def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if step == 1:
print "Basic (one session). Authenticate for step 1"
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
logged_in = authenticationService.authenticate(user_name, user_password)
if not logged_in:
return False
logged_in = self.isFirstSession(user_name)
if not logged_in:
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.add(FacesMessage.SEVERITY_ERROR, "Please, end active session first!")
return False
return True
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if (step == 1):
print "Basic. Authenticate for step 1"
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name_array = StringHelper.split(credentials.getUsername(),"+")
user_name = None
if len(user_name_array) == 2:
email_id_array = StringHelper.split(user_name_array[1],"@")
user_name = user_name_array[0] + "@"+ email_id_array[1]
else:
user_name = user_name_array[0]
print "Username for authentication is: %s " % user_name
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = authenticationService.authenticate(user_name, user_password,"mail","mail")
if (not logged_in):
return False
return True
else:
return False
def prepareClientsSet(self, configurationAttributes):
clientsSet = HashSet()
if (not configurationAttributes.containsKey("allowed_clients")):
return clientsSet
allowedClientsList = configurationAttributes.get(
"allowed_clients").getValue2()
if (StringHelper.isEmpty(allowedClientsList)):
print "UmaRptPolicy. The property allowed_clients is empty"
return clientsSet
allowedClientsListArray = StringHelper.split(allowedClientsList, ",")
if (ArrayHelper.isEmpty(allowedClientsListArray)):
print "UmaRptPolicy. No clients specified in allowed_clients property"
return clientsSet
# Convert to HashSet to quick search
i = 0
count = len(allowedClientsListArray)
while (i < count):
client = allowedClientsListArray[i]
clientsSet.add(client)
i = i + 1
return clientsSet
def init(self, customScript, configurationAttributes):
print "Basic (multi login). Initialization"
login_attributes_list_object = configurationAttributes.get("login_attributes_list")
if (login_attributes_list_object == None):
print "Basic (multi login). Initialization. There is no property login_attributes_list"
return False
login_attributes_list = login_attributes_list_object.getValue2()
if (StringHelper.isEmpty(login_attributes_list)):
print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property"
return False
login_attributes_list_array = StringHelper.split(login_attributes_list, ",")
if (ArrayHelper.isEmpty(login_attributes_list_array)):
print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property"
return False
if (configurationAttributes.containsKey("local_login_attributes_list")):
local_login_attributes_list = configurationAttributes.get("local_login_attributes_list").getValue2()
local_login_attributes_list_array = StringHelper.split(local_login_attributes_list, ",")
else:
print "Basic (multi login). Initialization. There is no property local_login_attributes_list. Assuming that login attributes are equal to local login attributes."
local_login_attributes_list_array = login_attributes_list_array
if (len(login_attributes_list_array) != len(local_login_attributes_list_array)):
print "Basic (multi login). Initialization. The number of attributes in login_attributes_list and local_login_attributes_list isn't equal"
return False
self.login_attributes_list_array = login_attributes_list_array
self.local_login_attributes_list_array = local_login_attributes_list_array
print "Basic (multi login). Initialized successfully"
return True
def authenticate_user_credentials(self, identity, authentication_service):
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
print "AzureAD. user_name: %s" % user_name
logged_in = False
if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
# Special condition to allow for Gluu admin login
if StringHelper.equals(user_name, ADMIN):
return self.authenticate_user_in_gluu_ldap(authentication_service, user_name, user_password)
# Authenticate user credentials with Azure AD non-interactively
azure_auth_response = self.authenticate_user_in_azure(azure_tenant_id, user_name, user_password, azure_client_id, azure_client_secret)
print "AzureAD. Value of azure_auth_response is %s" % azure_auth_response
azure_auth_response_json = json.loads(azure_auth_response)
if azure_user_uuid in azure_auth_response_json:
# Azure authentication has succeeded. User needs to be enrolled in Gluu LDAP
user = self.enroll_azure_user_in_gluu_ldap(azure_auth_response_json)
if user is None:
# User Enrollment in Gluu LDAP has failed
logged_in = False
else:
# Authenticating the user within Gluu
user_authenticated_in_gluu = authentication_service.authenticate(user.getUserId())
print "AzureAD: Authentication status of the user enrolled in Gluu LDAP %r " % user_authenticated_in_gluu
return user_authenticated_in_gluu
else:
