def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if step == 1: print "Basic (one session). Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = authenticationService.authenticate(user_name, user_password) if not logged_in: return False logged_in = self.isFirstSession(user_name) if not logged_in: facesMessages = CdiUtil.bean(FacesMessages) facesMessages.add(FacesMessage.SEVERITY_ERROR, "Please, end active session first!") return False return True else: return False
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Basic. Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name_array = StringHelper.split(credentials.getUsername(),"+") user_name = None if len(user_name_array) == 2: email_id_array = StringHelper.split(user_name_array[1],"@") user_name = user_name_array[0] + "@"+ email_id_array[1] else: user_name = user_name_array[0] print "Username for authentication is: %s " % user_name user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate(user_name, user_password,"mail","mail") if (not logged_in): return False return True else: return False
def prepareClientsSet(self, configurationAttributes): clientsSet = HashSet() if (not configurationAttributes.containsKey("allowed_clients")): return clientsSet allowedClientsList = configurationAttributes.get( "allowed_clients").getValue2() if (StringHelper.isEmpty(allowedClientsList)): print "UmaRptPolicy. The property allowed_clients is empty" return clientsSet allowedClientsListArray = StringHelper.split(allowedClientsList, ",") if (ArrayHelper.isEmpty(allowedClientsListArray)): print "UmaRptPolicy. No clients specified in allowed_clients property" return clientsSet # Convert to HashSet to quick search i = 0 count = len(allowedClientsListArray) while (i < count): client = allowedClientsListArray[i] clientsSet.add(client) i = i + 1 return clientsSet
def init(self, customScript, configurationAttributes): print "Basic (multi login). Initialization" login_attributes_list_object = configurationAttributes.get("login_attributes_list") if (login_attributes_list_object == None): print "Basic (multi login). Initialization. There is no property login_attributes_list" return False login_attributes_list = login_attributes_list_object.getValue2() if (StringHelper.isEmpty(login_attributes_list)): print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property" return False login_attributes_list_array = StringHelper.split(login_attributes_list, ",") if (ArrayHelper.isEmpty(login_attributes_list_array)): print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property" return False if (configurationAttributes.containsKey("local_login_attributes_list")): local_login_attributes_list = configurationAttributes.get("local_login_attributes_list").getValue2() local_login_attributes_list_array = StringHelper.split(local_login_attributes_list, ",") else: print "Basic (multi login). Initialization. There is no property local_login_attributes_list. Assuming that login attributes are equal to local login attributes." local_login_attributes_list_array = login_attributes_list_array if (len(login_attributes_list_array) != len(local_login_attributes_list_array)): print "Basic (multi login). Initialization. The number of attributes in login_attributes_list and local_login_attributes_list isn't equal" return False self.login_attributes_list_array = login_attributes_list_array self.local_login_attributes_list_array = local_login_attributes_list_array print "Basic (multi login). Initialized successfully" return True
def authenticate_user_credentials(self, identity, authentication_service): credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() print "AzureAD. user_name: %s" % user_name logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): # Special condition to allow for Gluu admin login if StringHelper.equals(user_name, ADMIN): return self.authenticate_user_in_gluu_ldap(authentication_service, user_name, user_password) # Authenticate user credentials with Azure AD non-interactively azure_auth_response = self.authenticate_user_in_azure(azure_tenant_id, user_name, user_password, azure_client_id, azure_client_secret) print "AzureAD. Value of azure_auth_response is %s" % azure_auth_response azure_auth_response_json = json.loads(azure_auth_response) if azure_user_uuid in azure_auth_response_json: # Azure authentication has succeeded. User needs to be enrolled in Gluu LDAP user = self.enroll_azure_user_in_gluu_ldap(azure_auth_response_json) if user is None: # User Enrollment in Gluu LDAP has failed logged_in = False else: # Authenticating the user within Gluu user_authenticated_in_gluu = authentication_service.authenticate(user.getUserId()) print "AzureAD: Authentication status of the user enrolled in Gluu LDAP %r " % user_authenticated_in_gluu return user_authenticated_in_gluu else: # Azure authentication has failed. logged_in = False return logged_in
