コード例 #1
0
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        print "ThumbSignIn. Inside prepareForStep. Step %d" % step
        identity = CdiUtil.bean(Identity)
        authenticationService = CdiUtil.bean(AuthenticationService)

        global ts_host
        global ts_apiKey
        global ts_apiSecret
        global ts_statusPath

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        self.setRelyingPartyLoginUrl(identity)
        thumbsigninApiController = ThumbsigninApiController()

        if (step == 1 or step == 3):
            print "ThumbSignIn. Prepare for step 1"

            # Invoking the authenticate ThumbSignIn API via the Java SDK
            authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                "authenticate", ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr

            authenticateResponseJsonObj = JSONObject(
                authenticateResponseJsonStr)
            transactionId = authenticateResponseJsonObj.get("transactionId")
            authenticationStatusRequest = "authStatus/" + transactionId
            print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest

            authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
                authenticationStatusRequest, ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
            # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}

            authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr)
            authorizationHeader = authorizationHeaderJsonObj.get("authHeader")
            xTsDate = authorizationHeaderJsonObj.get("XTsDate")
            print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
            print "ThumbSignIn. Value of xTsDate is %s" % xTsDate

            identity.setWorkingParameter("authenticateResponseJsonStr",
                                         authenticateResponseJsonStr)
            identity.setWorkingParameter("authorizationHeader",
                                         authorizationHeader)
            identity.setWorkingParameter("xTsDate", xTsDate)

            return True

        elif (step == 2):
            print "ThumbSignIn. Prepare for step 2"

            if (identity.isSetWorkingParameter("userLoginFlow")):
                userLoginFlow = identity.getWorkingParameter("userLoginFlow")
                print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow

            user = authenticationService.getAuthenticatedUser()
            if (user == None):
                print "ThumbSignIn. Prepare for step 2. Failed to determine user name"
                return False

            user_name = user.getUserId()
            print "ThumbSignIn. Prepare for step 2. user_name: " + user_name
            if (user_name == None):
                return False

            registerRequestPath = "register/" + user_name

            # Invoking the register ThumbSignIn API via the Java SDK
            registerResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                registerRequestPath, ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of registerResponseJsonStr is %s" % registerResponseJsonStr

            registerResponseJsonObj = JSONObject(registerResponseJsonStr)
            transactionId = registerResponseJsonObj.get("transactionId")
            registrationStatusRequest = "regStatus/" + transactionId
            print "ThumbSignIn. Value of registrationStatusRequest is %s" % registrationStatusRequest

            authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
                registrationStatusRequest, ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
            # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}

            authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr)
            authorizationHeader = authorizationHeaderJsonObj.get("authHeader")
            xTsDate = authorizationHeaderJsonObj.get("XTsDate")
            print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
            print "ThumbSignIn. Value of xTsDate is %s" % xTsDate

            identity.setWorkingParameter("userId", user_name)
            identity.setWorkingParameter("registerResponseJsonStr",
                                         registerResponseJsonStr)
            identity.setWorkingParameter("authorizationHeader",
                                         authorizationHeader)
            identity.setWorkingParameter("xTsDate", xTsDate)

            return True
        else:
            return False
コード例 #2
0
class PersonAuthentication(PersonAuthenticationType):

    def __init__(self, current_time_millis):
        self.currentTimeMillis = current_time_millis
        self.thumbsigninApiController = ThumbsigninApiController()

    def init(self, customScript, configuration_attributes):
        print "ThumbSignIn. Initialization"

        global ts_host
        ts_host = configuration_attributes.get("ts_host").getValue2()
        print "ThumbSignIn. Initialization. Value of ts_host is %s" % ts_host

        global ts_api_key
        ts_api_key = configuration_attributes.get("ts_apiKey").getValue2()
        print "ThumbSignIn. Initialization. Value of ts_api_key is %s" % ts_api_key

        global ts_api_secret
        ts_api_secret = configuration_attributes.get("ts_apiSecret").getValue2()

        global ts_statusPath
        ts_statusPath = "/ts/secure/txn-status/"