# Azure authentication has failed.
logged_in = False
return logged_in
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if (step == 1):
print "Basic (multi login). Authenticate for step 1"
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
key_value = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(key_value) and StringHelper.isNotEmptyString(user_password)):
i = 0
count = len(self.login_attributes_list_array)
while (i < count):
primary_key = self.login_attributes_list_array[i]
local_primary_key = self.local_login_attributes_list_array[i]
logged_in = authenticationService.authenticate(key_value, user_password, primary_key, local_primary_key)
if (logged_in):
return True
i += 1
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if (step == 1):
print "Radius. Authenticate for step 1"
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
if StringHelper.isNotEmptyString(user_name ) and StringHelper.isNotEmptyString(user_password ):
user_exists_in_gluu = authenticationService.authenticate(user_name )
if user_exists_in_gluu :
client = RadiusClient(self.RADIUS_SERVER_IP,int (self.RADIUS_SERVER_AUTH_PORT), int(self.RADIUS_SERVER_ACCT_PORT), self.RADIUS_SERVER_SECRET)
accessRequest = RadiusPacket(RadiusPacket.ACCESS_REQUEST)
userNameAttribute = RadiusAttribute(RadiusAttributeValues.USER_NAME,user_name )
userPasswordAttribute = RadiusAttribute(RadiusAttributeValues.USER_PASSWORD,user_password )
accessRequest.setAttribute(userNameAttribute)
accessRequest.setAttribute(userPasswordAttribute)
accessResponse = client.authenticate(accessRequest)
print "Packet type - %s " % accessResponse.getPacketType()
if accessResponse.getPacketType() == RadiusPacket.ACCESS_ACCEPT:
return True
#elif accessResponse.getPacketType() == RadiusPacket.ACCESS_CHALLENGE:
# return False
return False
def init(self, customScript, configurationAttributes):
print "Basic (lock account). Initialization"
self.invalidLoginCountAttribute = "oxCountInvalidLogin"
if configurationAttributes.containsKey("invalid_login_count_attribute"):
self.invalidLoginCountAttribute = configurationAttributes.get("invalid_login_count_attribute").getValue2()
else:
print "Basic (lock account). Initialization. Using default attribute"
self.maximumInvalidLoginAttemps = 3
if configurationAttributes.containsKey("maximum_invalid_login_attemps"):
self.maximumInvalidLoginAttemps = StringHelper.toInteger(configurationAttributes.get("maximum_invalid_login_attemps").getValue2())
else:
print "Basic (lock account). Initialization. Using default number attempts"
self.lockExpirationTime = 180
if configurationAttributes.containsKey("lock_expiration_time"):
self.lockExpirationTime = StringHelper.toInteger(configurationAttributes.get("lock_expiration_time").getValue2())
else:
print "Basic (lock account). Initialization. Using default lock expiration time"
print "Basic (lock account). Initialized successfully. invalid_login_count_attribute: '%s', maximum_invalid_login_attemps: '%s', lock_expiration_time: '%s'" % (self.invalidLoginCountAttribute, self.maximumInvalidLoginAttemps, self.lockExpirationTime)
return True
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if 1 <= step <= 3:
print "Basic (demo reset step). Authenticate for step '%s'" % step
identity = CdiUtil.bean(Identity)
identity.setWorkingParameter("pass_authentication", False)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = CdiUtil.bean(UserService)
logged_in = authenticationService.authenticate(user_name, user_password)
if (not logged_in):
return False
identity.setWorkingParameter("pass_authentication", True)
return True
else:
return False
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):
remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property"
return None
localAttributesListArray = StringHelper.split(localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property"
return None
if (len(remoteAttributesListArray) != len(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal"
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
if (StringHelper.equalsIgnoreCase(localAttribute, "uid")):
containsUid = True
i = i + 1
if (not containsUid):
print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute"
return None
return attributeMapping
