Improve auth framework with authenticator type.

Thisara-Welmilla · Aug 12, 2024 · f3b9a9f · f3b9a9f
1 parent 64f041d
commit f3b9a9f
Show file tree

Hide file tree

Showing 13 changed files with 90 additions and 12 deletions.
diff --git a/...g/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java b/...g/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java
@@ -23,6 +23,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.application.common.model.Property;
 
 import java.io.Serializable;
@@ -171,4 +172,13 @@ default String getI18nKey() {
         return StringUtils.EMPTY;
     }
 
+    /**
+     * Get the authenticator type (LOCAL, FEDERATED or CUSTOM)
+     *
+     * @return Authenticator Type.
+     */
+    default FrameworkConstants.AuthenticatorType getAuthenticatorType() {
+
+        return FrameworkConstants.AuthenticatorType.UNDEFINED;
+    }
 }
diff --git a/.../wso2/carbon/identity/application/authentication/framework/AuthenticationFlowHandler.java b/.../wso2/carbon/identity/application/authentication/framework/AuthenticationFlowHandler.java
@@ -18,9 +18,17 @@
 
 package org.wso2.carbon.identity.application.authentication.framework;
 
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+
 /**
  * Handler in the authentication flow but the authentication flow with this handler will be rejected.
  */
 public interface AuthenticationFlowHandler extends ApplicationAuthenticator {
 
+
+    @Override
+    default FrameworkConstants.AuthenticatorType getAuthenticatorType() {
+
+        return FrameworkConstants.AuthenticatorType.FLOW_HANDLER;
+    }
 }
diff --git a/...rbon/identity/application/authentication/framework/FederatedApplicationAuthenticator.java b/...rbon/identity/application/authentication/framework/FederatedApplicationAuthenticator.java
@@ -18,9 +18,16 @@
 
 package org.wso2.carbon.identity.application.authentication.framework;
 
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+
 /**
  * Federated application authenticator.
  */
 public interface FederatedApplicationAuthenticator extends ApplicationAuthenticator {
 
+    @Override
+    default FrameworkConstants.AuthenticatorType getAuthenticatorType() {
+
+        return FrameworkConstants.AuthenticatorType.FEDERATED;
+    }
 }
diff --git a/...2/carbon/identity/application/authentication/framework/LocalApplicationAuthenticator.java b/...2/carbon/identity/application/authentication/framework/LocalApplicationAuthenticator.java
@@ -18,9 +18,16 @@
 
 package org.wso2.carbon.identity.application.authentication.framework;
 
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+
 /**
  * Local authenticator for applications.
  */
 public interface LocalApplicationAuthenticator extends ApplicationAuthenticator {
 
+    @Override
+    default FrameworkConstants.AuthenticatorType getAuthenticatorType() {
+
+        return FrameworkConstants.AuthenticatorType.LOCAL;
+    }
 }
diff --git a/...on/identity/application/authentication/framework/RequestPathApplicationAuthenticator.java b/...on/identity/application/authentication/framework/RequestPathApplicationAuthenticator.java
@@ -18,9 +18,16 @@
 
 package org.wso2.carbon.identity.application.authentication.framework;
 
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+
 /**
  * Request path application authenticator.
  */
 public interface RequestPathApplicationAuthenticator extends ApplicationAuthenticator {
 
+    @Override
+    default FrameworkConstants.AuthenticatorType getAuthenticatorType() {
+
+        return FrameworkConstants.AuthenticatorType.REQUEST_PATH;
+    }
 }
diff --git a/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java
@@ -34,7 +34,6 @@
 import org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput;
 import org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput;
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
@@ -93,6 +92,7 @@
 
 import static org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.ALLOW_LOGIN_TO_IDP;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.SEND_ONLY_LOCALLY_MAPPED_ROLES_OF_IDP;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.EMAIL_ADDRESS_CLAIM;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_ENCRYPTING_TOTP_SECRET_KEY;
@@ -187,7 +187,9 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request
             AuthenticatorConfig authenticatorConfig = stepConfig.getAuthenticatedAutenticator();
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType())
+                            && stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
                 ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
                 context.setExternalIdP(externalIdPConfig);
@@ -295,7 +297,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request,
             }
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) &&
+                            stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
                 ExternalIdPConfig externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);
                 context.setExternalIdP(externalIdPConfig);

diff --git a/...application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java b/...application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.java
@@ -24,7 +24,6 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
@@ -53,6 +52,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import static org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.USER_TENANT_DOMAIN;
 
