def lockUser(self, user_name): if StringHelper.isEmpty(user_name): return None userService = CdiUtil.bean(UserService) cacheService= CdiUtil.bean(CacheService) facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): return None status_attribute_value = userService.getCustomAttribute(find_user_by_uid, .jans.tatus") if status_attribute_value != None: user_status = status_attribute_value.getValue() if StringHelper.equals(user_status, "inactive"): print "Basic (lock account). Lock user. User '%s' locked already" % user_name return userService.setCustomAttribute(find_user_by_uid, .jans.tatus", "inactive") userService.setCustomAttribute(find_user_by_uid, "oxTrustActive", "false") updated_user = userService.updateUser(find_user_by_uid) object_to_store = json.dumps({'locked': True, 'created': LocalDateTime.now().toString()}, separators=(',',':')) cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_"+user_name, object_to_store); facesMessages.add(FacesMessage.SEVERITY_ERROR, "Your account is locked. Please try again after " + StringHelper.toString(self.lockExpirationTime) + " secs") print "Basic (lock account). Lock user. User '%s' locked" % user_name
def validateRecaptcha(self, recaptcha_response): print "Cert. Validate recaptcha response" facesContext = CdiUtil.bean(FacesContext) request = facesContext.getExternalContext().getRequest() remoteip = ServerUtil.getIpAddress(request) print "Cert. Validate recaptcha response. remoteip: '%s'" % remoteip httpService = CdiUtil.bean(HttpService) http_client = httpService.getHttpsClient() http_client_params = http_client.getParams() http_client_params.setIntParameter( CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000) recaptcha_validation_url = "https://www.google.com/recaptcha/api/siteverify" recaptcha_validation_request = urllib.urlencode({ "secret": self.recaptcha_creds['secret_key'], "response": recaptcha_response, "remoteip": remoteip }) recaptcha_validation_headers = { "Content-type": "application/x-www-form-urlencoded", "Accept": "application/json" } try: http_service_response = httpService.executePost( http_client, recaptcha_validation_url, None, recaptcha_validation_headers, recaptcha_validation_request) http_response = http_service_response.getHttpResponse() except: print "Cert. Validate recaptcha response. Exception: ", sys.exc_info( )[1] return False try: if not httpService.isResponseStastusCodeOk(http_response): print "Cert. Validate recaptcha response. Get invalid response from validation server: ", str( http_response.getStatusLine().getStatusCode()) httpService.consume(http_response) return False response_bytes = httpService.getResponseContent(http_response) response_string = httpService.convertEntityToString(response_bytes) httpService.consume(http_response) finally: http_service_response.closeConnection() if response_string == None: print "Cert. Validate recaptcha response. Get empty response from validation server" return False response = json.loads(response_string) return response["success"]
def prepareForStep(self, configuration_attributes, request_parameters, step): print "ThumbSignIn. Inside prepareForStep. Step %d" % step identity = CdiUtil.bean(Identity) authentication_service = CdiUtil.bean(AuthenticationService) identity.setWorkingParameter("ts_host", ts_host) identity.setWorkingParameter("ts_statusPath", ts_statusPath) self.set_relying_party_login_url(identity) if step == 1 or step == 3: print "ThumbSignIn. Prepare for step 1" self.initialize_thumbsignin(identity, AUTHENTICATE) return True elif step == 2: print "ThumbSignIn. Prepare for step 2" if identity.isSetWorkingParameter(USER_LOGIN_FLOW): user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW) print "ThumbSignIn. Value of user_login_flow is %s" % user_login_flow user = authentication_service.getAuthenticatedUser() if user is None: print "ThumbSignIn. Prepare for step 2. Failed to determine user name" return False user_name = user.getUserId() print "ThumbSignIn. Prepare for step 2. user_name: " + user_name if user_name is None: return False identity.setWorkingParameter(USER_ID, user_name) self.initialize_thumbsignin(identity, REGISTER + "/" + user_name) return True else: return False