def getCurrentSamlConfiguration(self, currentSamlConfiguration, configurationAttributes, requestParameters):
saml_client_configuration = self.getClientConfiguration(configurationAttributes, requestParameters)
if saml_client_configuration == None:
return currentSamlConfiguration
saml_client_configuration_value = json.loads(saml_client_configuration.getValue())
client_asimba_saml_certificate = None
client_asimba_saml_certificate_file = saml_client_configuration_value["asimba_saml_certificate_file"]
if StringHelper.isNotEmpty(client_asimba_saml_certificate_file):
client_asimba_saml_certificate = self.loadCeritificate(client_asimba_saml_certificate_file)
if StringHelper.isEmpty(client_asimba_saml_certificate):
print "Asimba. BuildClientSamlConfiguration. File with x509 certificate should be not empty. Using default configuration"
return currentSamlConfiguration
clientSamlConfiguration = currentSamlConfiguration.clone()
if client_asimba_saml_certificate != None:
clientSamlConfiguration.loadCertificateFromString(client_asimba_saml_certificate)
client_asimba_entity_id = saml_client_configuration_value["asimba_entity_id"]
clientSamlConfiguration.setIssuer(client_asimba_entity_id)
saml_use_authn_context = saml_client_configuration_value["saml_use_authn_context"]
client_use_saml_use_authn_context = StringHelper.toBoolean(saml_use_authn_context, True)
clientSamlConfiguration.setUseRequestedAuthnContext(client_use_saml_use_authn_context)
return clientSamlConfiguration
def lockUser(self, user_name):
if StringHelper.isEmpty(user_name):
return None
userService = CdiUtil.bean(UserService)
cacheService= CdiUtil.bean(CacheService)
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
find_user_by_uid = userService.getUser(user_name)
if (find_user_by_uid == None):
return None
status_attribute_value = userService.getCustomAttribute(find_user_by_uid, "gluuStatus")
if status_attribute_value != None:
user_status = status_attribute_value.getValue()
if StringHelper.equals(user_status, "inactive"):
print "Basic (lock account). Lock user. User '%s' locked already" % user_name
return
userService.setCustomAttribute(find_user_by_uid, "gluuStatus", "inactive")
updated_user = userService.updateUser(find_user_by_uid)
object_to_store = json.dumps({'locked': True, 'created': LocalDateTime.now().toString()}, separators=(',',':'))
cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_"+user_name, object_to_store);
facesMessages.add(FacesMessage.SEVERITY_ERROR, "Your account is locked. Please try again after " + StringHelper.toString(self.lockExpirationTime) + " secs")
print "Basic (lock account). Lock user. User '%s' locked" % user_name
def attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list):
try:
azure_ad_attributes_list_array = StringHelper.split(azure_ad_attributes_list, ",")
if ArrayHelper.isEmpty(azure_ad_attributes_list_array):
print("AzureAD: There is no attributes specified in azure_ad_attributes_list property")
return None
gluu_ldap_attributes_list_array = StringHelper.split(gluu_ldap_attributes_list, ",")
if ArrayHelper.isEmpty(gluu_ldap_attributes_list_array):
print("AzureAD: There is no attributes specified in gluu_ldap_attributes_list property")
return None
if len(azure_ad_attributes_list_array) != len(gluu_ldap_attributes_list_array):
print("AzureAD: The number of attributes isn't equal")
return None
attributes_map = IdentityHashMap()
i = 0
count = len(azure_ad_attributes_list_array)
while i < count:
azure_ad_attribute = StringHelper.toLowerCase(azure_ad_attributes_list_array[i])
gluu_ldap_attribute = StringHelper.toLowerCase(gluu_ldap_attributes_list_array[i])
attributes_map.put(azure_ad_attribute, gluu_ldap_attribute)
i = i + 1
return attributes_map
except Exception, err:
print("AzureAD: Exception inside prepareAttributesMapping " + str(err))
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):
try:
remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print("Registration: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property")
return None
localAttributesListArray = StringHelper.split(localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print("Registration: PrepareAttributesMapping. There is no attributes specified in localAttributesList property")
return None
