def authenticate(self, configurationAttributes, requestParameters, step):
print "Registration. Authenticate for step 1"
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
if (StringHelper.isEmptyString(
self.getUserValueFromAuth("email", requestParameters))):
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
facesMessages.add(FacesMessage.SEVERITY_ERROR,
"Please provide your email.")
return False
if (StringHelper.isEmptyString(
self.getUserValueFromAuth("pwd", requestParameters))):
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
facesMessages.add(FacesMessage.SEVERITY_ERROR,
"Please provide password.")
return False
foundUser = userService.getUserByAttribute(
"mail", self.getUserValueFromAuth("email", requestParameters))
if (foundUser == None):
newUser = User()
for attributesMappingEntry in self.attributesMapping.entrySet():
remoteAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
localAttributeValue = self.getUserValueFromAuth(
remoteAttribute, requestParameters)
if ((localAttribute != None) &
(localAttributeValue != "undefined")):
print localAttribute + localAttributeValue
newUser.setAttribute(localAttribute, localAttributeValue)
try:
foundUser = userService.addUser(newUser, True)
foundUserName = foundUser.getUserId()
print("Registration: Found user name " + foundUserName)
userAuthenticated = authenticationService.authenticate(
foundUserName)
print(
"Registration: User added successfully and isUserAuthenticated = "
+ str(userAuthenticated))
except Exception, err:
print("Registration: Error in adding user:" + str(err))
return False
return userAuthenticated
def isUserMemberOfGroups(self, credentials, groups):
userService = CdiUtil.bean(UserService)
user_name = credentials.getUsername()
if StringHelper.isEmptyString(user_name):
return False
find_user_by_uid = userService.getUser(user_name)
is_member = False
member_of_list = find_user_by_uid.getAttributeValues("memberOf")
if member_of_list == None:
return is_member
print member_of_list
print groups
for member_of in member_of_list:
for group in groups:
if StringHelper.equalsIgnoreCase(
group, member_of) or member_of.endswith(group):
is_member = True
break
return is_member
def authenticate(self, configurationAttributes, requestParameters, step):
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
iw_otp = requestParameters.get("loginForm:otp")
if ArrayHelper.isNotEmpty(iw_otp) and StringHelper.equalsIgnoreCase(
"true", iw_otp[0]) and step == 2:
identity.setWorkingParameter("iw_count_login_steps", 3)
return True
elif StringHelper.isEmptyString(user_name) and step == 1:
print "empty user_name in step1 indicates browser token notfound"
identity.setWorkingParameter("iw_count_login_steps", 2)
return True
else:
response_check = False
user_exists_in_gluu = authenticationService.authenticate(user_name)
identity.setWorkingParameter("iw_count_login_steps", step)
if (step == 1 or step == 3):
print "if (step == 1 or step == 3):"
password = credentials.getPassword()
if StringHelper.isEmpty(password):
print "InWebo. Authenticate for step 2. otp token is empty"
return False
#password is the otp token
response_check = self.validateInweboToken(
self.api_uri, self.service_id, user_name, password, step)
elif (step == 2):
print "elif (step == 2):"
session = CdiUtil.bean(SessionIdService).getSessionId()
if session == None:
print "InWebo. Authenticate for step 2. session_id is not exists"
return False
response_check = self.checkStatus(self.api_uri,
self.service_id, user_name,
session.getId(),
self.push_withoutpin)
if self.push_fail is not None:
self.setErrorMessage(self.push_fail)
identity.setWorkingParameter("iw_count_login_steps", 3)
return response_check and user_exists_in_gluu
def authenticate(self, configurationAttributes, requestParameters, step):
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
userService = CdiUtil.bean(UserService)
requestParameterService = CdiUtil.bean(RequestParameterService)
authenticationService = CdiUtil.bean(AuthenticationService)
httpService = CdiUtil.bean(HttpService)
if step == 1:
print "CAS2. Authenticate for step 1"
ticket_array = requestParameters.get("ticket")
if ArrayHelper.isEmpty(ticket_array):
