def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):
remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property"
return None
localAttributesListArray = StringHelper.split(localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property"
return None
if (len(remoteAttributesListArray) != len(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal"
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
if (StringHelper.equalsIgnoreCase(localAttribute, "uid")):
containsUid = True
i = i + 1
if (not containsUid):
print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute"
return None
return attributeMapping
def prepareAttributesMapping(self, saml_idp_attributes_list, saml_local_attributes_list):
saml_idp_attributes_list_array = StringHelper.split(saml_idp_attributes_list, ",")
if (ArrayHelper.isEmpty(saml_idp_attributes_list_array)):
print "Saml. PrepareAttributesMapping. There is no attributes specified in saml_idp_attributes_list property"
return None
saml_local_attributes_list_array = StringHelper.split(saml_local_attributes_list, ",")
if (ArrayHelper.isEmpty(saml_local_attributes_list_array)):
print "Saml. PrepareAttributesMapping. There is no attributes specified in saml_local_attributes_list property"
return None
if (len(saml_idp_attributes_list_array) != len(saml_local_attributes_list_array)):
print "Saml. PrepareAttributesMapping. The number of attributes in saml_idp_attributes_list and saml_local_attributes_list isn't equal"
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(saml_idp_attributes_list_array)
while (i < count):
idpAttribute = StringHelper.toLowerCase(saml_idp_attributes_list_array[i])
localAttribute = StringHelper.toLowerCase(saml_local_attributes_list_array[i])
attributeMapping.put(idpAttribute, localAttribute)
if (StringHelper.equalsIgnoreCase(localAttribute, "uid")):
containsUid = True
i = i + 1
if (not containsUid):
print "Saml. PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute"
return None
return attributeMapping
def prepareAttributesMapping(self, saml_idp_attributes_list, saml_local_attributes_list):
saml_idp_attributes_list_array = StringHelper.split(saml_idp_attributes_list, ",")
if (ArrayHelper.isEmpty(saml_idp_attributes_list_array)):
print "Saml. PrepareAttributesMapping. There is no attributes specified in saml_idp_attributes_list property"
return None
saml_local_attributes_list_array = StringHelper.split(saml_local_attributes_list, ",")
if (ArrayHelper.isEmpty(saml_local_attributes_list_array)):
print "Saml. PrepareAttributesMapping. There is no attributes specified in saml_local_attributes_list property"
return None
if (len(saml_idp_attributes_list_array) != len(saml_local_attributes_list_array)):
print "Saml. PrepareAttributesMapping. The number of attributes in saml_idp_attributes_list and saml_local_attributes_list isn't equal"
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(saml_idp_attributes_list_array)
while (i < count):
idpAttribute = StringHelper.toLowerCase(saml_idp_attributes_list_array[i])
localAttribute = StringHelper.toLowerCase(saml_local_attributes_list_array[i])
attributeMapping.put(idpAttribute, localAttribute)
if (StringHelper.equalsIgnoreCase(localAttribute, "uid")):
containsUid = True
i = i + 1
if (not containsUid):
print "Saml. PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute"
return None
return attributeMapping
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):
remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property"
return None
localAttributesListArray = StringHelper.split(localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property"
return None
if (len(remoteAttributesListArray) != len(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal"
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
if (StringHelper.equalsIgnoreCase(localAttribute, "uid")):
containsUid = True
i = i + 1
if (not containsUid):
print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute"
return None
return attributeMapping
def attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list):
try:
azure_ad_attributes_list_array = StringHelper.split(azure_ad_attributes_list, ",")
if ArrayHelper.isEmpty(azure_ad_attributes_list_array):
print("ThumbSignIn: There is no attributes specified in azure_ad_attributes_list property")
return None
gluu_ldap_attributes_list_array = StringHelper.split(gluu_ldap_attributes_list, ",")
if ArrayHelper.isEmpty(gluu_ldap_attributes_list_array):
print("ThumbSignIn: There is no attributes specified in gluu_ldap_attributes_list property")
return None
if len(azure_ad_attributes_list_array) != len(gluu_ldap_attributes_list_array):
print("ThumbSignIn: The number of attributes isn't equal")
return None
attributes_map = IdentityHashMap()
i = 0
count = len(azure_ad_attributes_list_array)
while i < count:
azure_ad_attribute = StringHelper.toLowerCase(azure_ad_attributes_list_array[i])
gluu_ldap_attribute = StringHelper.toLowerCase(gluu_ldap_attributes_list_array[i])
attributes_map.put(azure_ad_attribute, gluu_ldap_attribute)
i = i + 1
return attributes_map
except Exception, err:
print("ThumbSignIn: Exception inside prepareAttributesMapping " + str(err))
def prepareAttributesMapping(self, saml_idp_attributes_mapping):
saml_idp_attributes_mapping_json = json.loads(saml_idp_attributes_mapping)
if len(saml_idp_attributes_mapping_json) == 0:
print "Saml. PrepareAttributesMapping. There is no attributes mapping specified in saml_idp_attributes_mapping property"
return None
attributeMapping = IdentityHashMap()
for local_attribute_name in saml_idp_attributes_mapping_json:
localAttribute = StringHelper.toLowerCase(local_attribute_name)
for idp_attribute_name in saml_idp_attributes_mapping_json[local_attribute_name]:
idpAttribute = StringHelper.toLowerCase(idp_attribute_name)
attributeMapping.put(idpAttribute, localAttribute)
return attributeMapping
def prepareAttributesMapping(self, saml_idp_attributes_mapping):
saml_idp_attributes_mapping_json = json.loads(saml_idp_attributes_mapping)
if len(saml_idp_attributes_mapping_json) == 0:
print "Saml. PrepareAttributesMapping. There is no attributes mapping specified in saml_idp_attributes_mapping property"
return None
attributeMapping = IdentityHashMap()
for local_attribute_name in saml_idp_attributes_mapping_json:
localAttribute = StringHelper.toLowerCase(local_attribute_name)
for idp_attribute_name in saml_idp_attributes_mapping_json[local_attribute_name]:
idpAttribute = StringHelper.toLowerCase(idp_attribute_name)
attributeMapping.put(idpAttribute, localAttribute)
return attributeMapping
def getMappedUser(self, configurationAttributes, requestParameters, saml_response_attributes):
# Convert Saml result attributes keys to lover case
saml_response_normalized_attributes = HashMap()
for saml_response_attribute_entry in saml_response_attributes.entrySet():
saml_response_normalized_attributes.put(StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue())
currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Saml. Get mapped user. Using next attributes mapping '%s'" % currentAttributesMapping
newUser = User()
# Set custom object classes
if self.userObjectClasses != None:
print "Saml. Get mapped user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses)
newUser.setCustomObjectClasses(self.userObjectClasses)
for attributesMappingEntry in currentAttributesMapping.entrySet():
idpAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
