From 0d259b2a6e64e77a37efc4769838ab2be093e9c3 Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Mon, 5 Oct 2015 11:34:14 +0530 Subject: [PATCH] Enabling SAML --- .../pom.xml | 4 + .../impl/DynamicClientRegistrationImpl.java | 95 +++++++++++++++---- pom.xml | 5 + 3 files changed, 86 insertions(+), 18 deletions(-) diff --git a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml index f9f1d342062..51bce89c192 100644 --- a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml +++ b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/pom.xml @@ -84,6 +84,10 @@ org.wso2.carbon.identity org.wso2.carbon.identity.oauth + + org.wso2.carbon.identity + org.wso2.carbon.identity.sso.saml + com.googlecode.json-simple.wso2 json-simple diff --git a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java index 599619cfc1b..94cc4bf81cf 100644 --- a/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java +++ b/components/dynamic-client-registration/org.wso2.carbon.dynamic.client.registration/src/main/java/org/wso2/carbon/dynamic/client/registration/impl/DynamicClientRegistrationImpl.java @@ -24,20 +24,27 @@ import org.json.JSONException; import org.json.JSONObject; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.context.RegistryType; import org.wso2.carbon.dynamic.client.registration.ApplicationConstants; import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException; import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService; import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo; import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; +import org.wso2.carbon.identity.application.common.model.AuthenticationStep; import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig; import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; +import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig; +import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.identity.oauth.OAuthAdminService; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; +import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin; +import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO; +import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.util.Arrays; @@ -48,6 +55,13 @@ import java.util.Arrays; public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService { private static final String TOKEN_SCOPE = "tokenScope"; + private static final String MDM = "mdm"; + private static final String SAML_SSO = "samlsso"; + private static final String BASIC_AUTHENTICATOR = "BasicAuthenticator"; + private static final String BASIC = "basic"; + private static final String LOCAL = "local"; + private static final String ASSERTION_CONSUMER_URI = "https://localhost:9443/mdm/sso/acs"; + private static final String AUDIENCE = "https://null:9443/oauth2/token"; private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class); @Override @@ -89,16 +103,16 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) { oAuthApplicationInfo .addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS, - jsonObject - .get(ApplicationConstants.ClientMetadata. - OAUTH_REDIRECT_URIS)); + jsonObject + .get(ApplicationConstants.ClientMetadata. + OAUTH_REDIRECT_URIS)); } if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) { oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata. - OAUTH_CLIENT_GRANT, jsonObject - .get(ApplicationConstants.ClientMetadata. - OAUTH_CLIENT_GRANT)); + OAUTH_CLIENT_GRANT, jsonObject + .get(ApplicationConstants.ClientMetadata. + OAUTH_CLIENT_GRANT)); } } catch (JSONException e) { throw new DynamicClientRegistrationException( @@ -148,9 +162,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (appMgtService == null) { throw new IllegalStateException( "Error occurred while retrieving Application Management" + - "Service"); + "Service"); + } + + ServiceProvider existingServiceProvider = appMgtService.getApplication(applicationName); + + if(existingServiceProvider == null) { + appMgtService.createApplication(serviceProvider); } - appMgtService.createApplication(serviceProvider); ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName); if (createdServiceProvider == null) { @@ -170,14 +189,17 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS log.debug("Creating OAuth App " + applicationName); } - oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO); + if(existingServiceProvider == null) { + oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO); + } + if (log.isDebugEnabled()) { log.debug("Created OAuth App " + applicationName); } OAuthConsumerAppDTO createdApp = oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO - .getApplicationName()); + .getApplicationName()); if (log.isDebugEnabled()) { log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName()); } @@ -185,15 +207,15 