def isValidAuthenticationMethod(self, usageType, configurationAttributes):
print "CAS2 Rest API authenticate isValidAuthenticationMethod"
cas_validation_uri = configurationAttributes.get("cas_validation_uri").getValue2()
cas_validation_pattern = configurationAttributes.get("cas_validation_pattern").getValue2()
cas_validation_timeout = int(configurationAttributes.get("cas_validation_timeout").getValue2()) * 1000
httpService = HttpService.instance();
http_client = httpService.getHttpsClientTrustAll();
http_client_params = http_client.getParams();
http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, cas_validation_timeout);
try:
http_response = httpService.executeGet(http_client, cas_validation_uri)
except:
print "CAS2 Rest API authenticate isValidAuthenticationMethod. Exception: ", sys.exc_info()[1]
return False
if (http_response.getStatusLine().getStatusCode() != 200):
print "CAS2 Rest API authenticate isValidAuthenticationMethod. Get invalid response from CAS2 server: ", str(http_response_ticket.getStatusLine().getStatusCode())
httpService.consume(http_response)
return False
validation_response_bytes = httpService.getResponseContent(http_response)
validation_response_string = httpService.convertEntityToString(validation_response_bytes)
httpService.consume(http_response)
if (validation_response_string == None or validation_response_string.find(cas_validation_pattern) == -1):
print "CAS2 Rest API authenticate isValidAuthenticationMethod. Get invalid login page from CAS2 server:"
return False
return True
def init(self, configurationAttributes):
print "InWebo. Initialization"
iw_cert_store_type = configurationAttributes.get(
"iw_cert_store_type").getValue2()
iw_cert_path = configurationAttributes.get("iw_cert_path").getValue2()
iw_creds_file = configurationAttributes.get(
"iw_creds_file").getValue2()
# Load credentials from file
f = open(iw_creds_file, 'r')
try:
creds = json.loads(f.read())
except:
return False
finally:
f.close()
iw_cert_password = creds["CERT_PASSWORD"]
try:
stringEncrypter = StringEncrypter.defaultInstance()
iw_cert_password = stringEncrypter.decrypt(iw_cert_password)
except:
return False
httpService = HttpService.instance()
self.client = httpService.getHttpsClient(None, None, None,
iw_cert_store_type,
iw_cert_path,
iw_cert_password)
print "InWebo. Initialized successfully"
return True
def validateInweboToken(self, iw_api_uri, iw_service_id, user_name, iw_token):
httpService = HttpService.instance()
xmlService = XmlService.instance();
if StringHelper.isEmpty(iw_token):
print "InWebo. Token verification. iw_token is empty"
return False
request_uri = iw_api_uri + "?action=authenticate" + "&serviceId=" + httpService.encodeUrl(iw_service_id) + "&userId=" + httpService.encodeUrl(user_name) + "&token=" + httpService.encodeUrl(iw_token)
print "InWebo. Token verification. Attempting to send authentication request:", request_uri
# Execute request
http_response = httpService.executeGet(self.client, request_uri)
# Validate response code
response_validation = httpService.isResponseStastusCodeOk(http_response)
if response_validation == False:
print "InWebo. Token verification. Get unsuccessful response code"
return False
authentication_response_bytes = httpService.getResponseContent(http_response)
print "InWebo. Token verification. Get response:", httpService.convertEntityToString(authentication_response_bytes)
# Validate authentication response
response_validation = httpService.isContentTypeXml(http_response)
if response_validation == False:
print "InWebo. Token verification. Get invalid response"
return False
# Parse XML response
try:
xmlDocument = xmlService.getXmlDocument(authentication_response_bytes)
except Exception, err:
print "InWebo. Token verification. Failed to parse XML response:", err
return False
def executePost(self, request_uri, request_data):
httpService = HttpService.instance()
request_headers = { "Content-type" : "application/json; charset=UTF-8", "Accept" : "application/json" }
try:
http_service_response = httpService.executePost(self.http_client, request_uri, None, request_headers, request_data)
http_response = http_service_response.getHttpResponse()
except:
print "UAF. Validate POST response. Exception: ", sys.exc_info()[1]
return None
try:
if not httpService.isResponseStastusCodeOk(http_response):
print "UAF. Validate POST response. Get invalid response from server: %s" % str(http_response.getStatusLine().getStatusCode())
httpService.consume(http_response)
return None
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(response_bytes)
httpService.consume(http_response)
return response_string
finally:
http_service_response.closeConnection()
return None
def executePost(self, request_uri, request_data):
httpService = HttpService.instance()
request_headers = {
"Content-type": "application/json; charset=UTF-8",
"Accept": "application/json"
}
try:
http_service_response = httpService.executePost(