if self.debugEnrollment:
print "Saml. Get mapped user. Trying to map '%s' into '%s'" % (idpAttribute, localAttribute)
localAttributeValue = saml_response_normalized_attributes.get(idpAttribute)
if (localAttributeValue != None):
if self.debugEnrollment:
print "Saml. Get mapped user. Setting attribute '%s' value '%s'" % (localAttribute, localAttributeValue)
newUser.setAttribute(localAttribute, localAttributeValue)
return newUser
def getMappedUser(self, configurationAttributes, requestParameters, saml_response_attributes):
# Convert Saml result attributes keys to lover case
saml_response_normalized_attributes = HashMap()
for saml_response_attribute_entry in saml_response_attributes.entrySet():
saml_response_normalized_attributes.put(StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue())
currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Saml. Get mapped user. Using next attributes mapping '%s'" % currentAttributesMapping
newUser = User()
# Set custom object classes
if self.userObjectClasses != None:
print "Saml. Get mapped user. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(self.userObjectClasses)
newUser.setCustomObjectClasses(self.userObjectClasses)
for attributesMappingEntry in currentAttributesMapping.entrySet():
idpAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
if self.debugEnrollment:
print "Saml. Get mapped user. Trying to map '%s' into '%s'" % (idpAttribute, localAttribute)
localAttributeValue = saml_response_normalized_attributes.get(idpAttribute)
if (localAttributeValue != None):
if self.debugEnrollment:
print "Saml. Get mapped user. Setting attribute '%s' value '%s'" % (localAttribute, localAttributeValue)
newUser.setAttribute(localAttribute, localAttributeValue)
return newUser
def prepareAttributesMapping(self, remoteAttributesList,
localAttributesList):
try:
remoteAttributesListArray = StringHelper.split(
remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print(
"Registration: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property"
)
return None
localAttributesListArray = StringHelper.split(
localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print(
"Registration: PrepareAttributesMapping. There is no attributes specified in localAttributesList property"
)
return None
if (len(remoteAttributesListArray) !=
len(localAttributesListArray)):
print(
"Registration: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal"
)
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(
remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(
localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
i = i + 1
return attributeMapping
except Exception, err:
print("Registration: Exception inside prepareAttributesMapping " +
str(err))
def updateAttributes(self, person):
attributes = person.getCustomAttributes()
# Add new attribute preferredLanguage
attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage", "en-us")
attributes.add(attrPrefferedLanguage)
# Add new attribute userPassword
attrUserPassword = GluuCustomAttribute("userPassword", "secret")
attributes.add(attrUserPassword)
# Update givenName attribute
for attribute in attributes:
attrName = attribute.getName()
if ("givenname" == StringHelper.toLowerCase(attrName)):
attribute.setValue(StringHelper.removeMultipleSpaces(attribute.getValue()) + " (updated)")
return True
def updateUser(self, user, configurationAttributes):
attributes = user.getCustomAttributes()
# Add new attribute preferredLanguage
attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage", "en-us")
attributes.add(attrPrefferedLanguage)
# Add new attribute userPassword
attrUserPassword = GluuCustomAttribute("userPassword", "test")
attributes.add(attrUserPassword)
# Update givenName attribute
for attribute in attributes:
attrName = attribute.getName()
if (("givenname" == StringHelper.toLowerCase(attrName)) and StringHelper.isNotEmpty(attribute.getValue())):
attribute.setValue(StringHelper.removeMultipleSpaces(attribute.getValue()) + " (updated)")
return True
def updateUser(self, user, configurationAttributes):
attributes = user.getCustomAttributes()
# Add new attribute preferredLanguage
attrPrefferedLanguage = GluuCustomAttribute("preferredLanguage",
"en-us")
attributes.add(attrPrefferedLanguage)
# Add new attribute userPassword
attrUserPassword = GluuCustomAttribute("userPassword", "test")
attributes.add(attrUserPassword)
# Update givenName attribute
for attribute in attributes:
attrName = attribute.getName()
if (("givenname" == StringHelper.toLowerCase(attrName))
and StringHelper.isNotEmpty(attribute.getValue())):
attribute.setValue(
StringHelper.removeMultipleSpaces(attribute.getValue()) +
" (updated)")
return True
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
saml_map_user = False
saml_enroll_user = False
saml_enroll_all_user_attr = False
# Use saml_deployment_type only if there is no attributes mapping
if (configurationAttributes.containsKey("saml_deployment_type")):
saml_deployment_type = StringHelper.toLowerCase(
configurationAttributes.get(
"saml_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")):
saml_map_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")):
saml_enroll_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type,
"enroll_all_attr")):
saml_enroll_all_user_attr = True
saml_allow_basic_login = False
if (configurationAttributes.containsKey("saml_allow_basic_login")):
saml_allow_basic_login = StringHelper.toBoolean(
configurationAttributes.get(
"saml_allow_basic_login").getValue2(), False)
use_basic_auth = False
if (saml_allow_basic_login):
# Detect if user used basic authnetication method
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
if (StringHelper.isNotEmpty(user_name)
and StringHelper.isNotEmpty(user_password)):
use_basic_auth = True
if ((step == 1) and saml_allow_basic_login and use_basic_auth):
print "Saml. Authenticate for step 1. Basic authentication"
context.set("saml_count_login_steps", 1)
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
if (step == 1):
print "Saml. Authenticate for step 1"
currentSamlConfiguration = self.getCurrentSamlConfiguration(
self.samlConfiguration, configurationAttributes,
requestParameters)
if (currentSamlConfiguration == None):
print "Saml. Prepare for step 1. Client saml configuration is invalid"
return False
saml_response_array = requestParameters.get("SAMLResponse")
if ArrayHelper.isEmpty(saml_response_array):
print "Saml. Authenticate for step 1. saml_response is empty"
return False
saml_response = saml_response_array[0]
print "Saml. Authenticate for step 1. saml_response: '%s'" % saml_response
samlResponse = Response(currentSamlConfiguration)
samlResponse.loadXmlFromBase64(saml_response)
saml_validate_response = True
if (configurationAttributes.containsKey("saml_validate_response")):
saml_validate_response = StringHelper.toBoolean(
configurationAttributes.get(
"saml_validate_response").getValue2(), False)
if (saml_validate_response):
if (not samlResponse.isValid()):
print "Saml. Authenticate for step 1. saml_response isn't valid"
saml_response_attributes = samlResponse.getAttributes()
print "Saml. Authenticate for step 1. attributes: '%s'" % saml_response_attributes
if (saml_map_user):
saml_user_uid = self.getSamlNameId(samlResponse)
if saml_user_uid == None:
return False
# Use mapping to local IDP user
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
print "Saml. Authenticate for step 1. Setting count steps to 2"