def createNewAuthenticatedSession(self, context, customParameters={}): sessionIdService = CdiUtil.bean(SessionIdService) user = context.getUser() client = CdiUtil.bean(Identity).getSessionClient().getClient() # Add mandatory session parameters sessionAttributes = HashMap() sessionAttributes.put(Constants.AUTHENTICATED_USER, user.getUserId()) sessionAttributes.put(AuthorizeRequestParam.CLIENT_ID, client.getClientId()) sessionAttributes.put(AuthorizeRequestParam.PROMPT, "") # Add custom session parameters for key, value in customParameters.iteritems(): if StringHelper.isNotEmpty(value): sessionAttributes.put(key, value) # Generate authenticated session sessionId = sessionIdService.generateAuthenticatedSessionId( context.getHttpRequest(), user.getDn(), sessionAttributes) print "ROPC script. Generated session id. DN: '%s'" % sessionId.getDn() return sessionId
def prepareForStep(self, configurationAttributes, requestParameters, step): print "Casa. prepareForStep %s" % str(step) identity = CdiUtil.bean(Identity) if step == 1: self.prepareUIParams(identity) return True else: session_attributes = identity.getSessionId().getSessionAttributes() authenticationService = CdiUtil.bean(AuthenticationService) user = authenticationService.getAuthenticatedUser() if user == None: print "Casa. prepareForStep. Cannot retrieve logged user" return False acr = session_attributes.get("ACR") print "Casa. prepareForStep. ACR = %s" % acr identity.setWorkingParameter("methods", ArrayList(self.getAvailMethodsUser(user, acr))) if acr in self.authenticators: module = self.authenticators[acr] return module.prepareForStep(module.configAttrs, requestParameters, step) else: return False
def prepareForStep(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) authenticationService = CdiUtil.bean(AuthenticationService) duo_host = configurationAttributes.get("duo_host").getValue2() if (step == 1): print "Duo. Prepare for step 1" return True elif (step == 2): print "Duo. Prepare for step 2" user = authenticationService.getAuthenticatedUser() if (user == None): print "Duo. Prepare for step 2. Failed to determine user name" return False user_name = user.getUserId() duo_sig_request = duo_web.sign_request(self.ikey, self.skey, self.akey, user_name) print "Duo. Prepare for step 2. duo_sig_request: " + duo_sig_request identity.setWorkingParameter("duo_host", duo_host) identity.setWorkingParameter("duo_sig_request", duo_sig_request) return True else: return False
def init(self, customScript, configurationAttributes): print "Application session. Initialization" self.entryManager = CdiUtil.bean(PersistenceEntryManager) self.staticConfiguration = CdiUtil.bean(StaticConfiguration) print "Application session. Initialized successfully" return True
def getNextStep(self, configurationAttributes, requestParameters, step): print "Casa. getNextStep called %s" % str(step) if step > 1: acr = ServerUtil.getFirstValue(requestParameters, "alternativeMethod") if acr != None: print "Casa. getNextStep. Use alternative method %s" % acr CdiUtil.bean(Identity).setWorkingParameter("ACR", acr) #retry step with different acr return 2 return -1
def authenticate(self, configuration_attributes, request_parameters, step): print "ThumbSignIn. Inside authenticate. Step %d" % step authentication_service = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) identity.setWorkingParameter("ts_host", ts_host) identity.setWorkingParameter("ts_statusPath", ts_statusPath) if step == 1 or step == 3: print "ThumbSignIn. Authenticate for Step %d" % step login_flow = ServerUtil.getFirstValue(request_parameters, "login_flow") print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow # Logic for ThumbSignIn Authentication Flow (Either step 1 or step 3) if login_flow == THUMBSIGNIN_AUTHENTICATION or login_flow == THUMBSIGNIN_LOGIN_POST_REGISTRATION: identity.setWorkingParameter(USER_LOGIN_FLOW, login_flow) print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(USER_LOGIN_FLOW) logged_in_status = authentication_service.authenticate(self.get_user_id_from_thumbsignin(request_parameters)) print "ThumbSignIn. logged_in status : %r" % logged_in_status return logged_in_status # Logic for traditional login flow (step 1) print "ThumbSignIn. User credentials login flow" identity.setWorkingParameter(USER_LOGIN_FLOW, THUMBSIGNIN_REGISTRATION) print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(USER_LOGIN_FLOW) logged_in = self.authenticate_user_credentials(identity, authentication_service) print "ThumbSignIn. Status of User Credentials based Authentication : %r" % logged_in # When the traditional login fails, reinitialize the ThumbSignIn data before sending error response to UI if not logged_in: self.initialize_thumbsignin(identity, AUTHENTICATE) return False print "ThumbSignIn. Authenticate successful for step %d" % step return True elif step == 2: print "ThumbSignIn. Registration flow (step 2)" self.verify_user_login_flow(identity) user = self.get_authenticated_user_from.jans.authentication_service) if user is None: print "ThumbSignIn. Registration flow (step 2). Failed to determine user name" return False user_name = user.getUserId() print "ThumbSignIn. Registration flow (step 2) successful. user_name: %s" % user_name return True else: return False
def getCountAuthenticationSteps(self, configurationAttributes): print "Casa. getCountAuthenticationSteps called" if CdiUtil.bean(Identity).getWorkingParameter("skip2FA"): return 1 acr = CdiUtil.bean(Identity).getWorkingParameter("ACR") if acr in self.authenticators: module = self.authenticators[acr] return module.getCountAuthenticationSteps(module.configAttrs) else: return 2 print "Casa. getCountAuthenticationSteps. Could not determine the step count for acr %s" % acr
def prepareForStep(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) if (step == 1): return True elif (step == 2): print "U2F. Prepare for step 2" session = CdiUtil.bean(SessionIdService).getSessionId() if session == None: print "U2F. Prepare for step 2. Failed to determine session_id" return False authenticationService = CdiUtil.bean(AuthenticationService) user = authenticationService.getAuthenticatedUser() if (user == None): print "U2F. Prepare for step 2. Failed to determine user name" return False u2f_application_id = configurationAttributes.get("u2f_application_id").getValue2() # Check if user have registered devices deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService) userInum = user.getAttribute("inum") registrationRequest = None authenticationRequest = None deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, u2f_application_id) if (deviceRegistrations.size() > 0): print "U2F. Prepare for step 2. Call FIDO U2F in order to start authentication workflow" try: authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration) authenticationRequest = authenticationRequestService.startAuthentication(user.getUserId(), None, u2f_application_id, session.getId()) except ClientResponseFailure, ex: if (ex.getResponse().getResponseStatus() != Response.Status.NOT_FOUND): print "U2F. Prepare for step 2. Failed to start authentication workflow. Exception:", sys.exc_info()[1] return False else: print "U2F. Prepare for step 2. Call FIDO U2F in order to start registration workflow" registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration) registrationRequest = registrationRequestService.startRegistration(user.getUserId(), u2f_application_id, session.getId()) identity.setWorkingParameter("fido_u2f_authentication_request", ServerUtil.asJson(authenticationRequest)) identity.setWorkingParameter("fido_u2f_registration_request", ServerUtil.asJson(registrationRequest)) return True