self.http_client, request_uri, None, request_headers,
request_data)
http_response = http_service_response.getHttpResponse()
except:
print "UAF. Validate POST response. Exception: ", sys.exc_info()[1]
return None
try:
if not httpService.isResponseStastusCodeOk(http_response):
print "UAF. Validate POST response. Get invalid response from server: %s" % str(
http_response.getStatusLine().getStatusCode())
httpService.consume(http_response)
return None
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(response_bytes)
httpService.consume(http_response)
return response_string
finally:
http_service_response.closeConnection()
return None
def init(self, configurationAttributes):
print "InWebo. Initialization"
iw_cert_store_type = configurationAttributes.get("iw_cert_store_type").getValue2()
iw_cert_path = configurationAttributes.get("iw_cert_path").getValue2()
iw_creds_file = configurationAttributes.get("iw_creds_file").getValue2()
# Load credentials from file
f = open(iw_creds_file, 'r')
try:
creds = json.loads(f.read())
except:
return False
finally:
f.close()
iw_cert_password = creds["CERT_PASSWORD"]
try:
stringEncrypter = StringEncrypter.defaultInstance()
iw_cert_password = stringEncrypter.decrypt(iw_cert_password)
except:
return False
httpService = HttpService.instance()
self.client = httpService.getHttpsClient(None, None, None, iw_cert_store_type, iw_cert_path, iw_cert_password)
print "InWebo. Initialized successfully"
return True
def prepareForStep(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
if (step == 1):
print "Saml. Prepare for step 1"
httpService = HttpService.instance()
request = FacesContext.getCurrentInstance().getExternalContext().getRequest()
assertionConsumerServiceUrl = httpService.constructServerUrl(request) + "/postlogin"
print "Saml. Prepare for step 1. Prepared assertionConsumerServiceUrl: '%s'" % assertionConsumerServiceUrl
currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters)
if (currentSamlConfiguration == None):
print "Saml. Prepare for step 1. Client saml configuration is invalid"
return False
# Generate an AuthRequest and send it to the identity provider
samlAuthRequest = AuthRequest(currentSamlConfiguration)
external_auth_request_uri = currentSamlConfiguration.getIdpSsoTargetUrl() + "?SAMLRequest=" + samlAuthRequest.getRequest(True, assertionConsumerServiceUrl)
print "Saml. Prepare for step 1. external_auth_request_uri: '%s'" % external_auth_request_uri
context.set("external_auth_request_uri", external_auth_request_uri)
return True
elif (step == 2):
print "Saml. Prepare for step 2"
return True
else:
return False
def init(self, configurationAttributes):
print "UAF. Initialization"
if not configurationAttributes.containsKey("uaf_server_uri"):
print "UAF. Initialization. Property uaf_server_uri is mandatory"
return False
self.uaf_server_uri = configurationAttributes.get("uaf_server_uri").getValue2()
self.uaf_policy_name = "default"
if configurationAttributes.containsKey("uaf_policy_name"):
self.uaf_policy_name = configurationAttributes.get("uaf_policy_name").getValue2()
self.send_push_notifaction = False
if configurationAttributes.containsKey("send_push_notifaction"):
self.send_push_notifaction = StringHelper.toBoolean(configurationAttributes.get("send_push_notifaction").getValue2(), False)
self.registration_uri = None
if configurationAttributes.containsKey("registration_uri"):
self.registration_uri = configurationAttributes.get("registration_uri").getValue2()
self.customQrOptions = {}
if configurationAttributes.containsKey("qr_options"):
self.customQrOptions = configurationAttributes.get("qr_options").getValue2()
print "UAF. Initializing HTTP client"
httpService = HttpService.instance()
self.http_client = httpService.getHttpsClient()
http_client_params = self.http_client.getParams()
http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)
print "UAF. Initialized successfully. uaf_server_uri: '%s', uaf_policy_name: '%s', send_push_notifaction: '%s', registration_uri: '%s', qr_options: '%s'" % (self.uaf_server_uri, self.uaf_policy_name, self.send_push_notifaction, self.registration_uri, self.customQrOptions)
print "UAF. Initialized successfully"
return True
def prepareForStep(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
if (step == 1):
print "Saml. Prepare for step 1"
httpService = HttpService.instance();
request = FacesContext.getCurrentInstance().getExternalContext().getRequest()
assertionConsumerServiceUrl = httpService.constructServerUrl(request) + "/postlogin"
print "Saml. Prepare for step 1. Prepared assertionConsumerServiceUrl:", assertionConsumerServiceUrl
currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters)
if (currentSamlConfiguration == None):
print "Saml. Prepare for step 1. Client saml configuration is invalid"
return False
# Generate an AuthRequest and send it to the identity provider
samlAuthRequest = AuthRequest(currentSamlConfiguration)
