|
|
|
@ -24,20 +24,27 @@ import org.json.JSONException;
|
|
|
|
import org.json.JSONObject;
|
|
|
|
import org.json.JSONObject;
|
|
|
|
import org.wso2.carbon.context.CarbonContext;
|
|
|
|
import org.wso2.carbon.context.CarbonContext;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
|
|
|
|
import org.wso2.carbon.context.RegistryType;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.ApplicationConstants;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.ApplicationConstants;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile;
|
|
|
|
import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile;
|
|
|
|
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
|
|
|
|
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
|
|
|
|
|
|
|
|
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
|
|
|
|
|
|
|
|
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
|
|
|
|
|
|
|
|
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.Property;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.Property;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
|
|
|
|
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
|
|
|
|
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
|
|
|
|
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
|
|
|
|
import org.wso2.carbon.identity.base.IdentityException;
|
|
|
|
import org.wso2.carbon.identity.base.IdentityException;
|
|
|
|
import org.wso2.carbon.identity.oauth.OAuthAdminService;
|
|
|
|
import org.wso2.carbon.identity.oauth.OAuthAdminService;
|
|
|
|
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
|
|
|
|
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
|
|
|
|
|
|
|
|
import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin;
|
|
|
|
|
|
|
|
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
|
|
|
|
|
|
|
|
import org.wso2.carbon.registry.core.Registry;
|
|
|
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
|
|
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
|
|
|
|
|
|
|
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.Arrays;
|
|
|
|
@ -48,6 +55,13 @@ import java.util.Arrays;
|
|
|
|
public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService {
|
|
|
|
public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService {
|
|
|
|
|
|
|
|
|
|
|
|
private static final String TOKEN_SCOPE = "tokenScope";
|
|
|
|
private static final String TOKEN_SCOPE = "tokenScope";
|
|
|
|
|
|
|
|
private static final String MDM = "mdm";
|
|
|
|
|
|
|
|
private static final String SAML_SSO = "samlsso";
|
|
|
|
|
|
|
|
private static final String BASIC_AUTHENTICATOR = "BasicAuthenticator";
|
|
|
|
|
|
|
|
private static final String BASIC = "basic";
|
|
|
|
|
|
|
|
private static final String LOCAL = "local";
|
|
|
|
|
|
|
|
private static final String ASSERTION_CONSUMER_URI = "https://localhost:9443/mdm/sso/acs";
|
|
|
|
|
|
|
|
private static final String AUDIENCE = "https://null:9443/oauth2/token";
|
|
|
|
private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class);
|
|
|
|
private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class);
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
@ -89,16 +103,16 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) {
|
|
|
|
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) {
|
|
|
|
oAuthApplicationInfo
|
|
|
|
oAuthApplicationInfo
|
|
|
|
.addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
|
|
|
|
.addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
|
|
|
|
jsonObject
|
|
|
|
jsonObject
|
|
|
|
.get(ApplicationConstants.ClientMetadata.
|
|
|
|
.get(ApplicationConstants.ClientMetadata.
|
|
|
|
OAUTH_REDIRECT_URIS));
|
|
|
|
OAUTH_REDIRECT_URIS));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) {
|
|
|
|
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) {
|
|
|
|
oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata.
|
|
|
|
oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata.
|
|
|
|
OAUTH_CLIENT_GRANT, jsonObject
|
|
|
|
OAUTH_CLIENT_GRANT, jsonObject
|
|
|
|
.get(ApplicationConstants.ClientMetadata.
|
|
|
|
.get(ApplicationConstants.ClientMetadata.