print "CAS2. Authenticate for step 1. ticket is empty"
return False
ticket = ticket_array[0]
print "CAS2. Authenticate for step 1. ticket: " + ticket
if StringHelper.isEmptyString(ticket):
print "CAS2. Authenticate for step 1. ticket is invalid"
return False
# Validate ticket
facesContext = CdiUtil.bean(FacesContext)
request = facesContext.getExternalContext().getRequest()
parametersMap = HashMap()
parametersMap.put(
"service",
httpService.constructServerUrl(request) + "/postlogin.htm")
if self.cas_renew_opt:
parametersMap.put("renew", "true")
parametersMap.put("ticket", ticket)
cas_service_request_uri = requestParameterService.parametersAsString(
parametersMap)
cas_service_request_uri = self.cas_host + "/serviceValidate?" + cas_service_request_uri
if self.cas_extra_opts != None:
cas_service_request_uri = cas_service_request_uri + "&" + self.cas_extra_opts
print "CAS2. Authenticate for step 1. cas_service_request_uri: " + cas_service_request_uri
http_client = httpService.getHttpsClient()
http_service_response = httpService.executeGet(
http_client, cas_service_request_uri)
try:
validation_content = httpService.convertEntityToString(
httpService.getResponseContent(
http_service_response.getHttpResponse()))
finally:
http_service_response.closeConnection()
print "CAS2. Authenticate for step 1. validation_content: " + validation_content
if StringHelper.isEmpty(validation_content):
print "CAS2. Authenticate for step 1. Ticket validation response is invalid"
return False
cas2_auth_failure = self.parse_tag(validation_content,
"cas:authenticationFailure")
print "CAS2. Authenticate for step 1. cas2_auth_failure: ", cas2_auth_failure
cas2_user_uid = self.parse_tag(validation_content, "cas:user")
print "CAS2. Authenticate for step 1. cas2_user_uid: ", cas2_user_uid
if (cas2_auth_failure != None) or (cas2_user_uid == None):
print "CAS2. Authenticate for step 1. Ticket is invalid"
return False
if self.cas_map_user:
print "CAS2. Authenticate for step 1. Attempting to find user by oxExternalUid: cas2:" + cas2_user_uid
# Check if the is user with specified cas2_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "cas2:" + cas2_user_uid)
if find_user_by_uid == None:
print "CAS2. Authenticate for step 1. Failed to find user"
print "CAS2. Authenticate for step 1. Setting count steps to 2"
identity.setWorkingParameter("cas2_count_login_steps", 2)
identity.setWorkingParameter("cas2_user_uid",
cas2_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "CAS2. Authenticate for step 1. found_user_name: " + found_user_name
authenticationService.authenticate(found_user_name)
print "CAS2. Authenticate for step 1. Setting count steps to 1"
identity.setWorkingParameter("cas2_count_login_steps", 1)
return True
else:
print "CAS2. Authenticate for step 1. Attempting to find user by uid:" + cas2_user_uid
# Check if there is user with specified cas2_user_uid
find_user_by_uid = userService.getUser(cas2_user_uid)
if find_user_by_uid == None:
print "CAS2. Authenticate for step 1. Failed to find user"
return False
found_user_name = find_user_by_uid.getUserId()
print "CAS2. Authenticate for step 1. found_user_name: " + found_user_name
authenticationService.authenticate(found_user_name)
print "CAS2. Authenticate for step 1. Setting count steps to 1"
identity.setWorkingParameter("cas2_count_login_steps", 1)
return True
elif step == 2:
print "CAS2. Authenticate for step 2"
if identity.isSetWorkingParameter("cas2_user_uid"):
print "CAS2. Authenticate for step 2. cas2_user_uid is empty"
return False
cas2_user_uid = identity.getWorkingParameter("cas2_user_uid")
passed_step1 = StringHelper.isNotEmptyString(cas2_user_uid)
if not passed_step1:
return False
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if StringHelper.isNotEmptyString(
user_name) and StringHelper.isNotEmptyString(
user_password):
logged_in = authenticationService.authenticate(
user_name, user_password)
if not logged_in:
return False
# Check if there is user which has cas2_user_uid
# Avoid mapping CAS2 account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "cas2:" + cas2_user_uid)
if find_user_by_uid == None:
