def sendPushNotification(self, user, oxpush2_request): if not self.enabledPushNotifications: return user_name = user.getUserId() print "oxPush2. Send push notification. Loading user '%s' devices" % user_name send_notification = False send_notification_result = True userService = UserService.instance() deviceRegistrationService = DeviceRegistrationService.instance() user_inum = userService.getUserInum(user_name) u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, self.application_id, "oxId", "oxDeviceData") if u2f_devices_list.size() > 0: for u2f_device in u2f_devices_list: device_data = u2f_device.getDeviceData() # Device data which oxPush2 gets during enrollment if device_data == None: continue platform = device_data.getPlatform() push_token = device_data.getPushToken() debug = False if StringHelper.equalsIgnoreCase(platform, "ios") and StringHelper.isNotEmpty(push_token): # Sending notification to iOS user's device if (self.pushAppleService == None): print "oxPush2. Send push notification. Apple push notification service is not enabled" else: send_notification = True title = "oxPush2" message = "oxPush2 login request to: %s" % self.application_id additional_fields = HashMap() additional_fields.put("request", oxpush2_request) send_notification_result = self.pushAppleService.sendPush(title, message, additional_fields, push_token) if debug: print "oxPush2. Send push notification. token: '%s', send_notification_result: '%s'" % (push_token, send_notification_result) if StringHelper.equalsIgnoreCase(platform, "android") and StringHelper.isNotEmpty(push_token): # Sending notification to Android user's device if (self.pushAndroidService == None): print "oxPush2. Send push notification. Android push notification service is not enabled" else: send_notification = True send_notification_result= self.pushAndroidService.sendPush("oxPush2", oxpush2_request, push_token) if debug: print "oxPush2. Send push notification. token: '%s', send_notification_result: '%s'" % (push_token, send_notification_result) print "oxPush2. Send push notification. send_notification: '%s', send_notification_result: '%s'" % (send_notification, send_notification_result)
def getTargetEndpointArn(self, deviceRegistrationService, pushSnsService, platform, user, u2fDevice): targetEndpointArn = None # Return endpoint ARN if it created already notificationConf = u2fDevice.getDeviceNotificationConf() if StringHelper.isNotEmpty(notificationConf): notificationConfJson = json.loads(notificationConf) targetEndpointArn = notificationConfJson['sns_endpoint_arn'] if StringHelper.isNotEmpty(targetEndpointArn): print "Super-Gluu. Get target endpoint ARN. There is already created target endpoint ARN" return targetEndpointArn # Create endpoint ARN pushClient = None pushClientAuth = None platformApplicationArn = None if platform == PushPlatform.GCM: pushClient = self.pushAndroidService if self.pushSnsMode: platformApplicationArn = self.pushAndroidPlatformArn if self.pushGluuMode: pushClientAuth = self.pushAndroidServiceAuth elif platform == PushPlatform.APNS: pushClient = self.pushAppleService if self.pushSnsMode: platformApplicationArn = self.pushApplePlatformArn if self.pushGluuMode: pushClientAuth = self.pushAppleServiceAuth else: return None deviceData = u2fDevice.getDeviceData() pushToken = deviceData.getPushToken() print "Super-Gluu. Get target endpoint ARN. Attempting to create target endpoint ARN for user: '******'" % user.getUserId() if self.pushSnsMode: targetEndpointArn = pushSnsService.createPlatformArn(pushClient, platformApplicationArn, pushToken, user) else: customUserData = pushSnsService.getCustomUserData(user) registerDeviceResponse = pushClient.registerDevice(pushClientAuth, pushToken, customUserData); if registerDeviceResponse != None and registerDeviceResponse.getStatusCode() == 200: targetEndpointArn = registerDeviceResponse.getEndpointArn() if StringHelper.isEmpty(targetEndpointArn): print "Super-Gluu. Failed to get endpoint ARN for user: '******'" % user.getUserId() return None print "Super-Gluu. Get target endpoint ARN. Create target endpoint ARN '%s' for user: '******'" % (targetEndpointArn, user.getUserId()) # Store created endpoint ARN in device entry userInum = user.getAttribute("inum") u2fDeviceUpdate = deviceRegistrationService.findUserDeviceRegistration(userInum, u2fDevice.getId()) u2fDeviceUpdate.setDeviceNotificationConf('{"sns_endpoint_arn" : "%s"}' % targetEndpointArn) deviceRegistrationService.updateDeviceRegistration(userInum, u2fDeviceUpdate) return targetEndpointArn
def processKeyStoreProperties(self, attrs): file = attrs.get("key_store_file") password = attrs.get("key_store_password") if file != None and password != None: file = file.getValue2() password = password.getValue2() if StringHelper.isNotEmpty(file) and StringHelper.isNotEmpty(password): self.keyStoreFile = file self.keyStorePassword = password return True print "Passport. readKeyStoreProperties. Properties key_store_file or key_store_password not found or empty" return False
def getCurrentSamlConfiguration(self, currentSamlConfiguration, configurationAttributes, requestParameters): saml_client_configuration = self.getClientConfiguration(configurationAttributes, requestParameters) if (saml_client_configuration == None): return currentSamlConfiguration saml_client_configuration_value = json.loads(saml_client_configuration.getValue()) client_asimba_saml_certificate = None client_asimba_saml_certificate_file = saml_client_configuration_value["asimba_saml_certificate_file"] if (StringHelper.isNotEmpty(client_asimba_saml_certificate_file)): client_asimba_saml_certificate = self.loadCeritificate(client_asimba_saml_certificate_file) if (StringHelper.isEmpty(client_asimba_saml_certificate)): print "Saml. BuildClientSamlConfiguration. File with x509 certificate should be not empty. Using default configuration" return currentSamlConfiguration clientSamlConfiguration = currentSamlConfiguration.clone() if (client_asimba_saml_certificate != None): clientSamlConfiguration.loadCertificateFromString(client_asimba_saml_certificate) client_asimba_entity_id = saml_client_configuration_value["asimba_entity_id"] clientSamlConfiguration.setIssuer(client_asimba_entity_id) saml_use_authn_context = saml_client_configuration_value["saml_use_authn_context"] client_use_saml_use_authn_context = StringHelper.toBoolean(saml_use_authn_context, True) clientSamlConfiguration.setUseRequestedAuthnContext(client_use_saml_use_authn_context) return clientSamlConfiguration
def getCurrentSamlConfiguration(self, currentSamlConfiguration, configurationAttributes, requestParameters): saml_client_configuration = self.getClientConfiguration(configurationAttributes, requestParameters) if (saml_client_configuration == None): return currentSamlConfiguration saml_client_configuration_value = json.loads(saml_client_configuration.getValue()) client_saml_certificate = None client_saml_certificate_file = saml_client_configuration_value["saml_certificate_file"] if (StringHelper.isNotEmpty(client_saml_certificate_file)): client_saml_certificate = self.loadCeritificate(client_saml_certificate_file) if (StringHelper.isEmpty(client_saml_certificate)): print "Saml. BuildClientSamlConfiguration. File with x509 certificate should be not empty. Using default configuration" return currentSamlConfiguration clientSamlConfiguration = currentSamlConfiguration.clone() if (client_saml_certificate != None): clientSamlConfiguration.loadCertificateFromString(client_saml_certificate) client_saml_issuer = saml_client_configuration_value["saml_issuer"] clientSamlConfiguration.setIssuer(client_saml_issuer) saml_use_authn_context = saml_client_configuration_value["saml_use_authn_context"] client_use_saml_use_authn_context = StringHelper.toBoolean(saml_use_authn_context, True) clientSamlConfiguration.setUseRequestedAuthnContext(client_use_saml_use_authn_context) return clientSamlConfiguration
def getPreselectionIDPParams(self): param = {"saml": None, "social": None} acrs = [self.getAcrFor(True), self.getAcrFor(False)] custScriptService = CdiUtil.bean(CustomScriptService) scriptsList = custScriptService.findCustomScripts( Collections.singletonList(CustomScriptType.PERSON_AUTHENTICATION), "oxConfigurationProperty", "displayName", "gluuStatus") for customScript in scriptsList: if customScript.isEnabled() and customScript.getName() in acrs: for prop in customScript.getConfigurationProperties(): if prop.getValue1( ) == "authz_req_param_provider" and StringHelper.isNotEmpty( prop.getValue2()): param["saml" if customScript.getName( ) == "passport_saml" else "social"] = prop.getValue2() break if param["saml"] != None: print "Casa. getPreselectionIDPParams. Found oxAuth cust param for SAML IDPs authz requests '%s'" % param[ "saml"] else: print "Casa. getPreselectionIDPParams. oxAuth cust param for SAML IDPs authz requests not found. IDPs won't be available" if param["social"] != None: print "Casa. getPreselectionIDPParams. Found oxAuth cust param for OAuth/OIDC providers' authz requests '%s'" % param[ "social"] else: print "Casa. getPreselectionIDPParams. oxAuth cust param for for OAuth/OIDC providers' authz requests not found. OPs won't be available" return param
def getTargetEndpointArn(self, deviceRegistrationService, pushSnsService, platform, user, u2fDevice): targetEndpointArn = None # Return endpoint ARN if it created already notificationConf = u2fDevice.getDeviceNotificationConf() if StringHelper.isNotEmpty(notificationConf): notificationConfJson = json.loads(notificationConf) targetEndpointArn = notificationConfJson['sns_endpoint_arn'] if StringHelper.isNotEmpty(targetEndpointArn): print "Super-Gluu. Get target endpoint ARN. There is already created target endpoint ARN" return targetEndpointArn # Create endpoint ARN snsClient = None platformApplicationArn = None if platform == PushPlatform.GCM: snsClient = self.pushAndroidService platformApplicationArn = self.pushAndroidPlatformArn elif platform == PushPlatform.APNS: snsClient = self.pushAppleService platformApplicationArn = self.pushApplePlatformArn else: return None deviceData = u2fDevice.getDeviceData() pushToken = deviceData.getPushToken() print "Super-Gluu. Get target endpoint ARN. Attempting to create target endpoint ARN for user: '******'" % user.getUserId( ) targetEndpointArn = pushSnsService.createPlatformArn( snsClient, platformApplicationArn, pushToken, user) print "Super-Gluu. Get target endpoint ARN. Create target endpoint ARN '%s' for user: '******'" % ( targetEndpointArn, user.getUserId()) # Store created endpoint ARN in device entry userInum = user.getAttribute("inum") u2fDeviceUpdate = deviceRegistrationService.findUserDeviceRegistration( userInum, u2fDevice.getId()) u2fDeviceUpdate.setDeviceNotificationConf( '{"sns_endpoint_arn" : "%s"}' % targetEndpointArn) deviceRegistrationService.updateDeviceRegistration( userInum, u2fDeviceUpdate) return targetEndpointArn