def authenticate(self, configurationAttributes, requestParameters, step): if (step == 1): print "Yubicloud. Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() username = credentials.getUsername() otp = credentials.getPassword() # Validate otp length if len(otp) < 32 or len(otp) > 48: print "Yubicloud. Invalid OTP length" return False user_service = CdiUtil.bean(UserService) user = user_service.getUser(username) public_key = user.getAttribute('yubikeyId') # Match the user with the yubikey if public_key not in otp: print "Yubicloud. Public Key not matching OTP" return False data = "" try: nonce = str(uuid.uuid4()).replace("-", "") params = urllib.urlencode({ "id": self.client_id, "otp": otp, "nonce": nonce }) url = "https://" + self.api_server + "/wsapi/2.0/verify/?" + params f = urllib2.urlopen(url) data = f.read() except Exception as e: print "Yubicloud. Exception ", e if 'status=OK' in data: user_service.authenticate(username) print "Yubicloud. Authentication Successful" return True print "Yubicloud. End of Step 1. Returning False." return False else: return False
def authenticate(self, context): print "ROPC script. Authenticate" # Do generic authentication authenticationService = CdiUtil.bean(AuthenticationService) username = context.getHttpRequest().getParameter("username") password = context.getHttpRequest().getParameter("password") result = authenticationService.authenticate(username, password) if not result: print "ROPC script. Authenticate. Could not authenticate user '%s' " % username return False context.setUser(authenticationService.getAuthenticatedUser()) print "ROPC script. Authenticate. User '%s' authenticated successfully" % username # Get cusom parameters from request customParam1Value = context.getHttpRequest().getParameter("custom1") customParam2Value = context.getHttpRequest().getParameter("custom2") customParameters = {} customParameters["custom1"] = customParam1Value customParameters["custom2"] = customParam2Value print "ROPC script. Authenticate. User '%s'. Creating authenticated session with custom attributes: '%s'" % ( username, customParameters) session = self.createNewAuthenticatedSession(context, customParameters) # This is needed to allow store in token entry sessionId authenticationService.configureEventUser(session) print "ROPC script. Authenticate. User '%s'. Created authenticated session: '%s'" % ( username, customParameters) return True
def confirmRegistration(self, user, requestParameters, configurationAttributes): print "User Confirm registration. Confirm method" code_array = requestParameters.get("code") if ArrayHelper.isEmpty(code_array): print "User Confirm registration. Confirm method. code is empty" return False confirmation_code = code_array[0] print "User Confirm registration. Confirm method. code: '%s'" % confirmation_code if confirmation_code == None: print "User Confirm registration. Confirm method. Confirmation code not exist in request" return False personService = CdiUtil.bean(PersonService) user = personService.getPersonByAttribute("oxGuid", confirmation_code) if user == None: print "User Confirm registration. Confirm method. There is no user by confirmation code: '%s'" % confirmation_code return False if confirmation_code == user.getGuid(): user.setStatus("active") user.setGuid("") personService.updatePerson(user) print "User Confirm registration. Confirm method. User '%s' confirmed his registration" % user.getUid( ) return True print "User Confirm registration. Confirm method. Confirmation code for user '%s' is invalid" % user.getUid( ) return False
def update(self, dynamicScopeContext, configurationAttributes): print "Dynamic scope. Update method" userService = CdiUtil.bean(UserService) print "-->userService: " + userService.toString() dynamicScopes = dynamicScopeContext.getDynamicScopes() authorizationGrant = dynamicScopeContext.getAuthorizationGrant() user = dynamicScopeContext.getUser() jsonWebResponse = dynamicScopeContext.getJsonWebResponse() claims = jsonWebResponse.getClaims() member_of_list = userService.getCustomAttribute(user, "memberof") if member_of_list == None: print "-->memberOf: is null" return None else: members_list = member_of_list.getValues() membersArray = [] for members in members_list: group = userService.getUserByDn(members, "displayName") membersArray.append(group.getAttribute("displayName")) claims.setClaim("memberof", Arrays.asList(membersArray)) return True
