Enabling SAML

revert-70aa11f8
Dilshan Edirisuriya 9 years ago
parent c7685fedca
commit 0d259b2a6e

@ -84,6 +84,10 @@
<groupId>org.wso2.carbon.identity</groupId> <groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId> <artifactId>org.wso2.carbon.identity.oauth</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.sso.saml</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.googlecode.json-simple.wso2</groupId> <groupId>com.googlecode.json-simple.wso2</groupId>
<artifactId>json-simple</artifactId> <artifactId>json-simple</artifactId>

@ -24,20 +24,27 @@ import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.dynamic.client.registration.ApplicationConstants; import org.wso2.carbon.dynamic.client.registration.ApplicationConstants;
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException; import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationException;
import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService; import org.wso2.carbon.dynamic.client.registration.DynamicClientRegistrationService;
import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo; import org.wso2.carbon.dynamic.client.registration.OAuthApplicationInfo;
import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile; import org.wso2.carbon.dynamic.client.registration.profile.RegistrationProfile;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException; import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig; import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig; import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.base.IdentityException; import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.oauth.OAuthAdminService; import org.wso2.carbon.identity.oauth.OAuthAdminService;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import java.util.Arrays; import java.util.Arrays;
@ -48,6 +55,13 @@ import java.util.Arrays;
public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService { public class DynamicClientRegistrationImpl implements DynamicClientRegistrationService {
private static final String TOKEN_SCOPE = "tokenScope"; private static final String TOKEN_SCOPE = "tokenScope";
private static final String MDM = "mdm";
private static final String SAML_SSO = "samlsso";
private static final String BASIC_AUTHENTICATOR = "BasicAuthenticator";
private static final String BASIC = "basic";
private static final String LOCAL = "local";
private static final String ASSERTION_CONSUMER_URI = "https://localhost:9443/mdm/sso/acs";
private static final String AUDIENCE = "https://null:9443/oauth2/token";
private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class); private static final Log log = LogFactory.getLog(DynamicClientRegistrationService.class);
@Override @Override
@ -89,16 +103,16 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) { if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS)) {
oAuthApplicationInfo oAuthApplicationInfo
.addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS, .addParameter(ApplicationConstants.ClientMetadata.OAUTH_REDIRECT_URIS,
jsonObject jsonObject
.get(ApplicationConstants.ClientMetadata. .get(ApplicationConstants.ClientMetadata.
OAUTH_REDIRECT_URIS)); OAUTH_REDIRECT_URIS));
} }
if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) { if (jsonObject.has(ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT)) {
oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata. oAuthApplicationInfo.addParameter(ApplicationConstants.ClientMetadata.
OAUTH_CLIENT_GRANT, jsonObject OAUTH_CLIENT_GRANT, jsonObject
.get(ApplicationConstants.ClientMetadata. .get(ApplicationConstants.ClientMetadata.
OAUTH_CLIENT_GRANT)); OAUTH_CLIENT_GRANT));
} }
} catch (JSONException e) { } catch (JSONException e) {
throw new DynamicClientRegistrationException( throw new DynamicClientRegistrationException(
@ -148,9 +162,14 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
if (appMgtService == null) { if (appMgtService == null) {
throw new IllegalStateException( throw new IllegalStateException(
"Error occurred while retrieving Application Management" + "Error occurred while retrieving Application Management" +
"Service"); "Service");
}
ServiceProvider existingServiceProvider = appMgtService.getApplication(applicationName);
if(existingServiceProvider == null) {
appMgtService.createApplication(serviceProvider);
} }
appMgtService.createApplication(serviceProvider);
ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName); ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName);
if (createdServiceProvider == null) { if (createdServiceProvider == null) {
@ -170,14 +189,17 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
log.debug("Creating OAuth App " + applicationName); log.debug("Creating OAuth App " + applicationName);
} }
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO); if(existingServiceProvider == null) {
oAuthAdminService.registerOAuthApplicationData(oAuthConsumerAppDTO);
}
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Created OAuth App " + applicationName); log.debug("Created OAuth App " + applicationName);
} }
OAuthConsumerAppDTO createdApp = OAuthConsumerAppDTO createdApp =
oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO oAuthAdminService.getOAuthApplicationDataByAppName(oAuthConsumerAppDTO
.getApplicationName()); .getApplicationName());
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName()); log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName());
} }
@ -185,15 +207,15 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
InboundAuthenticationConfig inboundAuthenticationConfig = InboundAuthenticationConfig inboundAuthenticationConfig =
new InboundAuthenticationConfig(); new InboundAuthenticationConfig();
InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = new
InboundAuthenticationRequestConfig[1]; InboundAuthenticationRequestConfig[2];
InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new
InboundAuthenticationRequestConfig(); InboundAuthenticationRequestConfig();
inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey()); inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
inboundAuthenticationRequestConfig.setInboundAuthType("oauth2"); inboundAuthenticationRequestConfig.setInboundAuthType("oauth2");
if (createdApp.getOauthConsumerSecret() != null && !createdApp. if (createdApp.getOauthConsumerSecret() != null && !createdApp.
getOauthConsumerSecret() getOauthConsumerSecret()