|
|
|
|
OAUTH_CLIENT_GRANT));
|
|
|
|
OAUTH_CLIENT_GRANT));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} catch (JSONException e) {
|
|
|
|
} catch (JSONException e) {
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
@ -148,9 +162,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
if (appMgtService == null) {
|
|
|
|
if (appMgtService == null) {
|
|
|
|
throw new IllegalStateException(
|
|
|
|
throw new IllegalStateException(
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
"Service");
|
|
|
|
"Service");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ServiceProvider existingServiceProvider = appMgtService.getApplication(applicationName);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(existingServiceProvider == null) {
|
|
|
|
|
|
|
|
appMgtService.createApplication(serviceProvider);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
appMgtService.createApplication(serviceProvider);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName);
|
|
|
|
ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName);
|
|
|
|
if (createdServiceProvider == null) {
|
|
|
|
if (createdServiceProvider == null) {
|
|
|
|
@ -170,14 +189,17 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
log.debug("Creating OAuth App " + applicationName);
|
|
|
|
log.debug("Creating OAuth App " + applicationName);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO);
|
|
|
|
if(existingServiceProvider == null) {
|
|
|
|
|
|
|
|
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
log.debug("Created OAuth App " + applicationName);
|
|
|
|
log.debug("Created OAuth App " + applicationName);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
OAuthConsumerAppDTO createdApp =
|
|
|
|
OAuthConsumerAppDTO createdApp =
|
|
|
|
oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO
|
|
|
|
oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO
|
|
|
|
.getApplicationName());
|
|
|
|
.getApplicationName());
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
if (log.isDebugEnabled()) {
|
|
|
|
log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName());
|
|
|
|
log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -185,15 +207,15 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
InboundAuthenticationConfig inboundAuthenticationConfig =
|
|
|
|
InboundAuthenticationConfig inboundAuthenticationConfig =
|
|
|
|
new InboundAuthenticationConfig();
|
|
|
|
new InboundAuthenticationConfig();
|
|
|
|
InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new
|
|
|
|
InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new
|
|
|
|
InboundAuthenticationRequestConfig[1];
|
|
|
|
InboundAuthenticationRequestConfig[2];
|
|
|
|
|
|
|
|
|
|
|
|
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new
|
|
|
|
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new
|
|
|
|
InboundAuthenticationRequestConfig();
|
|
|
|
InboundAuthenticationRequestConfig();
|
|
|
|
|
|
|
|
|
|
|
|
inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
|
|
|
|
inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
|
|
|
|
inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
|
|
|
|
inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
|
|
|
|
if (createdApp.getOauthConsumerSecret() != null && !createdApp.
|
|
|
|
if (createdApp.getOauthConsumerSecret() != null && !createdApp.
|
|
|
|
getOauthConsumerSecret()
|
|
|
|
getOauthConsumerSecret()
|
|
|
|
.isEmpty()) {
|
|
|
|
.isEmpty()) {
|
|
|
|
Property property = new Property();
|
|
|
|
Property property = new Property();
|
|
|
|
property.setName("oauthConsumerSecret");
|
|
|
|
property.setName("oauthConsumerSecret");
|
|
|
|
property.setValue(createdApp.getOauthConsumerSecret());
|
|
|
|
property.setValue(createdApp.getOauthConsumerSecret());
|
|
|
|
@ -201,10 +223,41 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
inboundAuthenticationRequestConfig.setProperties(properties);
|
|
|
|
inboundAuthenticationRequestConfig.setProperties(properties);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO();
|
|
|
|
|
|
|
|
samlssoServiceProviderDTO.setIssuer(MDM);
|
|
|
|
|
|
|
|
samlssoServiceProviderDTO.setAssertionConsumerUrl(ASSERTION_CONSUMER_URI);
|
|
|
|
|
|
|
|
samlssoServiceProviderDTO.setDoSignResponse(true);
|
|
|
|
|
|
|
|
samlssoServiceProviderDTO.setRequestedAudiences(new String[]{AUDIENCE});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
|
|
|
|
|
|
|
|
configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig();
|
|
|
|
|
|
|
|
samlAuthenticationRequest.setInboundAuthKey(MDM);
|
|
|
|
|
|
|
|
samlAuthenticationRequest.setInboundAuthType(SAML_SSO);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LocalAuthenticatorConfig localAuth = new LocalAuthenticatorConfig();
|
|
|
|
|
|
|
|
localAuth.setName(BASIC_AUTHENTICATOR);
|
|
|
|
|
|
|
|
localAuth.setDisplayName(BASIC);
|
|
|
|
|
|
|
|
localAuth.setEnabled(true);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AuthenticationStep authStep = new AuthenticationStep();