def update(self, dynamicScopeContext, configurationAttributes): print "Session dynamic scope. Update method" authorizationGrant = dynamicScopeContext.getAuthorizationGrant() if authorizationGrant is None: print "Introspection. Failed to load authorization grant by token" return False # Get session from token sessionDn = authorizationGrant.getSessionDn() if sessionDn is None: # There is no session return False sessionIdService = CdiUtil.bean(SessionIdService) session = sessionIdService.getSessionById(sessionDn) if session is None: print "Introspection. Failed to load session '%s'" % sessionDn return False sessionAttributes = session.getSessionAttributes() if sessionAttributes is None: # There is no session attributes return False # Return external_session_id externalSessionId = sessionAttributes.get("external_session_id") if externalSessionId != None: print "Introspection. Adding new claim 'external_session_id' with value '%s'" % externalSessionId jsonWebResponse = dynamicScopeContext.getJsonWebResponse() claims = jsonWebResponse.getClaims() claims.setClaim("external_session_id", externalSessionId) return True
def executePost(self, request_uri, request_data): httpService = CdiUtil.bean(HttpService) request_headers = { "Content-type": "application/json; charset=UTF-8", "Accept": "application/json" } try: http_service_response = httpService.executePost( self.http_client, request_uri, None, request_headers, request_data) http_response = http_service_response.getHttpResponse() except: print "UAF. Validate POST response. Exception: ", sys.exc_info()[1] return None try: if not httpService.isResponseStastusCodeOk(http_response): print "UAF. Validate POST response. Get invalid response from server: %s" % str( http_response.getStatusLine().getStatusCode()) httpService.consume(http_response) return None response_bytes = httpService.getResponseContent(http_response) response_string = httpService.convertEntityToString(response_bytes) httpService.consume(http_response) return response_string finally: http_service_response.closeConnection() return None
def findEnrollments(self, user_name, skipPrefix=True): result = [] userService = CdiUtil.bean(UserService) user = userService.getUser(user_name, "oxExternalUid") if user == None: print "OTP. Find enrollments. Failed to find user" return result user_custom_ext_attribute = userService.getCustomAttribute( user, "oxExternalUid") if user_custom_ext_attribute == None: return result otp_prefix = "%s:" % self.otpType otp_prefix_length = len(otp_prefix) for user_external_uid in user_custom_ext_attribute.getValues(): index = user_external_uid.find(otp_prefix) if index != -1: if skipPrefix: enrollment_uid = user_external_uid[otp_prefix_length:] else: enrollment_uid = user_external_uid result.append(enrollment_uid) return result
def createClient(self, registerRequest, client, configurationAttributes): print "Client registration. CreateClient method" redirectUris = client.getRedirectUris() print "Client registration. Redirect Uris: %s" % redirectUris addAddressScope = False for redirectUri in redirectUris: if (self.clientRedirectUrisSet.contains(redirectUri)): addAddressScope = True break print "Client registration. Is add address scope: %s" % addAddressScope if addAddressScope: currentScopes = client.getScopes() print "Client registration. Current scopes: %s" % currentScopes scopeService = CdiUtil.bean(ScopeService) addressScope = scopeService.getScopeByDisplayName("address") newScopes = ArrayHelper.addItemToStringArray(currentScopes, addressScope.getDn()) print "Client registration. Result scopes: %s" % newScopes client.setScopes(newScopes) return True
def authenticate(self, context): print "ROPC script. Authenticate" deviceIdParam = context.getHttpRequest().getParameterValues( "device_id") if deviceIdParam != None and (deviceIdParam.lenght > 0): result = deviceIdParam[0] == "device_id_1" if not result: return False # Set auntenticated user in context # context.setUser(user) return True # Do generic authentication in other cases authService = CdiUtil.bean(AuthenticationService) username = context.getHttpRequest().getParameter( self.usernameParamName) password = context.getHttpRequest().getParameter( self.passwordParamName) result = authService.authenticate(username, password) if not result: print "ROPC script. Authenticate. Could not authenticate user '%s' " % username return False context.setUser(authService.getAuthenticatedUser()) return True