context.set("saml_count_login_steps", 2)
context.set("saml_user_uid", saml_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (saml_enroll_user):
# Convert SAML response to user entry
newUser = self.getMappedUser(configurationAttributes,
requestParameters,
saml_response_attributes)
saml_user_uid = self.getNameId(samlResponse, newUser)
if saml_user_uid == None:
return False
self.setDefaultUid(newUser, saml_user_uid)
newUser.setAttribute("oxExternalUid",
"saml:%s" % saml_user_uid)
# Use auto enrollment to local IDP
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid
# Check if there is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:%s" % saml_user_uid)
if find_user_by_uid == None:
# Auto user enrollment
print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (
saml_user_uid, newUser.getCustomAttributes())
user_unique = self.checkUserUniqueness(newUser)
if not user_unique:
print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId(
)
facesMessages = FacesMessages.instance()
facesMessages.add(
StatusMessage.Severity.ERROR,
"Failed to enroll. User with same key attributes exist already"
)
FacesContext.getCurrentInstance().getExternalContext(
).getFlash().setKeepMessages(True)
return False
find_user_by_uid = userService.addUser(newUser, True)
print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId(
)
else:
if self.updateUser:
print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (
saml_user_uid, newUser.getCustomAttributes())
find_user_by_uid.setCustomAttributes(
newUser.getCustomAttributes())
userService.updateUser(find_user_by_uid)
print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (saml_enroll_all_user_attr):
# Convert SAML response to user entry
newUser = self.getMappedAllAttributesUser(
saml_response_attributes)
saml_user_uid = self.getNameId(samlResponse, newUser)
if saml_user_uid == None:
return False
self.setDefaultUid(newUser, saml_user_uid)
newUser.setAttribute("oxExternalUid",
"saml:%s" % saml_user_uid)
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:%s" % saml_user_uid
# Check if there is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
# Auto user enrollment
print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (
saml_user_uid, newUser.getCustomAttributes())
user_unique = self.checkUserUniqueness(newUser)
if not user_unique:
print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId(
)
facesMessages = FacesMessages.instance()
facesMessages.add(
StatusMessage.Severity.ERROR,
"Failed to enroll. User with same key attributes exist already"
)
FacesContext.getCurrentInstance().getExternalContext(
).getFlash().setKeepMessages(True)
return False
find_user_by_uid = userService.addUser(newUser, True)
print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId(
)
else:
if self.updateUser:
print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (
saml_user_uid, newUser.getCustomAttributes())
find_user_by_uid.setCustomAttributes(
newUser.getCustomAttributes())
userService.updateUser(find_user_by_uid)
print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
else:
if saml_user_uid == None:
return False
# Check if the is user with specified saml_user_uid
print "Saml. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid
find_user_by_uid = userService.getUser(saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (step == 2):
print "Saml. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None
) or not sessionAttributes.containsKey("saml_user_uid"):
print "Saml. Authenticate for step 2. saml_user_uid is empty"
return False
saml_user_uid = sessionAttributes.get("saml_user_uid")
passed_step1 = StringHelper.isNotEmptyString(saml_user_uid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has saml_user_uid
# Avoid mapping Saml account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
# Add saml_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(
user_name, "oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 2. Failed to update current user"
return False
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result
return post_login_result
else:
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 2. found_user_name: '%s'" % found_user_name
if StringHelper.equals(user_name, found_user_name):
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result
return post_login_result
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = Component.getInstance(AuthenticationService)
userService = Component.getInstance(UserService)
mapUserDeployment = False
enrollUserDeployment = False
if (configurationAttributes.containsKey("gplus_deployment_type")):
deploymentType = StringHelper.toLowerCase(configurationAttributes.get("gplus_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(deploymentType, "map")):
mapUserDeployment = True
if (StringHelper.equalsIgnoreCase(deploymentType, "enroll")):
enrollUserDeployment = True
if (step == 1):
print "Google+ Authenticate for step 1"
gplusAuthCodeArray = requestParameters.get("gplus_auth_code")
gplusAuthCode = gplusAuthCodeArray[0]
# Check if user uses basic method to log in
useBasicAuth = False
if (StringHelper.isEmptyString(gplusAuthCode)):
useBasicAuth = True
# Use basic method to log in
if (useBasicAuth):
print "Google+ Authenticate for step 1. Basic authentication"
context.set("gplus_count_login_steps", 1)
credentials = Identity.instance().getCredentials()
userName = credentials.getUsername()
userPassword = credentials.getPassword()
loggedIn = False
if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)):
userService = Component.getInstance(UserService)
loggedIn = userService.authenticate(userName, userPassword)
if (not loggedIn):
return False
return True
# Use Google+ method to log in
print "Google+ Authenticate for step 1. gplusAuthCode:", gplusAuthCode
currentClientSecrets = self.getCurrentClientSecrets(self.clientSecrets, configurationAttributes, requestParameters)
if (currentClientSecrets == None):
print "Google+ Authenticate for step 1. Client secrets configuration is invalid"
return False
print "Google+ Authenticate for step 1. Attempting to gets tokens"
tokenResponse = self.getTokensByCode(self.clientSecrets, configurationAttributes, gplusAuthCode);
if ((tokenResponse == None) or (tokenResponse.getIdToken() == None) or (tokenResponse.getAccessToken() == None)):
print "Google+ Authenticate for step 1. Failed to get tokens"
return False
else:
print "Google+ Authenticate for step 1. Successfully gets tokens"
jwt = Jwt.parse(tokenResponse.getIdToken())
# TODO: Validate ID Token Signature
gplusUserUid = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
print "Google+ Authenticate for step 1. Found Google user ID in the ID token: ", gplusUserUid
if (mapUserDeployment):
# Use mapping to local IDP user
print "Google+ Authenticate for step 1. Attempting to find user by oxExternalUid: gplus:", gplusUserUid
# Check if there is user with specified gplusUserUid
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
print "Google+ Authenticate for step 1. Failed to find user"
print "Google+ Authenticate for step 1. Setting count steps to 2"
context.set("gplus_count_login_steps", 2)
context.set("gplus_user_uid", gplusUserUid)
return True
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 1. foundUserName:"******"Google+ Authenticate for step 1. Failed to authenticate user"
return False
print "Google+ Authenticate for step 1. Setting count steps to 1"