# Add cas2_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(
user_name, "oxExternalUid", "cas2:" + cas2_user_uid)
if find_user_by_uid == None:
print "CAS2. Authenticate for step 2. Failed to update current user"
return False
return True
else:
found_user_name = find_user_by_uid.getUserId()
print "CAS2. Authenticate for step 2. found_user_name: " + found_user_name
if StringHelper.equals(user_name, found_user_name):
return True
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
if (step == 1):
print "Basic (with password update). Authenticate for step 1"
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isEmptyString(user_password)):
facesMessages.add(FacesMessage.SEVERITY_INFO, "Password is empty! Enter your password")
print "Basic. Authenticate: Password is empty! Enter your password"
return False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
find_user = userService.getUser(user_name)
if (find_user == None):
facesMessages.add(FacesMessage.SEVERITY_INFO, "User doesn't Exist")
return False
else:
print "Basic . Authenticate for step 1-4-disablechecking"
user_status = userService.getCustomAttribute(find_user, "gluuStatus")
print "Basic . Authenticate for step 1-5-disablechecking"
if (user_status != None):
user_status_value = user_status.getValue()
if (StringHelper.equals(user_status_value, "inactive")):
facesMessages.add(FacesMessage.SEVERITY_INFO, "User is Disabled")
return False
if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
logged_in = authenticationService.authenticate(user_name, user_password)
if (not logged_in):
return False
return True
elif (step == 2):
print "Basic (with password update). Authenticate for step 2-see"
user = authenticationService.getAuthenticatedUser()
facesMessages = CdiUtil.bean(FacesMessages)
facesMessages.setKeepMessages()
if user == None:
print "Basic (with password update). Authenticate for step 2. Failed to determine user name"
return False
user_name = user.getUserId()
find_user_by_uid = userService.getUser(user_name)
update_button = requestParameters.get("loginForm:updateButton")
if ArrayHelper.isEmpty(update_button):
return True
new_password_array = requestParameters.get("loginForm:password")
new_password = new_password_array[0]
if ArrayHelper.isEmpty(new_password_array) or StringHelper.isEmpty(new_password):
print "Basic (with password update). Authenticate for step 2. New password is empty"
return False
print "Basic (with password update). Authenticate for step 2. see the new password ================'%s'" % new_password
results = zxcvbn(new_password)
if results['score'] <2:
print 'Its a weak Password, please increase the complexity."
facesMessages.add(FacesMessage.SEVERITY_INFO, "Its weak password, please increase the complexity.")
return False
find_user_by_uid.setAttribute("userPassword", new_password)
print "Basic (with password update). Authenticate for step 2. Attempting to set new user '%s' password " % user_name
userService.updateUser(find_user_by_uid)
print "Basic (with password update). Authenticate for step 2. Password updated successfully"
return True
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
identity = CdiUtil.bean(Identity)
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
mapUserDeployment = False
enrollUserDeployment = False
if (configurationAttributes.containsKey("gplus_deployment_type")):
deploymentType = StringHelper.toLowerCase(configurationAttributes.get("gplus_deployment_type").getValue2())
if (StringHelper.equalsIgnoreCase(deploymentType, "map")):
mapUserDeployment = True
if (StringHelper.equalsIgnoreCase(deploymentType, "enroll")):
enrollUserDeployment = True
if (step == 1):
print "Google+ Authenticate for step 1"
gplusAuthCodeArray = requestParameters.get("gplus_auth_code")
gplusAuthCode = gplusAuthCodeArray[0]
# Check if user uses basic method to log in
useBasicAuth = False
if (StringHelper.isEmptyString(gplusAuthCode)):
useBasicAuth = True
# Use basic method to log in
if (useBasicAuth):
print "Google+ Authenticate for step 1. Basic authentication"
identity.setWorkingParameter("gplus_count_login_steps", 1)
credentials = identity.getCredentials()
userName = credentials.getUsername()
userPassword = credentials.getPassword()