external_auth_request_uri = currentSamlConfiguration.getIdpSsoTargetUrl() + "?SAMLRequest=" + samlAuthRequest.getRequest(True, assertionConsumerServiceUrl)
print "Saml. Prepare for step 1. external_auth_request_uri:", external_auth_request_uri
context.set("external_auth_request_uri", external_auth_request_uri)
return True
elif (step == 2):
print "Saml. Prepare for step 2"
return True
else:
return False
def isValidAuthenticationMethod(self, usageType, configurationAttributes):
print "CAS2. Rest API authenticate isValidAuthenticationMethod"
if (not (configurationAttributes.containsKey("cas_validation_uri") and
configurationAttributes.containsKey("cas_validation_pattern")
and configurationAttributes.containsKey(
"cas_validation_timeout"))):
return True
cas_validation_uri = configurationAttributes.get(
"cas_validation_uri").getValue2()
cas_validation_pattern = configurationAttributes.get(
"cas_validation_pattern").getValue2()
cas_validation_timeout = int(
configurationAttributes.get(
"cas_validation_timeout").getValue2()) * 1000
httpService = HttpService.instance()
http_client = httpService.getHttpsClient()
http_client_params = http_client.getParams()
http_client_params.setIntParameter(
CoreConnectionPNames.CONNECTION_TIMEOUT, cas_validation_timeout)
try:
http_service_response = httpService.executeGet(
http_client, cas_validation_uri)
http_response = http_service_response.getHttpResponse()
except:
print "CAS2. Rest API authenticate isValidAuthenticationMethod. Exception: ", sys.exc_info(
)[1]
return False
try:
if (http_response.getStatusLine().getStatusCode() != 200):
print "CAS2. Rest API authenticate isValidAuthenticationMethod. Get invalid response from CAS2 server: ", str(
http_response_ticket.getStatusLine().getStatusCode())
httpService.consume(http_response)
return False
validation_response_bytes = httpService.getResponseContent(
http_response)
validation_response_string = httpService.convertEntityToString(
validation_response_bytes)
httpService.consume(http_response)
finally:
http_service_response.closeConnection()
if (validation_response_string == None or
validation_response_string.find(cas_validation_pattern) == -1):
print "CAS2. Rest API authenticate isValidAuthenticationMethod. Get invalid login page from CAS2 server:"
return False
return True
def init(self, configurationAttributes):
print "UAF. Initialization"
if not configurationAttributes.containsKey("uaf_server_uri"):
print "UAF. Initialization. Property uaf_server_uri is mandatory"
return False
self.uaf_server_uri = configurationAttributes.get(
"uaf_server_uri").getValue2()
self.uaf_policy_name = "default"
if configurationAttributes.containsKey("uaf_policy_name"):
self.uaf_policy_name = configurationAttributes.get(
"uaf_policy_name").getValue2()
self.send_push_notifaction = False
if configurationAttributes.containsKey("send_push_notifaction"):
self.send_push_notifaction = StringHelper.toBoolean(
configurationAttributes.get(
"send_push_notifaction").getValue2(), False)
self.registration_uri = None
if configurationAttributes.containsKey("registration_uri"):
self.registration_uri = configurationAttributes.get(
"registration_uri").getValue2()
self.customQrOptions = {}
if configurationAttributes.containsKey("qr_options"):
self.customQrOptions = configurationAttributes.get(
"qr_options").getValue2()
print "UAF. Initializing HTTP client"
httpService = HttpService.instance()
self.http_client = httpService.getHttpsClient()
http_client_params = self.http_client.getParams()
http_client_params.setIntParameter(
CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)
print "UAF. Initialized successfully. uaf_server_uri: '%s', uaf_policy_name: '%s', send_push_notifaction: '%s', registration_uri: '%s', qr_options: '%s'" % (
self.uaf_server_uri, self.uaf_policy_name,
self.send_push_notifaction, self.registration_uri,
self.customQrOptions)
print "UAF. Initialized successfully"
return True
def validateRecaptcha(self, recaptcha_response):
print "Cert. Validate recaptcha response"
request = FacesContext.getCurrentInstance().getExternalContext().getRequest()
remoteip = request.getHeader("X-FORWARDED-FOR")
if remoteip == None:
remoteip = request.getRemoteAddr()
print "Cert. Validate recaptcha response. remoteip: '%s'" % remoteip
httpService = HttpService.instance();
http_client = httpService.getHttpsClient();
http_client_params = http_client.getParams();
http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000);
recaptcha_validation_url = "https://www.google.com/recaptcha/api/siteverify"
recaptcha_validation_request = urllib.urlencode({ "secret" : self.recaptcha_creds['secret_key'], "response" : recaptcha_response, "remoteip" : remoteip })
recaptcha_validation_headers = { "Content-type" : "application/x-www-form-urlencoded", "Accept" : "application/json" }
try:
http_service_response = httpService.executePost(http_client, recaptcha_validation_url, None, recaptcha_validation_headers, recaptcha_validation_request)
http_response = http_service_response.getHttpResponse()