if (len(remoteAttributesListArray) != len(localAttributesListArray)):
print("Registration: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal")
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
i = i + 1
return attributeMapping
except Exception, err:
print("Registration: Exception inside prepareAttributesMapping " + str(err))
def authenticate_user_credentials(self, identity, authentication_service):
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
print "ThumbSignIn. user_name: " + user_name
logged_in = False
if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
logged_in = self.authenticate_user_in.jans.ldap(authentication_service, user_name, user_password)
return logged_in
def validateTotpKey(self, secretKey, totpKey, user_name):
localTotpKey = self.generateTotpKey(secretKey)
cachedOTP = self.getCachedOTP(user_name)
if StringHelper.equals(localTotpKey, totpKey) and not StringHelper.equals(localTotpKey, cachedOTP):
userService = CdiUtil.bean(UserService)
if cachedOTP is None:
userService.addUserAttribute(user_name, "oxOTPCache",localTotpKey)
else :
userService.replaceUserAttribute(user_name, "oxOTPCache", cachedOTP, localTotpKey)
print "OTP. Caching OTP: '%s'" % localTotpKey
return { "result": True }
return { "result": False }
def authenticate(self, configurationAttributes, requestParameters, step):
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
if (step == 1):
print "Basic (with password update). Authenticate for step 1"
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = authenticationService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
elif (step == 2):
print "Basic (with password update). Authenticate for step 2"
user = authenticationService.getAuthenticatedUser()
if user == None:
print "Basic (with password update). Authenticate for step 2. Failed to determine user name"
return False
user_name = user.getUserId()
find_user_by_uid = userService.getUser(user_name)
update_button = requestParameters.get("loginForm:updateButton")
if ArrayHelper.isEmpty(update_button):
return True
new_password_array = requestParameters.get("new_password")
if ArrayHelper.isEmpty(new_password_array) or StringHelper.isEmpty(new_password_array[0]):
print "Basic (with password update). Authenticate for step 2. New password is empty"
return False
new_password = new_password_array[0]
find_user_by_uid.setAttribute("userPassword", new_password)
print "Basic (with password update). Authenticate for step 2. Attempting to set new user '%s' password" % user_name
userService.updateUser(find_user_by_uid)
print "Basic (with password update). Authenticate for step 2. Password updated successfully"
return True
else:
return False
def init(self, customScript, configuration_attributes):
print "AzureAD. Initialization"
global azure_tenant_id
azure_tenant_id = configuration_attributes.get("azure_tenant_id").getValue2()
print "AzureAD. Initialization. Value of azure_tenant_id is %s" % azure_tenant_id
global azure_client_id
azure_client_id = configuration_attributes.get("azure_client_id").getValue2()
print "AzureAD. Initialization. Value of azure_client_id is %s" % azure_client_id
global azure_client_secret
azure_client_secret = configuration_attributes.get("azure_client_secret").getValue2()
global MICROSOFT_AUTHORITY_URL
MICROSOFT_AUTHORITY_URL = 'login.microsoftonline.com'
global AZURE_AD_GRAPH_RESOURCE_ENDPOINT
AZURE_AD_GRAPH_RESOURCE_ENDPOINT = 'https://graph.windows.net'
global azure_user_uuid
azure_user_uuid = "oid"
global gluu_ldap_uuid
gluu_ldap_uuid = "uid"
global ADMIN
ADMIN = 'admin'
global attributes_mapping
if (configuration_attributes.containsKey("azure_ad_attributes_list") and
configuration_attributes.containsKey("gluu_ldap_attributes_list")):
azure_ad_attributes_list = configuration_attributes.get("azure_ad_attributes_list").getValue2()
if StringHelper.isEmpty(azure_ad_attributes_list):
print "AzureAD: Initialization. The property azure_ad_attributes_list is empty"
return False
gluu_ldap_attributes_list = configuration_attributes.get("gluu_ldap_attributes_list").getValue2()
if StringHelper.isEmpty(gluu_ldap_attributes_list):
print "AzureAD: Initialization. The property gluu_ldap_attributes_list is empty"
return False