|
|
|
|
|
|
|
|
authStep.setStepOrder(1);
|
|
|
|
|
|
|
|
authStep.setSubjectStep(true);
|
|
|
|
|
|
|
|
authStep.setAttributeStep(true);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuth});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LocalAndOutboundAuthenticationConfig localOutboundAuthConfig = new LocalAndOutboundAuthenticationConfig();
|
|
|
|
|
|
|
|
localOutboundAuthConfig.setAuthenticationType(LOCAL);
|
|
|
|
|
|
|
|
localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[]{authStep});
|
|
|
|
|
|
|
|
|
|
|
|
inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig;
|
|
|
|
inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig;
|
|
|
|
|
|
|
|
inboundAuthenticationRequestConfigs[1] = samlAuthenticationRequest;
|
|
|
|
inboundAuthenticationConfig
|
|
|
|
inboundAuthenticationConfig
|
|
|
|
.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs);
|
|
|
|
.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs);
|
|
|
|
createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
|
|
|
|
createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
|
|
|
|
|
|
|
|
createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig);
|
|
|
|
|
|
|
|
|
|
|
|
// Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
|
|
|
|
// Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
|
|
|
|
appMgtService.updateApplication(createdServiceProvider);
|
|
|
|
appMgtService.updateApplication(createdServiceProvider);
|
|
|
|
@ -221,6 +274,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
oAuthApplicationInfo.addParameter(
|
|
|
|
oAuthApplicationInfo.addParameter(
|
|
|
|
ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT,
|
|
|
|
ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT,
|
|
|
|
createdApp.getGrantTypes());
|
|
|
|
createdApp.getGrantTypes());
|
|
|
|
|
|
|
|
|
|
|
|
return oAuthApplicationInfo;
|
|
|
|
return oAuthApplicationInfo;
|
|
|
|
} catch (IdentityApplicationManagementException e) {
|
|
|
|
} catch (IdentityApplicationManagementException e) {
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
@ -234,6 +288,11 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected Registry getConfigSystemRegistry() {
|
|
|
|
|
|
|
|
return (Registry)PrivilegedCarbonContext.getThreadLocalCarbonContext().
|
|
|
|
|
|
|
|
getRegistry(RegistryType.SYSTEM_CONFIGURATION);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public boolean unregisterOAuthApplication(String userId, String applicationName,
|
|
|
|
public boolean unregisterOAuthApplication(String userId, String applicationName,
|
|
|
|
String consumerKey)
|
|
|
|
String consumerKey)
|
|
|
|
@ -250,7 +309,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
if (userId == null || userId.isEmpty()) {
|
|
|
|
if (userId == null || userId.isEmpty()) {
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
"Error occurred while unregistering Application: userId cannot " +
|
|
|
|
"Error occurred while unregistering Application: userId cannot " +
|
|
|
|
"be null/empty");
|
|
|
|
"be null/empty");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
OAuthAdminService oAuthAdminService = new OAuthAdminService();
|
|
|
|
OAuthAdminService oAuthAdminService = new OAuthAdminService();
|
|
|
|
@ -260,7 +319,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
if (oAuthConsumerAppDTO == null) {
|
|
|
|
if (oAuthConsumerAppDTO == null) {
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
throw new DynamicClientRegistrationException(
|
|
|
|
"Couldn't retrieve OAuth Consumer Application associated with the " +
|
|
|
|
"Couldn't retrieve OAuth Consumer Application associated with the " +
|
|
|
|
"given consumer key: " + consumerKey);
|
|
|
|
"given consumer key: " + consumerKey);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
oAuthAdminService.removeOAuthApplicationData(consumerKey);
|
|
|
|
oAuthAdminService.removeOAuthApplicationData(consumerKey);
|
|
|
|
|
|
|
|
|
|
|
|
@ -269,7 +328,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
if (appMgtService == null) {
|
|
|
|
if (appMgtService == null) {
|
|
|
|
throw new IllegalStateException(
|
|
|
|
throw new IllegalStateException(
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
"Service");
|
|
|
|
"Service");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName);
|
|
|
|
ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName);
|
|
|
|
|
|
|
|
|
|
|
|
@ -299,7 +358,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
|
|
|
|
if (appMgtService == null) {
|
|
|
|
if (appMgtService == null) {
|
|
|
|
throw new IllegalStateException(
|
|
|
|
throw new IllegalStateException(
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
"Error occurred while retrieving Application Management" +
|
|
|
|
"Service");
|
|
|
|
"Service");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
if (appMgtService.getApplication(applicationName) != null) {
|
|
|
|
if (appMgtService.getApplication(applicationName) != null) {
|
|
|
|
|
harshanl
9 years ago