        global AUTHENTICATE
        AUTHENTICATE = "authenticate"

        global REGISTER
        REGISTER = "register"

        global TRANSACTION_ID
        TRANSACTION_ID = "transactionId"

        global USER_ID
        USER_ID = "userId"

        global USER_LOGIN_FLOW
        USER_LOGIN_FLOW = "userLoginFlow"

        global THUMBSIGNIN_AUTHENTICATION
        THUMBSIGNIN_AUTHENTICATION = "ThumbSignIn_Authentication"

        global THUMBSIGNIN_REGISTRATION
        THUMBSIGNIN_REGISTRATION = "ThumbSignIn_Registration"

        global THUMBSIGNIN_LOGIN_POST_REGISTRATION
        THUMBSIGNIN_LOGIN_POST_REGISTRATION = "ThumbSignIn_RegistrationSucess"

        global RELYING_PARTY_ID
        RELYING_PARTY_ID = "relyingPartyId"

        global RELYING_PARTY_LOGIN_URL
        RELYING_PARTY_LOGIN_URL = "relyingPartyLoginUrl"

        global TSI_LOGIN_PAGE
        TSI_LOGIN_PAGE = "/auth/thumbsignin/tsLogin.xhtml"

        global TSI_REGISTER_PAGE
        TSI_REGISTER_PAGE = "/auth/thumbsignin/tsRegister.xhtml"

        global TSI_LOGIN_POST_REGISTRATION_PAGE
        TSI_LOGIN_POST_REGISTRATION_PAGE = "/auth/thumbsignin/tsRegistrationSuccess.xhtml"

        print "ThumbSignIn. Initialized successfully"
        return True

    @staticmethod
    def set_relying_party_login_url(identity):
        print "ThumbSignIn. Inside set_relying_party_login_url..."
        session_id = identity.getSessionId()
        session_attribute = session_id.getSessionAttributes()
        state_jwt_token = session_attribute.get("state")
        print "ThumbSignIn. Value of state_jwt_token is %s" % state_jwt_token
        relying_party_login_url = ""
        if (state_jwt_token is None) or ("." not in state_jwt_token):
            print "ThumbSignIn. Value of state parameter is not in the format of JWT Token"
            identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
            return None

        state_jwt_token_array = String(state_jwt_token).split("\\.")
        state_jwt_token_payload = state_jwt_token_array[1]
        state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8")
        state_payload_json = JSONObject(state_payload_str)
        print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json
        if state_payload_json.has("additional_claims"):
            additional_claims = state_payload_json.get("additional_claims")
            relying_party_id = additional_claims.get(RELYING_PARTY_ID)
            print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id
            identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id)

            if String(relying_party_id).startsWith("google.com"):
                # google.com/a/unphishableenterprise.com
                relying_party_id_array = String(relying_party_id).split("/")
                google_domain = relying_party_id_array[2]
                print "ThumbSignIn. Value of google_domain is %s" % google_domain
                relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub"
                # elif (String(relying_party_id).startsWith("xyz")):
                # relying_party_login_url = "xyz.com"
            else:
                # If relying_party_login_url is empty, Janssen's default login URL will be used
                relying_party_login_url = ""

        print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url
        identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
        return None

    def initialize_thumbsignin(self, identity, request_path):
        # Invoking the authenticate/register ThumbSignIn API via the Java SDK
        thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(request_path, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response

        thumbsignin_response_json = JSONObject(thumbsignin_response)
        transaction_id = thumbsignin_response_json.get(TRANSACTION_ID)
        status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus"
        status_request = status_request_type + "/" + transaction_id
        print "ThumbSignIn. Value of status_request is %s" % status_request

        authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(status_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of authorization_header is %s" % authorization_header
        # {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"}
        authorization_header_json = JSONObject(authorization_header)
        auth_header = authorization_header_json.get("authHeader")
        x_ts_date = authorization_header_json.get("XTsDate")

        tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr"
        identity.setWorkingParameter(tsi_response_key, thumbsignin_response)
        identity.setWorkingParameter("authorizationHeader", auth_header)
        identity.setWorkingParameter("xTsDate", x_ts_date)
        return None

    def prepareForStep(self, configuration_attributes, request_parameters, step):
        print "ThumbSignIn. Inside prepareForStep. Step %d" % step
        identity = CdiUtil.bean(Identity)
        authentication_service = CdiUtil.bean(AuthenticationService)