def getGeolocation(self, identity): session_attributes = identity.getSessionId().getSessionAttributes() if session_attributes.containsKey("remote_ip"): remote_ip = session_attributes.get("remote_ip") if StringHelper.isNotEmpty(remote_ip): httpService = CdiUtil.bean(HttpService) http_client = httpService.getHttpsClient() http_client_params = http_client.getParams() http_client_params.setIntParameter( CoreConnectionPNames.CONNECTION_TIMEOUT, 4 * 1000) geolocation_service_url = "http://ip-api.com/json/%s?fields=country,city,status,message" % remote_ip geolocation_service_headers = {"Accept": "application/json"} try: http_service_response = httpService.executeGet( http_client, geolocation_service_url, geolocation_service_headers) http_response = http_service_response.getHttpResponse() except: print "Casa. Determine remote location. Exception: ", sys.exc_info( )[1] return None try: if not httpService.isResponseStastusCodeOk(http_response): print "Casa. Determine remote location. Get non 200 OK response from server:", str( http_response.getStatusLine().getStatusCode()) httpService.consume(http_response) return None response_bytes = httpService.getResponseContent( http_response) response_string = httpService.convertEntityToString( response_bytes, Charset.forName("UTF-8")) httpService.consume(http_response) finally: http_service_response.closeConnection() if response_string == None: print "Casa. Determine remote location. Get empty response from location server" return None response = json.loads(response_string) if not StringHelper.equalsIgnoreCase(response['status'], "success"): print "Casa. Determine remote location. Get response with status: '%s'" % response[ 'status'] return None return response return None
def addGeolocationData(self, session_attributes, oxpush2_request_dictionary): if session_attributes.containsKey("remote_ip"): remote_ip = session_attributes.get("remote_ip") if StringHelper.isNotEmpty(remote_ip): print "oxPush2. Prepare for step 2. Adding req_ip and req_loc to oxpush2_request" oxpush2_request_dictionary['req_ip'] = remote_ip remote_loc_dic = self.determineGeolocationData(remote_ip) if remote_loc_dic == None: print "oxPush2. Prepare for step 2. Failed to determine remote location by remote IP '%s'" % remote_ip remote_loc = "%s, %s, %s" % ( remote_loc_dic['country'], remote_loc_dic['regionName'], remote_loc_dic['city'] ) remote_loc_encoded = urllib.quote(remote_loc) oxpush2_request_dictionary['req_loc'] = remote_loc_encoded
def addGeolocationData(self, session_attributes, super_gluu_request_dictionary): if session_attributes.containsKey("remote_ip"): remote_ip = session_attributes.get("remote_ip") if StringHelper.isNotEmpty(remote_ip): print "Super-Gluu. Prepare for step 2. Adding req_ip and req_loc to super_gluu_request" super_gluu_request_dictionary['req_ip'] = remote_ip remote_loc_dic = self.determineGeolocationData(remote_ip) if remote_loc_dic == None: print "Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '%s'" % remote_ip return remote_loc = "%s, %s, %s" % ( remote_loc_dic['country'], remote_loc_dic['regionName'], remote_loc_dic['city'] ) remote_loc_encoded = urllib.quote(remote_loc) super_gluu_request_dictionary['req_loc'] = remote_loc_encoded
def getCustomAuthzParameter(self, simpleCustProperty): customAuthzParameter = None if simpleCustProperty != None: prop = simpleCustProperty.getValue2() if StringHelper.isNotEmpty(prop): customAuthzParameter = prop if customAuthzParameter == None: print "Passport. getCustomAuthzParameter. No custom param for OIDC authz request in script properties" print "Passport. getCustomAuthzParameter. Passport flow cannot be initiated by doing an OpenID connect authorization request" else: print "Passport. getCustomAuthzParameter. Custom param for OIDC authz request in script properties: %s" % customAuthzParameter return customAuthzParameter
def update(self, dynamicScopeContext, configurationAttributes): print "Dynamic scope. Update method" dynamicScopes = dynamicScopeContext.getDynamicScopes() authorizationGrant = dynamicScopeContext.getAuthorizationGrant() user = dynamicScopeContext.getUser() jsonWebResponse = dynamicScopeContext.getJsonWebResponse() claims = jsonWebResponse.getClaims() # Add work phone if there is scope = work_phone userService = UserService.instance() workPhone = user.getAttribute("telephoneNumber") if (StringHelper.isNotEmpty(workPhone)): claims.setClaim("work_phone", workPhone) return True
def updateUser(self, user, configurationAttributes): attributes = user.getCustomAttributes() # Add new attribute preferredLanguage attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage", "en-us") attributes.add(attrPrefferedLanguage) # Add new attribute userPassword attrUserPassword = GluuCustomAttribute("userPassword", "test") attributes.add(attrUserPassword) # Update givenName attribute for attribute in attributes: attrName = attribute.getName() if (("givenname" == StringHelper.toLowerCase(attrName)) and StringHelper.isNotEmpty(attribute.getValue())): attribute.setValue(StringHelper.removeMultipleSpaces(attribute.getValue()) + " (updated)") return True
def updateUser(self, user, configurationAttributes): attributes = user.getCustomAttributes() # Add new attribute preferredLanguage attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage", "en-us") attributes.add(attrPrefferedLanguage) # Add new attribute userPassword attrUserPassword = GluuCustomAttribute("userPassword", "test") attributes.add(attrUserPassword) # Update givenName attribute for attribute in attributes: attrName = attribute.getName() if (("givenname" == StringHelper.toLowerCase(attrName)) and StringHelper.isNotEmpty(attribute.getValue())): attribute.setValue( StringHelper.removeMultipleSpaces(attribute.getValue()) + " (updated)") return True
def prepareForStep(self, configurationAttributes, requestParameters, step): context = Contexts.getEventContext() authenticationService = AuthenticationService.instance() httpService = HttpService.instance(); cas_host = configurationAttributes.get("cas_host").getValue2() cas_extra_opts = configurationAttributes.get("cas_extra_opts").getValue2() cas_renew_opt = StringHelper.toBoolean(configurationAttributes.get("cas_renew_opt").getValue2(), False) if (step == 1): print "CAS2 prepare for step 1" print "CAS2 prepare for step 1. Store current request parameters in session because CAS don't pass them via service URI" authenticationService.storeRequestParametersInSession() request = FacesContext.getCurrentInstance().getExternalContext().getRequest() parametersMap = HashMap() parametersMap.put("service", httpService.constructServerUrl(request) + "/postlogin") if (cas_renew_opt): parametersMap.put("renew", "true") cas_service_request_uri = authenticationService.parametersAsString(parametersMap) cas_service_request_uri = cas_host + "/login?" + cas_service_request_uri if StringHelper.isNotEmpty(cas_extra_opts): cas_service_request_uri = cas_service_request_uri + "&" + cas_extra_opts print "CAS2 prepare for step 1. cas_service_request_uri: " + cas_service_request_uri context.set("cas_service_request_uri", cas_service_request_uri) return True elif (step == 2): print "CAS2 prepare for step 2" return True else: return False
def update(self, dynamicScopeContext, configurationAttributes): print "Dynamic scope. Update method" dynamicScopes = dynamicScopeContext.getDynamicScopes() user = dynamicScopeContext.getUser() jsonToken = dynamicScopeContext.getJsonToken() claims = jsonToken.getClaims() # Iterate through list of dynamic scopes in order to add custom scopes if needed print "Dynamic scope. Dynamic scopes:", dynamicScopes for dynamicScope in dynamicScopes: # Add organization name if there is scope = org_name if (StringHelper.equalsIgnoreCase(dynamicScope, "org_name")): claims.setClaim("org_name", "Gluu, Inc.") continue # Add work phone if there is scope = work_phone if (StringHelper.equalsIgnoreCase(dynamicScope, "work_phone")): workPhone = user.getAttribute("telephoneNumber"); if (StringHelper.isNotEmpty(workPhone)): claims.setClaim("work_phone", workPhone) continue return True
def authenticate(self, configurationAttributes, requestParameters, step): credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() context = Contexts.getEventContext() userService = UserService.instance() deviceRegistrationService = DeviceRegistrationService.instance() if (step == 1): print "oxPush2. Authenticate for step 1" user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False auth_method = 'authenticate' enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton") if StringHelper.isNotEmpty(enrollment_mode): auth_method = 'enroll' if (auth_method == 'authenticate'): find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): print "oxPush. Authenticate for step 1. Failed to find user" return False user_inum = userService.getUserInum(find_user_by_uid) u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, self.u2f_application_id, "oxId") if (u2f_devices_list.size() == 0): auth_method = 'enroll' print "oxPush2. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'" % (user_name, self.u2f_application_id, auth_method) print "oxPush2. Authenticate for step 1. auth_method: '%s'" % auth_method context.set("oxpush2_auth_method", auth_method) return True elif (step == 2): print "oxPush2. Authenticate for step 2" credentials = Identity.instance().getCredentials() user = credentials.getUser() if (user == None): print "oxPush2. Authenticate for step 2. Failed to determine user name" return False # Find user by uid userService = UserService.instance() find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): print "oxPush. Authenticate for step 2. Failed to find user" return False session_attributes = context.get("sessionAttributes") if (not session_attributes.containsKey("oxpush2_request")): print "oxPush2. Authenticate for step 2. There is no oxPush2 request in session attributes" return False oxpush2_request_json = session_attributes.get("oxpush2_request") oxpush2_request = json.loads(oxpush2_request_json) auth_method = oxpush2_request['method'] if (auth_method in ['enroll', 'authenticate']): print "oxPush2. Authenticate for step 2. Validation U2F user device. auth_method: '%s'" % auth_method # Check session state extended if (not session_attributes.containsKey("session_custom_state")): print "oxPush2. Authenticate for step 2. There is no session_custom_state in session attributes" return False session_custom_state = session_attributes.get("session_custom_state") if(not StringHelper.equalsIgnoreCase("approved", session_custom_state)): print "oxPush2. Authenticate for step 2. User '%s' not approve or pass U2F authentication. session_custom_state: '%s'" % (user_name, session_custom_state) return False # Try to find device_id in session attribute if (not session_attributes.containsKey("oxpush2_u2f_device_id")): print "oxPush2. Authenticate for step 2. There is no u2f_device associated with this request" return False u2f_device_id = session_attributes.get("oxpush2_u2f_device_id") # Validate if user has specified device_id enrollment user_inum = userService.getUserInum(find_user_by_uid) u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id) if (u2f_device == None): print "oxPush2. Authenticate for step 2. There is no u2f_device '%s' associated with user '%s'" % (u2f_device_id, user_inum) return False if (not StringHelper.equalsIgnoreCase(self.u2f_application_id, u2f_device.application)): print "oxPush2. Authenticate for step 2. U2F user's '%s' device associated with other application '%s'" % (user_name, u2f_device.application) return False print "oxPush2. Authenticate for step 2. U2F user's '%s' device authenticated successfully with U2F device '%s'" % (user_name, u2f_device_id) return True else: print "oxPush2. Authenticate for step 2. U2F auth_method is invalid" return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): context = Contexts.getEventContext() authenticationService = AuthenticationService.instance() userService = UserService.instance() saml_map_user = False saml_enroll_user = False saml_enroll_all_user_attr = False # Use saml_deployment_type only if there is no attributes mapping if (configurationAttributes.containsKey("saml_deployment_type")): saml_deployment_type = StringHelper.toLowerCase(configurationAttributes.get("saml_deployment_type").getValue2()) if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")): saml_map_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")): saml_enroll_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr")): saml_enroll_all_user_attr = True saml_allow_basic_login = False if (configurationAttributes.containsKey("saml_allow_basic_login")): saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get("saml_allow_basic_login").getValue2(), False) use_basic_auth = False if (saml_allow_basic_login): # Detect if user used basic authnetication method credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if (StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password)): use_basic_auth = True if ((step == 1) and saml_allow_basic_login and use_basic_auth): print "Saml. Authenticate for step 1. Basic authentication" context.set("saml_count_login_steps", 1) credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = UserService.instance() logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False return True if (step == 1): print "Saml. Authenticate for step 1" currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters) if (currentSamlConfiguration == None): print "Saml. Prepare for step 1. Client saml configuration is invalid" return False saml_response_array = requestParameters.get("SAMLResponse") if ArrayHelper.isEmpty(saml_response_array): print "Saml. Authenticate for step 1. saml_response is empty" return False saml_response = saml_response_array[0] print "Saml. Authenticate for step 1. saml_response:", saml_response samlResponse = Response(currentSamlConfiguration) samlResponse.loadXmlFromBase64(saml_response) saml_validate_response = True if (configurationAttributes.containsKey("saml_validate_response")): saml_validate_response = StringHelper.toBoolean(configurationAttributes.get("saml_validate_response").getValue2(), False) if (saml_validate_response): if (not samlResponse.isValid()): print "Saml. Authenticate for step 1. saml_response isn't valid" saml_response_name_id = samlResponse.getNameId() if (StringHelper.isEmpty(saml_response_name_id)): print "Saml. Authenticate for step 1. saml_response_name_id is invalid" return False print "Saml. Authenticate for step 1. saml_response_name_id:", saml_response_name_id saml_response_attributes = samlResponse.getAttributes() print "Saml. Authenticate for step 1. attributes: ", saml_response_attributes # Use persistent Id as saml_user_uid saml_user_uid = saml_response_name_id if (saml_map_user): # Use mapping to local IDP user print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:", saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" print "Saml. Authenticate for step 1. Setting count steps to 2" context.set("saml_count_login_steps", 2) context.set("saml_user_uid", saml_user_uid) return True found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name:", found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result:", post_login_result return post_login_result elif (saml_enroll_user): # Use auto enrollment to local IDP print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:", saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): # Auto user enrollemnt print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" # Convert saml result attributes keys to lover case saml_response_normalized_attributes = HashMap() for saml_response_attribute_entry in saml_response_attributes.entrySet(): saml_response_normalized_attributes.put( StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue()) currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters) print "Saml. Authenticate for step 1. Using next attributes mapping", currentAttributesMapping newUser = User() for attributesMappingEntry in currentAttributesMapping.entrySet(): idpAttribute = attributesMappingEntry.getKey() localAttribute = attributesMappingEntry.getValue() localAttributeValue = saml_response_normalized_attributes.get(idpAttribute) if (localAttribute != None): newUser.setAttribute(localAttribute, localAttributeValue) newUser.setAttribute("oxExternalUid", "saml:" + saml_user_uid) print "Saml. Authenticate for step 1. Attempting to add user", saml_user_uid, " with next attributes", newUser.getCustomAttributes() find_user_by_uid = userService.addUser(newUser, True) print "Saml. Authenticate for step 1. Added new user with UID", find_user_by_uid.getUserId() found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name:", found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result:", post_login_result return post_login_result elif (saml_enroll_all_user_attr): print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:" + saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" user = User() customAttributes = ArrayList() for key in attributes.keySet(): ldapAttributes = attributeService.getAllAttributes() for ldapAttribute in ldapAttributes: saml2Uri = ldapAttribute.getSaml2Uri() if(saml2Uri == None): saml2Uri = attributeService.getDefaultSaml2Uri(ldapAttribute.getName()) if(saml2Uri == key): attribute = CustomAttribute(ldapAttribute.getName()) attribute.setValues(attributes.get(key)) customAttributes.add(attribute) attribute = CustomAttribute("oxExternalUid") attribute.setValue("saml:" + saml_user_uid) customAttributes.add(attribute) user.setCustomAttributes(customAttributes) if(user.getAttribute("sn") == None): attribute = CustomAttribute("sn") attribute.setValue(saml_user_uid) customAttributes.add(attribute) if(user.getAttribute("cn") == None): attribute = CustomAttribute("cn") attribute.setValue(saml_user_uid) customAttributes.add(attribute) find_user_by_uid = userService.addUser(user, True) print "Saml. Authenticate for step 1. Added new user with UID", find_user_by_uid.getUserId() found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name:", found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result:", post_login_result return post_login_result else: # Check if the is user with specified saml_user_uid print "Saml. Authenticate for step 1. Attempting to find user by uid:", saml_user_uid find_user_by_uid = userService.getUser(saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" return False found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name:", found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result:", post_login_result return post_login_result elif (step == 2): print "Saml. Authenticate for step 2" sessionAttributes = context.get("sessionAttributes") if (sessionAttributes == None) or not sessionAttributes.containsKey("saml_user_uid"): print "Saml. Authenticate for step 2. saml_user_uid is empty" return False saml_user_uid = sessionAttributes.get("saml_user_uid") passed_step1 = StringHelper.isNotEmptyString(saml_user_uid) if (not passed_step1): return False credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False # Check if there is user which has saml_user_uid # Avoid mapping Saml account to more than one IDP account find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): # Add saml_user_uid to user one id UIDs find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 2. Failed to update current user" return False post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result:", post_login_result return post_login_result else: found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 2. found_user_name:", found_user_name if StringHelper.equals(user_name, found_user_name): post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result:", post_login_result return post_login_result return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): context = Contexts.getEventContext() authenticationService = AuthenticationService.instance() userService = UserService.instance() saml_map_user = False saml_enroll_user = False saml_enroll_all_user_attr = False # Use saml_deployment_type only if there is no attributes mapping if (configurationAttributes.containsKey("saml_deployment_type")): saml_deployment_type = StringHelper.toLowerCase( configurationAttributes.get( "saml_deployment_type").getValue2()) if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")): saml_map_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")): saml_enroll_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr")): saml_enroll_all_user_attr = True saml_allow_basic_login = False if (configurationAttributes.containsKey("saml_allow_basic_login")): saml_allow_basic_login = StringHelper.toBoolean( configurationAttributes.get( "saml_allow_basic_login").getValue2(), False) use_basic_auth = False if (saml_allow_basic_login): # Detect if user used basic authnetication method credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if (StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password)): use_basic_auth = True if ((step == 1) and saml_allow_basic_login and use_basic_auth): print "Saml. Authenticate for step 1. Basic authentication" context.set("saml_count_login_steps", 1) credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = UserService.instance() logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False return True if (step == 1): print "Saml. Authenticate for step 1" currentSamlConfiguration = self.getCurrentSamlConfiguration( self.samlConfiguration, configurationAttributes, requestParameters) if (currentSamlConfiguration == None): print "Saml. Prepare for step 1. Client saml configuration is invalid" return False saml_response_array = requestParameters.get("SAMLResponse") if ArrayHelper.isEmpty(saml_response_array): print "Saml. Authenticate for step 1. saml_response is empty" return False saml_response = saml_response_array[0] print "Saml. Authenticate for step 1. saml_response: '%s'" % saml_response samlResponse = Response(currentSamlConfiguration) samlResponse.loadXmlFromBase64(saml_response) saml_validate_response = True if (configurationAttributes.containsKey("saml_validate_response")): saml_validate_response = StringHelper.toBoolean( configurationAttributes.get( "saml_validate_response").getValue2(), False) if (saml_validate_response): if (not samlResponse.isValid()): print "Saml. Authenticate for step 1. saml_response isn't valid" saml_response_attributes = samlResponse.getAttributes() print "Saml. Authenticate for step 1. attributes: '%s'" % saml_response_attributes if (saml_map_user): saml_user_uid = self.getSamlNameId(samlResponse) if saml_user_uid == None: return False # Use mapping to local IDP user print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" print "Saml. Authenticate for step 1. Setting count steps to 2" context.set("saml_count_login_steps", 2) context.set("saml_user_uid", saml_user_uid) return True found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (saml_enroll_user): # Convert SAML response to user entry newUser = self.getMappedUser(configurationAttributes, requestParameters, saml_response_attributes) saml_user_uid = self.getNameId(samlResponse, newUser) if saml_user_uid == None: return False self.setDefaultUid(newUser, saml_user_uid) newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid) # Use auto enrollment to local IDP print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if there is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: # Auto user enrollment print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % ( saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId( ) facesMessages = FacesMessages.instance() facesMessages.add( StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already" ) FacesContext.getCurrentInstance().getExternalContext( ).getFlash().setKeepMessages(True) return False find_user_by_uid = userService.addUser(newUser, True) print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId( ) else: if self.updateUser: print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % ( saml_user_uid, newUser.getCustomAttributes()) find_user_by_uid.setCustomAttributes( newUser.getCustomAttributes()) userService.updateUser(find_user_by_uid) print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (saml_enroll_all_user_attr): # Convert SAML response to user entry newUser = self.getMappedAllAttributesUser( saml_response_attributes) saml_user_uid = self.getNameId(samlResponse, newUser) if saml_user_uid == None: return False self.setDefaultUid(newUser, saml_user_uid) newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid) print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:%s" % saml_user_uid # Check if there is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): # Auto user enrollment print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % ( saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId( ) facesMessages = FacesMessages.instance() facesMessages.add( StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already" ) FacesContext.getCurrentInstance().getExternalContext( ).getFlash().setKeepMessages(True) return False find_user_by_uid = userService.addUser(newUser, True) print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId( ) else: if self.updateUser: print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % ( saml_user_uid, newUser.getCustomAttributes()) find_user_by_uid.setCustomAttributes( newUser.getCustomAttributes()) userService.updateUser(find_user_by_uid) print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result else: if saml_user_uid == None: return False # Check if the is user with specified saml_user_uid print "Saml. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid find_user_by_uid = userService.getUser(saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" return False found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (step == 2): print "Saml. Authenticate for step 2" sessionAttributes = context.get("sessionAttributes") if (sessionAttributes == None ) or not sessionAttributes.containsKey("saml_user_uid"): print "Saml. Authenticate for step 2. saml_user_uid is empty" return False saml_user_uid = sessionAttributes.get("saml_user_uid") passed_step1 = StringHelper.isNotEmptyString(saml_user_uid) if (not passed_step1): return False credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False # Check if there is user which has saml_user_uid # Avoid mapping Saml account to more than one IDP account find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): # Add saml_user_uid to user one id UIDs find_user_by_uid = userService.addUserAttribute( user_name, "oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 2. Failed to update current user" return False post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result else: found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 2. found_user_name: '%s'" % found_user_name if StringHelper.equals(user_name, found_user_name): post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): context = Contexts.getEventContext() authenticationService = AuthenticationService.instance() userService = UserService.instance() httpService = HttpService.instance(); stringEncrypter = StringEncrypter.defaultInstance() cas_host = configurationAttributes.get("cas_host").getValue2() cas_extra_opts = configurationAttributes.get("cas_extra_opts").getValue2() cas_map_user = StringHelper.toBoolean(configurationAttributes.get("cas_map_user").getValue2(), False) cas_renew_opt = StringHelper.toBoolean(configurationAttributes.get("cas_renew_opt").getValue2(), False) if (step == 1): print "CAS2 authenticate for step 1" ticket_array = requestParameters.get("ticket") if ArrayHelper.isEmpty(ticket_array): print "CAS2 authenticate for step 1. ticket is empty" return False ticket = ticket_array[0] print "CAS2 authenticate for step 1. ticket: " + ticket if (StringHelper.isEmptyString(ticket)): print "CAS2 authenticate for step 1. ticket is invalid" return False # Validate ticket request = FacesContext.getCurrentInstance().getExternalContext().getRequest() parametersMap = HashMap() parametersMap.put("service", httpService.constructServerUrl(request) + "/postlogin") if (cas_renew_opt): parametersMap.put("renew", "true") parametersMap.put("ticket", ticket) cas_service_request_uri = authenticationService.parametersAsString(parametersMap) cas_service_request_uri = cas_host + "/serviceValidate?" + cas_service_request_uri if StringHelper.isNotEmpty(cas_extra_opts): cas_service_request_uri = cas_service_request_uri + "&" + cas_extra_opts print "CAS2 authenticate for step 1. cas_service_request_uri: " + cas_service_request_uri http_client = httpService.getHttpsClientTrustAll(); http_response = httpService.executeGet(http_client, cas_service_request_uri) validation_content = httpService.convertEntityToString(httpService.getResponseContent(http_response)) print "CAS2 authenticate for step 1. validation_content: " + validation_content if StringHelper.isEmpty(validation_content): print "CAS2 authenticate for step 1. Ticket validation response is invalid" return False cas2_auth_failure = self.parse_tag(validation_content, "cas:authenticationFailure") print "CAS2 authenticate for step 1. cas2_auth_failure: ", cas2_auth_failure cas2_user_uid = self.parse_tag(validation_content, "cas:user") print "CAS2 authenticate for step 1. cas2_user_uid: ", cas2_user_uid if ((cas2_auth_failure != None) or (cas2_user_uid == None)): print "CAS2 authenticate for step 1. Ticket is invalid" return False if (cas_map_user): print "CAS2 authenticate for step 1. Attempting to find user by oxExternalUid: cas2:" + cas2_user_uid # Check if the is user with specified cas2_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "cas2:" + cas2_user_uid) if (find_user_by_uid == None): print "CAS2 authenticate for step 1. Failed to find user" print "CAS2 authenticate for step 1. Setting count steps to 2" context.set("cas2_count_login_steps", 2) context.set("cas2_user_uid", stringEncrypter.encrypt(cas2_user_uid)) return True found_user_name = find_user_by_uid.getUserId() print "CAS2 authenticate for step 1. found_user_name: " + found_user_name credentials = Identity.instance().getCredentials() credentials.setUsername(found_user_name) credentials.setUser(find_user_by_uid) print "CAS2 authenticate for step 1. Setting count steps to 1" context.set("cas2_count_login_steps", 1) return True else: print "CAS2 authenticate for step 1. Attempting to find user by uid:" + cas2_user_uid # Check if the is user with specified cas2_user_uid find_user_by_uid = userService.getUser(cas2_user_uid) if (find_user_by_uid == None): print "CAS2 authenticate for step 1. Failed to find user" return False found_user_name = find_user_by_uid.getUserId() print "CAS2 authenticate for step 1. found_user_name: " + found_user_name credentials = Identity.instance().getCredentials() credentials.setUsername(found_user_name) credentials.setUser(find_user_by_uid) print "CAS2 authenticate for step 1. Setting count steps to 1" context.set("cas2_count_login_steps", 1) return True elif (step == 2): print "CAS2 authenticate for step 2" cas2_user_uid_array = requestParameters.get("cas2_user_uid") if ArrayHelper.isEmpty(cas2_user_uid_array): print "CAS2 authenticate for step 2. cas2_user_uid is empty" return False cas2_user_uid = stringEncrypter.decrypt(cas2_user_uid_array[0]) passed_step1 = StringHelper.isNotEmptyString(cas2_user_uid) if (not passed_step1): return False credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False # Check if there is user which has cas2_user_uid # Avoid mapping CAS2 account to more than one IDP account find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "cas2:" + cas2_user_uid) if (find_user_by_uid == None): # Add cas2_user_uid to user one id UIDs find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "cas2:" + cas2_user_uid) if (find_user_by_uid == None): print "CAS2 authenticate for step 2. Failed to update current user" return False return True else: found_user_name = find_user_by_uid.getUserId() print "CAS2 authenticate for step 2. found_user_name: " + found_user_name if StringHelper.equals(user_name, found_user_name): return True return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): extensionResult = self.extensionAuthenticate(configurationAttributes, requestParameters, step) if extensionResult != None: return extensionResult authenticationService = CdiUtil.bean(AuthenticationService) userService = CdiUtil.bean(UserService) identity = CdiUtil.bean(Identity) try: UserId = self.getUserValueFromAuth("username", requestParameters) except Exception, err: print "Passport-social: Error: " + str(err) # Use basic method to log in if StringHelper.isNotEmpty(UserId): print "Passport-social: Basic Authentication" credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate(user_name, user_password) print "Passport-social: Basic Authentication returning %s" % logged_in return logged_in else: facesContext = CdiUtil.bean(FacesContext) # Get JWT token if it's post back call
def sendSnsPushNotificationImpl(self, client_redirect_uri, user, super_gluu_request): if not self.enabledPushNotifications: return user_name = user.getUserId() print "Super-Gluu. Send SNS push notification. Loading user '%s' devices" % user_name send_notification = False send_notification_result = True pushSnsService = CdiUtil.bean(PushSnsService) userService = CdiUtil.bean(UserService) deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService) user_inum = userService.getUserInum(user_name) u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations( user_inum, client_redirect_uri, "oxId", "oxDeviceData", "oxDeviceNotificationConf") if u2f_devices_list.size() > 0: for u2f_device in u2f_devices_list: device_data = u2f_device.getDeviceData() # Device data which Super-Gluu gets during enrollment if device_data == None: continue platform = device_data.getPlatform() push_token = device_data.getPushToken() debug = False if StringHelper.equalsIgnoreCase( platform, "ios") and StringHelper.isNotEmpty(push_token): # Sending notification to iOS user's device if self.pushAppleService == None: print "Super-Gluu. Send SNS push notification. Apple SNS push notification service is not enabled" else: targetEndpointArn = self.getTargetEndpointArn( deviceRegistrationService, pushSnsService, PushPlatform.APNS, user, u2f_device) send_notification = True title = "Super-Gluu" message = { "body": "Super-Gluu login request to: %s" % client_redirect_uri } sns_push_request_dictionary = { "sound": 'default', "aps": { "badge": 9, "title": title, "alert": message }, "category": "ACTIONABLE", "content-available": "1", "request": super_gluu_request } push_message = json.dumps(sns_push_request_dictionary, separators=(',', ':')) # msgBuilder.forNewsstand() send_notification_result = pushSnsService.sendPushMessage( self.pushAppleService, PushPlatform.APNS, targetEndpointArn, push_message, None) if debug: print "Super-Gluu. Send iOS SNS push notification. token: '%s', message: '%s', send_notification_result: '%s'" % ( push_token, push_message, send_notification_result) if StringHelper.equalsIgnoreCase( platform, "android") and StringHelper.isNotEmpty(push_token): # Sending notification to Android user's device if self.pushAndroidService == None: print "Super-Gluu. Send SNS push notification. Android SNS push notification service is not enabled" else: targetEndpointArn = self.getTargetEndpointArn( deviceRegistrationService, pushSnsService, PushPlatform.GCM, user, u2f_device) send_notification = True title = "Super-Gluu" sns_push_request_dictionary = { "collapse_key": "single", "content_available": True, "time_to_live": 60, "data": { "message": super_gluu_request, "title": title } } push_message = json.dumps(sns_push_request_dictionary, separators=(',', ':')) send_notification_result = pushSnsService.sendPushMessage( self.pushAndroidService, PushPlatform.GCM, targetEndpointArn, push_message, None) if debug: print "Super-Gluu. Send Android SNS push notification. token: '%s', message: '%s', send_notification_result: '%s'" % ( push_token, push_message, send_notification_result) print "Super-Gluu. Send SNS push notification. send_notification: '%s', send_notification_result: '%s'" % ( send_notification, send_notification_result)
def authenticate(self, configurationAttributes, requestParameters, step): credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() context = Contexts.getEventContext() session_attributes = context.get("sessionAttributes") client_redirect_uri = self.getClientRedirecUri(session_attributes) if client_redirect_uri == None: print "Super-Gluu. Authenticate. redirect_uri is not set" return False self.setEventContextParameters(context) userService = UserService.instance() deviceRegistrationService = DeviceRegistrationService.instance() if step == 1: print "Super-Gluu. Authenticate for step 1" if self.oneStep: session_device_status = self.getSessionDeviceStatus(session_attributes, user_name) if session_device_status == None: return u2f_device_id = session_device_status['device_id'] validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status) if validation_result: print "Super-Gluu. Authenticate for step 1. User successfully authenticated with u2f_device '%s'" % u2f_device_id else: return False if not session_device_status['one_step']: print "Super-Gluu. Authenticate for step 1. u2f_device '%s' is not one step device" % u2f_device_id return False # There are two steps only in enrollment mode if session_device_status['enroll']: return validation_result context.set("super_gluu_count_login_steps", 1) user_inum = session_device_status['user_inum'] u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id, "oxId") if u2f_device == None: print "Super-Gluu. Authenticate for step 1. Failed to load u2f_device '%s'" % u2f_device_id return False logged_in = userService.authenticate(user_name) if not logged_in: print "Super-Gluu. Authenticate for step 1. Failed to authenticate user '%s'" % user_name return False print "Super-Gluu. Authenticate for step 1. User '%s' successfully authenticated with u2f_device '%s'" % (user_name, u2f_device_id) return True elif self.twoStep: authenticated_user = self.processBasicAuthentication(credentials) if authenticated_user == None: return False auth_method = 'authenticate' enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton") if StringHelper.isNotEmpty(enrollment_mode): auth_method = 'enroll' if auth_method == 'authenticate': user_inum = userService.getUserInum(authenticated_user) u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, "oxId") if u2f_devices_list.size() == 0: auth_method = 'enroll' print "Super-Gluu. Authenticate for step 1. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'" % (user_name, client_redirect_uri, auth_method) print "Super-Gluu. Authenticate for step 1. auth_method: '%s'" % auth_method context.set("super_gluu_auth_method", auth_method) return True return False elif step == 2: print "Super-Gluu. Authenticate for step 2" session_attributes = context.get("sessionAttributes") session_device_status = self.getSessionDeviceStatus(session_attributes, user_name) if session_device_status == None: return False u2f_device_id = session_device_status['device_id'] # There are two steps only in enrollment mode if self.oneStep and session_device_status['enroll']: authenticated_user = self.processBasicAuthentication(credentials) if authenticated_user == None: return False user_inum = userService.getUserInum(authenticated_user) attach_result = deviceRegistrationService.attachUserDeviceRegistration(user_inum, u2f_device_id) print "Super-Gluu. Authenticate for step 2. Result after attaching u2f_device '%s' to user '%s': '%s'" % (u2f_device_id, user_name, attach_result) return attach_result elif self.twoStep: if user_name == None: print "Super-Gluu. Authenticate for step 2. Failed to determine user name" return False validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status, user_name) if validation_result: print "Super-Gluu. Authenticate for step 2. User '%s' successfully authenticated with u2f_device '%s'" % (user_name, u2f_device_id) else: return False super_gluu_request = json.loads(session_device_status['super_gluu_request']) auth_method = super_gluu_request['method'] if auth_method in ['enroll', 'authenticate']: return validation_result print "Super-Gluu. Authenticate for step 2. U2F auth_method is invalid" return False else: return False
def sendPushNotification(self, client_redirect_uri, user, super_gluu_request): if not self.enabledPushNotifications: return user_name = user.getUserId() print "Super-Gluu. Send push notification. Loading user '%s' devices" % user_name send_notification = False send_notification_result = True userService = UserService.instance() deviceRegistrationService = DeviceRegistrationService.instance() user_inum = userService.getUserInum(user_name) u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, "oxId", "oxDeviceData") if u2f_devices_list.size() > 0: for u2f_device in u2f_devices_list: device_data = u2f_device.getDeviceData() # Device data which Super-Gluu gets during enrollment if device_data == None: continue platform = device_data.getPlatform() push_token = device_data.getPushToken() debug = False if StringHelper.equalsIgnoreCase(platform, "ios") and StringHelper.isNotEmpty(push_token): # Sending notification to iOS user's device if self.pushAppleService == None: print "Super-Gluu. Send push notification. Apple push notification service is not enabled" else: send_notification = True title = "Super-Gluu" message = "Super-Gluu login request to: %s" % client_redirect_uri additional_fields = { "request" : super_gluu_request } msgBuilder = APNS.newPayload().alertBody(message).alertTitle(title).sound("default") msgBuilder.category('ACTIONABLE').badge(0) msgBuilder.forNewsstand() msgBuilder.customFields(additional_fields) push_message = msgBuilder.build() send_notification_result = self.pushAppleService.push(push_token, push_message) if debug: print "Super-Gluu. Send iOS push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) if StringHelper.equalsIgnoreCase(platform, "android") and StringHelper.isNotEmpty(push_token): # Sending notification to Android user's device if self.pushAndroidService == None: print "Super-Gluu. Send push notification. Android push notification service is not enabled" else: send_notification = True title = "Super-Gluu" msgBuilder = Message.Builder().addData("message", super_gluu_request).addData("title", title).collapseKey("single").contentAvailable(True) push_message = msgBuilder.build() send_notification_result = self.pushAndroidService.send(push_message, push_token, 3) if debug: print "Super-Gluu. Send Android push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) print "Super-Gluu. Send push notification. send_notification: '%s', send_notification_result: '%s'" % (send_notification, send_notification_result)