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Basic (multi login). Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() key_value = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(key_value) and StringHelper.isNotEmptyString(user_password)): i = 0 count = len(self.login_attributes_list_array) while (i < count): primary_key = self.login_attributes_list_array[i] local_primary_key = self.local_login_attributes_list_array[i] logged_in = authenticationService.authenticate(key_value, user_password, primary_key, local_primary_key) if (logged_in): return True i += 1 return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Radius. Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if StringHelper.isNotEmptyString(user_name ) and StringHelper.isNotEmptyString(user_password ): user_exists_in_gluu = authenticationService.authenticate(user_name ) if user_exists_in_gluu : client = RadiusClient(self.RADIUS_SERVER_IP,int (self.RADIUS_SERVER_AUTH_PORT), int(self.RADIUS_SERVER_ACCT_PORT), self.RADIUS_SERVER_SECRET) accessRequest = RadiusPacket(RadiusPacket.ACCESS_REQUEST) userNameAttribute = RadiusAttribute(RadiusAttributeValues.USER_NAME,user_name ) userPasswordAttribute = RadiusAttribute(RadiusAttributeValues.USER_PASSWORD,user_password ) accessRequest.setAttribute(userNameAttribute) accessRequest.setAttribute(userPasswordAttribute) accessResponse = client.authenticate(accessRequest) print "Packet type - %s " % accessResponse.getPacketType() if accessResponse.getPacketType() == RadiusPacket.ACCESS_ACCEPT: return True #elif accessResponse.getPacketType() == RadiusPacket.ACCESS_CHALLENGE: # return False return False
def init(self, customScript, configurationAttributes): print "Basic (lock account). Initialization" self.invalidLoginCountAttribute = "oxCountInvalidLogin" if configurationAttributes.containsKey("invalid_login_count_attribute"): self.invalidLoginCountAttribute = configurationAttributes.get("invalid_login_count_attribute").getValue2() else: print "Basic (lock account). Initialization. Using default attribute" self.maximumInvalidLoginAttemps = 3 if configurationAttributes.containsKey("maximum_invalid_login_attemps"): self.maximumInvalidLoginAttemps = StringHelper.toInteger(configurationAttributes.get("maximum_invalid_login_attemps").getValue2()) else: print "Basic (lock account). Initialization. Using default number attempts" self.lockExpirationTime = 180 if configurationAttributes.containsKey("lock_expiration_time"): self.lockExpirationTime = StringHelper.toInteger(configurationAttributes.get("lock_expiration_time").getValue2()) else: print "Basic (lock account). Initialization. Using default lock expiration time" print "Basic (lock account). Initialized successfully. invalid_login_count_attribute: '%s', maximum_invalid_login_attemps: '%s', lock_expiration_time: '%s'" % (self.invalidLoginCountAttribute, self.maximumInvalidLoginAttemps, self.lockExpirationTime) return True
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if 1 <= step <= 3: print "Basic (demo reset step). Authenticate for step '%s'" % step identity = CdiUtil.bean(Identity) identity.setWorkingParameter("pass_authentication", False) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = CdiUtil.bean(UserService) logged_in = authenticationService.authenticate(user_name, user_password) if (not logged_in): return False identity.setWorkingParameter("pass_authentication", True) return True else: return False