loggedIn = False
if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)):
userService = CdiUtil.bean(UserService)
loggedIn = authenticationService.authenticate(userName, userPassword)
if (not loggedIn):
return False
return True
# Use Google+ method to log in
print "Google+ Authenticate for step 1. gplusAuthCode:", gplusAuthCode
currentClientSecrets = self.getCurrentClientSecrets(self.clientSecrets, configurationAttributes, requestParameters)
if (currentClientSecrets == None):
print "Google+ Authenticate for step 1. Client secrets configuration is invalid"
return False
print "Google+ Authenticate for step 1. Attempting to gets tokens"
tokenResponse = self.getTokensByCode(self.clientSecrets, configurationAttributes, gplusAuthCode)
if ((tokenResponse == None) or (tokenResponse.getIdToken() == None) or (tokenResponse.getAccessToken() == None)):
print "Google+ Authenticate for step 1. Failed to get tokens"
return False
else:
print "Google+ Authenticate for step 1. Successfully gets tokens"
jwt = Jwt.parse(tokenResponse.getIdToken())
# TODO: Validate ID Token Signature
gplusUserUid = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)
print "Google+ Authenticate for step 1. Found Google user ID in the ID token: '%s'" % gplusUserUid
if (mapUserDeployment):
# Use mapping to local IDP user
print "Google+ Authenticate for step 1. Attempting to find user by oxExternalUid: 'gplus:%s'" % gplusUserUid
# Check if there is user with specified gplusUserUid
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
print "Google+ Authenticate for step 1. Failed to find user"
print "Google+ Authenticate for step 1. Setting count steps to 2"
identity.setWorkingParameter("gplus_count_login_steps", 2)
identity.setWorkingParameter("gplus_user_uid", gplusUserUid)
return True
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 1. foundUserName: '******'" % foundUserName
userAuthenticated = authenticationService.authenticate(foundUserName)
if (userAuthenticated == False):
print "Google+ Authenticate for step 1. Failed to authenticate user"
return False
print "Google+ Authenticate for step 1. Setting count steps to 1"
identity.setWorkingParameter("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 1. postLoginResult: '%s'" % postLoginResult
return postLoginResult
elif (enrollUserDeployment):
# Use auto enrollment to local IDP
print "Google+ Authenticate for step 1. Attempting to find user by oxExternalUid: 'gplus:%s'" % gplusUserUid
# Check if there is user with specified gplusUserUid
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
# Auto user enrollemnt
print "Google+ Authenticate for step 1. There is no user in LDAP. Adding user to local LDAP"
print "Google+ Authenticate for step 1. Attempting to gets user info"
userInfoResponse = self.getUserInfo(currentClientSecrets, configurationAttributes, tokenResponse.getAccessToken())
if ((userInfoResponse == None) or (userInfoResponse.getClaims().size() == 0)):
print "Google+ Authenticate for step 1. Failed to get user info"
return False
else:
print "Google+ Authenticate for step 1. Successfully gets user info"
gplusResponseAttributes = userInfoResponse.getClaims()
# Convert Google+ user claims to lover case
gplusResponseNormalizedAttributes = HashMap()
for gplusResponseAttributeEntry in gplusResponseAttributes.entrySet():
gplusResponseNormalizedAttributes.put(
StringHelper.toLowerCase(gplusResponseAttributeEntry.getKey()), gplusResponseAttributeEntry.getValue())
currentAttributesMapping = self.getCurrentAttributesMapping(self.attributesMapping, configurationAttributes, requestParameters)
print "Google+ Authenticate for step 1. Using next attributes mapping '%s'" % currentAttributesMapping
newUser = User()
for attributesMappingEntry in currentAttributesMapping.entrySet():
remoteAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
localAttributeValue = gplusResponseNormalizedAttributes.get(remoteAttribute)
if (localAttribute != None):
newUser.setAttribute(localAttribute, localAttributeValue)
if (newUser.getAttribute("sn") == None):
newUser.setAttribute("sn", gplusUserUid)
if (newUser.getAttribute("cn") == None):
newUser.setAttribute("cn", gplusUserUid)
