Skip to content

Commit

Permalink
Add support for managing custom federated authenticators.
Browse files Browse the repository at this point in the history
  • Loading branch information
Thisara-Welmilla committed Nov 6, 2024
1 parent 377dc85 commit 8f5db0d
Show file tree
Hide file tree
Showing 8 changed files with 210 additions and 165 deletions.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants.DefinedByType;

/**
* Verification authenticator configuration.
* The user defined federated authenticator configuration model.
*/
public class UserDefinedFederatedAuthenticatorConfig extends FederatedAuthenticatorConfig {

Expand All @@ -43,7 +43,7 @@ public UserDefinedFederatedAuthenticatorConfig(AuthenticationType type) {
}

/**
* Get the endpoint config of the Local authenticator config.
* Get the endpoint config of the User defined federated authenticator config.
*
* @return DefinedByType
*/
Expand All @@ -53,9 +53,9 @@ public EndpointConfig getEndpointConfig() {
}

/**
* Set the defined by type of the Local authenticator config.
* Set the defined by type of the User defined federated authenticator config.
*
* @param endpointConfig The endpoint config of the local authenticator config.
* @param endpointConfig The endpoint config of the User defined federated authenticator config.
*/
public void setEndpointConfig(EndpointConfig endpointConfig) {

Expand Down
48 changes: 0 additions & 48 deletions components/application-mgt/spotbugs-exclude.xml

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@
import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.secret.mgt.core.SecretsProcessor;
import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
Expand Down Expand Up @@ -126,7 +125,7 @@
public class IdPManagementDAO {

private static final Log log = LogFactory.getLog(IdPManagementDAO.class);
private final IdPSecretsProcessor idpSecretsProcessorService = new IdPSecretsProcessor();;
private final IdPSecretsProcessor idpSecretsProcessorService = new IdPSecretsProcessor();

private static final String OPENID_IDP_ENTITY_ID = "IdPEntityId";
private static final String ENABLE_SMS_OTP_IF_RECOVERY_NOTIFICATION_ENABLED
Expand Down Expand Up @@ -3985,13 +3984,17 @@ public String addIdPWithResourceId(IdentityProvider identityProvider, int tenant
throw new IdentityProviderManagementException("An error occurred while processing content stream.", e);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
endpointConfigurationManager.deleteEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always
have a single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (identityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.deleteEndpointConfigurations(
identityProvider.getFederatedAuthenticatorConfigs()[0], tenantId);
}
throw new IdentityProviderManagementException("Error occurred while adding Identity Provider for tenant "
+ tenantId, e);
} catch (IdentityProviderManagementException e) {
if (ERROR_CODE_ASSOCIATED_ACTION_MGT.getCode().equals(e.getErrorCode())) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);;
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
}
throw e;
}
Expand Down Expand Up @@ -4315,13 +4318,18 @@ public void updateIdPWithResourceId(String resourceId, IdentityProvider
throw new IdentityProviderManagementException("An error occurred while processing content stream.", e);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
endpointConfigurationManager.updateEndpointConfigurations(currentIdentityProvider
.getDefaultAuthenticatorConfig(), newIdentityProvider.getDefaultAuthenticatorConfig(), tenantId);
/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always
have a single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (currentIdentityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.updateEndpointConfigurations(currentIdentityProvider
.getFederatedAuthenticatorConfigs()[0], newIdentityProvider.getFederatedAuthenticatorConfigs()[0],
tenantId);
}
throw new IdentityProviderManagementException("Error occurred while updating Identity Provider " +
"information for tenant " + tenantId, e);
} catch (IdentityProviderManagementException e) {
if (ERROR_CODE_ASSOCIATED_ACTION_MGT.getCode().equals(e.getErrorCode())) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);;
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
}
throw e;
} catch (ConnectorException e) {
Expand Down Expand Up @@ -4394,19 +4402,22 @@ public void deleteIdP(String idPName, int tenantId, String tenantDomain)
String msg = "Trying to delete non-existent Identity Provider: %s in tenantDomain: %s";
throw new IdentityProviderManagementException(String.format(msg, idPName, tenantDomain));
}
endpointConfigurationManager.deleteEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always
have a single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (identityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.deleteEndpointConfigurations(
identityProvider.getFederatedAuthenticatorConfigs()[0], tenantId);
}
deleteIdP(dbConnection, tenantId, idPName, null);
IdentityDatabaseUtil.commitTransaction(dbConnection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
endpointConfigurationManager.addEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
rollBackEndpointConfigurationDeletion(identityProvider, tenantId);
throw new IdentityProviderManagementException("Error occurred while deleting Identity Provider of tenant "
+ tenantDomain, e);
} catch (IdentityProviderManagementException e) {
if (ERROR_CODE_ASSOCIATED_ACTION_MGT.getCode().equals(e.getErrorCode())) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);;
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
}
throw e;
} finally {
Expand All @@ -4427,7 +4438,6 @@ public void deleteIdPs(int tenantId) throws IdentityProviderManagementException
IdPManagementConstants.SQLQueries.DELETE_ALL_IDP_BY_TENANT_ID_SQL);
prepStmt.setInt(1, tenantId);
prepStmt.executeUpdate();