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList): remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",") if (ArrayHelper.isEmpty(remoteAttributesListArray)): print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property" return None localAttributesListArray = StringHelper.split(localAttributesList, ",") if (ArrayHelper.isEmpty(localAttributesListArray)): print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property" return None if (len(remoteAttributesListArray) != len(localAttributesListArray)): print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal" return None attributeMapping = IdentityHashMap() containsUid = False i = 0 count = len(remoteAttributesListArray) while (i < count): remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) localAttribute = StringHelper.toLowerCase(localAttributesListArray[i]) attributeMapping.put(remoteAttribute, localAttribute) if (StringHelper.equalsIgnoreCase(localAttribute, "uid")): containsUid = True i = i + 1 if (not containsUid): print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute" return None return attributeMapping
def getCurrentSamlConfiguration(self, currentSamlConfiguration, configurationAttributes, requestParameters): saml_client_configuration = self.getClientConfiguration(configurationAttributes, requestParameters) if saml_client_configuration == None: return currentSamlConfiguration saml_client_configuration_value = json.loads(saml_client_configuration.getValue()) client_asimba_saml_certificate = None client_asimba_saml_certificate_file = saml_client_configuration_value["asimba_saml_certificate_file"] if StringHelper.isNotEmpty(client_asimba_saml_certificate_file): client_asimba_saml_certificate = self.loadCeritificate(client_asimba_saml_certificate_file) if StringHelper.isEmpty(client_asimba_saml_certificate): print "Asimba. BuildClientSamlConfiguration. File with x509 certificate should be not empty. Using default configuration" return currentSamlConfiguration clientSamlConfiguration = currentSamlConfiguration.clone() if client_asimba_saml_certificate != None: clientSamlConfiguration.loadCertificateFromString(client_asimba_saml_certificate) client_asimba_entity_id = saml_client_configuration_value["asimba_entity_id"] clientSamlConfiguration.setIssuer(client_asimba_entity_id) saml_use_authn_context = saml_client_configuration_value["saml_use_authn_context"] client_use_saml_use_authn_context = StringHelper.toBoolean(saml_use_authn_context, True) clientSamlConfiguration.setUseRequestedAuthnContext(client_use_saml_use_authn_context) return clientSamlConfiguration
def lockUser(self, user_name): if StringHelper.isEmpty(user_name): return None userService = CdiUtil.bean(UserService) cacheService= CdiUtil.bean(CacheService) facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): return None status_attribute_value = userService.getCustomAttribute(find_user_by_uid, "gluuStatus") if status_attribute_value != None: user_status = status_attribute_value.getValue() if StringHelper.equals(user_status, "inactive"): print "Basic (lock account). Lock user. User '%s' locked already" % user_name return userService.setCustomAttribute(find_user_by_uid, "gluuStatus", "inactive") updated_user = userService.updateUser(find_user_by_uid) object_to_store = json.dumps({'locked': True, 'created': LocalDateTime.now().toString()}, separators=(',',':')) cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_"+user_name, object_to_store); facesMessages.add(FacesMessage.SEVERITY_ERROR, "Your account is locked. Please try again after " + StringHelper.toString(self.lockExpirationTime) + " secs") print "Basic (lock account). Lock user. User '%s' locked" % user_name
def attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list): try: azure_ad_attributes_list_array = StringHelper.split(azure_ad_attributes_list, ",") if ArrayHelper.isEmpty(azure_ad_attributes_list_array): print("AzureAD: There is no attributes specified in azure_ad_attributes_list property") return None gluu_ldap_attributes_list_array = StringHelper.split(gluu_ldap_attributes_list, ",") if ArrayHelper.isEmpty(gluu_ldap_attributes_list_array): print("AzureAD: There is no attributes specified in gluu_ldap_attributes_list property") return None if len(azure_ad_attributes_list_array) != len(gluu_ldap_attributes_list_array): print("AzureAD: The number of attributes isn't equal") return None attributes_map = IdentityHashMap() i = 0 count = len(azure_ad_attributes_list_array) while i < count: azure_ad_attribute = StringHelper.toLowerCase(azure_ad_attributes_list_array[i]) gluu_ldap_attribute = StringHelper.toLowerCase(gluu_ldap_attributes_list_array[i]) attributes_map.put(azure_ad_attribute, gluu_ldap_attribute) i = i + 1 return attributes_map except Exception, err: print("AzureAD: Exception inside prepareAttributesMapping " + str(err))