attributes_mapping = self.attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list)
if attributes_mapping is None:
print "AzureAD: Initialization. The attributes mapping isn't valid"
return False
print "AzureAD. Initialized successfully"
return True
def authenticateImpl(self, credentials, authenticationService):
print "Basic (client group). Processing user name/password authentication"
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
logged_in = authenticationService.authenticate(user_name, user_password)
if not logged_in:
return False
return True
def init(self, customScript, configurationAttributes):
print "Cert. Initialization"
if not (configurationAttributes.containsKey("chain_cert_file_path")):
print "Cert. Initialization. Property chain_cert_file_path is mandatory"
return False
if not (configurationAttributes.containsKey("map_user_cert")):
print "Cert. Initialization. Property map_user_cert is mandatory"
return False
chain_cert_file_path = configurationAttributes.get("chain_cert_file_path").getValue2()
self.chain_certs = CertUtil.loadX509CertificateFromFile(chain_cert_file_path)
if self.chain_certs == None:
print "Cert. Initialization. Failed to load chain certificates from '%s'" % chain_cert_file_path
return False
print "Cert. Initialization. Loaded '%d' chain certificates" % self.chain_certs.size()
crl_max_response_size = 5 * 1024 * 1024 # 10Mb
if configurationAttributes.containsKey("crl_max_response_size"):
crl_max_response_size = StringHelper.toInteger(configurationAttributes.get("crl_max_response_size").getValue2(), crl_max_response_size)
print "Cert. Initialization. CRL max response size is '%d'" % crl_max_response_size
# Define array to order methods correctly
self.validator_types = [ 'generic', 'path', 'ocsp', 'crl']
self.validators = { 'generic' : [GenericCertificateVerifier(), False],
'path' : [PathCertificateVerifier(False), False],
'ocsp' : [OCSPCertificateVerifier(), False],
'crl' : [CRLCertificateVerifier(crl_max_response_size), False] }
for type in self.validator_types:
validator_param_name = "use_%s_validator" % type
if configurationAttributes.containsKey(validator_param_name):
validator_status = StringHelper.toBoolean(configurationAttributes.get(validator_param_name).getValue2(), False)
self.validators[type][1] = validator_status
print "Cert. Initialization. Validation method '%s' status: '%s'" % (type, self.validators[type][1])
self.map_user_cert = StringHelper.toBoolean(configurationAttributes.get("map_user_cert").getValue2(), False)
print "Cert. Initialization. map_user_cert: '%s'" % self.map_user_cert
self.enabled_recaptcha = self.initRecaptcha(configurationAttributes)
print "Cert. Initialization. enabled_recaptcha: '%s'" % self.enabled_recaptcha
print "Cert. Initialized successfully"
return True
def prepareAttributesMapping(self, saml_idp_attributes_mapping):
saml_idp_attributes_mapping_json = json.loads(saml_idp_attributes_mapping)
if len(saml_idp_attributes_mapping_json) == 0:
print "Asimba. PrepareAttributesMapping. There is no attributes mapping specified in saml_idp_attributes_mapping property"
return None
attributeMapping = IdentityHashMap()
for local_attribute_name in saml_idp_attributes_mapping_json:
localAttribute = StringHelper.toLowerCase(local_attribute_name)
for idp_attribute_name in saml_idp_attributes_mapping_json[local_attribute_name]:
idpAttribute = StringHelper.toLowerCase(idp_attribute_name)
attributeMapping.put(idpAttribute, localAttribute)
return attributeMapping
def processKeyStoreProperties(self, attrs):
file = attrs.get("key_store_file")
password = attrs.get("key_store_password")
if file != None and password != None:
file = file.getValue2()
password = password.getValue2()
if StringHelper.isNotEmpty(file) and StringHelper.isNotEmpty(password):
self.keyStoreFile = file
self.keyStorePassword = password
return True
print "Passport. readKeyStoreProperties. Properties key_store_file or key_store_password not found or empty"
return False
def getGeolocation(self, identity):
session_attributes = identity.getSessionId().getSessionAttributes()
if session_attributes.containsKey("remote_ip"):
remote_ip = session_attributes.get("remote_ip")
if StringHelper.isNotEmpty(remote_ip):
httpService = CdiUtil.bean(HttpService)
http_client = httpService.getHttpsClient()