context.set("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 1. postLoginResult:", postLoginResult
return postLoginResult
elif (enrollUserDeployment):
# Use auto enrollment to local IDP
print "Google+ Authenticate for step 1. Attempting to find user by oxExternalUid: gplus:", gplusUserUid
# Check if there is user with specified gplusUserUid
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
# Auto user enrollemnt
print "Google+ Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Google+ Authenticate for step 1. Attempting to gets user info"
userInfoResponse = self.getUserInfo(currentClientSecrets, configurationAttributes, tokenResponse.getAccessToken())
if ((userInfoResponse == None) or (userInfoResponse.getClaims().size() == 0)):
print "Google+ Authenticate for step 1. Failed to get user info"
return False
else:
print "Google+ Authenticate for step 1. Successfully gets user info"
gplusResponseAttributes = userInfoResponse.getClaims()
# Convert Google+ user claims to lover case
gplusResponseNormalizedAttributes = HashMap()
for gplusResponseAttributeEntry in gplusResponseAttributes.entrySet():
gplusResponseNormalizedAttributes.put(
StringHelper.toLowerCase(gplusResponseAttributeEntry.getKey()), gplusResponseAttributeEntry.getValue())
currentAttributesMapping = self.getCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Google+ Authenticate for step 1. Using next attributes mapping", currentAttributesMapping
newUser = User()
for attributesMappingEntry in currentAttributesMapping.entrySet():
remoteAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
localAttributeValue = gplusResponseNormalizedAttributes.get(remoteAttribute)
if (localAttribute != None):
newUser.setAttribute(localAttribute, localAttributeValue)
if (newUser.getAttribute("sn") == None):
newUser.setAttribute("sn", gplusUserUid)
if (newUser.getAttribute("cn") == None):
newUser.setAttribute("cn", gplusUserUid)
newUser.setAttribute("oxExternalUid", "gplus:" + gplusUserUid)
print "Google+ Authenticate for step 1. Attempting to add user", gplusUserUid, " with next attributes", newUser.getCustomAttributes()
foundUser = userService.addUser(newUser, True)
print "Google+ Authenticate for step 1. Added new user with UID", foundUser.getUserId()
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 1. foundUserName:"******"Google+ Authenticate for step 1. Failed to authenticate user"
return False
print "Google+ Authenticate for step 1. Setting count steps to 1"
context.set("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 1. postLoginResult:", postLoginResult
return postLoginResult
else:
# Check if there is user with specified gplusUserUid
print "Google+ Authenticate for step 1. Attempting to find user by uid:", gplusUserUid
foundUser = userService.getUser(gplusUserUid)
if (foundUser == None):
print "Google+ Authenticate for step 1. Failed to find user"
return False
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 1. foundUserName:"******"Google+ Authenticate for step 1. Failed to authenticate user"
return False
print "Google+ Authenticate for step 1. Setting count steps to 1"
context.set("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 1. postLoginResult:", postLoginResult
return postLoginResult
elif (step == 2):
print "Google+ Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None) or not sessionAttributes.containsKey("gplus_user_uid"):
print "Google+ Authenticate for step 2. gplus_user_uid is empty"
return False
gplusUserUid = sessionAttributes.get("gplus_user_uid")
passed_step1 = StringHelper.isNotEmptyString(gplusUserUid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
userName = credentials.getUsername()
userPassword = credentials.getPassword()
loggedIn = False
if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)):
loggedIn = userService.authenticate(userName, userPassword)
if (not loggedIn):
return False
# Check if there is user which has gplusUserUid
# Avoid mapping Google account to more than one IDP account
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
# Add gplusUserUid to user one id UIDs
foundUser = userService.addUserAttribute(userName, "oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
print "Google+ Authenticate for step 2. Failed to update current user"
return False
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 2. postLoginResult:", postLoginResult
return postLoginResult
else:
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 2. foundUserName:"******"Google+ Authenticate for step 2. postLoginResult:", postLoginResult
return postLoginResult
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
saml_map_user = False
saml_enroll_user = False
saml_enroll_all_user_attr = False
# Use saml_deployment_type only if there is no attributes mapping
if (configurationAttributes.containsKey("saml_deployment_type")):
saml_deployment_type = StringHelper.toLowerCase(
configurationAttributes.get(
"saml_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")):
saml_map_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")):
saml_enroll_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type,
"enroll_all_attr")):
saml_enroll_all_user_attr = True
saml_allow_basic_login = False
if (configurationAttributes.containsKey("saml_allow_basic_login")):
saml_allow_basic_login = StringHelper.toBoolean(
configurationAttributes.get(
"saml_allow_basic_login").getValue2(), False)
use_basic_auth = False
if (saml_allow_basic_login):
# Detect if user used basic authnetication method
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
if (StringHelper.isNotEmpty(user_name)
and StringHelper.isNotEmpty(user_password)):
use_basic_auth = True
if ((step == 1) and saml_allow_basic_login and use_basic_auth):
print "Saml. Authenticate for step 1. Basic authentication"
context.set("saml_count_login_steps", 1)
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
if (step == 1):
print "Saml. Authenticate for step 1"
currentSamlConfiguration = self.getCurrentSamlConfiguration(
self.samlConfiguration, configurationAttributes,
requestParameters)
if (currentSamlConfiguration == None):
print "Saml. Prepare for step 1. Client saml configuration is invalid"
return False
saml_response_array = requestParameters.get("SAMLResponse")
if ArrayHelper.isEmpty(saml_response_array):
print "Saml. Authenticate for step 1. saml_response is empty"
return False
saml_response = saml_response_array[0]
print "Saml. Authenticate for step 1. saml_response: '%s'" % saml_response
samlResponse = Response(currentSamlConfiguration)
samlResponse.loadXmlFromBase64(saml_response)
saml_validate_response = True
if (configurationAttributes.containsKey("saml_validate_response")):
saml_validate_response = StringHelper.toBoolean(
configurationAttributes.get(
"saml_validate_response").getValue2(), False)
if (saml_validate_response):
if (not samlResponse.isValid()):
print "Saml. Authenticate for step 1. saml_response isn't valid"
saml_response_name_id = samlResponse.getNameId()
if (StringHelper.isEmpty(saml_response_name_id)):
print "Saml. Authenticate for step 1. saml_response_name_id is invalid"
return False
print "Saml. Authenticate for step 1. saml_response_name_id: '%s'" % saml_response_name_id
saml_response_attributes = samlResponse.getAttributes()
print "Saml. Authenticate for step 1. attributes: '%s'" % saml_response_attributes
# Use persistent Id as saml_user_uid
saml_user_uid = saml_response_name_id
if (saml_map_user):