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        self.set_relying_party_login_url(identity)

        if step == 1 or step == 3:
            print "ThumbSignIn. Prepare for step 1"
            self.initialize_thumbsignin(identity, AUTHENTICATE)
            return True

        elif step == 2:
            print "ThumbSignIn. Prepare for step 2"
            if identity.isSetWorkingParameter(USER_LOGIN_FLOW):
                user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW)
                print "ThumbSignIn. Value of user_login_flow is %s" % user_login_flow
            user = authentication_service.getAuthenticatedUser()
            if user is None:
                print "ThumbSignIn. Prepare for step 2. Failed to determine user name"
                return False
            user_name = user.getUserId()
            print "ThumbSignIn. Prepare for step 2. user_name: " + user_name
            if user_name is None:
                return False
            identity.setWorkingParameter(USER_ID, user_name)
            self.initialize_thumbsignin(identity, REGISTER + "/" + user_name)
            return True
        else:
            return False

    def get_user_id_from_thumbsignin(self, request_parameters):
        transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID)
        print "ThumbSignIn. Value of transaction_id is %s" % transaction_id
        get_user_request = "getUser/" + transaction_id
        print "ThumbSignIn. Value of get_user_request is %s" % get_user_request

        get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of get_user_response is %s" % get_user_response
        get_user_response_json = JSONObject(get_user_response)
        thumbsignin_user_id = get_user_response_json.get(USER_ID)
        print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id
        return thumbsignin_user_id

    def authenticate(self, configuration_attributes, request_parameters, step):
        print "ThumbSignIn. Inside authenticate. Step %d" % step
        authentication_service = CdiUtil.bean(AuthenticationService)
        identity = CdiUtil.bean(Identity)

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        if step == 1 or step == 3:
            print "ThumbSignIn. Authenticate for Step %d" % step

            login_flow = ServerUtil.getFirstValue(request_parameters, "login_flow")
            print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow

            # Logic for ThumbSignIn Authentication Flow (Either step 1 or step 3)
            if login_flow == THUMBSIGNIN_AUTHENTICATION or login_flow == THUMBSIGNIN_LOGIN_POST_REGISTRATION:
                identity.setWorkingParameter(USER_LOGIN_FLOW, login_flow)
                print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(USER_LOGIN_FLOW)
                logged_in_status = authentication_service.authenticate(self.get_user_id_from_thumbsignin(request_parameters))
                print "ThumbSignIn. logged_in status : %r" % logged_in_status
                return logged_in_status

            # Logic for traditional login flow (step 1)
            print "ThumbSignIn. User credentials login flow"
            identity.setWorkingParameter(USER_LOGIN_FLOW, THUMBSIGNIN_REGISTRATION)
            print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(USER_LOGIN_FLOW)
            logged_in = self.authenticate_user_credentials(identity, authentication_service)
            print "ThumbSignIn. Status of User Credentials based Authentication : %r" % logged_in

            # When the traditional login fails, reinitialize the ThumbSignIn data before sending error response to UI
            if not logged_in:
                self.initialize_thumbsignin(identity, AUTHENTICATE)
                return False

            print "ThumbSignIn. Authenticate successful for step %d" % step
            return True

        elif step == 2:
            print "ThumbSignIn. Registration flow (step 2)"
            self.verify_user_login_flow(identity)

            user = self.get_authenticated_user_from.jans.authentication_service)
            if user is None:
                print "ThumbSignIn. Registration flow (step 2). Failed to determine user name"
                return False

            user_name = user.getUserId()
            print "ThumbSignIn. Registration flow (step 2) successful. user_name: %s" % user_name
            return True

        else:
            return False

    def authenticate_user_credentials(self, identity, authentication_service):
        credentials = identity.getCredentials()
        user_name = credentials.getUsername()
        user_password = credentials.getPassword()
        print "ThumbSignIn. user_name: " + user_name
        logged_in = False
        if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
            logged_in = self.authenticate_user_in.jans.ldap(authentication_service, user_name, user_password)
        return logged_in