http_client_params = http_client.getParams()
http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 4 * 1000)
geolocation_service_url = "http://ip-api.com/json/%s?fields=country,city,status,message" % remote_ip
geolocation_service_headers = { "Accept" : "application/json" }
try:
http_service_response = httpService.executeGet(http_client, geolocation_service_url, geolocation_service_headers)
http_response = http_service_response.getHttpResponse()
except:
print "Casa. Determine remote location. Exception: ", sys.exc_info()[1]
return None
try:
if not httpService.isResponseStastusCodeOk(http_response):
print "Casa. Determine remote location. Get non 200 OK response from server:", str(http_response.getStatusLine().getStatusCode())
httpService.consume(http_response)
return None
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(response_bytes, Charset.forName("UTF-8"))
httpService.consume(http_response)
finally:
http_service_response.closeConnection()
if response_string == None:
print "Casa. Determine remote location. Get empty response from location server"
return None
response = json.loads(response_string)
if not StringHelper.equalsIgnoreCase(response['status'], "success"):
print "Casa. Determine remote location. Get response with status: '%s'" % response['status']
return None
return response
return None
def getMappedUser(self, configurationAttributes, requestParameters, saml_response_attributes):
# Convert Saml result attributes keys to lover case
saml_response_normalized_attributes = HashMap()
for saml_response_attribute_entry in saml_response_attributes.entrySet():
saml_response_normalized_attributes.put(StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue())
currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Asimba. Get mapped user. Using next attributes mapping '%s'" % currentAttributesMapping
newUser = User()
# Set custom object classes
if self.userObjectClasses != None:
print "Asimba. Get mapped user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses)
newUser.setCustomObjectClasses(self.userObjectClasses)
for attributesMappingEntry in currentAttributesMapping.entrySet():
idpAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
if self.debugEnrollment:
print "Asimba. Get mapped user. Trying to map '%s' into '%s'" % (idpAttribute, localAttribute)
localAttributeValue = saml_response_normalized_attributes.get(idpAttribute)
if localAttributeValue != None:
if self.debugEnrollment:
print "Asimba. Get mapped user. Setting attribute '%s' value '%s'" % (localAttribute, localAttributeValue)
newUser.setAttribute(localAttribute, localAttributeValue)
else:
if newUser.getAttribute(localAttribute) == None:
newUser.setAttribute(localAttribute, ArrayList())
return newUser
def isPassedStep1():
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
passed_step1 = StringHelper.isNotEmptyString(user_name)
return passed_step1
def createLdapExtendedEntryManagers(self, authConfiguration):
ldapExtendedConfigurations = self.createLdapExtendedConfigurations(authConfiguration)
appInitializer = CdiUtil.bean(AppInitializer)
persistanceFactoryService = CdiUtil.bean(PersistanceFactoryService)
ldapEntryManagerFactory = persistanceFactoryService.getPersistenceEntryManagerFactory(LdapEntryManagerFactory)
persistenceType = ldapEntryManagerFactory.getPersistenceType()
ldapExtendedEntryManagers = []
for ldapExtendedConfiguration in ldapExtendedConfigurations:
connectionConfiguration = ldapExtendedConfiguration["connectionConfiguration"]
ldapConfiguration = ldapExtendedConfiguration["ldapConfiguration"]
ldapProperties = Properties()
for key, value in connectionConfiguration.items():
value_string = value
if isinstance(value_string, list):
value_string = ", ".join(value)
else:
value_string = str(value)
ldapProperties.setProperty(persistenceType + "." + key, value_string)
if StringHelper.isNotEmptyString(ldapConfiguration.getBindPassword()):
ldapProperties.setProperty(persistenceType + ".bindPassword", ldapConfiguration.getBindPassword())
ldapEntryManager = ldapEntryManagerFactory.createEntryManager(ldapProperties)
ldapExtendedEntryManagers.append({ "ldapConfiguration" : ldapConfiguration, "ldapProperties" : ldapProperties, "loginAttributes" : ldapExtendedConfiguration["loginAttributes"], "localLoginAttributes" : ldapExtendedConfiguration["localLoginAttributes"], "ldapEntryManager" : ldapEntryManager })
