def prepareAttributesMapping(self, remoteAttributesList, localAttributesList): remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",") if (ArrayHelper.isEmpty(remoteAttributesListArray)): print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property" return None localAttributesListArray = StringHelper.split(localAttributesList, ",") if (ArrayHelper.isEmpty(localAttributesListArray)): print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property" return None if (len(remoteAttributesListArray) != len(localAttributesListArray)): print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal" return None attributeMapping = IdentityHashMap() containsUid = False i = 0 count = len(remoteAttributesListArray) while (i < count): remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) localAttribute = StringHelper.toLowerCase(localAttributesListArray[i]) attributeMapping.put(remoteAttribute, localAttribute) if (StringHelper.equalsIgnoreCase(localAttribute, "uid")): containsUid = True i = i + 1 if (not containsUid): print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute" return None return attributeMapping
def attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list): try: azure_ad_attributes_list_array = StringHelper.split(azure_ad_attributes_list, ",") if ArrayHelper.isEmpty(azure_ad_attributes_list_array): print("AzureAD: There is no attributes specified in azure_ad_attributes_list property") return None gluu_ldap_attributes_list_array = StringHelper.split(gluu_ldap_attributes_list, ",") if ArrayHelper.isEmpty(gluu_ldap_attributes_list_array): print("AzureAD: There is no attributes specified in gluu_ldap_attributes_list property") return None if len(azure_ad_attributes_list_array) != len(gluu_ldap_attributes_list_array): print("AzureAD: The number of attributes isn't equal") return None attributes_map = IdentityHashMap() i = 0 count = len(azure_ad_attributes_list_array) while i < count: azure_ad_attribute = StringHelper.toLowerCase(azure_ad_attributes_list_array[i]) gluu_ldap_attribute = StringHelper.toLowerCase(gluu_ldap_attributes_list_array[i]) attributes_map.put(azure_ad_attribute, gluu_ldap_attribute) i = i + 1 return attributes_map except Exception, err: print("AzureAD: Exception inside prepareAttributesMapping " + str(err))
def init(self, customScript, configurationAttributes): print "Basic (multi login). Initialization" login_attributes_list_object = configurationAttributes.get("login_attributes_list") if (login_attributes_list_object == None): print "Basic (multi login). Initialization. There is no property login_attributes_list" return False login_attributes_list = login_attributes_list_object.getValue2() if (StringHelper.isEmpty(login_attributes_list)): print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property" return False login_attributes_list_array = StringHelper.split(login_attributes_list, ",") if (ArrayHelper.isEmpty(login_attributes_list_array)): print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property" return False if (configurationAttributes.containsKey("local_login_attributes_list")): local_login_attributes_list = configurationAttributes.get("local_login_attributes_list").getValue2() local_login_attributes_list_array = StringHelper.split(local_login_attributes_list, ",") else: print "Basic (multi login). Initialization. There is no property local_login_attributes_list. Assuming that login attributes are equal to local login attributes." local_login_attributes_list_array = login_attributes_list_array if (len(login_attributes_list_array) != len(local_login_attributes_list_array)): print "Basic (multi login). Initialization. The number of attributes in login_attributes_list and local_login_attributes_list isn't equal" return False self.login_attributes_list_array = login_attributes_list_array self.local_login_attributes_list_array = local_login_attributes_list_array print "Basic (multi login). Initialized successfully" return True
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList): try: remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",") if (ArrayHelper.isEmpty(remoteAttributesListArray)): print("Registration: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property") return None localAttributesListArray = StringHelper.split(localAttributesList, ",") if (ArrayHelper.isEmpty(localAttributesListArray)): print("Registration: PrepareAttributesMapping. There is no attributes specified in localAttributesList property") return None if (len(remoteAttributesListArray) != len(localAttributesListArray)): print("Registration: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal") return None attributeMapping = IdentityHashMap() containsUid = False i = 0 count = len(remoteAttributesListArray) while (i < count): remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) localAttribute = StringHelper.toLowerCase(localAttributesListArray[i]) attributeMapping.put(remoteAttribute, localAttribute) i = i + 1 return attributeMapping except Exception, err: print("Registration: Exception inside prepareAttributesMapping " + str(err))
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Basic. Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name_array = StringHelper.split(credentials.getUsername(),"+") user_name = None if len(user_name_array) == 2: email_id_array = StringHelper.split(user_name_array[1],"@") user_name = user_name_array[0] + "@"+ email_id_array[1] else: user_name = user_name_array[0] print "Username for authentication is: %s " % user_name user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate(user_name, user_password,"mail","mail") if (not logged_in): return False return True else: return False