# Add mail to oxTrustEmail so that the user's
# email is available through the SCIM interface
# too.
if (newUser.getAttribute("oxTrustEmail") is None and
newUser.getAttribute("mail") is not None):
oxTrustEmail = {
"value": newUser.getAttribute("mail"),
"display": newUser.getAttribute("mail"),
"primary": True,
"operation": None,
"reference": None,
"type": "other"
}
newUser.setAttribute("oxTrustEmail", json.dumps(oxTrustEmail))
newUser.setAttribute("oxExternalUid", "gplus:" + gplusUserUid)
print "Google+ Authenticate for step 1. Attempting to add user '%s' with next attributes '%s'" % (gplusUserUid, newUser.getCustomAttributes())
foundUser = userService.addUser(newUser, True)
print "Google+ Authenticate for step 1. Added new user with UID: '%s'" % foundUser.getUserId()
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 1. foundUserName: '******'" % foundUserName
userAuthenticated = authenticationService.authenticate(foundUserName)
if (userAuthenticated == False):
print "Google+ Authenticate for step 1. Failed to authenticate user"
return False
print "Google+ Authenticate for step 1. Setting count steps to 1"
identity.setWorkingParameter("gplus_count_login_steps", 1)
print "Google+ Authenticate for step 1. Attempting to run extension postLogin"
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 1. postLoginResult: '%s'" % postLoginResult
return postLoginResult
else:
# Check if there is user with specified gplusUserUid
print "Google+ Authenticate for step 1. Attempting to find user by uid: '%s'" % gplusUserUid
foundUser = userService.getUser(gplusUserUid)
if (foundUser == None):
print "Google+ Authenticate for step 1. Failed to find user"
return False
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 1. foundUserName: '******'" % foundUserName
userAuthenticated = authenticationService.authenticate(foundUserName)
if (userAuthenticated == False):
print "Google+ Authenticate for step 1. Failed to authenticate user"
return False
print "Google+ Authenticate for step 1. Setting count steps to 1"
identity.setWorkingParameter("gplus_count_login_steps", 1)
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 1. postLoginResult: '%s'" % postLoginResult
return postLoginResult
elif (step == 2):
print "Google+ Authenticate for step 2"
sessionAttributes = identity.getSessionId().getSessionAttributes()
if (sessionAttributes == None) or not sessionAttributes.containsKey("gplus_user_uid"):
print "Google+ Authenticate for step 2. gplus_user_uid is empty"
return False
gplusUserUid = sessionAttributes.get("gplus_user_uid")
passed_step1 = StringHelper.isNotEmptyString(gplusUserUid)
if (not passed_step1):
return False
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
userName = credentials.getUsername()
userPassword = credentials.getPassword()
loggedIn = False
if (StringHelper.isNotEmptyString(userName) and StringHelper.isNotEmptyString(userPassword)):
loggedIn = authenticationService.authenticate(userName, userPassword)
if (not loggedIn):
return False
# Check if there is user which has gplusUserUid
# Avoid mapping Google account to more than one IDP account
foundUser = userService.getUserByAttribute("oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
# Add gplusUserUid to user one id UIDs
foundUser = userService.addUserAttribute(userName, "oxExternalUid", "gplus:" + gplusUserUid)
if (foundUser == None):
print "Google+ Authenticate for step 2. Failed to update current user"
return False
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 2. postLoginResult: '%s'" % postLoginResult
return postLoginResult
else:
foundUserName = foundUser.getUserId()
print "Google+ Authenticate for step 2. foundUserName: '******'" % foundUserName
if StringHelper.equals(userName, foundUserName):
postLoginResult = self.extensionPostLogin(configurationAttributes, foundUser)
print "Google+ Authenticate for step 2. postLoginResult: '%s'" % postLoginResult
return postLoginResult
return False
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
identity = CdiUtil.bean(Identity)
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