except:
print "Cert. Validate recaptcha response. Exception: ", sys.exc_info()[1]
return False
try:
if not httpService.isResponseStastusCodeOk(http_response):
print "Cert. Validate recaptcha response. Get invalid response from validation server: ", str(http_response.getStatusLine().getStatusCode())
httpService.consume(http_response)
return False
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(response_bytes)
httpService.consume(http_response)
finally:
http_service_response.closeConnection()
if response_string == None:
print "Cert. Validate recaptcha response. Get empty response from validation server"
return False
response = json.loads(response_string)
return response["success"]
def prepareForStep(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
httpService = HttpService.instance()
cas_host = configurationAttributes.get("cas_host").getValue2()
cas_renew_opt = StringHelper.toBoolean(
configurationAttributes.get("cas_renew_opt").getValue2(), False)
cas_extra_opts = None
if (configurationAttributes.containsKey("cas_extra_opts")):
cas_extra_opts = configurationAttributes.get(
"cas_extra_opts").getValue2()
if (step == 1):
print "CAS2. Prepare for step 1"
request = FacesContext.getCurrentInstance().getExternalContext(
).getRequest()
parametersMap = HashMap()
parametersMap.put(
"service",
httpService.constructServerUrl(request) + "/postlogin")
if (cas_renew_opt):
parametersMap.put("renew", "true")
cas_service_request_uri = authenticationService.parametersAsString(
parametersMap)
cas_service_request_uri = cas_host + "/login?" + cas_service_request_uri
if cas_extra_opts != None:
cas_service_request_uri = cas_service_request_uri + "&" + cas_extra_opts
print "CAS2. Prepare for step 1. cas_service_request_uri: " + cas_service_request_uri
context.set("cas_service_request_uri", cas_service_request_uri)
return True
elif (step == 2):
print "CAS2. Prepare for step 2"
return True
else:
return False
def determineGeolocationData(self, remote_ip):
print "Super-Gluu. Determine remote location. remote_ip: '%s'" % remote_ip
httpService = HttpService.instance()
http_client = httpService.getHttpsClient()
http_client_params = http_client.getParams()
http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)
geolocation_service_url = "http://ip-api.com/json/%s?fields=49177" % remote_ip
geolocation_service_headers = { "Accept" : "application/json" }
try:
http_service_response = httpService.executeGet(http_client, geolocation_service_url, geolocation_service_headers)
http_response = http_service_response.getHttpResponse()
except:
print "Super-Gluu. Determine remote location. Exception: ", sys.exc_info()[1]
return None
try:
if not httpService.isResponseStastusCodeOk(http_response):
print "Super-Gluu. Determine remote location. Get invalid response from validation server: ", str(http_response.getStatusLine().getStatusCode())
httpService.consume(http_response)
return None
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(response_bytes)
httpService.consume(http_response)
finally:
http_service_response.closeConnection()
if response_string == None:
print "Super-Gluu. Determine remote location. Get empty response from location server"
return None
response = json.loads(response_string)
if not StringHelper.equalsIgnoreCase(response['status'], "success"):
print "Super-Gluu. Determine remote location. Get response with status: '%s'" % response['status']
return None
return response
def validateInweboToken(self, iw_api_uri, iw_service_id, user_name,
iw_token):
httpService = HttpService.instance()
xmlService = XmlService.instance()
if StringHelper.isEmpty(iw_token):
print "InWebo. Token verification. iw_token is empty"
return False
request_uri = iw_api_uri + "?action=authenticate" + "&serviceId=" + httpService.encodeUrl(
iw_service_id) + "&userId=" + httpService.encodeUrl(
user_name) + "&token=" + httpService.encodeUrl(iw_token)
print "InWebo. Token verification. Attempting to send authentication request:", request_uri
# Execute request
http_response = httpService.executeGet(self.client, request_uri)
# Validate response code
response_validation = httpService.isResponseStastusCodeOk(
http_response)
if response_validation == False:
print "InWebo. Token verification. Get unsuccessful response code"
return False
authentication_response_bytes = httpService.getResponseContent(
http_response)
print "InWebo. Token verification. Get response:", httpService.convertEntityToString(
authentication_response_bytes)
# Validate authentication response
response_validation = httpService.isContentTypeXml(http_response)
if response_validation == False:
print "InWebo. Token verification. Get invalid response"
return False
# Parse XML response
try:
xmlDocument = xmlService.getXmlDocument(
authentication_response_bytes)
except Exception, err:
print "InWebo. Token verification. Failed to parse XML response:", err
return False
def prepareForStep(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
