def prepareAttributesMapping(self, remoteAttributesList, localAttributesList): remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",") if (ArrayHelper.isEmpty(remoteAttributesListArray)): print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property" return None localAttributesListArray = StringHelper.split(localAttributesList, ",") if (ArrayHelper.isEmpty(localAttributesListArray)): print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property" return None if (len(remoteAttributesListArray) != len(localAttributesListArray)): print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal" return None attributeMapping = IdentityHashMap() containsUid = False i = 0 count = len(remoteAttributesListArray) while (i < count): remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) localAttribute = StringHelper.toLowerCase(localAttributesListArray[i]) attributeMapping.put(remoteAttribute, localAttribute) if (StringHelper.equalsIgnoreCase(localAttribute, "uid")): containsUid = True i = i + 1 if (not containsUid): print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute" return None return attributeMapping
def attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list): try: azure_ad_attributes_list_array = StringHelper.split(azure_ad_attributes_list, ",") if ArrayHelper.isEmpty(azure_ad_attributes_list_array): print("AzureAD: There is no attributes specified in azure_ad_attributes_list property") return None gluu_ldap_attributes_list_array = StringHelper.split(gluu_ldap_attributes_list, ",") if ArrayHelper.isEmpty(gluu_ldap_attributes_list_array): print("AzureAD: There is no attributes specified in gluu_ldap_attributes_list property") return None if len(azure_ad_attributes_list_array) != len(gluu_ldap_attributes_list_array): print("AzureAD: The number of attributes isn't equal") return None attributes_map = IdentityHashMap() i = 0 count = len(azure_ad_attributes_list_array) while i < count: azure_ad_attribute = StringHelper.toLowerCase(azure_ad_attributes_list_array[i]) gluu_ldap_attribute = StringHelper.toLowerCase(gluu_ldap_attributes_list_array[i]) attributes_map.put(azure_ad_attribute, gluu_ldap_attribute) i = i + 1 return attributes_map except Exception, err: print("AzureAD: Exception inside prepareAttributesMapping " + str(err))
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList): try: remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",") if (ArrayHelper.isEmpty(remoteAttributesListArray)): print("Registration: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property") return None localAttributesListArray = StringHelper.split(localAttributesList, ",") if (ArrayHelper.isEmpty(localAttributesListArray)): print("Registration: PrepareAttributesMapping. There is no attributes specified in localAttributesList property") return None if (len(remoteAttributesListArray) != len(localAttributesListArray)): print("Registration: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal") return None attributeMapping = IdentityHashMap() containsUid = False i = 0 count = len(remoteAttributesListArray) while (i < count): remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) localAttribute = StringHelper.toLowerCase(localAttributesListArray[i]) attributeMapping.put(remoteAttribute, localAttribute) i = i + 1 return attributeMapping except Exception, err: print("Registration: Exception inside prepareAttributesMapping " + str(err))
def prepareAttributesMapping(self, saml_idp_attributes_mapping): saml_idp_attributes_mapping_json = json.loads(saml_idp_attributes_mapping) if len(saml_idp_attributes_mapping_json) == 0: print "Asimba. PrepareAttributesMapping. There is no attributes mapping specified in saml_idp_attributes_mapping property" return None attributeMapping = IdentityHashMap() for local_attribute_name in saml_idp_attributes_mapping_json: localAttribute = StringHelper.toLowerCase(local_attribute_name) for idp_attribute_name in saml_idp_attributes_mapping_json[local_attribute_name]: idpAttribute = StringHelper.toLowerCase(idp_attribute_name) attributeMapping.put(idpAttribute, localAttribute) return attributeMapping