def prepareClientsSet(self, configurationAttributes): clientsSet = HashSet() if (not configurationAttributes.containsKey("allowed_clients")): return clientsSet allowedClientsList = configurationAttributes.get( "allowed_clients").getValue2() if (StringHelper.isEmpty(allowedClientsList)): print "UmaRptPolicy. The property allowed_clients is empty" return clientsSet allowedClientsListArray = StringHelper.split(allowedClientsList, ",") if (ArrayHelper.isEmpty(allowedClientsListArray)): print "UmaRptPolicy. No clients specified in allowed_clients property" return clientsSet # Convert to HashSet to quick search i = 0 count = len(allowedClientsListArray) while (i < count): client = allowedClientsListArray[i] clientsSet.add(client) i = i + 1 return clientsSet
def prepareUserEnforceUniquenessAttributes(self, configurationAttributes): enforce_uniqueness_attr_list = configurationAttributes.get("enforce_uniqueness_attr_list").getValue2() enforce_uniqueness_attr_list_array = StringHelper.split(enforce_uniqueness_attr_list, ",") if ArrayHelper.isEmpty(enforce_uniqueness_attr_list_array): return None return enforce_uniqueness_attr_list_array
def prepareUserObjectClasses(self, configurationAttributes): user_object_classes = configurationAttributes.get("user_object_classes").getValue2() user_object_classes_list_array = StringHelper.split(user_object_classes, ",") if ArrayHelper.isEmpty(user_object_classes_list_array): return None return user_object_classes_list_array
def setClientScopes(self, client, requiredScopes): if requiredScopes == None: print "Casa client registration. No list of scopes was passed in script parameters" return requiredScopes = StringHelper.split(requiredScopes.getValue2(), ",") newScopes = client.getScopes() scopeService = CdiUtil.bean(ScopeService) for scopeName in requiredScopes: scope = scopeService.getScopeById(scopeName) if not scope.isDefaultScope(): print "Casa client registration. Adding scope '%s'" % scopeName newScopes = ArrayHelper.addItemToStringArray(newScopes, scope.getDn()) print "Casa client registration. Result scopes are: %s" % newScopes client.setScopes(newScopes)
def init(self, customScript, configurationAttributes): print "Casa. init called" self.authenticators = {} self.uid_attr = self.getLocalPrimaryKey() custScriptService = CdiUtil.bean(CustomScriptService) self.scriptsList = custScriptService.findCustomScripts(Collections.singletonList(CustomScriptType.PERSON_AUTHENTICATION), "oxConfigurationProperty", "displayName", "oxEnabled", "oxLevel") dynamicMethods = self.computeMethods(self.scriptsList) if len(dynamicMethods) > 0: print "Casa. init. Loading scripts for dynamic modules: %s" % dynamicMethods for acr in dynamicMethods: moduleName = self.modulePrefix + acr try: external = __import__(moduleName, globals(), locals(), ["PersonAuthentication"], -1) module = external.PersonAuthentication(self.currentTimeMillis) print "Casa. init. Got dynamic module for acr %s" % acr configAttrs = self.getConfigurationAttributes(acr, self.scriptsList) if acr == self.ACR_U2F: u2f_application_id = configurationAttributes.get("u2f_app_id").getValue2() configAttrs.put("u2f_application_id", SimpleCustomProperty("u2f_application_id", u2f_application_id)) elif acr == self.ACR_SG: application_id = configurationAttributes.get("supergluu_app_id").getValue2() configAttrs.put("application_id", SimpleCustomProperty("application_id", application_id)) if module.init(None, configAttrs): module.configAttrs = configAttrs self.authenticators[acr] = module else: print "Casa. init. Call to init in module '%s' returned False" % moduleName except: print "Casa. init. Failed to load module %s" % moduleName print "Exception: ", sys.exc_info()[1] mobile_methods = configurationAttributes.get("mobile_methods") self.mobile_methods = [] if mobile_methods == None else StringHelper.split(mobile_methods.getValue2(), ",") print "Casa. init. Initialized successfully" return True
def prepareClientRedirectUris(self, configurationAttributes): clientRedirectUrisSet = HashSet() if not configurationAttributes.containsKey("client_redirect_uris"): return clientRedirectUrisSet clientRedirectUrisList = configurationAttributes.get("client_redirect_uris").getValue2() if StringHelper.isEmpty(clientRedirectUrisList): print "Client registration. The property client_redirect_uris is empty" return clientRedirectUrisSet clientRedirectUrisArray = StringHelper.split(clientRedirectUrisList, ",") if ArrayHelper.isEmpty(clientRedirectUrisArray): print "Client registration. No clients specified in client_redirect_uris property" return clientRedirectUrisSet # Convert to HashSet to quick search i = 0 count = len(clientRedirectUrisArray) while i < count: uris = clientRedirectUrisArray[i] clientRedirectUrisSet.add(uris) i = i + 1 return clientRedirectUrisSet
def authenticate(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) session_attributes = identity.getSessionId().getSessionAttributes() authenticationService = CdiUtil.bean(AuthenticationService) allowedCountriesListArray = StringHelper.split(self.allowedCountries, ",") if (len(allowedCountriesListArray) > 0 and session_attributes.containsKey("remote_ip")): remote_ip = session_attributes.get("remote_ip") remote_loc_dic = self.determineGeolocationData(remote_ip) if remote_loc_dic == None: print "Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '%s'" % remote_ip return remote_loc = "%s" % ( remote_loc_dic['countryCode']) print "Your remote location is "+remote_loc if remote_loc in allowedCountriesListArray: print "you are allowed to access" else: return False if (step == 1): print "Basic. Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate(user_name, user_password) if (not logged_in): return False return True else: return False