.isEmpty()) { .isEmpty()) {
Property property = new Property(); Property property = new Property();
property.setName("oauthConsumerSecret"); property.setName("oauthConsumerSecret");
property.setValue(createdApp.getOauthConsumerSecret()); property.setValue(createdApp.getOauthConsumerSecret());
@ -201,10 +223,41 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
inboundAuthenticationRequestConfig.setProperties(properties); inboundAuthenticationRequestConfig.setProperties(properties);
} }
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = new SAMLSSOServiceProviderDTO();
samlssoServiceProviderDTO.setIssuer(MDM);
samlssoServiceProviderDTO.setAssertionConsumerUrl(ASSERTION_CONSUMER_URI);
samlssoServiceProviderDTO.setDoSignResponse(true);
samlssoServiceProviderDTO.setRequestedAudiences(new String[]{AUDIENCE});
SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
configAdmin.addRelyingPartyServiceProvider(samlssoServiceProviderDTO);
InboundAuthenticationRequestConfig samlAuthenticationRequest = new InboundAuthenticationRequestConfig();
samlAuthenticationRequest.setInboundAuthKey(MDM);
samlAuthenticationRequest.setInboundAuthType(SAML_SSO);
LocalAuthenticatorConfig localAuth = new LocalAuthenticatorConfig();
localAuth.setName(BASIC_AUTHENTICATOR);
localAuth.setDisplayName(BASIC);
localAuth.setEnabled(true);
AuthenticationStep authStep = new AuthenticationStep();
authStep.setStepOrder(1);
authStep.setSubjectStep(true);
authStep.setAttributeStep(true);
authStep.setLocalAuthenticatorConfigs(new LocalAuthenticatorConfig[]{localAuth});
LocalAndOutboundAuthenticationConfig localOutboundAuthConfig = new LocalAndOutboundAuthenticationConfig();
localOutboundAuthConfig.setAuthenticationType(LOCAL);
localOutboundAuthConfig.setAuthenticationSteps(new AuthenticationStep[]{authStep});
inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig; inboundAuthenticationRequestConfigs[0] = inboundAuthenticationRequestConfig;
inboundAuthenticationRequestConfigs[1] = samlAuthenticationRequest;
inboundAuthenticationConfig inboundAuthenticationConfig
.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs); .setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs);
createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig); createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
createdServiceProvider.setLocalAndOutBoundAuthenticationConfig(localOutboundAuthConfig);
// Update the Service Provider app to add OAuthApp as an Inbound Authentication Config // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
appMgtService.updateApplication(createdServiceProvider); appMgtService.updateApplication(createdServiceProvider);
@ -221,6 +274,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
oAuthApplicationInfo.addParameter( oAuthApplicationInfo.addParameter(
ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT, ApplicationConstants.ClientMetadata.OAUTH_CLIENT_GRANT,
createdApp.getGrantTypes()); createdApp.getGrantTypes());
return oAuthApplicationInfo; return oAuthApplicationInfo;
} catch (IdentityApplicationManagementException e) { } catch (IdentityApplicationManagementException e) {
throw new DynamicClientRegistrationException( throw new DynamicClientRegistrationException(
@ -234,6 +288,11 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
} }
} }
protected Registry getConfigSystemRegistry() {
return (Registry)PrivilegedCarbonContext.getThreadLocalCarbonContext().
getRegistry(RegistryType.SYSTEM_CONFIGURATION);
}
@Override @Override
public boolean unregisterOAuthApplication(String userId, String applicationName, public boolean unregisterOAuthApplication(String userId, String applicationName,
String consumerKey) String consumerKey)
@ -250,7 +309,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
if (userId == null || userId.isEmpty()) { if (userId == null || userId.isEmpty()) {
throw new DynamicClientRegistrationException( throw new DynamicClientRegistrationException(
"Error occurred while unregistering Application: userId cannot " + "Error occurred while unregistering Application: userId cannot " +
"be null/empty"); "be null/empty");
} }
try { try {
OAuthAdminService oAuthAdminService = new OAuthAdminService(); OAuthAdminService oAuthAdminService = new OAuthAdminService();
@ -260,7 +319,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
if (oAuthConsumerAppDTO == null) { if (oAuthConsumerAppDTO == null) {
throw new DynamicClientRegistrationException( throw new DynamicClientRegistrationException(
"Couldn't retrieve OAuth Consumer Application associated with the " + "Couldn't retrieve OAuth Consumer Application associated with the " +
"given consumer key: " + consumerKey); "given consumer key: " + consumerKey);
} }
oAuthAdminService.removeOAuthApplicationData(consumerKey); oAuthAdminService.removeOAuthApplicationData(consumerKey);
@ -269,7 +328,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
if (appMgtService == null) { if (appMgtService == null) {
throw new IllegalStateException( throw new IllegalStateException(
"Error occurred while retrieving Application Management" + "Error occurred while retrieving Application Management" +
"Service"); "Service");
} }
ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName); ServiceProvider createdServiceProvider = appMgtService.getApplication(applicationName);
@ -299,7 +358,7 @@ public class DynamicClientRegistrationImpl implements DynamicClientRegistrationS
if (appMgtService == null) { if (appMgtService == null) {
throw new IllegalStateException( throw new IllegalStateException(
"Error occurred while retrieving Application Management" + "Error occurred while retrieving Application Management" +
"Service"); "Service");
} }
try { try {
if (appMgtService.getApplication(applicationName) != null) { if (appMgtService.getApplication(applicationName) != null) {

@ -935,6 +935,11 @@
<artifactId>org.wso2.carbon.identity.oauth</artifactId> <artifactId>org.wso2.carbon.identity.oauth</artifactId>
<version>${carbon.identity.version}</version> <version>${carbon.identity.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.sso.saml</artifactId>
<version>${carbon.identity.version}</version>
</dependency>
<dependency> <dependency>
<groupId>com.googlecode.json-simple.wso2</groupId> <groupId>com.googlecode.json-simple.wso2</groupId>
<artifactId>json-simple</artifactId> <artifactId>json-simple</artifactId>

Loading…
Cancel
Save