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList): try: remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",") if (ArrayHelper.isEmpty(remoteAttributesListArray)): print("Registration: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property") return None localAttributesListArray = StringHelper.split(localAttributesList, ",") if (ArrayHelper.isEmpty(localAttributesListArray)): print("Registration: PrepareAttributesMapping. There is no attributes specified in localAttributesList property") return None if (len(remoteAttributesListArray) != len(localAttributesListArray)): print("Registration: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal") return None attributeMapping = IdentityHashMap() containsUid = False i = 0 count = len(remoteAttributesListArray) while (i < count): remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) localAttribute = StringHelper.toLowerCase(localAttributesListArray[i]) attributeMapping.put(remoteAttribute, localAttribute) i = i + 1 return attributeMapping except Exception, err: print("Registration: Exception inside prepareAttributesMapping " + str(err))
def authenticate_user_credentials(self, identity, authentication_service): credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() print "ThumbSignIn. user_name: " + user_name logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = self.authenticate_user_in.jans.ldap(authentication_service, user_name, user_password) return logged_in
def validateTotpKey(self, secretKey, totpKey, user_name): localTotpKey = self.generateTotpKey(secretKey) cachedOTP = self.getCachedOTP(user_name) if StringHelper.equals(localTotpKey, totpKey) and not StringHelper.equals(localTotpKey, cachedOTP): userService = CdiUtil.bean(UserService) if cachedOTP is None: userService.addUserAttribute(user_name, "oxOTPCache",localTotpKey) else : userService.replaceUserAttribute(user_name, "oxOTPCache", cachedOTP, localTotpKey) print "OTP. Caching OTP: '%s'" % localTotpKey return { "result": True } return { "result": False }
def authenticate(self, configurationAttributes, requestParameters, step): userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() if (step == 1): print "Basic (with password update). Authenticate for step 1" user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate(user_name, user_password) if (not logged_in): return False return True elif (step == 2): print "Basic (with password update). Authenticate for step 2" user = authenticationService.getAuthenticatedUser() if user == None: print "Basic (with password update). Authenticate for step 2. Failed to determine user name" return False user_name = user.getUserId() find_user_by_uid = userService.getUser(user_name) update_button = requestParameters.get("loginForm:updateButton") if ArrayHelper.isEmpty(update_button): return True new_password_array = requestParameters.get("new_password") if ArrayHelper.isEmpty(new_password_array) or StringHelper.isEmpty(new_password_array[0]): print "Basic (with password update). Authenticate for step 2. New password is empty" return False new_password = new_password_array[0] find_user_by_uid.setAttribute("userPassword", new_password) print "Basic (with password update). Authenticate for step 2. Attempting to set new user '%s' password" % user_name userService.updateUser(find_user_by_uid) print "Basic (with password update). Authenticate for step 2. Password updated successfully" return True else: return False
def init(self, customScript, configuration_attributes): print "AzureAD. Initialization" global azure_tenant_id azure_tenant_id = configuration_attributes.get("azure_tenant_id").getValue2() print "AzureAD. Initialization. Value of azure_tenant_id is %s" % azure_tenant_id global azure_client_id azure_client_id = configuration_attributes.get("azure_client_id").getValue2() print "AzureAD. Initialization. Value of azure_client_id is %s" % azure_client_id global azure_client_secret azure_client_secret = configuration_attributes.get("azure_client_secret").getValue2() global MICROSOFT_AUTHORITY_URL MICROSOFT_AUTHORITY_URL = 'login.microsoftonline.com' global AZURE_AD_GRAPH_RESOURCE_ENDPOINT AZURE_AD_GRAPH_RESOURCE_ENDPOINT = 'https://graph.windows.net' global azure_user_uuid azure_user_uuid = "oid" global gluu_ldap_uuid gluu_ldap_uuid = "uid" global ADMIN ADMIN = 'admin' global attributes_mapping if (configuration_attributes.containsKey("azure_ad_attributes_list") and configuration_attributes.containsKey("gluu_ldap_attributes_list")): azure_ad_attributes_list = configuration_attributes.get("azure_ad_attributes_list").getValue2() if