} catch (SQLException e) {
throw new IdentityProviderManagementException("Error occurred while deleting Identity Providers of tenant "
+ tenantId, e);
Expand All @@ -4454,21 +4464,24 @@ public void deleteIdPByResourceId(String resourceId, int tenantId, String tenant
throw new IdentityProviderManagementException(String.format(msg, resourceId, tenantDomain));
}
idPName = identityProvider.getIdentityProviderName();
endpointConfigurationManager.deleteEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always
have a single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (identityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.deleteEndpointConfigurations(
identityProvider.getFederatedAuthenticatorConfigs()[0], tenantId);
}
deleteIdP(dbConnection, tenantId, null, resourceId);
// Delete IdP related secrets from the IDN_SECRET table.
idpSecretsProcessorService.deleteAssociatedSecrets(identityProvider);
IdentityDatabaseUtil.commitTransaction(dbConnection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
endpointConfigurationManager.addEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
rollBackEndpointConfigurationDeletion(identityProvider, tenantId);
throw new IdentityProviderManagementException("Error occurred while deleting Identity Provider of tenant "
+ tenantDomain, e);
} catch (IdentityProviderManagementException e) {
if (ERROR_CODE_ASSOCIATED_ACTION_MGT.getCode().equals(e.getErrorCode())) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);;
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
}
throw e;
} catch (SecretManagementException e) {
Expand Down Expand Up @@ -4502,21 +4515,24 @@ public void forceDeleteIdP(String idPName,
log.debug(String.format("Deleting SP Provisioning Associations for IDP:%s of tenantDomain:%s",
idPName, tenantDomain));
}
endpointConfigurationManager.deleteEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always
have a single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (identityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.deleteEndpointConfigurations(
identityProvider.getFederatedAuthenticatorConfigs()[0], tenantId);
}
deleteIdpSpProvisioningAssociations(dbConnection, tenantId, idPName);
deleteIdP(dbConnection, tenantId, idPName, null);
IdentityDatabaseUtil.commitTransaction(dbConnection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
endpointConfigurationManager.addEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
rollBackEndpointConfigurationDeletion(identityProvider, tenantId);
throw new IdentityProviderManagementException(
String.format("Error occurred while deleting Identity Provider:%s of tenant:%s ",
idPName, tenantDomain), e);
} catch (IdentityProviderManagementException e) {
if (ERROR_CODE_ASSOCIATED_ACTION_MGT.getCode().equals(e.getErrorCode())) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);;
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
}
throw e;
} finally {
Expand Down Expand Up @@ -4549,20 +4565,23 @@ public void forceDeleteIdPByResourceId(String resourceId, int tenantId, String t
identityProvider.getIdentityProviderName(), tenantDomain));
}
deleteIdpSpProvisioningAssociations(dbConnection, tenantId, identityProvider.getIdentityProviderName());
endpointConfigurationManager.deleteEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always
have a single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (identityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.deleteEndpointConfigurations(
identityProvider.getFederatedAuthenticatorConfigs()[0], tenantId);
}
deleteIdP(dbConnection, tenantId, null, resourceId);
IdentityDatabaseUtil.commitTransaction(dbConnection);
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
endpointConfigurationManager.addEndpointConfigurations(identityProvider.getDefaultAuthenticatorConfig(),
tenantId);
rollBackEndpointConfigurationDeletion(identityProvider, tenantId);
throw new IdentityProviderManagementException(
String.format("Error occurred while deleting Identity Provider with resource ID:%s of tenant:%s ",
resourceId, tenantDomain), e);
} catch (IdentityProviderManagementException e) {
if (ERROR_CODE_ASSOCIATED_ACTION_MGT.getCode().equals(e.getErrorCode())) {
IdentityDatabaseUtil.rollbackTransaction(dbConnection);;
IdentityDatabaseUtil.rollbackTransaction(dbConnection);
}
throw e;
} finally {
Expand Down Expand Up @@ -6104,4 +6123,15 @@ private void performConfigCorrectionForPasswordRecoveryConfigs(Connection dbConn
}
updateIdentityProviderProperties(dbConnection, idpId, idpProperties, tenantId);
}

private void rollBackEndpointConfigurationDeletion(IdentityProvider identityProvider, int tenantId) throws
IdentityProviderManagementException {

/* Since only one federated authenticator per newly creating IDP is allowed, the custom IDPs will always have a
single federated authenticator. For older IDPs, executing this 'if' code block is unnecessary. */
if (identityProvider != null && identityProvider.getFederatedAuthenticatorConfigs().length == 1) {
endpointConfigurationManager.addEndpointConfigurations(
identityProvider.getFederatedAuthenticatorConfigs()[0], tenantId);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ public static IdpMgtServiceComponentHolder getInstance() {
private ClaimMetadataManagementService claimMetadataManagementService;
private SecretManager secretManager;
private SecretResolveManager secretResolveManager;
private ActionManagementService actionManagementService;

private List<MetadataConverter> metadataConverters = new ArrayList<>();

Expand Down Expand Up @@ -190,11 +191,21 @@ public void setClaimMetadataManagementService(ClaimMetadataManagementService cla
this.claimMetadataManagementService = claimMetadataManagementService;
}

/**
* Get the Action Management Service.
*
* @return ActionManagementService instance.
*/
public ActionManagementService getActionManagementService() {

return actionManagementService;
}

/**
* Set the Action Management Service.
*
* @param actionManagementService ActionManagementService instance.
*/
public void setActionManagementService(ActionManagementService actionManagementService) {

this.actionManagementService = actionManagementService;
Expand Down
Loading

0 comments on commit 8f5db0d

Please sign in to comment.