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() session_attributes = identity.getSessionId().getSessionAttributes() client_redirect_uri = self.getClientRedirecUri(session_attributes) if client_redirect_uri == None: print "Super-Gluu. Authenticate. redirect_uri is not set" return False self.setRequestScopedParameters(identity, step) # Validate form result code and initialize QR code regeneration if needed (retry_current_step = True) identity.setWorkingParameter("retry_current_step", False) form_auth_result = ServerUtil.getFirstValue(requestParameters, "auth_result") if StringHelper.isNotEmpty(form_auth_result): print "Super-Gluu. Authenticate for step %s. Get auth_result: '%s'" % (step, form_auth_result) if form_auth_result in ['error']: return False if form_auth_result in ['timeout']: if ((step == 1) and self.oneStep) or ((step == 2) and self.twoStep): print "Super-Gluu. Authenticate for step %s. Reinitializing current step" % step identity.setWorkingParameter("retry_current_step", True) return False userService = CdiUtil.bean(UserService) deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService) if step == 1: print "Super-Gluu. Authenticate for step 1" user_name = credentials.getUsername() if self.oneStep: session_device_status = self.getSessionDeviceStatus(session_attributes, user_name) if session_device_status == None: return False u2f_device_id = session_device_status['device_id'] validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status) if validation_result: print "Super-Gluu. Authenticate for step 1. User successfully authenticated with u2f_device '%s'" % u2f_device_id else: return False if not session_device_status['one_step']: print "Super-Gluu. Authenticate for step 1. u2f_device '%s' is not one step device" % u2f_device_id return False # There are two steps only in enrollment mode if session_device_status['enroll']: return validation_result identity.setWorkingParameter("super_gluu_count_login_steps", 1) user_inum = session_device_status['user_inum'] u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id, "oxId") if u2f_device == None: print "Super-Gluu. Authenticate for step 1. Failed to load u2f_device '%s'" % u2f_device_id return False logged_in = authenticationService.authenticate(user_name) if not logged_in: print "Super-Gluu. Authenticate for step 1. Failed to authenticate user '%s'" % user_name return False print "Super-Gluu. Authenticate for step 1. User '%s' successfully authenticated with u2f_device '%s'" % (user_name, u2f_device_id) return True elif self.twoStep: authenticated_user = self.processBasicAuthentication(credentials) if authenticated_user == None: return False if (self.use_super_gluu_group): print "Super-Gluu. Authenticate for step 1. Checking if user belong to super_gluu group" is_member_super_gluu_group = self.isUserMemberOfGroup(authenticated_user, self.audit_attribute, self.super_gluu_group) if (is_member_super_gluu_group): print "Super-Gluu. Authenticate for step 1. User '%s' member of super_gluu group" % authenticated_user.getUserId() super_gluu_count_login_steps = 2 else: if self.use_audit_group: self.processAuditGroup(authenticated_user, self.audit_attribute, self.audit_group) super_gluu_count_login_steps = 1 identity.setWorkingParameter("super_gluu_count_login_steps", super_gluu_count_login_steps) if super_gluu_count_login_steps == 1: return True auth_method = 'authenticate' enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton") if StringHelper.isNotEmpty(enrollment_mode): auth_method = 'enroll' if auth_method == 'authenticate': user_inum = userService.getUserInum(authenticated_user) u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, "oxId") if u2f_devices_list.size() == 0: auth_method = 'enroll' print "Super-Gluu. Authenticate for step 1. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'" % (user_name, client_redirect_uri, auth_method) print "Super-Gluu. Authenticate for step 1. auth_method: '%s'" % auth_method identity.setWorkingParameter("super_gluu_auth_method", auth_method) return True return False elif step == 2: print "Super-Gluu. Authenticate for step 2" user = authenticationService.getAuthenticatedUser() if (user == None): print "Super-Gluu. Authenticate for step 2. Failed to determine user name" return False user_name = user.getUserId() session_attributes = identity.getSessionId().getSessionAttributes() session_device_status = self.getSessionDeviceStatus(session_attributes, user_name) if session_device_status == None: return False u2f_device_id = session_device_status['device_id'] # There are two steps only in enrollment mode if self.oneStep and session_device_status['enroll']: authenticated_user = self.processBasicAuthentication(credentials) if authenticated_user == None: return False user_inum = userService.getUserInum(authenticated_user) attach_result = deviceRegistrationService.attachUserDeviceRegistration(user_inum, u2f_device_id) print "Super-Gluu. Authenticate for step 2. Result after attaching u2f_device '%s' to user '%s': '%s'" % (u2f_device_id, user_name, attach_result) return attach_result elif self.twoStep: if user_name == None: print "Super-Gluu. Authenticate for step 2. Failed to determine user name" return False validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status, user_name) if validation_result: print "Super-Gluu. Authenticate for step 2. User '%s' successfully authenticated with u2f_device '%s'" % (user_name, u2f_device_id) else: return False super_gluu_request = json.loads(session_device_status['super_gluu_request']) auth_method = super_gluu_request['method'] if auth_method in ['enroll', 'authenticate']: if validation_result and self.use_audit_group: user = authenticationService.getAuthenticatedUser() self.processAuditGroup(user, self.audit_attribute, self.audit_group) return validation_result print "Super-Gluu. Authenticate for step 2. U2F auth_method is invalid" return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): print "Casa. authenticate %s" % str(step) userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) if step == 1: # Determine if external provider must be used provider = ServerUtil.getFirstValue(requestParameters, "loginForm:provider") if StringHelper.isNotEmpty(provider): url = self.getAuthzRequestUrl(provider) if url != None: CdiUtil.bean(FacesService).redirectToExternalURL(url) return url != None credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if StringHelper.isNotEmptyString( user_name) and StringHelper.isNotEmptyString( user_password): foundUser = userService.getUserByAttribute( self.uid_attr, user_name) #foundUser = userService.getUser(user_name) if foundUser == None: print "Casa. authenticate for step 1. Unknown username" else: acr = foundUser.getAttribute("oxPreferredMethod") logged_in = False if acr == None: logged_in = authenticationService.authenticate( user_name, user_password) elif acr in self.authenticators: module = self.authenticators[acr] logged_in = module.authenticate( module.configAttrs, requestParameters, step) if logged_in: foundUser = authenticationService.getAuthenticatedUser( ) if foundUser == None: print "Casa. authenticate for step 1. Cannot retrieve logged user" else: if acr == None: identity.setWorkingParameter("skip2FA", True) else: #Determine whether to skip 2FA based on policy defined (global or user custom) skip2FA = self.determineSkip2FA( userService, identity, foundUser, ServerUtil.getFirstValue( requestParameters, "loginForm:platform")) identity.setWorkingParameter( "skip2FA", skip2FA) identity.setWorkingParameter("ACR", acr) return True else: print "Casa. authenticate for step 1 was not successful" return False else: user = authenticationService.getAuthenticatedUser() if user == None: print "Casa. authenticate for step 2. Cannot retrieve logged user" return False #see casa.xhtml alter = ServerUtil.getFirstValue(requestParameters, "alternativeMethod") if alter != None: #bypass the rest of this step if an alternative method was provided. Current step will be retried (see getNextStep) self.simulateFirstStep(requestParameters, alter) return True session_attributes = identity.getSessionId().getSessionAttributes() acr = session_attributes.get("ACR") #this working parameter is used in casa.xhtml identity.setWorkingParameter("methods", self.getAvailMethodsUser(user, acr)) success = False if acr in self.authenticators: module = self.authenticators[acr] success = module.authenticate(module.configAttrs, requestParameters, step) #Update the list of trusted devices if 2fa passed if success: print "Casa. authenticate. 2FA authentication was successful" tdi = session_attributes.get("trustedDevicesInfo") if tdi == None: print "Casa. authenticate. List of user's trusted devices was not updated" else: user.setAttribute("oxTrustedDevicesInfo", tdi) userService.updateUser(user) else: print "Casa. authenticate. 2FA authentication failed" return success return False