StringHelper.isEmpty(azure_ad_attributes_list): print "AzureAD: Initialization. The property azure_ad_attributes_list is empty" return False gluu_ldap_attributes_list = configuration_attributes.get("gluu_ldap_attributes_list").getValue2() if StringHelper.isEmpty(gluu_ldap_attributes_list): print "AzureAD: Initialization. The property gluu_ldap_attributes_list is empty" return False attributes_mapping = self.attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list) if attributes_mapping is None: print "AzureAD: Initialization. The attributes mapping isn't valid" return False print "AzureAD. Initialized successfully" return True
def authenticateImpl(self, credentials, authenticationService): print "Basic (client group). Processing user name/password authentication" user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = authenticationService.authenticate(user_name, user_password) if not logged_in: return False return True
def init(self, customScript, configurationAttributes): print "Cert. Initialization" if not (configurationAttributes.containsKey("chain_cert_file_path")): print "Cert. Initialization. Property chain_cert_file_path is mandatory" return False if not (configurationAttributes.containsKey("map_user_cert")): print "Cert. Initialization. Property map_user_cert is mandatory" return False chain_cert_file_path = configurationAttributes.get("chain_cert_file_path").getValue2() self.chain_certs = CertUtil.loadX509CertificateFromFile(chain_cert_file_path) if self.chain_certs == None: print "Cert. Initialization. Failed to load chain certificates from '%s'" % chain_cert_file_path return False print "Cert. Initialization. Loaded '%d' chain certificates" % self.chain_certs.size() crl_max_response_size = 5 * 1024 * 1024 # 10Mb if configurationAttributes.containsKey("crl_max_response_size"): crl_max_response_size = StringHelper.toInteger(configurationAttributes.get("crl_max_response_size").getValue2(), crl_max_response_size) print "Cert. Initialization. CRL max response size is '%d'" % crl_max_response_size # Define array to order methods correctly self.validator_types = [ 'generic', 'path', 'ocsp', 'crl'] self.validators = { 'generic' : [GenericCertificateVerifier(), False], 'path' : [PathCertificateVerifier(False), False], 'ocsp' : [OCSPCertificateVerifier(), False], 'crl' : [CRLCertificateVerifier(crl_max_response_size), False] } for type in self.validator_types: validator_param_name = "use_%s_validator" % type if configurationAttributes.containsKey(validator_param_name): validator_status = StringHelper.toBoolean(configurationAttributes.get(validator_param_name).getValue2(), False) self.validators[type][1] = validator_status print "Cert. Initialization. Validation method '%s' status: '%s'" % (type, self.validators[type][1]) self.map_user_cert = StringHelper.toBoolean(configurationAttributes.get("map_user_cert").getValue2(), False) print "Cert. Initialization. map_user_cert: '%s'" % self.map_user_cert self.enabled_recaptcha = self.initRecaptcha(configurationAttributes) print "Cert. Initialization. enabled_recaptcha: '%s'" % self.enabled_recaptcha print "Cert. Initialized successfully" return True
def prepareAttributesMapping(self, saml_idp_attributes_mapping): saml_idp_attributes_mapping_json = json.loads(saml_idp_attributes_mapping) if len(saml_idp_attributes_mapping_json) == 0: print "Asimba. PrepareAttributesMapping. There is no attributes mapping specified in saml_idp_attributes_mapping property" return None attributeMapping = IdentityHashMap() for local_attribute_name in saml_idp_attributes_mapping_json: localAttribute = StringHelper.toLowerCase(local_attribute_name) for idp_attribute_name in saml_idp_attributes_mapping_json[local_attribute_name]: idpAttribute = StringHelper.toLowerCase(idp_attribute_name) attributeMapping.put(idpAttribute, localAttribute) return attributeMapping
def processKeyStoreProperties(self, attrs): file = attrs.get("key_store_file") password = attrs.get("key_store_password") if file != None and password != None: file = file.getValue2() password = password.getValue2() if StringHelper.isNotEmpty(file) and StringHelper.isNotEmpty(password): self.keyStoreFile = file self.keyStorePassword = password return True print "Passport. readKeyStoreProperties. Properties key_store_file or key_store_password not found or empty" return False
