def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):
remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property"
return None
localAttributesListArray = StringHelper.split(localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. There is no attributes specified in localAttributesList property"
return None
if (len(remoteAttributesListArray) != len(localAttributesListArray)):
print "Google+ PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal"
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
if (StringHelper.equalsIgnoreCase(localAttribute, "uid")):
containsUid = True
i = i + 1
if (not containsUid):
print "Google+ PrepareAttributesMapping. There is no mapping to mandatory 'uid' attribute"
return None
return attributeMapping
def attribute_mapping_function(azure_ad_attributes_list, gluu_ldap_attributes_list):
try:
azure_ad_attributes_list_array = StringHelper.split(azure_ad_attributes_list, ",")
if ArrayHelper.isEmpty(azure_ad_attributes_list_array):
print("AzureAD: There is no attributes specified in azure_ad_attributes_list property")
return None
gluu_ldap_attributes_list_array = StringHelper.split(gluu_ldap_attributes_list, ",")
if ArrayHelper.isEmpty(gluu_ldap_attributes_list_array):
print("AzureAD: There is no attributes specified in gluu_ldap_attributes_list property")
return None
if len(azure_ad_attributes_list_array) != len(gluu_ldap_attributes_list_array):
print("AzureAD: The number of attributes isn't equal")
return None
attributes_map = IdentityHashMap()
i = 0
count = len(azure_ad_attributes_list_array)
while i < count:
azure_ad_attribute = StringHelper.toLowerCase(azure_ad_attributes_list_array[i])
gluu_ldap_attribute = StringHelper.toLowerCase(gluu_ldap_attributes_list_array[i])
attributes_map.put(azure_ad_attribute, gluu_ldap_attribute)
i = i + 1
return attributes_map
except Exception, err:
print("AzureAD: Exception inside prepareAttributesMapping " + str(err))
def init(self, customScript, configurationAttributes):
print "Basic (multi login). Initialization"
login_attributes_list_object = configurationAttributes.get("login_attributes_list")
if (login_attributes_list_object == None):
print "Basic (multi login). Initialization. There is no property login_attributes_list"
return False
login_attributes_list = login_attributes_list_object.getValue2()
if (StringHelper.isEmpty(login_attributes_list)):
print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property"
return False
login_attributes_list_array = StringHelper.split(login_attributes_list, ",")
if (ArrayHelper.isEmpty(login_attributes_list_array)):
print "Basic (multi login). Initialization. There is no attributes specified in login_attributes property"
return False
if (configurationAttributes.containsKey("local_login_attributes_list")):
local_login_attributes_list = configurationAttributes.get("local_login_attributes_list").getValue2()
local_login_attributes_list_array = StringHelper.split(local_login_attributes_list, ",")
else:
print "Basic (multi login). Initialization. There is no property local_login_attributes_list. Assuming that login attributes are equal to local login attributes."
local_login_attributes_list_array = login_attributes_list_array
if (len(login_attributes_list_array) != len(local_login_attributes_list_array)):
print "Basic (multi login). Initialization. The number of attributes in login_attributes_list and local_login_attributes_list isn't equal"
return False
self.login_attributes_list_array = login_attributes_list_array
self.local_login_attributes_list_array = local_login_attributes_list_array
print "Basic (multi login). Initialized successfully"
return True
def prepareAttributesMapping(self, remoteAttributesList, localAttributesList):
try:
remoteAttributesListArray = StringHelper.split(remoteAttributesList, ",")
if (ArrayHelper.isEmpty(remoteAttributesListArray)):
print("Registration: PrepareAttributesMapping. There is no attributes specified in remoteAttributesList property")
return None
localAttributesListArray = StringHelper.split(localAttributesList, ",")
if (ArrayHelper.isEmpty(localAttributesListArray)):
print("Registration: PrepareAttributesMapping. There is no attributes specified in localAttributesList property")
return None
if (len(remoteAttributesListArray) != len(localAttributesListArray)):
print("Registration: PrepareAttributesMapping. The number of attributes in remoteAttributesList and localAttributesList isn't equal")
return None
attributeMapping = IdentityHashMap()
containsUid = False
i = 0
count = len(remoteAttributesListArray)
while (i < count):
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
localAttribute = StringHelper.toLowerCase(localAttributesListArray[i])
attributeMapping.put(remoteAttribute, localAttribute)
i = i + 1
return attributeMapping
except Exception, err:
print("Registration: Exception inside prepareAttributesMapping " + str(err))
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if (step == 1):
print "Basic. Authenticate for step 1"
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name_array = StringHelper.split(credentials.getUsername(),"+")
user_name = None
if len(user_name_array) == 2:
email_id_array = StringHelper.split(user_name_array[1],"@")
user_name = user_name_array[0] + "@"+ email_id_array[1]
else:
user_name = user_name_array[0]
print "Username for authentication is: %s " % user_name
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = authenticationService.authenticate(user_name, user_password,"mail","mail")
if (not logged_in):
return False
return True
else:
return False
def prepareClientsSet(self, configurationAttributes):
clientsSet = HashSet()
if (not configurationAttributes.containsKey("allowed_clients")):