def getMappedUser(self, configurationAttributes, requestParameters, saml_response_attributes): # Convert Saml result attributes keys to lover case saml_response_normalized_attributes = HashMap() for saml_response_attribute_entry in saml_response_attributes.entrySet(): saml_response_normalized_attributes.put(StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue()) currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters) print "Asimba. Get mapped user. Using next attributes mapping '%s'" % currentAttributesMapping newUser = User() # Set custom object classes if self.userObjectClasses != None: print "Asimba. Get mapped user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses) newUser.setCustomObjectClasses(self.userObjectClasses) for attributesMappingEntry in currentAttributesMapping.entrySet(): idpAttribute = attributesMappingEntry.getKey() localAttribute = attributesMappingEntry.getValue() if self.debugEnrollment: print "Asimba. Get mapped user. Trying to map '%s' into '%s'" % (idpAttribute, localAttribute) localAttributeValue = saml_response_normalized_attributes.get(idpAttribute) if localAttributeValue != None: if self.debugEnrollment: print "Asimba. Get mapped user. Setting attribute '%s' value '%s'" % (localAttribute, localAttributeValue) newUser.setAttribute(localAttribute, localAttributeValue) else: if newUser.getAttribute(localAttribute) == None: newUser.setAttribute(localAttribute, ArrayList()) return newUser
def authenticate(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) saml_map_user = False saml_enroll_user = False saml_enroll_all_user_attr = False # Use saml_deployment_type only if there is no attributes mapping if configurationAttributes.containsKey("saml_deployment_type"): saml_deployment_type = StringHelper.toLowerCase(configurationAttributes.get("saml_deployment_type").getValue2()) if StringHelper.equalsIgnoreCase(saml_deployment_type, "map"): saml_map_user = True if StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll"): saml_enroll_user = True if StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr"): saml_enroll_all_user_attr = True saml_allow_basic_login = False if configurationAttributes.containsKey("saml_allow_basic_login"): saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get("saml_allow_basic_login").getValue2(), False) use_basic_auth = False if saml_allow_basic_login: # Detect if user used basic authnetication method user_name = credentials.getUsername() user_password = credentials.getPassword() if StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password): use_basic_auth = True if (step == 1) and saml_allow_basic_login and use_basic_auth: print "Asimba. Authenticate for step 1. Basic authentication" identity.setWorkingParameter("saml_count_login_steps", 1) user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = authenticationService.authenticate(user_name, user_password) if (not logged_in): return False return True if (step == 1): print "Asimba. Authenticate for step 1" currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters) if (currentSamlConfiguration == None): print "Asimba. Prepare for step 1. Client saml configuration is invalid" return False saml_response_array = requestParameters.get("SAMLResponse") if ArrayHelper.isEmpty(saml_response_array): print "Asimba. Authenticate for step 1. saml_response is empty" return False saml_response = saml_response_array[0] print "Asimba. Authenticate for step 1. saml_response: '%s'" % saml_response samlResponse = Response(currentSamlConfiguration) samlResponse.loadXmlFromBase64(saml_response) saml_validate_response = True if configurationAttributes.containsKey("saml_validate_response"): saml_validate_response = StringHelper.toBoolean(configurationAttributes.get("saml_validate_response").getValue2(), False) if saml_validate_response: if not samlResponse.isValid(): print "Asimba. Authenticate for step 1. saml_response isn't valid" return False if samlResponse.isAuthnFailed(): print "Asimba. Authenticate for step 1. saml_response AuthnFailed" return False saml_response_attributes = samlResponse.getAttributes() print "Asimba. Authenticate for step 1. attributes: '%s'" % saml_response_attributes if saml_map_user: saml_user_uid = self.getSamlNameId(samlResponse) if saml_user_uid == None: return False # Use mapping to local IDP user print "Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: print "Asimba. Authenticate for step 1. Failed to find user" print "Asimba. Authenticate for step 1. Setting count steps to 2" identity.setWorkingParameter("saml_count_login_steps", 2) identity.setWorkingParameter("saml_user_uid", saml_user_uid) return True found_user_name = find_user_by_uid.getUserId() print "Asimba. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if user_authenticated == False: print "Asimba. Authenticate for step 1. Failed to authenticate user" return False print "Asimba. Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Asimba. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif saml_enroll_user: # Convert SAML response to user entry newUser = self.getMappedUser(configurationAttributes, requestParameters, saml_response_attributes) saml_user_uid = self.getNameId(samlResponse, newUser) if saml_user_uid == None: return False self.setDefaultUid(newUser, saml_user_uid) newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid) # Use auto enrollment to local IDP print "Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if there is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: # Auto user enrollment print "Asimba. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Asimba. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Asimba. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId() facesMessages = CdiUtil.bean(FacesMessages) facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to enroll. User with same key attributes exist already") facesMessages.setKeepMessages() return False find_user_by_uid = userService.addUser(newUser, True) print "Asimba. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId() else: if self.updateUser: print "Asimba. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes()) userService.updateUser(find_user_by_uid) print "Asimba. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid found_user_name = find_user_by_uid.getUserId() print "Asimba. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if user_authenticated == False: print "Asimba. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name return False print "Asimba. Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Asimba. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif saml_enroll_all_user_attr: # Convert SAML response to user entry newUser = self.getMappedAllAttributesUser(saml_response_attributes) saml_user_uid = self.getNameId(samlResponse, newUser) if saml_user_uid == None: return False self.setDefaultUid(newUser, saml_user_uid) newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid) print "Asimba. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:%s" % saml_user_uid # Check if there is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: # Auto user enrollment print "Asimba. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Asimba. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Asimba. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId() facesMessages = CdiUtil.bean(FacesMessages) facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to enroll. User with same key attributes exist already") facesMessages.setKeepMessages() return False find_user_by_uid = userService.addUser(newUser, True) print "Asimba. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId() else: if self.updateUser: print "Asimba. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes()) userService.updateUser(find_user_by_uid) print "Asimba. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid found_user_name = find_user_by_uid.getUserId() print "Asimba. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if user_authenticated == False: print "Asimba. Authenticate for step 1. Failed to authenticate user" return False print "Asimba. Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Asimba. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result else: if saml_user_uid == None: return False # Check if the is user with specified saml_user_uid print "Asimba. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid find_user_by_uid = userService.getUser(saml_user_uid) if find_user_by_uid == None: print "Asimba. Authenticate for step 1. Failed to find user" return False found_user_name = find_user_by_uid.getUserId() print "Asimba. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if user_authenticated == False: print "Asimba. Authenticate for step 1. Failed to authenticate user" return False print "Asimba. Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Asimba. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (step == 2): print "Asimba. Authenticate for step 2" sessionAttributes = identity.getSessionId().getSessionAttributes() if (sessionAttributes == None) or not sessionAttributes.containsKey("saml_user_uid"): print "Asimba. Authenticate for step 2. saml_user_uid is empty" return False saml_user_uid = sessionAttributes.get("saml_user_uid") passed_step1 = StringHelper.isNotEmptyString(saml_user_uid) if not passed_step1: return False user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password): logged_in = authenticationService.authenticate(user_name, user_password) if not logged_in: return False # Check if there is user which has saml_user_uid # Avoid mapping Saml account to more than one IDP account find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: # Add saml_user_uid to user one id UIDs find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: print "Asimba. Authenticate for step 2. Failed to update current user" return False post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Asimba. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result else: found_user_name = find_user_by_uid.getUserId() print "Asimba. Authenticate for step 2. found_user_name: '%s'" % found_user_name if StringHelper.equals(user_name, found_user_name): post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Asimba. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) mapUserDeployment = False enrollUserDeployment = False if (configurationAttributes.containsKey("gplus_deployment_type")): deploymentType = StringHelper.toLowerCase(configurationAttributes.get("gplus_deployment_type").getValue2()) if (StringHelper.equalsIgnoreCase(deploymentType, "map")): mapUserDeployment = True if (StringHelper.equalsIgnoreCase(deploymentType, "enroll")): enrollUserDeployment = True if (step == 1): print "Google+ Authenticate for step 1" gplusAuthCodeArray = requestParameters.get("gplus_auth_code") gplusAuthCode = gplusAuthCodeArray[0] # Check if user uses basic method to log in useBasicAuth = False if (StringHelper.isEmptyString(gplusAuthCode)): useBasicAuth = True # Use basic method to log in if (useBasicAuth): print "Google+ Authenticate for step 1. Basic authentication" identity.setWorkingParameter("gplus_count_login_steps", 1) credentials = identity.getCredentials() userName = credentials.getUsername() userPassword = credentials.getPassword() loggedIn = False if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)): userService = CdiUtil.bean(UserService) loggedIn = authenticationService.authenticate(userName, userPassword) if (not loggedIn): return False return True # Use Google+ method to log in print "Google+ Authenticate for step 1. gplusAuthCode:", gplusAuthCode currentClientSecrets = self.getCurrentClientSecrets(self.clientSecrets, configurationAttributes, requestParameters) if (currentClientSecrets == None): print "Google+ Authenticate for step 1. Client secrets configuration is invalid" return False print "Google+ Authenticate for step 1. Attempting to gets tokens" tokenResponse = self.getTokensByCode(self.clientSecrets, configurationAttributes, gplusAuthCode) if ((tokenResponse == None) or (tokenResponse.getIdToken() == None) or (tokenResponse.getAccessToken() == None)): print "Google+ Authenticate for step 1. Failed to get tokens" return False else: print "Google+ Authenticate for step 1. Successfully gets tokens" jwt = Jwt.parse(tokenResponse.getIdToken()) # TODO: Validate ID Token Signature gplusUserUid = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER) print "Google+ Authenticate for step 1. Found Google user ID in the ID token: '%s'" % gplusUserUid if (mapUserDeployment): # Use mapping to local IDP user print "Google+ Authenticate for step 1. Attempting to find user by oxExternalUid: 'gplus:%s'" % gplusUserUid # Check if there is user with specified gplusUserUid foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid) if (foundUser == None): print "Google+ Authenticate for step 1. Failed to find user" print "Google+ Authenticate for step 1. Setting count steps to 2" identity.setWorkingParameter("gplus_count_login_steps", 2) identity.setWorkingParameter("gplus_user_uid", gplusUserUid) return True foundUserName = foundUser.getUserId() print "Google+ Authenticate for step 1. foundUserName: '******'" % foundUserName userAuthenticated = authenticationService.authenticate(foundUserName) if (userAuthenticated == False): print "Google+ Authenticate for step 1. Failed to authenticate user" return False print "Google+ Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("gplus_count_login_steps", 1) postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser) print "Google+ Authenticate for step 1. postLoginResult: '%s'" % postLoginResult return postLoginResult elif (enrollUserDeployment): # Use auto enrollment to local IDP print "Google+ Authenticate for step 1. Attempting to find user by oxExternalUid: 'gplus:%s'" % gplusUserUid # Check if there is user with specified gplusUserUid foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid) if (foundUser == None): # Auto user enrollemnt print "Google+ Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Google+ Authenticate for step 1. Attempting to gets user info" userInfoResponse = self.getUserInfo(currentClientSecrets, configurationAttributes, tokenResponse.getAccessToken()) if ((userInfoResponse == None) or (userInfoResponse.getClaims().size() == 0)): print "Google+ Authenticate for step 1. Failed to get user info" return False else: print "Google+ Authenticate for step 1. Successfully gets user info" gplusResponseAttributes = userInfoResponse.getClaims() # Convert Google+ user claims to lover case gplusResponseNormalizedAttributes = HashMap() for gplusResponseAttributeEntry in gplusResponseAttributes.entrySet(): gplusResponseNormalizedAttributes.put( StringHelper.toLowerCase(gplusResponseAttributeEntry.getKey()), gplusResponseAttributeEntry.getValue()) currentAttributesMapping = self.getCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters) print "Google+ Authenticate for step 1. Using next attributes mapping '%s'" % currentAttributesMapping newUser = User() for attributesMappingEntry in currentAttributesMapping.entrySet(): remoteAttribute = attributesMappingEntry.getKey() localAttribute = attributesMappingEntry.getValue() localAttributeValue = gplusResponseNormalizedAttributes.get(remoteAttribute) if (localAttribute != None): newUser.setAttribute(localAttribute, localAttributeValue) if (newUser.getAttribute("sn") == None): newUser.setAttribute("sn", gplusUserUid) if (newUser.getAttribute("cn") == None): newUser.setAttribute("cn", gplusUserUid) # Add mail to oxTrustEmail so that the user's # email is available through the SCIM interface # too. if (newUser.getAttribute("oxTrustEmail") is None and newUser.getAttribute("mail") is not None): oxTrustEmail = { "value": newUser.getAttribute("mail"), "display": newUser.getAttribute("mail"), "primary": True, "operation": None, "reference": None, "type": "other" } newUser.setAttribute("oxTrustEmail", json.dumps(oxTrustEmail)) newUser.setAttribute("oxExternalUid", "gplus:" + gplusUserUid) print "Google+ Authenticate for step 1. Attempting to add user '%s' with next attributes '%s'" % (gplusUserUid, newUser.getCustomAttributes()) foundUser = userService.addUser(newUser, True) print "Google+ Authenticate for step 1. Added new user with UID: '%s'" % foundUser.getUserId() foundUserName = foundUser.getUserId() print "Google+ Authenticate for step 1. foundUserName: '******'" % foundUserName userAuthenticated = authenticationService.authenticate(foundUserName) if (userAuthenticated == False): print "Google+ Authenticate for step 1. Failed to authenticate user" return False print "Google+ Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("gplus_count_login_steps", 1) print "Google+ Authenticate for step 1. Attempting to run extension postLogin" postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser) print "Google+ Authenticate for step 1. postLoginResult: '%s'" % postLoginResult return postLoginResult else: # Check if there is user with specified gplusUserUid print "Google+ Authenticate for step 1. Attempting to find user by uid: '%s'" % gplusUserUid foundUser = userService.getUser(gplusUserUid) if (foundUser == None): print "Google+ Authenticate for step 1. Failed to find user" return False foundUserName = foundUser.getUserId() print "Google+ Authenticate for step 1. foundUserName: '******'" % foundUserName userAuthenticated = authenticationService.authenticate(foundUserName) if (userAuthenticated == False): print "Google+ Authenticate for step 1. Failed to authenticate user" return False print "Google+ Authenticate for step 1. Setting count steps to 1" identity.setWorkingParameter("gplus_count_login_steps", 1) postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser) print "Google+ Authenticate for step 1. postLoginResult: '%s'" % postLoginResult return postLoginResult elif (step == 2): print "Google+ Authenticate for step 2" sessionAttributes = identity.getSessionId().getSessionAttributes() if (sessionAttributes == None) or not sessionAttributes.containsKey("gplus_user_uid"): print "Google+ Authenticate for step 2. gplus_user_uid is empty" return False gplusUserUid = sessionAttributes.get("gplus_user_uid") passed_step1 = StringHelper.isNotEmptyString(gplusUserUid) if (not passed_step1): return False identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() userName = credentials.getUsername() userPassword = credentials.getPassword() loggedIn = False if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)): loggedIn = authenticationService.authenticate(userName, userPassword) if (not loggedIn): return False # Check if there is user which has gplusUserUid # Avoid mapping Google account to more than one IDP account foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid) if (foundUser == None): # Add gplusUserUid to user one id UIDs foundUser = userService.addUserAttribute(userName, "oxExternalUid", "gplus:" + gplusUserUid) if (foundUser == None): print "Google+ Authenticate for step 2. Failed to update current user" return False postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser) print "Google+ Authenticate for step 2. postLoginResult: '%s'" % postLoginResult return postLoginResult else: foundUserName = foundUser.getUserId() print "Google+ Authenticate for step 2. foundUserName: '******'" % foundUserName if StringHelper.equals(userName, foundUserName): postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser) print "Google+ Authenticate for step 2. postLoginResult: '%s'" % postLoginResult return postLoginResult return False else: return False