def getProviderFromJson(self, providerJson): provider = None try: obj = json.loads(Base64Util.base64urldecodeToString(providerJson)) provider = obj[self.providerKey] except: print "Passport. getProviderFromJson. Could not parse provided Json string. Returning None" return provider
def getProviderFromJson(self, providerJson): provider = None try: obj = json.loads(Base64Util.base64urldecodeToString(providerJson)) provider = obj[self.providerKey] except: print "Passport. getProviderFromJson. Could not parse provided Json string. Returning None" return provider
def parseLoginHint(self): # Inject dependencies facesResources = CdiUtil.bean(FacesResources) facesContext = facesResources.getFacesContext() httpRequest = facesContext.getCurrentInstance().getExternalContext().getRequest() loginHint = httpRequest.getParameter("login_hint") if (loginHint == None): raise MFAError("ERROR: login_hint is not set, no user context for authentication") decryptedLoginHint = self.decryptAES(self.aesKey , Base64Util.base64urldecodeToString(loginHint)) pairwiseId = decryptedLoginHint.split('|')[0] relyingParty = decryptedLoginHint.split('|')[1] return pairwiseId, relyingParty
def getUser(self, loginHint): print "MFA Chooser. getUser() called" identity = CdiUtil.bean(Identity) sessionAttributes = identity.getSessionId().getSessionAttributes() userService = CdiUtil.bean(UserService) pairwiseIdentifierService = CdiUtil.bean(PairwiseIdentifierService) # Normally we would fetch by pairwise ID ... however because there is no API for that we save MFA PAI in oxExternalUid loginHintDecrypted = self.decryptAES( self.aesKey, Base64Util.base64urldecodeToString(loginHint)) pairwiseId = loginHintDecrypted.split('|')[0] relyingParty = loginHintDecrypted.split('|')[1] # set APP for future reference in page customization sessionAttributes.put("relyingParty", relyingParty) # Get the user service and fetch the user externalUid = "sic-mfa:" + pairwiseId print "MFA Chooser: getUser(). Looking up user with externalUid = '%s'" % externalUid user = userService.getUserByAttribute("oxExternalUid", externalUid) if (user == None): # Create a new account print "MFA Chooser. authenticate. Creating new user with externalUid = '%s'" % ( externalUid) newUser = User() username = uuid.uuid4().hex newUser.setAttribute("uid", username) newUser.setAttribute("oxExternalUid", externalUid) user = userService.addUser(newUser, True) # add a Pairwise Subject Identifier for the OIDC Client userInum = user.getAttribute("inum") oidcClientId = sessionAttributes.get("client_id") sectorIdentifierUri = sessionAttributes.get("redirect_uri") pairwiseSubject = PairwiseIdentifier(sectorIdentifierUri, oidcClientId) pairwiseSubject.setId(pairwiseId) pairwiseSubject.setDn( pairwiseIdentifierService.getDnForPairwiseIdentifier( pairwiseSubject.getId(), userInum)) pairwiseIdentifierService.addPairwiseIdentifier( userInum, pairwiseSubject) return user