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig(); InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new - InboundAuthenticationRequestConfig[1]; + InboundAuthenticationRequestConfig[2]; + InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig(); - inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey()); inboundAuthenticationRequestConfig.setInboundAuthType("oauth2"); if (createdApp.getOauthConsumerSecret() != null && !createdApp. - getOauthConsumerSecret() - .isEmpty()) { + getOauthConsumerSecret() + .isEmpty()) { Property property = new Property(); property.setName("oauthConsumerSecret"); property.setValue(createdApp.getOauthConsumerSecret()); @@ -201,10 +223,41 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS inboundAuthenticationRequestConfig.setProperties(properties); } + SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO(); + samlssoServiceProviderDTO.setIssuer(MDM); + samlssoServiceProviderDTO.setAssertionConsumerUrl(ASSERTION_CONSUMER_URI); + samlssoServiceProviderDTO.setDoSignResponse(true); + samlssoServiceProviderDTO.setRequestedAudiences(new String[]{AUDIENCE}); + + SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry()); + configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO); + + InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig(); + samlAuthenticationRequest.setInboundAuthKey(MDM); + samlAuthenticationRequest.setInboundAuthType(SAML_SSO); + + LocalAuthenticatorConfig localAuth = new LocalAuthenticatorConfig(); + localAuth.setName(BASIC_AUTHENTICATOR); + localAuth.setDisplayName(BASIC); + localAuth.setEnabled(true); + + AuthenticationStep authStep = new AuthenticationStep(); + authStep.setStepOrder(1); + authStep.setSubjectStep(true); + authStep.setAttributeStep(true); + + authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuth}); + + LocalAndOutboundAuthenticationConfig localOutboundAuthConfig = new LocalAndOutboundAuthenticationConfig(); + localOutboundAuthConfig.setAuthenticationType(LOCAL); + localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[]{authStep}); + inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig; + inboundAuthenticationRequestConfigs[1] = samlAuthenticationRequest; inboundAuthenticationConfig .setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs); createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig); + createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig); // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config appMgtService.updateApplication(createdServiceProvider); @@ -221,6 +274,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS oAuthApplicationInfo.addParameter( ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT, createdApp.getGrantTypes()); + return oAuthApplicationInfo; } catch (IdentityApplicationManagementException e) { throw new DynamicClientRegistrationException( @@ -234,6 +288,11 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS } } + protected Registry getConfigSystemRegistry() { + return (Registry)PrivilegedCarbonContext.getThreadLocalCarbonContext(). + getRegistry(RegistryType.SYSTEM_CONFIGURATION); + } + @Override public boolean unregisterOAuthApplication(String userId, String applicationName, String consumerKey) @@ -250,7 +309,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (userId == null || userId.isEmpty()) { throw new DynamicClientRegistrationException( "Error occurred while unregistering Application: userId cannot " + - "be null/empty"); + "be null/empty"); } try { OAuthAdminService oAuthAdminService = new OAuthAdminService(); @@ -260,7 +319,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (oAuthConsumerAppDTO == null) { throw new DynamicClientRegistrationException( "Couldn't retrieve OAuth Consumer Application associated with the " + - "given consumer key: " + consumerKey); + "given consumer key: " + consumerKey); } oAuthAdminService.removeOAuthApplicationData(consumerKey); @@ -269,7 +328,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (appMgtService == null) { throw new IllegalStateException( "Error occurred while retrieving Application Management" + - "Service"); + "Service"); } ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName); @@ -299,7 +358,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS if (appMgtService == null) { throw new IllegalStateException( "Error occurred while retrieving Application Management" + - "Service"); + "Service"); } try { if (appMgtService.getApplication(applicationName) != null) { diff --git a/pom.xml b/pom.xml index ce2f4a193fb..af165f29196 100644 --- a/pom.xml +++ b/pom.xml @@ -935,6 +935,11 @@ org.wso2.carbon.identity.oauth ${carbon.identity.version} + + org.wso2.carbon.identity + org.wso2.carbon.identity.sso.saml + ${carbon.identity.version} + com.googlecode.json-simple.wso2 json-simple