|
|
|
|
@ -41,7 +41,9 @@ import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
|
|
|
|
|
import org.wso2.carbon.registry.core.Registry;
|
|
|
|
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
|
|
|
|
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Implementation of DynamicClientRegistrationService.
|
|
|
|
|
@ -60,9 +62,12 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
private static final int STEP_ORDER = 1;
|
|
|
|
|
private static final String OAUTH_VERSION = "OAuth-2.0";
|
|
|
|
|
|
|
|
|
|
private static final String APPLICATION_TYPE_WEBAPP = "webapp";
|
|
|
|
|
private static final String APPLICATION_TYPE_DEVICE = "device";
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public OAuthApplicationInfo registerOAuthApplication(RegistrationProfile profile) throws
|
|
|
|
|
DynamicClientRegistrationException {
|
|
|
|
|
public OAuthApplicationInfo registerOAuthApplication(
|
|
|
|
|
RegistrationProfile profile) throws DynamicClientRegistrationException {
|
|
|
|
|
OAuthApplicationInfo oAuthApplicationInfo = new OAuthApplicationInfo();
|
|
|
|
|
String applicationName = profile.getClientName();
|
|
|
|
|
|
|
|
|
|
@ -78,9 +83,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
OAuthApplicationInfo info;
|
|
|
|
|
try {
|
|
|
|
|
info = this.createOAuthApplication(profile);
|
|
|
|
|
} catch (DynamicClientRegistrationException e) {
|
|
|
|
|
throw new DynamicClientRegistrationException("Can not create OAuth application : " + applicationName, e);
|
|
|
|
|
} catch (IdentityException e) {
|
|
|
|
|
} catch (DynamicClientRegistrationException | IdentityException e) {
|
|
|
|
|
throw new DynamicClientRegistrationException("Can not create OAuth application : " + applicationName, e);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -98,13 +101,13 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
JSONObject jsonObject = new JSONObject(info.getJsonString());
|
|
|
|
|
if (jsonObject.has(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) {
|
|
|
|
|
oAuthApplicationInfo.addParameter(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
|
|
|
|
|
jsonObject
|
|
|
|
|
.get(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS));
|
|
|
|
|
jsonObject
|
|
|
|
|
.get(DCRConstants.ClientMetadata.OAUTH_REDIRECT_URIS));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (jsonObject.has(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) {
|
|
|
|
|
oAuthApplicationInfo.addParameter(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT, jsonObject
|
|
|
|
|
.get(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT));
|
|
|
|
|
.get(DCRConstants.ClientMetadata.OAUTH_CLIENT_GRANT));
|
|
|
|
|
}
|
|
|
|
|
} catch (JSONException e) {
|
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
|
@ -166,7 +169,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
|
|
|
|
|
if (createdServiceProvider == null) {
|
|
|
|
|
throw new DynamicClientRegistrationException("Couldn't create Service Provider Application " +
|
|
|
|
|
applicationName);
|
|
|
|
|
applicationName);
|
|
|
|
|
}
|
|
|
|
|
//Set SaaS app option
|
|
|
|
|
createdServiceProvider.setSaasApp(isSaaSApp);
|
|
|
|
|
@ -199,8 +202,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
// Set the OAuthApp in InboundAuthenticationConfig
|
|
|
|
|
InboundAuthenticationConfig inboundAuthenticationConfig =
|
|
|
|
|
new InboundAuthenticationConfig();
|
|
|
|
|
InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new
|
|
|
|
|
InboundAuthenticationRequestConfig[2];
|
|
|
|
|
List<InboundAuthenticationRequestConfig> inboundAuthenticationRequestConfigs = new ArrayList<>();
|
|
|
|
|
|
|
|
|
|
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new
|
|
|
|
|
InboundAuthenticationRequestConfig();
|
|
|
|
|
@ -211,19 +213,22 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
Property property = new Property();
|
|
|
|
|
property.setName(OAUTH_CONSUMER_SECRET);
|
|
|
|
|
property.setValue(oauthConsumerSecret);
|
|
|
|
|
Property[] properties = { property };
|
|
|
|
|
Property[] properties = {property};
|
|
|
|
|
inboundAuthenticationRequestConfig.setProperties(properties);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO();
|
|
|
|
|
samlssoServiceProviderDTO.setIssuer(MDM);
|
|
|
|
|
if (APPLICATION_TYPE_WEBAPP.equals(profile.getApplicationType())) {
|
|
|
|
|
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO();
|
|
|
|
|
samlssoServiceProviderDTO.setIssuer(applicationName);
|
|
|
|
|
|
|
|
|
|
SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
|
|
|
|
|
configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO);
|
|
|
|
|
SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
|
|
|
|
|
configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO);
|
|
|
|
|
|
|
|
|
|
InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig();
|
|
|
|
|
samlAuthenticationRequest.setInboundAuthKey(MDM);
