def getProviderFromJson(self, providerJson):
provider = None
try:
obj = json.loads(Base64Util.base64urldecodeToString(providerJson))
provider = obj[self.providerKey]
except:
print "Passport. getProviderFromJson. Could not parse provided Json string. Returning None"
return provider
def getProviderFromJson(self, providerJson):
provider = None
try:
obj = json.loads(Base64Util.base64urldecodeToString(providerJson))
provider = obj[self.providerKey]
except:
print "Passport. getProviderFromJson. Could not parse provided Json string. Returning None"
return provider
def parseLoginHint(self):
# Inject dependencies
facesResources = CdiUtil.bean(FacesResources)
facesContext = facesResources.getFacesContext()
httpRequest = facesContext.getCurrentInstance().getExternalContext().getRequest()
loginHint = httpRequest.getParameter("login_hint")
if (loginHint == None):
raise MFAError("ERROR: login_hint is not set, no user context for authentication")
decryptedLoginHint = self.decryptAES(self.aesKey , Base64Util.base64urldecodeToString(loginHint))
pairwiseId = decryptedLoginHint.split('|')[0]
relyingParty = decryptedLoginHint.split('|')[1]
return pairwiseId, relyingParty
def getUser(self, loginHint):
print "MFA Chooser. getUser() called"
identity = CdiUtil.bean(Identity)
sessionAttributes = identity.getSessionId().getSessionAttributes()
userService = CdiUtil.bean(UserService)
pairwiseIdentifierService = CdiUtil.bean(PairwiseIdentifierService)
# Normally we would fetch by pairwise ID ... however because there is no API for that we save MFA PAI in oxExternalUid
loginHintDecrypted = self.decryptAES(
self.aesKey, Base64Util.base64urldecodeToString(loginHint))
pairwiseId = loginHintDecrypted.split('|')[0]
relyingParty = loginHintDecrypted.split('|')[1]
# set APP for future reference in page customization
sessionAttributes.put("relyingParty", relyingParty)
# Get the user service and fetch the user
externalUid = "sic-mfa:" + pairwiseId
print "MFA Chooser: getUser(). Looking up user with externalUid = '%s'" % externalUid
user = userService.getUserByAttribute("oxExternalUid", externalUid)
if (user == None):
# Create a new account
print "MFA Chooser. authenticate. Creating new user with externalUid = '%s'" % (
externalUid)
newUser = User()
username = uuid.uuid4().hex
newUser.setAttribute("uid", username)
newUser.setAttribute("oxExternalUid", externalUid)
user = userService.addUser(newUser, True)
# add a Pairwise Subject Identifier for the OIDC Client
userInum = user.getAttribute("inum")
oidcClientId = sessionAttributes.get("client_id")
sectorIdentifierUri = sessionAttributes.get("redirect_uri")
pairwiseSubject = PairwiseIdentifier(sectorIdentifierUri,
oidcClientId)
pairwiseSubject.setId(pairwiseId)
pairwiseSubject.setDn(
pairwiseIdentifierService.getDnForPairwiseIdentifier(
pairwiseSubject.getId(), userInum))
pairwiseIdentifierService.addPairwiseIdentifier(
userInum, pairwiseSubject)
return user