def getGeolocation(self, identity): session_attributes = identity.getSessionId().getSessionAttributes() if session_attributes.containsKey("remote_ip"): remote_ip = session_attributes.get("remote_ip") if StringHelper.isNotEmpty(remote_ip): httpService = CdiUtil.bean(HttpService) http_client = httpService.getHttpsClient() http_client_params = http_client.getParams() http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 4 * 1000) geolocation_service_url = "http://ip-api.com/json/%s?fields=country,city,status,message" % remote_ip geolocation_service_headers = { "Accept" : "application/json" } try: http_service_response = httpService.executeGet(http_client, geolocation_service_url, geolocation_service_headers) http_response = http_service_response.getHttpResponse() except: print "Casa. Determine remote location. Exception: ", sys.exc_info()[1] return None try: if not httpService.isResponseStastusCodeOk(http_response): print "Casa. Determine remote location. Get non 200 OK response from server:", str(http_response.getStatusLine().getStatusCode()) httpService.consume(http_response) return None response_bytes = httpService.getResponseContent(http_response) response_string = httpService.convertEntityToString(response_bytes, Charset.forName("UTF-8")) httpService.consume(http_response) finally: http_service_response.closeConnection() if response_string == None: print "Casa. Determine remote location. Get empty response from location server" return None response = json.loads(response_string) if not StringHelper.equalsIgnoreCase(response['status'], "success"): print "Casa. Determine remote location. Get response with status: '%s'" % response['status'] return None return response return None
def getMappedUser(self, configurationAttributes, requestParameters, saml_response_attributes): # Convert Saml result attributes keys to lover case saml_response_normalized_attributes = HashMap() for saml_response_attribute_entry in saml_response_attributes.entrySet(): saml_response_normalized_attributes.put(StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue()) currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters) print "Asimba. Get mapped user. Using next attributes mapping '%s'" % currentAttributesMapping newUser = User() # Set custom object classes if self.userObjectClasses != None: print "Asimba. Get mapped user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses) newUser.setCustomObjectClasses(self.userObjectClasses) for attributesMappingEntry in currentAttributesMapping.entrySet(): idpAttribute = attributesMappingEntry.getKey() localAttribute = attributesMappingEntry.getValue() if self.debugEnrollment: print "Asimba. Get mapped user. Trying to map '%s' into '%s'" % (idpAttribute, localAttribute) localAttributeValue = saml_response_normalized_attributes.get(idpAttribute) if localAttributeValue != None: if self.debugEnrollment: print "Asimba. Get mapped user. Setting attribute '%s' value '%s'" % (localAttribute, localAttributeValue) newUser.setAttribute(localAttribute, localAttributeValue) else: if newUser.getAttribute(localAttribute) == None: newUser.setAttribute(localAttribute, ArrayList()) return newUser
def isPassedStep1(): identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() passed_step1 = StringHelper.isNotEmptyString(user_name) return passed_step1
def createLdapExtendedEntryManagers(self, authConfiguration): ldapExtendedConfigurations = self.createLdapExtendedConfigurations(authConfiguration) appInitializer = CdiUtil.bean(AppInitializer) persistanceFactoryService = CdiUtil.bean(PersistanceFactoryService) ldapEntryManagerFactory = persistanceFactoryService.getPersistenceEntryManagerFactory(LdapEntryManagerFactory) persistenceType = ldapEntryManagerFactory.getPersistenceType() ldapExtendedEntryManagers = [] for ldapExtendedConfiguration in ldapExtendedConfigurations: connectionConfiguration = ldapExtendedConfiguration["connectionConfiguration"] ldapConfiguration = ldapExtendedConfiguration["ldapConfiguration"] ldapProperties = Properties() for key, value in connectionConfiguration.items(): value_string = value if isinstance(value_string, list): value_string = ", ".join(value) else: value_string = str(value) ldapProperties.setProperty(persistenceType + "." + key, value_string) if StringHelper.isNotEmptyString(ldapConfiguration.getBindPassword()): ldapProperties.setProperty(persistenceType + ".bindPassword", ldapConfiguration.getBindPassword()) ldapEntryManager = ldapEntryManagerFactory.createEntryManager(ldapProperties) ldapExtendedEntryManagers.append({ "ldapConfiguration" : ldapConfiguration, "ldapProperties" : ldapProperties, "loginAttributes" : ldapExtendedConfiguration["loginAttributes"], "localLoginAttributes" : ldapExtendedConfiguration["localLoginAttributes"], "ldapEntryManager" : ldapEntryManager }) return ldapExtendedEntryManagers