return ldapExtendedEntryManagers
def getMappedAllAttributesUser(self, saml_response_attributes):
user = User()
# Set custom object classes
if self.userObjectClasses != None:
print "Asimba. Get mapped all attributes user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses)
user.setCustomObjectClasses(self.userObjectClasses)
# Prepare map to do quick mapping
attributeService = CdiUtil.bean(AttributeService)
ldapAttributes = attributeService.getAllAttributes()
samlUriToAttributesMap = HashMap()
for ldapAttribute in ldapAttributes:
saml2Uri = ldapAttribute.getSaml2Uri()
if saml2Uri == None:
saml2Uri = attributeService.getDefaultSaml2Uri(ldapAttribute.getName())
samlUriToAttributesMap.put(saml2Uri, ldapAttribute.getName())
customAttributes = ArrayList()
for key in saml_response_attributes.keySet():
ldapAttributeName = samlUriToAttributesMap.get(key)
if ldapAttributeName == None:
print "Asimba. Get mapped all attributes user. Skipping saml attribute: '%s'" % key
continue
if StringHelper.equalsIgnoreCase(ldapAttributeName, "uid"):
continue
attribute = CustomAttribute(ldapAttributeName)
attribute.setValues(saml_response_attributes.get(key))
customAttributes.add(attribute)
user.setCustomAttributes(customAttributes)
return user
def getCountAuthenticationSteps(self, configurationAttributes):
identity = CdiUtil.bean(Identity)
if identity.isSetWorkingParameter("otp_count_login_steps"):
return StringHelper.toInteger("%s" % identity.getWorkingParameter("otp_count_login_steps"))
else:
return 2
def init(self, customScript, configurationAttributes):
print "UAF. Initialization"
if not configurationAttributes.containsKey("uaf_server_uri"):
print "UAF. Initialization. Property uaf_server_uri is mandatory"
return False
self.uaf_server_uri = configurationAttributes.get("uaf_server_uri").getValue2()
self.uaf_policy_name = "default"
if configurationAttributes.containsKey("uaf_policy_name"):
self.uaf_policy_name = configurationAttributes.get("uaf_policy_name").getValue2()
self.send_push_notifaction = False
if configurationAttributes.containsKey("send_push_notifaction"):
self.send_push_notifaction = StringHelper.toBoolean(configurationAttributes.get("send_push_notifaction").getValue2(), False)
self.registration_uri = None
if configurationAttributes.containsKey("registration_uri"):
self.registration_uri = configurationAttributes.get("registration_uri").getValue2()
self.customQrOptions = {}
if configurationAttributes.containsKey("qr_options"):
self.customQrOptions = configurationAttributes.get("qr_options").getValue2()
print "UAF. Initializing HTTP client"
httpService = CdiUtil.bean(HttpService)
self.http_client = httpService.getHttpsClient()
http_client_params = self.http_client.getParams()
http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)
print "UAF. Initialized successfully. uaf_server_uri: '%s', uaf_policy_name: '%s', send_push_notifaction: '%s', registration_uri: '%s', qr_options: '%s'" % (self.uaf_server_uri, self.uaf_policy_name, self.send_push_notifaction, self.registration_uri, self.customQrOptions)
print "UAF. Initialized successfully"
return True
def checkStatus(self, mode, request_id, timeout):
try:
curTime = java.lang.System.currentTimeMillis()
endTime = curTime + timeout * 1000
while (endTime >= curTime):
response_status = None
if (StringHelper.equals("pair", mode)):
response_status = self.oxPushClient.getPairingStatus(request_id)
else:
response_status = self.oxPushClient.getAuthenticationStatus(request_id)
if (not response_status.result):
print "oxPush. CheckStatus. Get false result from oxPushServer"
return None
status = response_status.status
if ("declined" == status):
print "oxPush. CheckStatus. The process has been cancelled"
return None
if ("expired" == status):
print "oxPush. CheckStatus. The process has been expired"
return None
if ("approved" == status):
print "oxPush. CheckStatus. The process was approved"
return response_status
java.lang.Thread.sleep(2000)
curTime = java.lang.System.currentTimeMillis()
except java.lang.Exception, err:
print "oxPush. CheckStatus. Could not check process status: ", err
return None