httpService = HttpService.instance();
cas_host = configurationAttributes.get("cas_host").getValue2()
cas_renew_opt = StringHelper.toBoolean(configurationAttributes.get("cas_renew_opt").getValue2(), False)
cas_extra_opts = None
if (configurationAttributes.containsKey("cas_extra_opts")):
cas_extra_opts = configurationAttributes.get("cas_extra_opts").getValue2()
if (step == 1):
print "CAS2. Prepare for step 1"
print "CAS2. Prepare for step 1. Store current request parameters in session because CAS don't pass them via service URI"
authenticationService.storeRequestParametersInSession()
request = FacesContext.getCurrentInstance().getExternalContext().getRequest()
parametersMap = HashMap()
parametersMap.put("service", httpService.constructServerUrl(request) + "/postlogin")
if (cas_renew_opt):
parametersMap.put("renew", "true")
cas_service_request_uri = authenticationService.parametersAsString(parametersMap)
cas_service_request_uri = cas_host + "/login?" + cas_service_request_uri
if cas_extra_opts != None:
cas_service_request_uri = cas_service_request_uri + "&" + cas_extra_opts
print "CAS2. Prepare for step 1. cas_service_request_uri: " + cas_service_request_uri
context.set("cas_service_request_uri", cas_service_request_uri)
return True
elif (step == 2):
print "CAS2. Prepare for step 2"
return True
else:
return False
def validateRecaptcha(self, recaptcha_response):
print "Cert. Validate recaptcha response"
request = FacesContext.getCurrentInstance().getExternalContext(
).getRequest()
remoteip = request.getHeader("X-FORWARDED-FOR")
if remoteip == None:
remoteip = request.getRemoteAddr()
print "Cert. Validate recaptcha response. remoteip: '%s'" % remoteip
httpService = HttpService.instance()
http_client = httpService.getHttpsClient()
http_client_params = http_client.getParams()
http_client_params.setIntParameter(
CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)
recaptcha_validation_url = "https://www.google.com/recaptcha/api/siteverify"
recaptcha_validation_request = urllib.urlencode({
"secret":
self.recaptcha_creds['secret_key'],
"response":
recaptcha_response,
"remoteip":
remoteip
})
recaptcha_validation_headers = {
"Content-type": "application/x-www-form-urlencoded",
"Accept": "application/json"
}
try:
http_service_response = httpService.executePost(
http_client, recaptcha_validation_url, None,
recaptcha_validation_headers, recaptcha_validation_request)
http_response = http_service_response.getHttpResponse()
except:
print "Cert. Validate recaptcha response. Exception: ", sys.exc_info(
)[1]
return False
try:
if not httpService.isResponseStastusCodeOk(http_response):
print "Cert. Validate recaptcha response. Get invalid response from validation server: ", str(
http_response.getStatusLine().getStatusCode())
httpService.consume(http_response)
return False
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(response_bytes)
httpService.consume(http_response)
finally:
http_service_response.closeConnection()
if response_string == None:
print "Cert. Validate recaptcha response. Get empty response from validation server"
return False
response = json.loads(response_string)
return response["success"]
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
httpService = HttpService.instance()
cas_host = configurationAttributes.get("cas_host").getValue2()
cas_map_user = StringHelper.toBoolean(
configurationAttributes.get("cas_map_user").getValue2(), False)
cas_renew_opt = StringHelper.toBoolean(
configurationAttributes.get("cas_renew_opt").getValue2(), False)
cas_extra_opts = None
if (configurationAttributes.containsKey("cas_extra_opts")):
cas_extra_opts = configurationAttributes.get(
"cas_extra_opts").getValue2()
if (step == 1):
print "CAS2. Authenticate for step 1"
ticket_array = requestParameters.get("ticket")
if ArrayHelper.isEmpty(ticket_array):
print "CAS2. Authenticate for step 1. ticket is empty"
return False
ticket = ticket_array[0]
print "CAS2. Authenticate for step 1. ticket: " + ticket
if (StringHelper.isEmptyString(ticket)):
print "CAS2. Authenticate for step 1. ticket is invalid"
return False
# Validate ticket
request = FacesContext.getCurrentInstance().getExternalContext(
).getRequest()
parametersMap = HashMap()
parametersMap.put(
"service",
httpService.constructServerUrl(request) + "/postlogin")
if (cas_renew_opt):
parametersMap.put("renew", "true")
parametersMap.put("ticket", ticket)
cas_service_request_uri = authenticationService.parametersAsString(
parametersMap)
cas_service_request_uri = cas_host + "/serviceValidate?" + cas_service_request_uri
if (cas_extra_opts != None):
cas_service_request_uri = cas_service_request_uri + "&" + cas_extra_opts
print "CAS2. Authenticate for step 1. cas_service_request_uri: " + cas_service_request_uri
http_client = httpService.getHttpsClient()
http_service_response = httpService.executeGet(
http_client, cas_service_request_uri)
try:
validation_content = httpService.convertEntityToString(
httpService.getResponseContent(