def prepareUIParams(self, identity): print "Casa. prepareUIParams. Reading UI branding params" cacheService = CdiUtil.bean(CacheService) casaAssets = cacheService.get("casa_assets") if casaAssets == None: #This may happen when cache type is IN_MEMORY, where actual cache is merely a local variable #(a expiring map) living inside Casa webapp, not oxAuth webapp sets = self.getSettings() custPrefix = "/custom" logoUrl = "/images/logo.png" faviconUrl = "/images/favicon.ico" if ("extra_css" in sets and sets["extra_css"] != None) or sets["use_branding"]: logoUrl = custPrefix + logoUrl faviconUrl = custPrefix + faviconUrl prefix = custPrefix if sets["use_branding"] else "" casaAssets = { "contextPath": "/casa", "prefix" : prefix, "faviconUrl" : faviconUrl, "extraCss": sets["extra_css"] if "extra_css" in sets else None, "logoUrl": logoUrl } #Setting a single variable with the whole map does not work... identity.setWorkingParameter("casa_contextPath", casaAssets['contextPath']) identity.setWorkingParameter("casa_prefix", casaAssets['prefix']) identity.setWorkingParameter("casa_faviconUrl", casaAssets['contextPath'] + casaAssets['faviconUrl']) identity.setWorkingParameter("casa_extraCss", casaAssets['extraCss']) identity.setWorkingParameter("casa_logoUrl", casaAssets['contextPath'] + casaAssets['logoUrl'])
def modifyResponse(self, responseAsJsonObject, context): token = context.getHttpRequest().getParameter("token") if token is None: print "Introspection. There is no token in request" return False authorizationGrantList = CdiUtil.bean(AuthorizationGrantList) authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken( token) if authorizationGrant is None: print "Introspection. Failed to load authorization grant by token" return False # Put user_id into response responseAsJsonObject.accumulate( "user_id", authorizationGrant.getUser().getUserId()) # Put custom parameters into response sessionDn = authorizationGrant.getSessionDn() if sessionDn is None: # There is no session return True sessionIdService = CdiUtil.bean(SessionIdService) session = sessionIdService.getSessionById(sessionDn) if sessionDn is None: print "Introspection. Failed to load session '%s'" % sessionDn return False # Return session_id responseAsJsonObject.accumulate("session_id", sessionDn) sessionAttributes = session.getSessionAttributes() if sessionAttributes is None: # There is no session attributes return True # Append custom claims if sessionAttributes.containsKey("custom1"): responseAsJsonObject.accumulate("custom1", sessionAttributes.get("custom1")) if sessionAttributes.containsKey("custom2"): responseAsJsonObject.accumulate("custom2", sessionAttributes.get("custom2")) return True
def postRegistration(self, user, requestParameters, configurationAttributes): print "User Confirm registration. Post method" externalContext = CdiUtil.bean(ExternalContext) contextPath = externalContext.getRequest().getContextPath() hostName = externalContext.getRequestServerName() print "HostName from context : %s" % hostName mailService = CdiUtil.bean(MailService) subject = "Registration confirmation" activationLink = "https://%s%s/confirm/registration.htm?code=%s" % ( hostName, contextPath, self.guid) body = "<h2 style='margin-left:10%%;color: #337ab7;'>Welcome</h2><hr style='width:80%%;border: 1px solid #337ab7;'></hr><div style='text-align:center;'><p>Dear <span style='color: #337ab7;'>%s</span>,</p><p>Your Account has been created, welcome to <span style='color: #337ab7;'>%s</span>.</p><p>You are just one step way from activating your account on <span style='color: #337ab7;'>%s</span>.</p><p>Click the button and start using your account.</p></div><a class='btn' href='%s'><button style='background: #337ab7; color: white; margin-left: 30%%; border-radius: 5px; border: 0px; padding: 5px;' type='button'>Activate your account now!</button></a>" % ( user.getUid(), hostName, hostName, activationLink) print "User Confirm registration. Post method. Attempting to send e-mail to '%s' message '%s'" % ( user.getMail(), body) mailService.sendMail(user.getMail(), None, subject, body, body) return True