    @staticmethod
    def authenticate_user_in.jans.ldap(authentication_service, user_name, user_password):
        return authentication_service.authenticate(user_name, user_password)
コード例 #3
0
    def authenticate(self, configurationAttributes, requestParameters, step):
        print "ThumbSignIn. Inside authenticate. Step %d" % step
        authenticationService = CdiUtil.bean(AuthenticationService)
        identity = CdiUtil.bean(Identity)

        global ts_host
        global ts_apiKey
        global ts_apiSecret
        global ts_statusPath

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        thumbsigninApiController = ThumbsigninApiController()

        if (step == 1 or step == 3):
            print "ThumbSignIn. Authenticate for Step %d" % step

            login_flow = ServerUtil.getFirstValue(requestParameters,
                                                  "login_flow")
            print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow

            #Logic for ThumbSignIn Authentication Flow
            if (login_flow == "ThumbSignIn_Authentication"
                    or login_flow == "ThumbSignIn_RegistrationSucess"):
                identity.setWorkingParameter("userLoginFlow", login_flow)
                print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(
                    "userLoginFlow")

                transactionId = ServerUtil.getFirstValue(
                    requestParameters, "transactionId")
                print "ThumbSignIn. Value of transactionId is %s" % transactionId
                getUserRequest = "getUser/" + transactionId
                print "ThumbSignIn. Value of getUserRequest is %s" % getUserRequest

                getUserResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                    getUserRequest, ts_apiKey, ts_apiSecret)
                print "ThumbSignIn. Value of getUserResponseJsonStr is %s" % getUserResponseJsonStr
                getUserResponseJsonObj = JSONObject(getUserResponseJsonStr)
                thumbSignIn_UserId = getUserResponseJsonObj.get("userId")
                print "ThumbSignIn. Value of thumbSignIn_UserId is %s" % thumbSignIn_UserId

                logged_in_status = authenticationService.authenticate(
                    thumbSignIn_UserId)
                print "ThumbSignIn. logged_in status : %r" % (logged_in_status)
                return logged_in_status

            #Logic for ThumbSignIn Registration Flow
            identity.setWorkingParameter("userLoginFlow",
                                         "ThumbSignIn_Registration")
            print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(
                "userLoginFlow")
            credentials = identity.getCredentials()

            user_name = credentials.getUsername()
            user_password = credentials.getPassword()
            print "ThumbSignIn. user_name: " + user_name
            #print "ThumbSignIn. user_password: "******"ThumbSignIn. Status of LDAP Authentication : %r" % (
                logged_in)

            if (not logged_in):
                # Invoking the authenticate ThumbSignIn API via the Java SDK
                authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                    "authenticate", ts_apiKey, ts_apiSecret)
                print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr

                authenticateResponseJsonObj = JSONObject(
                    authenticateResponseJsonStr)
                transactionId = authenticateResponseJsonObj.get(
                    "transactionId")
                authenticationStatusRequest = "authStatus/" + transactionId
                print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest

                authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
                    authenticationStatusRequest, ts_apiKey, ts_apiSecret)
                print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
                # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}

                authorizationHeaderJsonObj = JSONObject(
                    authorizationHeaderJsonStr)
                authorizationHeader = authorizationHeaderJsonObj.get(
                    "authHeader")
                xTsDate = authorizationHeaderJsonObj.get("XTsDate")
                print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
                print "ThumbSignIn. Value of xTsDate is %s" % xTsDate

                identity.setWorkingParameter("authenticateResponseJsonStr",
                                             authenticateResponseJsonStr)
                identity.setWorkingParameter("authorizationHeader",
                                             authorizationHeader)
                identity.setWorkingParameter("xTsDate", xTsDate)
                return False

            print "ThumbSignIn. Authenticate for step 1 successful"
            return True

        elif (step == 2):
            print "ThumbSignIn. Registration flow (step 2)"

