInstance).thenReturn(mockConfigurationFacade); IdentityProvider identityProvider = getTestIdentityProvider("default-tp-1.xml"); ExternalIdPConfig externalIdPConfig = new ExternalIdPConfig(identityProvider); - doReturn(externalIdPConfig).when(mockConfigurationFacade).getIdPConfigByName(eq(null), anyString()); + lenient().doReturn(externalIdPConfig).when(mockConfigurationFacade) + .getIdPConfigByName(eq(null), anyString()); PostAuthnHandlerFlowStatus postAuthnHandlerFlowStatus = postJITProvisioningHandler .handle(request, response, context); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java index 9c172b60891f..6acc4d4045d9 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java @@ -212,6 +212,8 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider if (isFederated) { applicationAuthenticator = mock(FederatedApplicationAuthenticator.class); } + when(applicationAuthenticator.getAuthenticatorType()) + .thenReturn(ApplicationAuthenticator.AuthenticatorType.SYSTEM); when(applicationAuthenticator.getName()).thenReturn("Authenticator1"); if (withAuthenticatedUser) {