http_service_response.getHttpResponse()))
finally:
http_service_response.closeConnection()
print "CAS2. Authenticate for step 1. validation_content: " + validation_content
if StringHelper.isEmpty(validation_content):
print "CAS2. Authenticate for step 1. Ticket validation response is invalid"
return False
cas2_auth_failure = self.parse_tag(validation_content,
"cas:authenticationFailure")
print "CAS2. Authenticate for step 1. cas2_auth_failure: ", cas2_auth_failure
cas2_user_uid = self.parse_tag(validation_content, "cas:user")
print "CAS2. Authenticate for step 1. cas2_user_uid: ", cas2_user_uid
if ((cas2_auth_failure != None) or (cas2_user_uid == None)):
print "CAS2. Authenticate for step 1. Ticket is invalid"
return False
if (cas_map_user):
print "CAS2. Authenticate for step 1. Attempting to find user by oxExternalUid: cas2:" + cas2_user_uid
# Check if the is user with specified cas2_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "cas2:" + cas2_user_uid)
if (find_user_by_uid == None):
print "CAS2. Authenticate for step 1. Failed to find user"
print "CAS2. Authenticate for step 1. Setting count steps to 2"
context.set("cas2_count_login_steps", 2)
context.set("cas2_user_uid", cas2_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "CAS2. Authenticate for step 1. found_user_name: " + found_user_name
credentials = Identity.instance().getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "CAS2. Authenticate for step 1. Setting count steps to 1"
context.set("cas2_count_login_steps", 1)
return True
else:
print "CAS2. Authenticate for step 1. Attempting to find user by uid:" + cas2_user_uid
# Check if the is user with specified cas2_user_uid
find_user_by_uid = userService.getUser(cas2_user_uid)
if (find_user_by_uid == None):
print "CAS2. Authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "CAS2. Authenticate for step 1. found_user_name: " + found_user_name
credentials = Identity.instance().getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "CAS2. Authenticate for step 1. Setting count steps to 1"
context.set("cas2_count_login_steps", 1)
return True
elif (step == 2):
print "CAS2. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None
) or not sessionAttributes.containsKey("cas2_user_uid"):
print "CAS2. Authenticate for step 2. cas2_user_uid is empty"
return False
cas2_user_uid = sessionAttributes.get("cas2_user_uid")
passed_step1 = StringHelper.isNotEmptyString(cas2_user_uid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has cas2_user_uid
# Avoid mapping CAS2 account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "cas2:" + cas2_user_uid)
if (find_user_by_uid == None):
# Add cas2_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(
user_name, "oxExternalUid", "cas2:" + cas2_user_uid)
if (find_user_by_uid == None):
print "CAS2. Authenticate for step 2. Failed to update current user"
return False
return True
else:
found_user_name = find_user_by_uid.getUserId()
print "CAS2. Authenticate for step 2. found_user_name: " + found_user_name
if StringHelper.equals(user_name, found_user_name):
return True
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
httpService = HttpService.instance()
server_flag = configurationAttributes.get(
"oneid_server_flag").getValue2()
callback_attrs = configurationAttributes.get(
"oneid_callback_attrs").getValue2()
creds_file = configurationAttributes.get(
"oneid_creds_file").getValue2()
# Create OneID
authn = OneID(server_flag)
# Set path to credentials file
authn.creds_file = creds_file
if (step == 1):
print "OneId. Authenticate for step 1"
# Find OneID request
json_data_array = requestParameters.get("json_data")
if ArrayHelper.isEmpty(json_data_array):
print "OneId. Authenticate for step 1. json_data is empty"
return False
request = json_data_array[0]
print "OneId. Authenticate for step 1. request: " + request
if (StringHelper.isEmptyString(request)):
return False
authn.set_credentials()
# Validate request
http_client = httpService.getHttpsClientDefaulTrustStore()
auth_data = httpService.encodeBase64(authn.api_id + ":" +
authn.api_key)
http_response = httpService.executePost(
http_client, authn.helper_server + "/validate", auth_data,
request, ContentType.APPLICATION_JSON)
validation_content = httpService.convertEntityToString(
httpService.getResponseContent(http_response))
print "OneId. Authenticate for step 1. validation_content: " + validation_content
if (StringHelper.isEmptyString(validation_content)):
return False
validation_resp = json.loads(validation_content)
print "OneId. Authenticate for step 1. validation_resp: " + str(
validation_resp)
if (not authn.success(validation_resp)):
return False
response = json.loads(request)
for x in validation_resp:
response[x] = validation_resp[x]
oneid_user_uid = response['uid']
print "OneId. Authenticate for step 1. oneid_user_uid: " + oneid_user_uid
# Check if the is user with specified oneid_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
print "OneId. Authenticate for step 1. Failed to find user"