 /**
@@ -114,7 +114,9 @@ public PostAuthnHandlerFlowStatus handle(HttpServletRequest request, HttpServlet
             }
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) &&
+                        stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 if (stepConfig.isSubjectIdentifierStep()) {
                     if (log.isDebugEnabled()) {
                         log.debug(authenticator.getName() + " has been set up for subject identifier step.");

diff --git a/...ation/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java b/...ation/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java
@@ -25,7 +25,6 @@
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
@@ -60,8 +59,10 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CONFIG_ALLOW_SP_REQUESTED_FED_CLAIMS_ONLY;
 
+
 /**
  * Default implementation of step based sequence handler.
  */
@@ -289,7 +290,9 @@ protected void handlePostAuthentication(HttpServletRequest request,
 
             stepCount++;
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) &&
+                        stepConfig.getAuthenticatedUser().isFederatedUser())) {
 
                 ExternalIdPConfig externalIdPConfig = null;
                 try {

diff --git a/...n/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java b/...n/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java
@@ -30,7 +30,6 @@
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
 import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
@@ -87,6 +86,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.BASIC_AUTH_MECHANISM;
 import static org.wso2.carbon.identity.base.IdentityConstants.FEDERATED_IDP_SESSION_ID;
 
@@ -713,7 +713,9 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse
         }
 
         String idpName = FrameworkConstants.LOCAL_IDP_NAME;
-        if (context.getExternalIdP() != null && authenticator instanceof FederatedApplicationAuthenticator) {
+        if (context.getExternalIdP() != null &&
+                (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()))) {
             idpName = context.getExternalIdP().getIdPName();
         }
         // Add Diagnostic Logs for the selected authenticator by the user.
@@ -771,7 +773,9 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse
                 context.getSubject().setAccessingOrganization(userResidentOrganization);
             }
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType())
+                            && context.getSubject().isFederatedUser())) {
 
                 if (context.getSubject().getUserName() == null) {
                     // Set subject identifier as the default username for federated users

diff --git a/...rg/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java b/...rg/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java
@@ -817,4 +817,17 @@ public enum AuthenticatorMessageType {
         INFO,
         ERROR
     }
+
+    /**
+     * Default application related constants.
+     */
+    public enum AuthenticatorType {
+
+        LOCAL,
+        FEDERATED,
+        REQUEST_PATH,
+        FLOW_HANDLER,
+        CUSTOM,
+        UNDEFINED
+    }
 }
diff --git a/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java
@@ -41,7 +41,6 @@
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
-import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache;
 import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheEntry;
 import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheKey;
@@ -201,6 +200,7 @@
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.CONSOLE_APP_PATH;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.MY_ACCOUNT_APP;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Application.MY_ACCOUNT_APP_PATH;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.AuthenticatorType;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CONTEXT_PROP_INVALID_EMAIL_USERNAME;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.AUTHENTICATION_CONTEXT_EXPIRY_VALIDATION;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.Config.SKIP_LOCAL_USER_SEARCH_FOR_AUTHENTICATION_FLOW_HANDLERS;
@@ -3395,7 +3395,9 @@ public static boolean isJITProvisioningEnabled(AuthenticationContext context)
             }
             ApplicationAuthenticator authenticator = authenticatorConfig.getApplicationAuthenticator();
 
-            if (authenticator instanceof FederatedApplicationAuthenticator) {
+            if (AuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType()) ||
+                    (AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType())
+                            && stepConfig.getAuthenticatedUser().isFederatedUser())) {
                 ExternalIdPConfig externalIdPConfig;
                 String externalIdPConfigName = stepConfig.getAuthenticatedIdP();
                 externalIdPConfig = getExternalIdpConfig(externalIdPConfigName, context);

diff --git a/...tication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java b/...tication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java
@@ -70,6 +70,7 @@
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
 
 /**
  * This is a test class for {@link JITProvisioningPostAuthenticationHandler}.
@@ -195,6 +196,11 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider
 
         if (isFederated) {
             applicationAuthenticator = mock(FederatedApplicationAuthenticator.class);
+            when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.FEDERATED);
+        } else {
+            when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.LOCAL);
         }
         lenient().when(applicationAuthenticator.getName()).thenReturn("Authenticator1");
 

diff --git a/...ication/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java b/...ication/authentication/framework/handler/request/impl/PostAuthAssociationHandlerTest.java
@@ -211,6 +211,11 @@ private AuthenticationContext processAndGetAuthenticationContext(ServiceProvider
 
         if (isFederated) {
             applicationAuthenticator = mock(FederatedApplicationAuthenticator.class);
+            when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.FEDERATED);
+        } else {
+            when(applicationAuthenticator.getAuthenticatorType())
+                    .thenReturn(FrameworkConstants.AuthenticatorType.LOCAL);
         }
         when(applicationAuthenticator.getName()).thenReturn("Authenticator1");