return clientsSet
allowedClientsList = configurationAttributes.get(
"allowed_clients").getValue2()
if (StringHelper.isEmpty(allowedClientsList)):
print "UmaRptPolicy. The property allowed_clients is empty"
return clientsSet
allowedClientsListArray = StringHelper.split(allowedClientsList, ",")
if (ArrayHelper.isEmpty(allowedClientsListArray)):
print "UmaRptPolicy. No clients specified in allowed_clients property"
return clientsSet
# Convert to HashSet to quick search
i = 0
count = len(allowedClientsListArray)
while (i < count):
client = allowedClientsListArray[i]
clientsSet.add(client)
i = i + 1
return clientsSet
def prepareUserEnforceUniquenessAttributes(self, configurationAttributes):
enforce_uniqueness_attr_list = configurationAttributes.get("enforce_uniqueness_attr_list").getValue2()
enforce_uniqueness_attr_list_array = StringHelper.split(enforce_uniqueness_attr_list, ",")
if ArrayHelper.isEmpty(enforce_uniqueness_attr_list_array):
return None
return enforce_uniqueness_attr_list_array
def prepareUserObjectClasses(self, configurationAttributes):
user_object_classes = configurationAttributes.get("user_object_classes").getValue2()
user_object_classes_list_array = StringHelper.split(user_object_classes, ",")
if ArrayHelper.isEmpty(user_object_classes_list_array):
return None
return user_object_classes_list_array
def setClientScopes(self, client, requiredScopes):
if requiredScopes == None:
print "Casa client registration. No list of scopes was passed in script parameters"
return
requiredScopes = StringHelper.split(requiredScopes.getValue2(), ",")
newScopes = client.getScopes()
scopeService = CdiUtil.bean(ScopeService)
for scopeName in requiredScopes:
scope = scopeService.getScopeById(scopeName)
if not scope.isDefaultScope():
print "Casa client registration. Adding scope '%s'" % scopeName
newScopes = ArrayHelper.addItemToStringArray(newScopes, scope.getDn())
print "Casa client registration. Result scopes are: %s" % newScopes
client.setScopes(newScopes)
def init(self, customScript, configurationAttributes):
print "Casa. init called"
self.authenticators = {}
self.uid_attr = self.getLocalPrimaryKey()
custScriptService = CdiUtil.bean(CustomScriptService)
self.scriptsList = custScriptService.findCustomScripts(Collections.singletonList(CustomScriptType.PERSON_AUTHENTICATION), "oxConfigurationProperty", "displayName", "oxEnabled", "oxLevel")
dynamicMethods = self.computeMethods(self.scriptsList)
if len(dynamicMethods) > 0:
print "Casa. init. Loading scripts for dynamic modules: %s" % dynamicMethods
for acr in dynamicMethods:
moduleName = self.modulePrefix + acr
try:
external = __import__(moduleName, globals(), locals(), ["PersonAuthentication"], -1)
module = external.PersonAuthentication(self.currentTimeMillis)
print "Casa. init. Got dynamic module for acr %s" % acr
configAttrs = self.getConfigurationAttributes(acr, self.scriptsList)
if acr == self.ACR_U2F:
u2f_application_id = configurationAttributes.get("u2f_app_id").getValue2()
configAttrs.put("u2f_application_id", SimpleCustomProperty("u2f_application_id", u2f_application_id))
elif acr == self.ACR_SG:
application_id = configurationAttributes.get("supergluu_app_id").getValue2()
configAttrs.put("application_id", SimpleCustomProperty("application_id", application_id))
if module.init(None, configAttrs):
module.configAttrs = configAttrs
self.authenticators[acr] = module
else:
print "Casa. init. Call to init in module '%s' returned False" % moduleName
except:
print "Casa. init. Failed to load module %s" % moduleName
print "Exception: ", sys.exc_info()[1]
mobile_methods = configurationAttributes.get("mobile_methods")
self.mobile_methods = [] if mobile_methods == None else StringHelper.split(mobile_methods.getValue2(), ",")
print "Casa. init. Initialized successfully"
return True
def prepareClientRedirectUris(self, configurationAttributes):
clientRedirectUrisSet = HashSet()
if not configurationAttributes.containsKey("client_redirect_uris"):
return clientRedirectUrisSet
clientRedirectUrisList = configurationAttributes.get("client_redirect_uris").getValue2()
if StringHelper.isEmpty(clientRedirectUrisList):
print "Client registration. The property client_redirect_uris is empty"
return clientRedirectUrisSet
clientRedirectUrisArray = StringHelper.split(clientRedirectUrisList, ",")
if ArrayHelper.isEmpty(clientRedirectUrisArray):
print "Client registration. No clients specified in client_redirect_uris property"
return clientRedirectUrisSet
# Convert to HashSet to quick search
i = 0
count = len(clientRedirectUrisArray)
while i < count:
uris = clientRedirectUrisArray[i]
clientRedirectUrisSet.add(uris)
i = i + 1
return clientRedirectUrisSet
def authenticate(self, configurationAttributes, requestParameters, step):
identity = CdiUtil.bean(Identity)
session_attributes = identity.getSessionId().getSessionAttributes()
authenticationService = CdiUtil.bean(AuthenticationService)
allowedCountriesListArray = StringHelper.split(self.allowedCountries, ",")
if (len(allowedCountriesListArray) > 0 and session_attributes.containsKey("remote_ip")):
remote_ip = session_attributes.get("remote_ip")
remote_loc_dic = self.determineGeolocationData(remote_ip)
if remote_loc_dic == None:
print "Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '%s'" % remote_ip
return
remote_loc = "%s" % ( remote_loc_dic['countryCode'])
print "Your remote location is "+remote_loc
if remote_loc in allowedCountriesListArray:
print "you are allowed to access"
else:
return False
if (step == 1):
print "Basic. Authenticate for step 1"
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = authenticationService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
else:
return False