# Use mapping to local IDP user
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
print "Saml. Authenticate for step 1. Setting count steps to 2"
context.set("saml_count_login_steps", 2)
context.set("saml_user_uid", saml_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (saml_enroll_user):
# Use auto enrollment to local IDP
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
# Auto user enrollemnt
print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
# Convert saml result attributes keys to lover case
saml_response_normalized_attributes = HashMap()
for saml_response_attribute_entry in saml_response_attributes.entrySet(
):
saml_response_normalized_attributes.put(
StringHelper.toLowerCase(
saml_response_attribute_entry.getKey()),
saml_response_attribute_entry.getValue())
currentAttributesMapping = self.prepareCurrentAttributesMapping(
self.attributesMapping, configurationAttributes,
requestParameters)
print "Saml. Authenticate for step 1. Using next attributes mapping '%s'" % currentAttributesMapping
newUser = User()
# Set custom object classes
if self.userObjectClasses != None:
print "Saml. Authenticate for step 1. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(
self.userObjectClasses)
newUser.setCustomObjectClasses(self.userObjectClasses)
for attributesMappingEntry in currentAttributesMapping.entrySet(
):
idpAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
if self.debugEnrollment:
print "Saml. Authenticate for step 1. Trying to map '%s' into '%s'" % (
idpAttribute, localAttribute)
localAttributeValue = saml_response_normalized_attributes.get(
idpAttribute)
if (localAttributeValue != None):
if self.debugEnrollment:
print "Saml. Authenticate for step 1. Setting attribute '%s' value '%s'" % (
localAttribute, localAttributeValue)
newUser.setAttribute(localAttribute,
localAttributeValue)
newUser.setAttribute("oxExternalUid",
"saml:" + saml_user_uid)
print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (
saml_user_uid, newUser.getCustomAttributes())
user_unique = self.checkUserUniqueness(newUser)
if not user_unique:
print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getAttribute(
"uid")
facesMessages = FacesMessages.instance()
facesMessages.add(
StatusMessage.Severity.ERROR,
"Failed to enroll. User with same key attributes exist already"
)
FacesContext.getCurrentInstance().getExternalContext(
).getFlash().setKeepMessages(True)
return False
find_user_by_uid = userService.addUser(newUser, True)
print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId(
)
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (saml_enroll_all_user_attr):
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:" + saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
user = User()
# Set custom object classes
if self.userObjectClasses != None:
print "Saml. Authenticate for step 1. User custom objectClasses to add persons: '%s'" % Util.array2ArrayList(
self.userObjectClasses)
user.setCustomObjectClasses(self.userObjectClasses)
customAttributes = ArrayList()
for key in saml_response_attributes.keySet():
ldapAttributes = attributeService.getAllAttributes()
for ldapAttribute in ldapAttributes:
saml2Uri = ldapAttribute.getSaml2Uri()
if (saml2Uri == None):
saml2Uri = attributeService.getDefaultSaml2Uri(
ldapAttribute.getName())
if (saml2Uri == key):
attribute = CustomAttribute(
ldapAttribute.getName())
attribute.setValues(attributes.get(key))
customAttributes.add(attribute)
attribute = CustomAttribute("oxExternalUid")
attribute.setValue("saml:" + saml_user_uid)
customAttributes.add(attribute)
user.setCustomAttributes(customAttributes)
if (user.getAttribute("sn") == None):
attribute = CustomAttribute("sn")
attribute.setValue(saml_user_uid)
customAttributes.add(attribute)
if (user.getAttribute("cn") == None):
attribute = CustomAttribute("cn")
attribute.setValue(saml_user_uid)
customAttributes.add(attribute)
user_unique = self.checkUserUniqueness(user)
if not user_unique:
print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getAttribute(
"uid")
facesMessages = FacesMessages.instance()
facesMessages.add(
StatusMessage.Severity.ERROR,
"Failed to enroll. User with same key attributes exist already"
)
FacesContext.getCurrentInstance().getExternalContext(
).getFlash().setKeepMessages(True)
return False
find_user_by_uid = userService.addUser(user, True)
print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId(
)
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
else:
# Check if the is user with specified saml_user_uid
print "Saml. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid
find_user_by_uid = userService.getUser(saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(
found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (step == 2):
print "Saml. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None
) or not sessionAttributes.containsKey("saml_user_uid"):
print "Saml. Authenticate for step 2. saml_user_uid is empty"
return False
saml_user_uid = sessionAttributes.get("saml_user_uid")
passed_step1 = StringHelper.isNotEmptyString(saml_user_uid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has saml_user_uid
# Avoid mapping Saml account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
# Add saml_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(
user_name, "oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 2. Failed to update current user"
return False
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result
return post_login_result
else:
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 2. found_user_name: '%s'" % found_user_name
if StringHelper.equals(user_name, found_user_name):
post_login_result = self.samlExtensionPostLogin(
configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result
return post_login_result
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
saml_map_user = False
saml_enroll_user = False
saml_enroll_all_user_attr = False
# Use saml_deployment_type only if there is no attributes mapping
if (configurationAttributes.containsKey("saml_deployment_type")):
saml_deployment_type = StringHelper.toLowerCase(configurationAttributes.get("saml_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")):
saml_map_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")):
saml_enroll_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr")):
saml_enroll_all_user_attr = True
saml_allow_basic_login = False
if (configurationAttributes.containsKey("saml_allow_basic_login")):
saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get("saml_allow_basic_login").getValue2(), False)
use_basic_auth = False
if (saml_allow_basic_login):
# Detect if user used basic authnetication method
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
if (StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password)):
use_basic_auth = True
if ((step == 1) and saml_allow_basic_login and use_basic_auth):
print "Saml. Authenticate for step 1. Basic authentication"
context.set("saml_count_login_steps", 1)
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
if (step == 1):
print "Saml. Authenticate for step 1"
currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters)
if (currentSamlConfiguration == None):
print "Saml. Prepare for step 1. Client saml configuration is invalid"
return False
saml_response_array = requestParameters.get("SAMLResponse")
if ArrayHelper.isEmpty(saml_response_array):
print "Saml. Authenticate for step 1. saml_response is empty"