def getMappedAllAttributesUser(self, saml_response_attributes): user = User() # Set custom object classes if self.userObjectClasses != None: print "Asimba. Get mapped all attributes user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses) user.setCustomObjectClasses(self.userObjectClasses) # Prepare map to do quick mapping attributeService = CdiUtil.bean(AttributeService) ldapAttributes = attributeService.getAllAttributes() samlUriToAttributesMap = HashMap() for ldapAttribute in ldapAttributes: saml2Uri = ldapAttribute.getSaml2Uri() if saml2Uri == None: saml2Uri = attributeService.getDefaultSaml2Uri(ldapAttribute.getName()) samlUriToAttributesMap.put(saml2Uri, ldapAttribute.getName()) customAttributes = ArrayList() for key in saml_response_attributes.keySet(): ldapAttributeName = samlUriToAttributesMap.get(key) if ldapAttributeName == None: print "Asimba. Get mapped all attributes user. Skipping saml attribute: '%s'" % key continue if StringHelper.equalsIgnoreCase(ldapAttributeName, "uid"): continue attribute = CustomAttribute(ldapAttributeName) attribute.setValues(saml_response_attributes.get(key)) customAttributes.add(attribute) user.setCustomAttributes(customAttributes) return user
def getCountAuthenticationSteps(self, configurationAttributes): identity = CdiUtil.bean(Identity) if identity.isSetWorkingParameter("otp_count_login_steps"): return StringHelper.toInteger("%s" % identity.getWorkingParameter("otp_count_login_steps")) else: return 2
def init(self, customScript, configurationAttributes): print "UAF. Initialization" if not configurationAttributes.containsKey("uaf_server_uri"): print "UAF. Initialization. Property uaf_server_uri is mandatory" return False self.uaf_server_uri = configurationAttributes.get("uaf_server_uri").getValue2() self.uaf_policy_name = "default" if configurationAttributes.containsKey("uaf_policy_name"): self.uaf_policy_name = configurationAttributes.get("uaf_policy_name").getValue2() self.send_push_notifaction = False if configurationAttributes.containsKey("send_push_notifaction"): self.send_push_notifaction = StringHelper.toBoolean(configurationAttributes.get("send_push_notifaction").getValue2(), False) self.registration_uri = None if configurationAttributes.containsKey("registration_uri"): self.registration_uri = configurationAttributes.get("registration_uri").getValue2() self.customQrOptions = {} if configurationAttributes.containsKey("qr_options"): self.customQrOptions = configurationAttributes.get("qr_options").getValue2() print "UAF. Initializing HTTP client" httpService = CdiUtil.bean(HttpService) self.http_client = httpService.getHttpsClient() http_client_params = self.http_client.getParams() http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000) print "UAF. Initialized successfully. uaf_server_uri: '%s', uaf_policy_name: '%s', send_push_notifaction: '%s', registration_uri: '%s', qr_options: '%s'" % (self.uaf_server_uri, self.uaf_policy_name, self.send_push_notifaction, self.registration_uri, self.customQrOptions) print "UAF. Initialized successfully" return True
def checkStatus(self, mode, request_id, timeout): try: curTime = java.lang.System.currentTimeMillis() endTime = curTime + timeout * 1000 while (endTime >= curTime): response_status = None if (StringHelper.equals("pair", mode)): response_status = self.oxPushClient.getPairingStatus(request_id) else: response_status = self.oxPushClient.getAuthenticationStatus(request_id) if (not response_status.result): print "oxPush. CheckStatus. Get false result from oxPushServer" return None status = response_status.status if ("declined" == status): print "oxPush. CheckStatus. The process has been cancelled" return None if ("expired" == status): print "oxPush. CheckStatus. The process has been expired" return None if ("approved" == status): print "oxPush. CheckStatus. The process was approved" return response_status java.lang.Thread.sleep(2000) curTime = java.lang.System.currentTimeMillis() except java.lang.Exception, err: print "oxPush. CheckStatus. Could not check process status: ", err return None