            if (identity.isSetWorkingParameter("userLoginFlow")):
                userLoginFlow = identity.getWorkingParameter("userLoginFlow")
                print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow
            else:
                identity.setWorkingParameter("userLoginFlow",
                                             "ThumbSignIn_Registration")
                print "ThumbSignIn. Setting the value of userLoginFlow to %s" % identity.getWorkingParameter(
                    "userLoginFlow")

            user = authenticationService.getAuthenticatedUser()
            if user == None:
                print "ThumbSignIn. Registration flow (step 2). Failed to determine user name"
                return False

            user_name = user.getUserId()
            print "ThumbSignIn. Registration flow (step 2). user_name: " + user_name

            print "ThumbSignIn. Registration flow (step 2) successful"
            return True
        else:
            return False
class PersonAuthentication(PersonAuthenticationType):

    def __init__(self, current_time_millis):
        self.currentTimeMillis = current_time_millis
        self.thumbsigninApiController = ThumbsigninApiController()

    def init(self, configuration_attributes):
        print "ThumbSignIn. Initialization"

        global ts_host
        ts_host = configuration_attributes.get("ts_host").getValue2()
        print "ThumbSignIn. Initialization. Value of ts_host is %s" % ts_host

        global ts_api_key
        ts_api_key = configuration_attributes.get("ts_apiKey").getValue2()
        print "ThumbSignIn. Initialization. Value of ts_api_key is %s" % ts_api_key

        global ts_api_secret
        ts_api_secret = configuration_attributes.get("ts_apiSecret").getValue2()

        global ts_statusPath
        ts_statusPath = "/ts/secure/txn-status/"

        global AUTHENTICATE
        AUTHENTICATE = "authenticate"

        global REGISTER
        REGISTER = "register"

        global TRANSACTION_ID
        TRANSACTION_ID = "transactionId"

        global USER_ID
        USER_ID = "userId"

        global USER_LOGIN_FLOW
        USER_LOGIN_FLOW = "userLoginFlow"

        global THUMBSIGNIN_AUTHENTICATION
        THUMBSIGNIN_AUTHENTICATION = "ThumbSignIn_Authentication"

        global THUMBSIGNIN_REGISTRATION
        THUMBSIGNIN_REGISTRATION = "ThumbSignIn_Registration"

        global THUMBSIGNIN_LOGIN_POST_REGISTRATION
        THUMBSIGNIN_LOGIN_POST_REGISTRATION = "ThumbSignIn_RegistrationSucess"

        global RELYING_PARTY_ID
        RELYING_PARTY_ID = "relyingPartyId"

        global RELYING_PARTY_LOGIN_URL
        RELYING_PARTY_LOGIN_URL = "relyingPartyLoginUrl"

        global TSI_LOGIN_PAGE
        TSI_LOGIN_PAGE = "/auth/thumbsignin/tsLogin.xhtml"

        global TSI_REGISTER_PAGE
        TSI_REGISTER_PAGE = "/auth/thumbsignin/tsRegister.xhtml"

        global TSI_LOGIN_POST_REGISTRATION_PAGE
        TSI_LOGIN_POST_REGISTRATION_PAGE = "/auth/thumbsignin/tsRegistrationSuccess.xhtml"

        print "ThumbSignIn. Initialized successfully"
        return True

    @staticmethod
    def set_relying_party_login_url(identity):
        print "ThumbSignIn. Inside set_relying_party_login_url..."
        session_id = identity.getSessionId()
        session_attribute = session_id.getSessionAttributes()
        state_jwt_token = session_attribute.get("state")
        print "ThumbSignIn. Value of state_jwt_token is %s" % state_jwt_token
        relying_party_login_url = ""
        if (state_jwt_token is None) or ("." not in state_jwt_token):
            print "ThumbSignIn. Value of state parameter is not in the format of JWT Token"
            identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
            return None