return False
saml_response = saml_response_array[0]
print "Saml. Authenticate for step 1. saml_response:", saml_response
samlResponse = Response(currentSamlConfiguration)
samlResponse.loadXmlFromBase64(saml_response)
saml_validate_response = True
if (configurationAttributes.containsKey("saml_validate_response")):
saml_validate_response = StringHelper.toBoolean(configurationAttributes.get("saml_validate_response").getValue2(), False)
if (saml_validate_response):
if (not samlResponse.isValid()):
print "Saml. Authenticate for step 1. saml_response isn't valid"
saml_response_name_id = samlResponse.getNameId()
if (StringHelper.isEmpty(saml_response_name_id)):
print "Saml. Authenticate for step 1. saml_response_name_id is invalid"
return False
print "Saml. Authenticate for step 1. saml_response_name_id:", saml_response_name_id
saml_response_attributes = samlResponse.getAttributes()
print "Saml. Authenticate for step 1. attributes: ", saml_response_attributes
# Use persistent Id as saml_user_uid
saml_user_uid = saml_response_name_id
if (saml_map_user):
# Use mapping to local IDP user
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:", saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
print "Saml. Authenticate for step 1. Setting count steps to 2"
context.set("saml_count_login_steps", 2)
context.set("saml_user_uid", saml_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name:", found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result:", post_login_result
return post_login_result
elif (saml_enroll_user):
# Use auto enrollment to local IDP
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:", saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
# Auto user enrollemnt
print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
# Convert saml result attributes keys to lover case
saml_response_normalized_attributes = HashMap()
for saml_response_attribute_entry in saml_response_attributes.entrySet():
saml_response_normalized_attributes.put(
StringHelper.toLowerCase(saml_response_attribute_entry.getKey()), saml_response_attribute_entry.getValue())
currentAttributesMapping = self.prepareCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Saml. Authenticate for step 1. Using next attributes mapping", currentAttributesMapping
newUser = User()
for attributesMappingEntry in currentAttributesMapping.entrySet():
idpAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
localAttributeValue = saml_response_normalized_attributes.get(idpAttribute)
if (localAttribute != None):
newUser.setAttribute(localAttribute, localAttributeValue)
newUser.setAttribute("oxExternalUid", "saml:" + saml_user_uid)
print "Saml. Authenticate for step 1. Attempting to add user", saml_user_uid, " with next attributes", newUser.getCustomAttributes()
find_user_by_uid = userService.addUser(newUser, True)
print "Saml. Authenticate for step 1. Added new user with UID", find_user_by_uid.getUserId()
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name:", found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result:", post_login_result
return post_login_result
elif (saml_enroll_all_user_attr):
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:" + saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
user = User()
customAttributes = ArrayList()
for key in attributes.keySet():
ldapAttributes = attributeService.getAllAttributes()
for ldapAttribute in ldapAttributes:
saml2Uri = ldapAttribute.getSaml2Uri()
if(saml2Uri == None):
saml2Uri = attributeService.getDefaultSaml2Uri(ldapAttribute.getName())
if(saml2Uri == key):
attribute = CustomAttribute(ldapAttribute.getName())
attribute.setValues(attributes.get(key))
customAttributes.add(attribute)
attribute = CustomAttribute("oxExternalUid")
attribute.setValue("saml:" + saml_user_uid)
customAttributes.add(attribute)
user.setCustomAttributes(customAttributes)
if(user.getAttribute("sn") == None):
attribute = CustomAttribute("sn")
attribute.setValue(saml_user_uid)
customAttributes.add(attribute)
if(user.getAttribute("cn") == None):
attribute = CustomAttribute("cn")
attribute.setValue(saml_user_uid)
customAttributes.add(attribute)
find_user_by_uid = userService.addUser(user, True)
print "Saml. Authenticate for step 1. Added new user with UID", find_user_by_uid.getUserId()
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name:", found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result:", post_login_result
return post_login_result
else:
# Check if the is user with specified saml_user_uid
print "Saml. Authenticate for step 1. Attempting to find user by uid:", saml_user_uid
find_user_by_uid = userService.getUser(saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name:", found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result:", post_login_result
return post_login_result
elif (step == 2):
print "Saml. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None) or not sessionAttributes.containsKey("saml_user_uid"):
print "Saml. Authenticate for step 2. saml_user_uid is empty"
return False
saml_user_uid = sessionAttributes.get("saml_user_uid")
passed_step1 = StringHelper.isNotEmptyString(saml_user_uid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has saml_user_uid
# Avoid mapping Saml account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
# Add saml_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "saml:" + saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 2. Failed to update current user"
return False
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result:", post_login_result
return post_login_result
else:
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 2. found_user_name:", found_user_name
if StringHelper.equals(user_name, found_user_name):
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result:", post_login_result
return post_login_result
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
encryptionService = EncryptionService.instance()
mapUserDeployment = False
enrollUserDeployment = False
if (configurationAttributes.containsKey("gplus_deployment_type")):
deploymentType = StringHelper.toLowerCase(configurationAttributes.get("gplus_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(deploymentType, "map")):
mapUserDeployment = True
if (StringHelper.equalsIgnoreCase(deploymentType, "enroll")):
enrollUserDeployment = True
if (step == 1):
print "Google+ authenticate for step 1"
gplusAuthCodeArray = requestParameters.get("gplus_auth_code")
gplusAuthCode = gplusAuthCodeArray[0]
# Check if user uses basic method to log in
useBasicAuth = False
if (StringHelper.isEmptyString(gplusAuthCode)):
useBasicAuth = True
# Use basic method to log in
if (useBasicAuth):
print "Google+ authenticate for step 1. Basic authentication"
context.set("gplus_count_login_steps", 1)
credentials = Identity.instance().getCredentials()
userName = credentials.getUsername()
userPassword = credentials.getPassword()
loggedIn = False
if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)):
userService = UserService.instance()
loggedIn = userService.authenticate(userName, userPassword)
if (not loggedIn):
return False
return True
# Use Google+ method to log in
print "Google+ authenticate for step 1. gplusAuthCode:", gplusAuthCode
currentClientSecrets = self.getCurrentClientSecrets(self.clientSecrets, configurationAttributes, requestParameters)
if (currentClientSecrets == None):