print "OneId. Authenticate for step 1. Setting count steps to 2"
context.set("oneid_count_login_steps", 2)
context.set("oneid_user_uid", oneid_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "OneId. Authenticate for step 1. found_user_name: " + found_user_name
credentials = Identity.instance().getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "OneId. Authenticate for step 1. Setting count steps to 1"
context.set("oneid_count_login_steps", 1)
return True
elif (step == 2):
print "OneId. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None
) or not sessionAttributes.containsKey("oneid_user_uid"):
print "OneId. Authenticate for step 2. oneid_user_uid is empty"
return False
oneid_user_uid = sessionAttributes.get("oneid_user_uid")
passed_step1 = StringHelper.isNotEmptyString(oneid_user_uid)
if (not passed_step1):
return False
#
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
passed_step1 = StringHelper.isNotEmptyString(user_name)
if (not passed_step1):
return False
#
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has oneid_user_uid
# Avoid mapping OneID account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
# Add oneid_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(
user_name, "oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
print "OneId. Authenticate for step 2. Failed to update current user"
return False
return True
else:
found_user_name = find_user_by_uid.getUserId()
print "OneId. Authenticate for step 2. found_user_name: " + found_user_name
if StringHelper.equals(user_name, found_user_name):
return True
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
httpService = HttpService.instance();
server_flag = configurationAttributes.get("oneid_server_flag").getValue2()
callback_attrs = configurationAttributes.get("oneid_callback_attrs").getValue2()
creds_file = configurationAttributes.get("oneid_creds_file").getValue2()
# Create OneID
authn = OneID(server_flag)
# Set path to credentials file
authn.creds_file = creds_file;
if (step == 1):
print "OneId. Authenticate for step 1"
# Find OneID request
json_data_array = requestParameters.get("json_data")
if ArrayHelper.isEmpty(json_data_array):
print "OneId. Authenticate for step 1. json_data is empty"
return False
request = json_data_array[0]
print "OneId. Authenticate for step 1. request: " + request
if (StringHelper.isEmptyString(request)):
return False
authn.set_credentials()
# Validate request
http_client = httpService.getHttpsClientDefaulTrustStore();
auth_data = httpService.encodeBase64(authn.api_id + ":" + authn.api_key)
http_response = httpService.executePost(http_client, authn.helper_server + "/validate", auth_data, request, ContentType.APPLICATION_JSON)
validation_content = httpService.convertEntityToString(httpService.getResponseContent(http_response))
print "OneId. Authenticate for step 1. validation_content: " + validation_content
if (StringHelper.isEmptyString(validation_content)):
return False
validation_resp = json.loads(validation_content)
print "OneId. Authenticate for step 1. validation_resp: " + str(validation_resp)
if (not authn.success(validation_resp)):
return False
response = json.loads(request)
for x in validation_resp:
response[x] = validation_resp[x]
oneid_user_uid = response['uid']
print "OneId. Authenticate for step 1. oneid_user_uid: " + oneid_user_uid
# Check if the is user with specified oneid_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
print "OneId. Authenticate for step 1. Failed to find user"
print "OneId. Authenticate for step 1. Setting count steps to 2"
context.set("oneid_count_login_steps", 2)
context.set("oneid_user_uid", oneid_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "OneId. Authenticate for step 1. found_user_name: " + found_user_name
credentials = Identity.instance().getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "OneId. Authenticate for step 1. Setting count steps to 1"
context.set("oneid_count_login_steps", 1)
return True
elif (step == 2):
print "OneId. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None) or not sessionAttributes.containsKey("oneid_user_uid"):
print "OneId. Authenticate for step 2. oneid_user_uid is empty"
return False
oneid_user_uid = sessionAttributes.get("oneid_user_uid")
passed_step1 = StringHelper.isNotEmptyString(oneid_user_uid)
if (not passed_step1):
return False
#
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
passed_step1 = StringHelper.isNotEmptyString(user_name)
if (not passed_step1):
return False
#
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has oneid_user_uid
# Avoid mapping OneID account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
# Add oneid_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
print "OneId. Authenticate for step 2. Failed to update current user"
return False
return True
else:
found_user_name = find_user_by_uid.getUserId()