        state_jwt_token_array = String(state_jwt_token).split("\\.")
        state_jwt_token_payload = state_jwt_token_array[1]
        state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8")
        state_payload_json = JSONObject(state_payload_str)
        print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json
        if state_payload_json.has("additional_claims"):
            additional_claims = state_payload_json.get("additional_claims")
            relying_party_id = additional_claims.get(RELYING_PARTY_ID)
            print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id
            identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id)

            if String(relying_party_id).startsWith("google.com"):
                # google.com/a/unphishableenterprise.com
                relying_party_id_array = String(relying_party_id).split("/")
                google_domain = relying_party_id_array[2]
                print "ThumbSignIn. Value of google_domain is %s" % google_domain
                relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub"
                # elif (String(relying_party_id).startsWith("xyz")):
                # relying_party_login_url = "xyz.com"
            else:
                # If relying_party_login_url is empty, Gluu's default login URL will be used
                relying_party_login_url = ""

        print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url
        identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
        return None

    def initialize_thumbsignin(self, identity, request_path):
        # Invoking the authenticate/register ThumbSignIn API via the Java SDK
        thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(request_path, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response

        thumbsignin_response_json = JSONObject(thumbsignin_response)
        transaction_id = thumbsignin_response_json.get(TRANSACTION_ID)
        status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus"
        status_request = status_request_type + "/" + transaction_id
        print "ThumbSignIn. Value of status_request is %s" % status_request

        authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(status_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of authorization_header is %s" % authorization_header
        # {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"}
        authorization_header_json = JSONObject(authorization_header)
        auth_header = authorization_header_json.get("authHeader")
        x_ts_date = authorization_header_json.get("XTsDate")

        tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr"
        identity.setWorkingParameter(tsi_response_key, thumbsignin_response)
        identity.setWorkingParameter("authorizationHeader", auth_header)
        identity.setWorkingParameter("xTsDate", x_ts_date)
        return None

    def prepareForStep(self, configuration_attributes, request_parameters, step):
        print "ThumbSignIn. Inside prepareForStep. Step %d" % step
        identity = CdiUtil.bean(Identity)
        authentication_service = CdiUtil.bean(AuthenticationService)

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        self.set_relying_party_login_url(identity)

        if step == 1 or step == 3:
            print "ThumbSignIn. Prepare for step 1"
            self.initialize_thumbsignin(identity, AUTHENTICATE)
            return True

        elif step == 2:
            print "ThumbSignIn. Prepare for step 2"
            if identity.isSetWorkingParameter(USER_LOGIN_FLOW):
                user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW)
                print "ThumbSignIn. Value of user_login_flow is %s" % user_login_flow
            user = authentication_service.getAuthenticatedUser()
            if user is None:
                print "ThumbSignIn. Prepare for step 2. Failed to determine user name"
                return False
            user_name = user.getUserId()
            print "ThumbSignIn. Prepare for step 2. user_name: " + user_name
            if user_name is None:
                return False
            identity.setWorkingParameter(USER_ID, user_name)
            self.initialize_thumbsignin(identity, REGISTER + "/" + user_name)
            return True
        else:
            return False

    def get_user_id_from_thumbsignin(self, request_parameters):
        transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID)
        print "ThumbSignIn. Value of transaction_id is %s" % transaction_id
        get_user_request = "getUser/" + transaction_id
        print "ThumbSignIn. Value of get_user_request is %s" % get_user_request

        get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of get_user_response is %s" % get_user_response
        get_user_response_json = JSONObject(get_user_response)
        thumbsignin_user_id = get_user_response_json.get(USER_ID)
        print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id
        return thumbsignin_user_id

    def authenticate(self, configuration_attributes, request_parameters, step):
        print "ThumbSignIn. Inside authenticate. Step %d" % step
        authentication_service = CdiUtil.bean(AuthenticationService)
        identity = CdiUtil.bean(Identity)

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        if step == 1 or step == 3:
            print "ThumbSignIn. Authenticate for Step %d" % step

            login_flow = ServerUtil.getFirstValue(request_parameters, "login_flow")
            print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow

            # Logic for ThumbSignIn Authentication Flow (Either step 1 or step 3)
            if login_flow == THUMBSIGNIN_AUTHENTICATION or login_flow == THUMBSIGNIN_LOGIN_POST_REGISTRATION:
                identity.setWorkingParameter(USER_LOGIN_FLOW, login_flow)
                print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(USER_LOGIN_FLOW)
                logged_in_status = authentication_service.authenticate(self.get_user_id_from_thumbsignin(request_parameters))
                print "ThumbSignIn. logged_in status : %r" % logged_in_status
                return logged_in_status

            # Logic for traditional login flow (step 1)
            print "ThumbSignIn. User credentials login flow"
            identity.setWorkingParameter(USER_LOGIN_FLOW, THUMBSIGNIN_REGISTRATION)
            print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(USER_LOGIN_FLOW)
            logged_in = self.authenticate_user_credentials(identity, authentication_service)
            print "ThumbSignIn. Status of User Credentials based Authentication : %r" % logged_in

            # When the traditional login fails, reinitialize the ThumbSignIn data before sending error response to UI
            if not logged_in:
                self.initialize_thumbsignin(identity, AUTHENTICATE)
                return False

            print "ThumbSignIn. Authenticate successful for step %d" % step
            return True

        elif step == 2:
            print "ThumbSignIn. Registration flow (step 2)"
            self.verify_user_login_flow(identity)

            user = self.get_authenticated_user_from_gluu(authentication_service)
            if user is None:
                print "ThumbSignIn. Registration flow (step 2). Failed to determine user name"
                return False

            user_name = user.getUserId()
            print "ThumbSignIn. Registration flow (step 2) successful. user_name: %s" % user_name
            return True

        else:
            return False

    def authenticate_user_credentials(self, identity, authentication_service):
        credentials = identity.getCredentials()
        user_name = credentials.getUsername()
        user_password = credentials.getPassword()
        print "ThumbSignIn. user_name: " + user_name
        logged_in = False
        if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
            logged_in = self.authenticate_user_in_gluu_ldap(authentication_service, user_name, user_password)
        return logged_in

    @staticmethod
    def authenticate_user_in_gluu_ldap(authentication_service, user_name, user_password):
        return authentication_service.authenticate(user_name, user_password)

    @staticmethod
    def get_authenticated_user_from_gluu(authentication_service):
        return authentication_service.getAuthenticatedUser()

    @staticmethod
    def verify_user_login_flow(identity):
        if identity.isSetWorkingParameter(USER_LOGIN_FLOW):
            user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW)
            print "ThumbSignIn. Value of user_login_flow is %s" % user_login_flow
        else:
            identity.setWorkingParameter(USER_LOGIN_FLOW, THUMBSIGNIN_REGISTRATION)
            print "ThumbSignIn. Setting the value of user_login_flow to %s" % identity.getWorkingParameter(USER_LOGIN_FLOW)

    def getExtraParametersForStep(self, configuration_attributes, step):
        return None

    def getCountAuthenticationSteps(self, configuration_attributes):
        print "ThumbSignIn. Inside getCountAuthenticationSteps.."
        identity = CdiUtil.bean(Identity)

        user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW)
        print "ThumbSignIn. Value of userLoginFlow is %s" % user_login_flow
        if user_login_flow == THUMBSIGNIN_AUTHENTICATION:
            print "ThumbSignIn. Total Authentication Steps is: 1"
            return 1
        print "ThumbSignIn. Total Authentication Steps is: 3"
        return 3

    def getPageForStep(self, configuration_attributes, step):
        print "ThumbSignIn. Inside getPageForStep. Step %d" % step
        if step == 3:
            return TSI_LOGIN_POST_REGISTRATION_PAGE
        thumbsignin_page = TSI_REGISTER_PAGE if step == 2 else TSI_LOGIN_PAGE
        return thumbsignin_page

    def destroy(self, configurationAttributes):
        print "ThumbSignIn. Destroy"
        return True

    def getApiVersion(self):
        return 1

    def isValidAuthenticationMethod(self, usageType, configurationAttributes):
        return True

    def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
        return None

    def logout(self, configurationAttributes, requestParameters):
        return True