def updateUser(self, user, configurationAttributes): personService = CdiUtil.bean(PersonService) oldUser = personService.getPersonByUid(user.getUid()) print "ScimEventHandler (updateUser): Old displayName %s" % oldUser.getDisplayName( ) print "ScimEventHandler (updateUser): New displayName " + user.getDisplayName( ) return True
def getCountAuthenticationSteps(self, configurationAttributes): identity = CdiUtil.bean(Identity) if identity.isSetWorkingParameter("otp_count_login_steps"): return StringHelper.toInteger( "%s" % identity.getWorkingParameter("otp_count_login_steps")) else: return 2
def getLocalPrimaryKey(self): entryManager = CdiUtil.bean(PersistenceEntryManager) config = JanssenConfiguration() config = entryManager.find(config.getClass(), "ou=configuration,o.jans.) #Pick (one) attribute where user id is stored (e.g. uid/mail) uid_attr = config.getOxIDPAuthentication().get(0).getConfig().getPrimaryKey() print "Casa. init. uid attribute is '%s'" % uid_attr return uid_attr
def initRecaptcha(self, configurationAttributes): print "Cert. Initialize recaptcha" if not configurationAttributes.containsKey("credentials_file"): return False cert_creds_file = configurationAttributes.get( "credentials_file").getValue2() # Load credentials from file f = open(cert_creds_file, 'r') try: creds = json.loads(f.read()) except: print "Cert. Initialize recaptcha. Failed to load credentials from file: %s" % cert_creds_file return False finally: f.close() try: recaptcha_creds = creds["recaptcha"] except: print "Cert. Initialize recaptcha. Invalid credentials file '%s' format:" % cert_creds_file return False self.recaptcha_creds = None if recaptcha_creds["enabled"]: print "Cert. Initialize recaptcha. Recaptcha is enabled" encryptionService = CdiUtil.bean(EncryptionService) site_key = recaptcha_creds["site_key"] secret_key = recaptcha_creds["secret_key"] try: site_key = encryptionService.decrypt(site_key) except: # Ignore exception. Value is not encrypted print "Cert. Initialize recaptcha. Assuming that 'site_key' in not encrypted" try: secret_key = encryptionService.decrypt(secret_key) except: # Ignore exception. Value is not encrypted print "Cert. Initialize recaptcha. Assuming that 'secret_key' in not encrypted" self.recaptcha_creds = { 'site_key': site_key, "secret_key": secret_key } print "Cert. Initialize recaptcha. Recaptcha is configured correctly" return True else: print "Cert. Initialize recaptcha. Recaptcha is disabled" return False
def getSettings(self): entryManager = CdiUtil.bean(PersistenceEntryManager) config = ApplicationConfiguration() config = entryManager.find(config.getClass(), "ou=casa,ou=configuration,o.jans.) settings = None try: settings = json.loads(config.getSettings()) except: print "Casa. getSettings. Failed to parse casa settings from DB" return settings
def getCountAuthenticationSteps(self, configuration_attributes): print "ThumbSignIn. Inside getCountAuthenticationSteps.." identity = CdiUtil.bean(Identity) user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW) print "ThumbSignIn. Value of userLoginFlow is %s" % user_login_flow if user_login_flow == THUMBSIGNIN_AUTHENTICATION: print "ThumbSignIn. Total Authentication Steps is: 1" return 1 print "ThumbSignIn. Total Authentication Steps is: 3" return 3
def getNextStep(self, configurationAttributes, requestParameters, step): print "getNextStep Invoked" # If user not pass current step change step to previous identity = CdiUtil.bean(Identity) retry_current_step = identity.getWorkingParameter("retry_current_step") if retry_current_step: print "OTP. Get next step. Retrying current step %s" % step # Remove old QR code #identity.setWorkingParameter("super.jans.request", "timeout") resultStep = step return resultStep return -1