def authenticate(self, configurationAttributes, requestParameters, step): context = Contexts.getEventContext() authenticationService = AuthenticationService.instance() userService = UserService.instance() saml_map_user = False saml_enroll_user = False saml_enroll_all_user_attr = False # Use saml_deployment_type only if there is no attributes mapping if (configurationAttributes.containsKey("saml_deployment_type")): saml_deployment_type = StringHelper.toLowerCase( configurationAttributes.get( "saml_deployment_type").getValue2()) if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")): saml_map_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")): saml_enroll_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr")): saml_enroll_all_user_attr = True saml_allow_basic_login = False if (configurationAttributes.containsKey("saml_allow_basic_login")): saml_allow_basic_login = StringHelper.toBoolean( configurationAttributes.get( "saml_allow_basic_login").getValue2(), False) use_basic_auth = False if (saml_allow_basic_login): # Detect if user used basic authnetication method credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if (StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password)): use_basic_auth = True if ((step == 1) and saml_allow_basic_login and use_basic_auth): print "Saml. Authenticate for step 1. Basic authentication" context.set("saml_count_login_steps", 1) credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = UserService.instance() logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False return True if (step == 1): print "Saml. Authenticate for step 1" currentSamlConfiguration = self.getCurrentSamlConfiguration( self.samlConfiguration, configurationAttributes, requestParameters) if (currentSamlConfiguration == None): print "Saml. Prepare for step 1. Client saml configuration is invalid" return False saml_response_array = requestParameters.get("SAMLResponse") if ArrayHelper.isEmpty(saml_response_array): print "Saml. Authenticate for step 1. saml_response is empty" return False saml_response = saml_response_array[0] print "Saml. Authenticate for step 1. saml_response: '%s'" % saml_response samlResponse = Response(currentSamlConfiguration) samlResponse.loadXmlFromBase64(saml_response) saml_validate_response = True if (configurationAttributes.containsKey("saml_validate_response")): saml_validate_response = StringHelper.toBoolean( configurationAttributes.get( "saml_validate_response").getValue2(), False) if (saml_validate_response): if (not samlResponse.isValid()): print "Saml. Authenticate for step 1. saml_response isn't valid" saml_response_name_id = samlResponse.getNameId() if (StringHelper.isEmpty(saml_response_name_id)): print "Saml. Authenticate for step 1. saml_response_name_id is invalid" return False print "Saml. Authenticate for step 1. saml_response_name_id: '%s'" % saml_response_name_id saml_response_attributes = samlResponse.getAttributes() print "Saml. Authenticate for step 1. attributes: '%s'" % saml_response_attributes # Use persistent Id as saml_user_uid saml_user_uid = saml_response_name_id if (saml_map_user): # Use mapping to local IDP user print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" print "Saml. Authenticate for step 1. Setting count steps to 2" context.set("saml_count_login_steps", 2) context.set("saml_user_uid", saml_user_uid) return True found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (saml_enroll_user): # Use auto enrollment to local IDP print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): # Auto user enrollemnt print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" # Convert saml result attributes keys to lover case saml_response_normalized_attributes = HashMap() for saml_response_attribute_entry in saml_response_attributes.entrySet( ): saml_response_normalized_attributes.put( StringHelper.toLowerCase( saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue()) currentAttributesMapping = self.prepareCurrentAttributesMapping( self.attributesMapping, configurationAttributes, requestParameters) print "Saml. Authenticate for step 1. Using next attributes mapping '%s'" % currentAttributesMapping newUser = User() # Set custom object classes if self.userObjectClasses != None: print "Saml. Authenticate for step 1. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList( self.userObjectClasses) newUser.setCustomObjectClasses(self.userObjectClasses) for attributesMappingEntry in currentAttributesMapping.entrySet( ): idpAttribute = attributesMappingEntry.getKey() localAttribute = attributesMappingEntry.getValue() if self.debugEnrollment: print "Saml. Authenticate for step 1. Trying to map '%s' into '%s'" % ( idpAttribute, localAttribute) localAttributeValue = saml_response_normalized_attributes.get( idpAttribute) if (localAttributeValue != None): if self.debugEnrollment: print "Saml. Authenticate for step 1. Setting attribute '%s' value '%s'" % ( localAttribute, localAttributeValue) newUser.setAttribute(localAttribute, localAttributeValue) newUser.setAttribute("oxExternalUid", "saml:" + saml_user_uid) print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % ( saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getAttribute( "uid") facesMessages = FacesMessages.instance() facesMessages.add( StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already" ) FacesContext.getCurrentInstance().getExternalContext( ).getFlash().setKeepMessages(True) return False find_user_by_uid = userService.addUser(newUser, True) print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId( ) found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (saml_enroll_all_user_attr): print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:" + saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" user = User() # Set custom object classes if self.userObjectClasses != None: print "Saml. Authenticate for step 1. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList( self.userObjectClasses) user.setCustomObjectClasses(self.userObjectClasses) customAttributes = ArrayList() for key in saml_response_attributes.keySet(): ldapAttributes = attributeService.getAllAttributes() for ldapAttribute in ldapAttributes: saml2Uri = ldapAttribute.getSaml2Uri() if (saml2Uri == None): saml2Uri = attributeService.getDefaultSaml2Uri( ldapAttribute.getName()) if (saml2Uri == key): attribute = CustomAttribute( ldapAttribute.getName()) attribute.setValues(attributes.get(key)) customAttributes.add(attribute) attribute = CustomAttribute("oxExternalUid") attribute.setValue("saml:" + saml_user_uid) customAttributes.add(attribute) user.setCustomAttributes(customAttributes) if (user.getAttribute("sn") == None): attribute = CustomAttribute("sn") attribute.setValue(saml_user_uid) customAttributes.add(attribute) if (user.getAttribute("cn") == None): attribute = CustomAttribute("cn") attribute.setValue(saml_user_uid) customAttributes.add(attribute) user_unique = self.checkUserUniqueness(user) if not user_unique: print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getAttribute( "uid") facesMessages = FacesMessages.instance() facesMessages.add( StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already" ) FacesContext.getCurrentInstance().getExternalContext( ).getFlash().setKeepMessages(True) return False find_user_by_uid = userService.addUser(user, True) print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId( ) found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result else: # Check if the is user with specified saml_user_uid print "Saml. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid find_user_by_uid = userService.getUser(saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" return False found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate( found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (step == 2): print "Saml. Authenticate for step 2" sessionAttributes = context.get("sessionAttributes") if (sessionAttributes == None ) or not sessionAttributes.containsKey("saml_user_uid"): print "Saml. Authenticate for step 2. saml_user_uid is empty" return False saml_user_uid = sessionAttributes.get("saml_user_uid") passed_step1 = StringHelper.isNotEmptyString(saml_user_uid) if (not passed_step1): return False credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False # Check if there is user which has saml_user_uid # Avoid mapping Saml account to more than one IDP account find_user_by_uid = userService.getUserByAttribute( "oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): # Add saml_user_uid to user one id UIDs find_user_by_uid = userService.addUserAttribute( user_name, "oxExternalUid", "saml:" + saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 2. Failed to update current user" return False post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result else: found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 2. found_user_name: '%s'" % found_user_name if StringHelper.equals(user_name, found_user_name): post_login_result = self.samlExtensionPostLogin( configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): context = Contexts.getEventContext() authenticationService = AuthenticationService.instance() userService = UserService.instance() saml_map_user = False saml_enroll_user = False saml_enroll_all_user_attr = False # Use saml_deployment_type only if there is no attributes mapping if (configurationAttributes.containsKey("saml_deployment_type")): saml_deployment_type = StringHelper.toLowerCase(configurationAttributes.get("saml_deployment_type").getValue2()) if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")): saml_map_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")): saml_enroll_user = True if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr")): saml_enroll_all_user_attr = True saml_allow_basic_login = False if (configurationAttributes.containsKey("saml_allow_basic_login")): saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get("saml_allow_basic_login").getValue2(), False) use_basic_auth = False if (saml_allow_basic_login): # Detect if user used basic authnetication method credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if (StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password)): use_basic_auth = True if ((step == 1) and saml_allow_basic_login and use_basic_auth): print "Saml. Authenticate for step 1. Basic authentication" context.set("saml_count_login_steps", 1) credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = UserService.instance() logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False return True if (step == 1): print "Saml. Authenticate for step 1" currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters) if (currentSamlConfiguration == None): print "Saml. Prepare for step 1. Client saml configuration is invalid" return False saml_response_array = requestParameters.get("SAMLResponse") if ArrayHelper.isEmpty(saml_response_array): print "Saml. Authenticate for step 1. saml_response is empty" return False saml_response = saml_response_array[0] print "Saml. Authenticate for step 1. saml_response: '%s'" % saml_response samlResponse = Response(currentSamlConfiguration) samlResponse.loadXmlFromBase64(saml_response) saml_validate_response = True if (configurationAttributes.containsKey("saml_validate_response")): saml_validate_response = StringHelper.toBoolean(configurationAttributes.get("saml_validate_response").getValue2(), False) if (saml_validate_response): if (not samlResponse.isValid()): print "Saml. Authenticate for step 1. saml_response isn't valid" saml_response_attributes = samlResponse.getAttributes() print "Saml. Authenticate for step 1. attributes: '%s'" % saml_response_attributes if (saml_map_user): saml_user_uid = self.getSamlNameId(samlResponse) if saml_user_uid == None: return False # Use mapping to local IDP user print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if the is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" print "Saml. Authenticate for step 1. Setting count steps to 2" context.set("saml_count_login_steps", 2) context.set("saml_user_uid", saml_user_uid) return True found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (saml_enroll_user): # Convert SAML response to user entry newUser = self.getMappedUser(configurationAttributes, requestParameters, saml_response_attributes) saml_user_uid = self.getNameId(samlResponse, newUser) if saml_user_uid == None: return False self.setDefaultUid(newUser, saml_user_uid) newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid) # Use auto enrollment to local IDP print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid # Check if there is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if find_user_by_uid == None: # Auto user enrollment print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId() facesMessages = FacesMessages.instance() facesMessages.add(StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already") FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) return False find_user_by_uid = userService.addUser(newUser, True) print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId() else: if self.updateUser: print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes()) userService.updateUser(find_user_by_uid) print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (saml_enroll_all_user_attr): # Convert SAML response to user entry newUser = self.getMappedAllAttributesUser(saml_response_attributes) saml_user_uid = self.getNameId(samlResponse, newUser) if saml_user_uid == None: return False self.setDefaultUid(newUser, saml_user_uid) newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid) print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:%s" % saml_user_uid # Check if there is user with specified saml_user_uid find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): # Auto user enrollment print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP" print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) user_unique = self.checkUserUniqueness(newUser) if not user_unique: print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId() facesMessages = FacesMessages.instance() facesMessages.add(StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already") FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True) return False find_user_by_uid = userService.addUser(newUser, True) print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId() else: if self.updateUser: print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes()) find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes()) userService.updateUser(find_user_by_uid) print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result else: if saml_user_uid == None: return False # Check if the is user with specified saml_user_uid print "Saml. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid find_user_by_uid = userService.getUser(saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 1. Failed to find user" return False found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name user_authenticated = authenticationService.authenticate(found_user_name) if (user_authenticated == False): print "Saml. Authenticate for step 1. Failed to authenticate user" return False print "Saml. Authenticate for step 1. Setting count steps to 1" context.set("saml_count_login_steps", 1) post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result return post_login_result elif (step == 2): print "Saml. Authenticate for step 2" sessionAttributes = context.get("sessionAttributes") if (sessionAttributes == None) or not sessionAttributes.containsKey("saml_user_uid"): print "Saml. Authenticate for step 2. saml_user_uid is empty" return False saml_user_uid = sessionAttributes.get("saml_user_uid") passed_step1 = StringHelper.isNotEmptyString(saml_user_uid) if (not passed_step1): return False credentials = Identity.instance().getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = userService.authenticate(user_name, user_password) if (not logged_in): return False # Check if there is user which has saml_user_uid # Avoid mapping Saml account to more than one IDP account find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): # Add saml_user_uid to user one id UIDs find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "saml:%s" % saml_user_uid) if (find_user_by_uid == None): print "Saml. Authenticate for step 2. Failed to update current user" return False post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result else: found_user_name = find_user_by_uid.getUserId() print "Saml. Authenticate for step 2. found_user_name: '%s'" % found_user_name if StringHelper.equals(user_name, found_user_name): post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid) print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result return post_login_result return False else: return False
def sendPushNotificationImpl(self, client_redirect_uri, user, super_gluu_request): if not self.enabledPushNotifications: return user_name = user.getUserId() print "Super-Gluu. Send push notification. Loading user '%s' devices" % user_name send_notification = False send_notification_result = True userService = CdiUtil.bean(UserService) deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService) user_inum = userService.getUserInum(user_name) send_android = 0 send_ios = 0 u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, "oxId", "oxDeviceData", "oxDeviceNotificationConf") if u2f_devices_list.size() > 0: for u2f_device in u2f_devices_list: device_data = u2f_device.getDeviceData() # Device data which Super-Gluu gets during enrollment if device_data == None: continue platform = device_data.getPlatform() push_token = device_data.getPushToken() debug = False if StringHelper.equalsIgnoreCase(platform, "ios") and StringHelper.isNotEmpty(push_token): # Sending notification to iOS user's device if self.pushAppleService == None: print "Super-Gluu. Send push notification. Apple native push notification service is not enabled" else: send_notification = True title = "Super-Gluu" message = "Super-Gluu login request to: %s" % client_redirect_uri if self.pushSnsMode or self.pushGluuMode: pushSnsService = CdiUtil.bean(PushSnsService) targetEndpointArn = self.getTargetEndpointArn(deviceRegistrationService, pushSnsService, PushPlatform.APNS, user, u2f_device) if targetEndpointArn == None: return send_notification = True sns_push_request_dictionary = { "aps": { "badge": 0, "alert" : {"body": message, "title" : title}, "category": "ACTIONABLE", "content-available": "1", "sound": 'default' }, "request" : super_gluu_request } push_message = json.dumps(sns_push_request_dictionary, separators=(',',':')) if self.pushSnsMode: apple_push_platform = PushPlatform.APNS if not self.pushAppleServiceProduction: apple_push_platform = PushPlatform.APNS_SANDBOX send_notification_result = pushSnsService.sendPushMessage(self.pushAppleService, apple_push_platform, targetEndpointArn, push_message, None) if debug: print "Super-Gluu. Send iOS SNS push notification. token: '%s', message: '%s', send_notification_result: '%s', apple_push_platform: '%s'" % (push_token, push_message, send_notification_result, apple_push_platform) elif self.pushGluuMode: send_notification_result = self.pushAppleService.sendNotification(self.pushAppleServiceAuth, targetEndpointArn, push_message) if debug: print "Super-Gluu. Send iOS Gluu push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) else: additional_fields = { "request" : super_gluu_request } msgBuilder = APNS.newPayload().alertBody(message).alertTitle(title).sound("default") msgBuilder.category('ACTIONABLE').badge(0) msgBuilder.forNewsstand() msgBuilder.customFields(additional_fields) push_message = msgBuilder.build() send_notification_result = self.pushAppleService.push(push_token, push_message) if debug: print "Super-Gluu. Send iOS Native push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) send_ios = send_ios + 1 if StringHelper.equalsIgnoreCase(platform, "android") and StringHelper.isNotEmpty(push_token): # Sending notification to Android user's device if self.pushAndroidService == None: print "Super-Gluu. Send native push notification. Android native push notification service is not enabled" else: send_notification = True title = "Super-Gluu" if self.pushSnsMode or self.pushGluuMode: pushSnsService = CdiUtil.bean(PushSnsService) targetEndpointArn = self.getTargetEndpointArn(deviceRegistrationService, pushSnsService, PushPlatform.GCM, user, u2f_device) if targetEndpointArn == None: return send_notification = True sns_push_request_dictionary = { "collapse_key": "single", "content_available": True, "time_to_live": 60, "data": { "message" : super_gluu_request, "title" : title } } push_message = json.dumps(sns_push_request_dictionary, separators=(',',':')) if self.pushSnsMode: send_notification_result = pushSnsService.sendPushMessage(self.pushAndroidService, PushPlatform.GCM, targetEndpointArn, push_message, None) if debug: print "Super-Gluu. Send Android SNS push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) elif self.pushGluuMode: send_notification_result = self.pushAndroidService.sendNotification(self.pushAndroidServiceAuth, targetEndpointArn, push_message) if debug: print "Super-Gluu. Send Android Gluu push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) else: msgBuilder = Message.Builder().addData("message", super_gluu_request).addData("title", title).collapseKey("single").contentAvailable(True) push_message = msgBuilder.build() send_notification_result = self.pushAndroidService.send(push_message, push_token, 3) if debug: print "Super-Gluu. Send Android Native push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result) send_android = send_android + 1 print "Super-Gluu. Send push notification. send_android: '%s', send_ios: '%s'" % (send_android, send_ios)