print "OneId. Authenticate for step 2. found_user_name: " + found_user_name
if StringHelper.equals(user_name, found_user_name):
return True
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
httpService = HttpService.instance();
stringEncrypter = StringEncrypter.defaultInstance()
cas_host = configurationAttributes.get("cas_host").getValue2()
cas_extra_opts = configurationAttributes.get("cas_extra_opts").getValue2()
cas_map_user = StringHelper.toBoolean(configurationAttributes.get("cas_map_user").getValue2(), False)
cas_renew_opt = StringHelper.toBoolean(configurationAttributes.get("cas_renew_opt").getValue2(), False)
if (step == 1):
print "CAS2 authenticate for step 1"
ticket_array = requestParameters.get("ticket")
if ArrayHelper.isEmpty(ticket_array):
print "CAS2 authenticate for step 1. ticket is empty"
return False
ticket = ticket_array[0]
print "CAS2 authenticate for step 1. ticket: " + ticket
if (StringHelper.isEmptyString(ticket)):
print "CAS2 authenticate for step 1. ticket is invalid"
return False
# Validate ticket
request = FacesContext.getCurrentInstance().getExternalContext().getRequest()
parametersMap = HashMap()
parametersMap.put("service", httpService.constructServerUrl(request) + "/postlogin")
if (cas_renew_opt):
parametersMap.put("renew", "true")
parametersMap.put("ticket", ticket)
cas_service_request_uri = authenticationService.parametersAsString(parametersMap)
cas_service_request_uri = cas_host + "/serviceValidate?" + cas_service_request_uri
if StringHelper.isNotEmpty(cas_extra_opts):
cas_service_request_uri = cas_service_request_uri + "&" + cas_extra_opts
print "CAS2 authenticate for step 1. cas_service_request_uri: " + cas_service_request_uri
http_client = httpService.getHttpsClientTrustAll();
http_response = httpService.executeGet(http_client, cas_service_request_uri)
validation_content = httpService.convertEntityToString(httpService.getResponseContent(http_response))
print "CAS2 authenticate for step 1. validation_content: " + validation_content
if StringHelper.isEmpty(validation_content):
print "CAS2 authenticate for step 1. Ticket validation response is invalid"
return False
cas2_auth_failure = self.parse_tag(validation_content, "cas:authenticationFailure")
print "CAS2 authenticate for step 1. cas2_auth_failure: ", cas2_auth_failure
cas2_user_uid = self.parse_tag(validation_content, "cas:user")
print "CAS2 authenticate for step 1. cas2_user_uid: ", cas2_user_uid
if ((cas2_auth_failure != None) or (cas2_user_uid == None)):
print "CAS2 authenticate for step 1. Ticket is invalid"
return False
if (cas_map_user):
print "CAS2 authenticate for step 1. Attempting to find user by oxExternalUid: cas2:" + cas2_user_uid
# Check if the is user with specified cas2_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "cas2:" + cas2_user_uid)
if (find_user_by_uid == None):
print "CAS2 authenticate for step 1. Failed to find user"
print "CAS2 authenticate for step 1. Setting count steps to 2"
context.set("cas2_count_login_steps", 2)
context.set("cas2_user_uid", stringEncrypter.encrypt(cas2_user_uid))
return True
found_user_name = find_user_by_uid.getUserId()
print "CAS2 authenticate for step 1. found_user_name: " + found_user_name
credentials = Identity.instance().getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "CAS2 authenticate for step 1. Setting count steps to 1"
context.set("cas2_count_login_steps", 1)
return True
else:
print "CAS2 authenticate for step 1. Attempting to find user by uid:" + cas2_user_uid
# Check if the is user with specified cas2_user_uid
find_user_by_uid = userService.getUser(cas2_user_uid)
if (find_user_by_uid == None):
print "CAS2 authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "CAS2 authenticate for step 1. found_user_name: " + found_user_name
credentials = Identity.instance().getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "CAS2 authenticate for step 1. Setting count steps to 1"
context.set("cas2_count_login_steps", 1)
return True
elif (step == 2):
print "CAS2 authenticate for step 2"
cas2_user_uid_array = requestParameters.get("cas2_user_uid")
if ArrayHelper.isEmpty(cas2_user_uid_array):
print "CAS2 authenticate for step 2. cas2_user_uid is empty"
return False
cas2_user_uid = stringEncrypter.decrypt(cas2_user_uid_array[0])
passed_step1 = StringHelper.isNotEmptyString(cas2_user_uid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has cas2_user_uid
# Avoid mapping CAS2 account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "cas2:" + cas2_user_uid)
if (find_user_by_uid == None):
# Add cas2_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "cas2:" + cas2_user_uid)
if (find_user_by_uid == None):
print "CAS2 authenticate for step 2. Failed to update current user"
return False
return True
else:
found_user_name = find_user_by_uid.getUserId()
print "CAS2 authenticate for step 2. found_user_name: " + found_user_name
if StringHelper.equals(user_name, found_user_name):
return True
return False
else:
return False