print "Google+ authenticate for step 1. Client secrets configuration is invalid"
return False
print "Google+ authenticate for step 1. Attempting to gets tokens"
tokenResponse = self.getTokensByCode(self.clientSecrets, configurationAttributes, gplusAuthCode);
if ((tokenResponse == None) or (tokenResponse.getIdToken() == None) or (tokenResponse.getAccessToken() == None)):
print "Google+ authenticate for step 1. Failed to get tokens"
return False
else:
print "Google+ authenticate for step 1. Successfully gets tokens"
jwt = Jwt.parse(tokenResponse.getIdToken())
# TODO: Validate ID Token Signature
gplusUserUid = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
print "Google+ authenticate for step 1. Found Google user ID in the ID token: ", gplusUserUid
if (mapUserDeployment):
# Use mapping to local IDP user
print "Google+ authenticate for step 1. Attempting to find user by oxExternalUid: gplus:", gplusUserUid
# Check if there is user with specified gplusUserUid
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
print "Google+ authenticate for step 1. Failed to find user"
print "Google+ authenticate for step 1. Setting count steps to 2"
context.set("gplus_count_login_steps", 2)
context.set("gplus_user_uid", encryptionService.encrypt(gplusUserUid))
return True
foundUserName = foundUser.getUserId()
print "Google+ authenticate for step 1. foundUserName:"******"Google+ authenticate for step 1. Failed to authenticate user"
return False
print "Google+ authenticate for step 1. Setting count steps to 1"
context.set("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ authenticate for step 1. postLoginResult:", postLoginResult
return postLoginResult
elif (enrollUserDeployment):
# Use auto enrollment to local IDP
print "Google+ authenticate for step 1. Attempting to find user by oxExternalUid: gplus:", gplusUserUid
# Check if there is user with specified gplusUserUid
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
# Auto user enrollemnt
print "Google+ authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Google+ authenticate for step 1. Attempting to gets user info"
userInfoResponse = self.getUserInfo(currentClientSecrets, configurationAttributes, tokenResponse.getAccessToken())
if ((userInfoResponse == None) or (userInfoResponse.getClaims().size() == 0)):
print "Google+ authenticate for step 1. Failed to get user info"
return False
else:
print "Google+ authenticate for step 1. Successfully gets user info"
gplusResponseAttributes = userInfoResponse.getClaims()
# Convert Google+ user claims to lover case
gplusResponseNormalizedAttributes = HashMap()
for gplusResponseAttributeEntry in gplusResponseAttributes.entrySet():
gplusResponseNormalizedAttributes.put(
StringHelper.toLowerCase(gplusResponseAttributeEntry.getKey()), gplusResponseAttributeEntry.getValue())
currentAttributesMapping = self.getCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Google+ authenticate for step 1. Using next attributes mapping", currentAttributesMapping
newUser = User()
for attributesMappingEntry in currentAttributesMapping.entrySet():
idpAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
localAttributeValue = gplusResponseNormalizedAttributes.get(idpAttribute)
if (localAttribute != None):
newUser.setAttribute(localAttribute, localAttributeValue)
if (newUser.getAttribute("sn") == None):
newUser.setAttribute("sn", gplusUserUid)
if (newUser.getAttribute("cn") == None):
newUser.setAttribute("cn", gplusUserUid)
newUser.setAttribute("oxExternalUid", "gplus:" + gplusUserUid)
print "Google+ authenticate for step 1. Attempting to add user", gplusUserUid, " with next attributes", newUser.getCustomAttributes()
foundUser = userService.addUser(newUser)
print "Google+ authenticate for step 1. Added new user with UID", foundUser.getUserId()
foundUserName = foundUser.getUserId()
print "Google+ authenticate for step 1. foundUserName:"******"Google+ authenticate for step 1. Failed to authenticate user"
return False
print "Google+ authenticate for step 1. Setting count steps to 1"
context.set("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ authenticate for step 1. postLoginResult:", postLoginResult
return postLoginResult
else:
# Check if the is user with specified gplusUserUid
print "Google+ authenticate for step 1. Attempting to find user by uid:", gplusUserUid
foundUser = userService.getUser(gplusUserUid)
if (foundUser == None):
print "Google+ authenticate for step 1. Failed to find user"
return False
foundUserName = foundUser.getUserId()
print "Google+ authenticate for step 1. foundUserName:"******"Google+ authenticate for step 1. Failed to authenticate user"
return False
print "Google+ authenticate for step 1. Setting count steps to 1"
context.set("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ authenticate for step 1. postLoginResult:", postLoginResult
return postLoginResult
elif (step == 2):
print "Google+ authenticate for step 2"
gplusUserUidArray = requestParameters.get("gplus_user_uid")
if ArrayHelper.isEmpty(gplusUserUidArray):
print "Google+ authenticate for step 2. gplus_user_uid is empty"
return False
gplusUserUid = encryptionService.decrypt(gplusUserUidArray[0])
passedStep1 = StringHelper.isNotEmptyString(gplusUserUid)
if (not passedStep1):
return False
credentials = Identity.instance().getCredentials()
userName = credentials.getUsername()
userPassword = credentials.getPassword()
loggedIn = False
if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)):
loggedIn = userService.authenticate(userName, userPassword)
if (not loggedIn):
return False
# Check if there is user which has gplusUserUid
# Avoid mapping Google account to more than one IDP account
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
# Add gplusUserUid to user one id UIDs
foundUser = userService.addUserAttribute(userName, "oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
print "Google+ authenticate for step 2. Failed to update current user"
return False
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ authenticate for step 2. postLoginResult:", postLoginResult
return postLoginResult
else:
foundUserName = foundUser.getUserId()
print "Google+ authenticate for step 2. foundUserName:"******"Google+ authenticate for step 2. postLoginResult:", postLoginResult
return postLoginResult
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
context = Contexts.getEventContext()
authenticationService = AuthenticationService.instance()
userService = UserService.instance()
saml_map_user = False
saml_enroll_user = False
saml_enroll_all_user_attr = False
# Use saml_deployment_type only if there is no attributes mapping
if (configurationAttributes.containsKey("saml_deployment_type")):
saml_deployment_type = StringHelper.toLowerCase(configurationAttributes.get("saml_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "map")):
saml_map_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll")):
saml_enroll_user = True
if (StringHelper.equalsIgnoreCase(saml_deployment_type, "enroll_all_attr")):
saml_enroll_all_user_attr = True
saml_allow_basic_login = False
if (configurationAttributes.containsKey("saml_allow_basic_login")):
saml_allow_basic_login = StringHelper.toBoolean(configurationAttributes.get("saml_allow_basic_login").getValue2(), False)
use_basic_auth = False
if (saml_allow_basic_login):
# Detect if user used basic authnetication method
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
if (StringHelper.isNotEmpty(user_name) and StringHelper.isNotEmpty(user_password)):