httpService = CdiUtil.bean(HttpService)
server_flag = configurationAttributes.get(
"oneid_server_flag").getValue2()
callback_attrs = configurationAttributes.get(
"oneid_callback_attrs").getValue2()
creds_file = configurationAttributes.get(
"oneid_creds_file").getValue2()
# Create OneID
authn = OneID(server_flag)
# Set path to credentials file
authn.creds_file = creds_file
if (step == 1):
print "OneId. Authenticate for step 1"
# Find OneID request
json_data_array = requestParameters.get("json_data")
if ArrayHelper.isEmpty(json_data_array):
print "OneId. Authenticate for step 1. json_data is empty"
return False
request = json_data_array[0]
print "OneId. Authenticate for step 1. request: " + request
if (StringHelper.isEmptyString(request)):
return False
authn.set_credentials()
# Validate request
http_client = httpService.getHttpsClientDefaulTrustStore()
auth_data = httpService.encodeBase64(authn.api_id + ":" +
authn.api_key)
http_response = httpService.executePost(
http_client, authn.helper_server + "/validate", auth_data,
request, ContentType.APPLICATION_JSON)
validation_content = httpService.convertEntityToString(
httpService.getResponseContent(http_response))
print "OneId. Authenticate for step 1. validation_content: " + validation_content
if (StringHelper.isEmptyString(validation_content)):
return False
validation_resp = json.loads(validation_content)
print "OneId. Authenticate for step 1. validation_resp: " + str(
validation_resp)
if (not authn.success(validation_resp)):
return False
response = json.loads(request)
for x in validation_resp:
response[x] = validation_resp[x]
oneid_user_uid = response['uid']
print "OneId. Authenticate for step 1. oneid_user_uid: " + oneid_user_uid
# Check if the is user with specified oneid_user_uid
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
print "OneId. Authenticate for step 1. Failed to find user"
print "OneId. Authenticate for step 1. Setting count steps to 2"
identity.setWorkingParameter("oneid_count_login_steps", 2)
identity.setWorkingParameter("oneid_user_uid", oneid_user_uid)
return True
found_user_name = find_user_by_uid.getUserId()
print "OneId. Authenticate for step 1. found_user_name: " + found_user_name
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
credentials.setUsername(found_user_name)
credentials.setUser(find_user_by_uid)
print "OneId. Authenticate for step 1. Setting count steps to 1"
identity.setWorkingParameter("oneid_count_login_steps", 1)
return True
elif (step == 2):
print "OneId. Authenticate for step 2"
sessionAttributes = identity.getSessionId().getSessionAttributes()
if (sessionAttributes == None
) or not sessionAttributes.containsKey("oneid_user_uid"):
print "OneId. Authenticate for step 2. oneid_user_uid is empty"
return False
oneid_user_uid = sessionAttributes.get("oneid_user_uid")
passed_step1 = StringHelper.isNotEmptyString(oneid_user_uid)
if (not passed_step1):
return False
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
passed_step1 = StringHelper.isNotEmptyString(user_name)
if (not passed_step1):
return False
identity = CdiUtil.bean(Identity)
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
logged_in = False
if (StringHelper.isNotEmptyString(user_name)
and StringHelper.isNotEmptyString(user_password)):
logged_in = authenticationService.authenticate(
user_name, user_password)
if (not logged_in):
return False
# Check if there is user which has oneid_user_uid
# Avoid mapping OneID account to more than one IDP account
find_user_by_uid = userService.getUserByAttribute(
"oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
# Add oneid_user_uid to user one id UIDs
find_user_by_uid = userService.addUserAttribute(
user_name, "oxExternalUid", "oneid:" + oneid_user_uid)
if (find_user_by_uid == None):
print "OneId. Authenticate for step 2. Failed to update current user"
return False
return True
else:
found_user_name = find_user_by_uid.getUserId()
print "OneId. Authenticate for step 2. found_user_name: " + found_user_name
if StringHelper.equals(user_name, found_user_name):
return True
return False
else:
return False