|
|
|
|
|
samlAuthenticationRequest.setInboundAuthType(SAML_SSO);
|
|
|
|
|
InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig();
|
|
|
|
|
samlAuthenticationRequest.setInboundAuthKey(applicationName);
|
|
|
|
|
samlAuthenticationRequest.setInboundAuthType(SAML_SSO);
|
|
|
|
|
inboundAuthenticationRequestConfigs.add(samlAuthenticationRequest);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LocalAuthenticatorConfig localAuth = new LocalAuthenticatorConfig();
|
|
|
|
|
localAuth.setName(BASIC_AUTHENTICATOR);
|
|
|
|
|
@ -235,18 +240,18 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
authStep.setSubjectStep(true);
|
|
|
|
|
authStep.setAttributeStep(true);
|
|
|
|
|
|
|
|
|
|
authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[] { localAuth });
|
|
|
|
|
authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuth});
|
|
|
|
|
|
|
|
|
|
LocalAndOutboundAuthenticationConfig localOutboundAuthConfig = new LocalAndOutboundAuthenticationConfig();
|
|
|
|
|
localOutboundAuthConfig.setAuthenticationType(LOCAL);
|
|
|
|
|
localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[] { authStep });
|
|
|
|
|
localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[]{authStep});
|
|
|
|
|
createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig);
|
|
|
|
|
|
|
|
|
|
inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig;
|
|
|
|
|
inboundAuthenticationRequestConfigs[1] = samlAuthenticationRequest;
|
|
|
|
|
inboundAuthenticationRequestConfigs.add(inboundAuthenticationRequestConfig);
|
|
|
|
|
inboundAuthenticationConfig
|
|
|
|
|
.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs);
|
|
|
|
|
.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs.toArray(
|
|
|
|
|
new InboundAuthenticationRequestConfig[inboundAuthenticationRequestConfigs.size()]));
|
|
|
|
|
createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
|
|
|
|
|
createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig);
|
|
|
|
|
|
|
|
|
|
// Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
|
|
|
|
|
appMgtService.updateApplication(createdServiceProvider, tenantDomain, userName);
|
|
|
|
|
@ -277,12 +282,12 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
|
|
|
|
|
protected Registry getConfigSystemRegistry() {
|
|
|
|
|
return (Registry) PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.
|
|
|
|
|
SYSTEM_CONFIGURATION);
|
|
|
|
|
SYSTEM_CONFIGURATION);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public boolean unregisterOAuthApplication(String userId, String applicationName, String consumerKey) throws
|
|
|
|
|
DynamicClientRegistrationException {
|
|
|
|
|
DynamicClientRegistrationException {
|
|
|
|
|
DynamicClientRegistrationUtil.validateUsername(userId);
|
|
|
|
|
DynamicClientRegistrationUtil.validateApplicationName(applicationName);
|
|
|
|
|
DynamicClientRegistrationUtil.validateConsumerKey(consumerKey);
|
|
|
|
|
@ -319,7 +324,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
if (appMgtService == null) {
|
|
|
|
|
throw new IllegalStateException(
|
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
|
"Service");
|
|
|
|
|
"Service");
|
|
|
|
|
}
|
|
|
|
|
ServiceProvider createdServiceProvider = appMgtService.getServiceProvider(applicationName, tenantDomain);
|
|
|
|
|
if (createdServiceProvider == null) {
|
|
|
|
|
@ -333,7 +338,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
"Error occurred while removing ServiceProvider for application '" + applicationName + "'", e);
|
|
|
|
|
} catch (IdentityOAuthAdminException e) {
|
|
|
|
|
throw new DynamicClientRegistrationException("Error occurred while removing application '" +
|
|
|
|
|
applicationName + "'", e);
|
|
|
|
|
applicationName + "'", e);
|
|
|
|
|
} finally {
|
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
}
|
|
|
|
|
@ -347,12 +352,12 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
if (appMgtService == null) {
|
|
|
|
|
throw new IllegalStateException(
|
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
|
"Service");
|
|
|
|
|
"Service");
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
return appMgtService.getServiceProvider(applicationName,
|
|
|
|
|
CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) !=
|
|
|
|
|
null;
|
|
|
|
|
CarbonContext.getThreadLocalCarbonContext().getTenantDomain()) !=
|
|
|
|
|
null;
|
|
|
|
|
} catch (IdentityApplicationManagementException e) {
|
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
|
"Error occurred while retrieving information of OAuthApp " + applicationName, e);
|
|
|
|
|
@ -360,7 +365,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private String replaceInvalidChars(String username) {
|
|
|
|
|
return username.replaceAll("@","_AT_");
|
|
|
|
|
return username.replaceAll("@", "_AT_");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
prabathabey
9 years ago