use_basic_auth = True
if ((step == 1) and saml_allow_basic_login and use_basic_auth):
print "Saml. Authenticate for step 1. Basic authentication"
context.set("saml_count_login_steps", 1)
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
userService = UserService.instance()
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
if (step == 1):
print "Saml. Authenticate for step 1"
currentSamlConfiguration = self.getCurrentSamlConfiguration(self.samlConfiguration, configurationAttributes, requestParameters)
if (currentSamlConfiguration == None):
print "Saml. Prepare for step 1. Client saml configuration is invalid"
return False
saml_response_array = requestParameters.get("SAMLResponse")
if ArrayHelper.isEmpty(saml_response_array):
print "Saml. Authenticate for step 1. saml_response is empty"
return False
saml_response = saml_response_array[0]
print "Saml. Authenticate for step 1. saml_response: '%s'" % saml_response
samlResponse = Response(currentSamlConfiguration)
samlResponse.loadXmlFromBase64(saml_response)
saml_validate_response = True
if (configurationAttributes.containsKey("saml_validate_response")):
saml_validate_response = StringHelper.toBoolean(configurationAttributes.get("saml_validate_response").getValue2(), False)
if (saml_validate_response):
if (not samlResponse.isValid()):
print "Saml. Authenticate for step 1. saml_response isn't valid"
saml_response_attributes = samlResponse.getAttributes()
print "Saml. Authenticate for step 1. attributes: '%s'" % saml_response_attributes
if (saml_map_user):
saml_user_uid = self.getSamlNameId(samlResponse)
if saml_user_uid == None:
return False
# Use mapping to local IDP user
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid
# Check if the is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
print "Saml. Authenticate for step 1. Setting count steps to 2"
context.set("saml_count_login_steps", 2)
context.set("saml_user_uid", saml_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (saml_enroll_user):
# Convert SAML response to user entry
newUser = self.getMappedUser(configurationAttributes, requestParameters, saml_response_attributes)
saml_user_uid = self.getNameId(samlResponse, newUser)
if saml_user_uid == None:
return False
self.setDefaultUid(newUser, saml_user_uid)
newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid)
# Use auto enrollment to local IDP
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml: '%s'" % saml_user_uid
# Check if there is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid)
if find_user_by_uid == None:
# Auto user enrollment
print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes())
user_unique = self.checkUserUniqueness(newUser)
if not user_unique:
print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId()
facesMessages = FacesMessages.instance()
facesMessages.add(StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already")
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True)
return False
find_user_by_uid = userService.addUser(newUser, True)
print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId()
else:
if self.updateUser:
print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes())
find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes())
userService.updateUser(find_user_by_uid)
print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user: '******'" % found_user_name
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (saml_enroll_all_user_attr):
# Convert SAML response to user entry
newUser = self.getMappedAllAttributesUser(saml_response_attributes)
saml_user_uid = self.getNameId(samlResponse, newUser)
if saml_user_uid == None:
return False
self.setDefaultUid(newUser, saml_user_uid)
newUser.setAttribute("oxExternalUid", "saml:%s" % saml_user_uid)
print "Saml. Authenticate for step 1. Attempting to find user by oxExternalUid: saml:%s" % saml_user_uid
# Check if there is user with specified saml_user_uid
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
# Auto user enrollment
print "Saml. Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Saml. Authenticate for step 1. Attempting to add user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes())
user_unique = self.checkUserUniqueness(newUser)
if not user_unique:
print "Saml. Authenticate for step 1. Failed to add user: '******'. User not unique" % newUser.getUserId()
facesMessages = FacesMessages.instance()
facesMessages.add(StatusMessage.Severity.ERROR, "Failed to enroll. User with same key attributes exist already")
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(True)
return False
find_user_by_uid = userService.addUser(newUser, True)
print "Saml. Authenticate for step 1. Added new user with UID: '%s'" % find_user_by_uid.getUserId()
else:
if self.updateUser:
print "Saml. Authenticate for step 1. Attempting to update user '%s' with next attributes: '%s'" % (saml_user_uid, newUser.getCustomAttributes())
find_user_by_uid.setCustomAttributes(newUser.getCustomAttributes())
userService.updateUser(find_user_by_uid)
print "Saml. Authenticate for step 1. Updated user with UID: '%s'" % saml_user_uid
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
else:
if saml_user_uid == None:
return False
# Check if the is user with specified saml_user_uid
print "Saml. Authenticate for step 1. Attempting to find user by uid: '%s'" % saml_user_uid
find_user_by_uid = userService.getUser(saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 1. found_user_name: '%s'" % found_user_name
user_authenticated = authenticationService.authenticate(found_user_name)
if (user_authenticated == False):
print "Saml. Authenticate for step 1. Failed to authenticate user"
return False
print "Saml. Authenticate for step 1. Setting count steps to 1"
context.set("saml_count_login_steps", 1)
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 1. post_login_result: '%s'" % post_login_result
return post_login_result
elif (step == 2):
print "Saml. Authenticate for step 2"
sessionAttributes = context.get("sessionAttributes")
if (sessionAttributes == None) or not sessionAttributes.containsKey("saml_user_uid"):
print "Saml. Authenticate for step 2. saml_user_uid is empty"
return False
saml_user_uid = sessionAttributes.get("saml_user_uid")
passed_step1 = StringHelper.isNotEmptyString(saml_user_uid)
if (not passed_step1):
return False
credentials = Identity.instance().getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = userService.authenticate(user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has saml_user_uid
# Avoid mapping Saml account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute("oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
# Add saml_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(user_name, "oxExternalUid", "saml:%s" % saml_user_uid)
if (find_user_by_uid == None):
print "Saml. Authenticate for step 2. Failed to update current user"
return False
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result
return post_login_result
else:
found_user_name = find_user_by_uid.getUserId()
print "Saml. Authenticate for step 2. found_user_name: '%s'" % found_user_name
if StringHelper.equals(user_name, found_user_name):
post_login_result = self.samlExtensionPostLogin(configurationAttributes, find_user_by_uid)
print "Saml. Authenticate for step 2. post_login_result: '%s'" % post_login_result
return post_login_result
return False
else:
return False
