From efa84703d652977743503366c1712d81a7b7d84c Mon Sep 17 00:00:00 2001
From: Sahan Dilshan <32576163+sahandilshan@users.noreply.github.com>
Date: Fri, 16 Feb 2024 15:41:48 +0530
Subject: [PATCH] Add protocol config handler (#412)
* Add protocol config handler
* Bump framework version
* Fix formatting issues
---
.../IdentitySAMLSSOConfigService.wsdl | 12 +
.../org.wso2.carbon.identity.sso.saml/pom.xml | 8 +
.../saml/SAML2InboundAuthConfigHandler.java | 343 ++++++++++++++++++
.../sso/saml/SAMLSSOConfigServiceImpl.java | 70 +++-
.../identity/sso/saml/SAMLSSOConstants.java | 1 +
.../sso/saml/admin/SAMLSSOConfigAdmin.java | 85 +++--
.../sso/saml/dto/SAML2ProtocolConfigDTO.java | 121 ++++++
.../saml/dto/SAMLSSOServiceProviderDTO.java | 28 +-
.../IdentitySAMLSSOServiceComponent.java | 33 +-
...IdentitySAMLSSOServiceComponentHolder.java | 47 ++-
.../internal/SAMLApplicationMgtListener.java | 17 +-
.../identity/sso/saml/util/SAMLSSOUtil.java | 20 +
.../SAML2InboundAuthConfigHandlerTest.java | 229 ++++++++++++
.../saml/admin/SAMLSSOConfigAdminTest.java | 17 +-
pom.xml | 9 +-
15 files changed, 958 insertions(+), 82 deletions(-)
create mode 100644 components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAML2InboundAuthConfigHandler.java
create mode 100644 components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/dto/SAML2ProtocolConfigDTO.java
create mode 100644 components/org.wso2.carbon.identity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAML2InboundAuthConfigHandlerTest.java
diff --git a/components/org.wso2.carbon.identity.sso.saml.stub/src/main/resources/IdentitySAMLSSOConfigService.wsdl b/components/org.wso2.carbon.identity.sso.saml.stub/src/main/resources/IdentitySAMLSSOConfigService.wsdl
index 85e17e33c..98a0a5ced 100644
--- a/components/org.wso2.carbon.identity.sso.saml.stub/src/main/resources/IdentitySAMLSSOConfigService.wsdl
+++ b/components/org.wso2.carbon.identity.sso.saml.stub/src/main/resources/IdentitySAMLSSOConfigService.wsdl
@@ -237,6 +237,17 @@
+
+
+
+
+
+
+
+
+
+
+
@@ -246,6 +257,7 @@
+
diff --git a/components/org.wso2.carbon.identity.sso.saml/pom.xml b/components/org.wso2.carbon.identity.sso.saml/pom.xml
index 7ccd1c34d..6636dc8c9 100755
--- a/components/org.wso2.carbon.identity.sso.saml/pom.xml
+++ b/components/org.wso2.carbon.identity.sso.saml/pom.xml
@@ -303,6 +303,14 @@
org.apache.felix.scr.ds-annotations
provided
+
+ org.apache.axis2.wso2
+ axis2
+
+
+ com.google.code.gson
+ gson
+
diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAML2InboundAuthConfigHandler.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAML2InboundAuthConfigHandler.java
new file mode 100644
index 000000000..6b2e22bb7
--- /dev/null
+++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAML2InboundAuthConfigHandler.java
@@ -0,0 +1,343 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.sso.saml;
+
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
+import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
+import org.wso2.carbon.identity.application.common.model.Property;
+import org.wso2.carbon.identity.application.common.model.ServiceProvider;
+import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
+import org.wso2.carbon.identity.application.mgt.inbound.dto.InboundProtocolConfigurationDTO;
+import org.wso2.carbon.identity.application.mgt.inbound.dto.InboundProtocolsDTO;
+import org.wso2.carbon.identity.application.mgt.inbound.protocol.ApplicationInboundAuthConfigHandler;
+import org.wso2.carbon.identity.base.IdentityException;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.sso.saml.dto.SAML2ProtocolConfigDTO;
+import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
+import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2ClientException;
+import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
+import org.wso2.carbon.identity.sso.saml.internal.IdentitySAMLSSOServiceComponentHolder;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Optional;
+
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2;
+import static org.wso2.carbon.identity.application.mgt.inbound.InboundFunctions.getInboundAuthKey;
+
+/**
+ * SAML2 inbound authentication configuration handler.
+ */
+public class SAML2InboundAuthConfigHandler implements ApplicationInboundAuthConfigHandler {
+
+ private static final String ATTRIBUTE_CONSUMING_SERVICE_INDEX = "attrConsumServiceIndex";
+
+ /**
+ * Checks whether this handler can handle the inbound authentication request.
+ *
+ * @param inboundProtocolsDTO Inbound protocols DTO.
+ * @return True if InboundProtocolDTO contains SAML inbound auth configs.
+ */
+ @Override
+ public boolean canHandle(InboundProtocolsDTO inboundProtocolsDTO) {
+
+ return inboundProtocolsDTO.getInboundProtocolConfigurationMap().containsKey(SAML2);
+ }
+
+ /**
+ * Checks whether this handler can handle the inbound authentication request.
+ *
+ * @param protocolName Name of the protocol.
+ * @return True if the protocolName is "samlsso".
+ */
+ @Override
+ public boolean canHandle(String protocolName) {
+
+ return StringUtils.containsIgnoreCase(ApplicationConstants.StandardInboundProtocols.SAML2, protocolName);
+ }
+
+ /**
+ * Creates the inbound authentication request config from InboundProtocolConfigurationDTO.
+ *
+ * @param serviceProvider Service provider.
+ * @param inboundProtocolsDTO Inbound protocols DTO.
+ * @return InboundAuthenticationRequestConfig.
+ * @throws IdentityApplicationManagementException If an error occurs while creating the config.
+ */
+ @Override
+ public InboundAuthenticationRequestConfig handleConfigCreation(ServiceProvider serviceProvider,
+ InboundProtocolsDTO inboundProtocolsDTO)
+ throws IdentityApplicationManagementException {
+
+ SAML2ProtocolConfigDTO saml2ProtocolConfigDTO = getSAML2ProtocolConfigDTO(inboundProtocolsDTO);
+ try {
+ return createSAMLInbound(serviceProvider, saml2ProtocolConfigDTO);
+ } catch (IdentitySAML2ClientException e) {
+ throw new IdentityApplicationManagementClientException(e.getMessage(), e);
+ } catch (IdentitySAML2SSOException e) {
+ throw new IdentityApplicationManagementException(e.getErrorCode(), e.getMessage(), e);
+ }
+ }
+
+ /**
+ * Updates the inbound authentication request config from InboundProtocolConfigurationDTO.
+ *
+ * @param serviceProvider Service provider.
+ * @param inboundProtocolConfigurationDTO Inbound protocol configuration DTO.
+ * @return InboundAuthenticationRequestConfig.
+ * @throws IdentityApplicationManagementException If an error occurs while updating the config.
+ */
+ @Override
+ public InboundAuthenticationRequestConfig handleConfigUpdate(
+ ServiceProvider serviceProvider, InboundProtocolConfigurationDTO inboundProtocolConfigurationDTO)
+ throws IdentityApplicationManagementException {
+
+ SAML2ProtocolConfigDTO saml2ProtocolConfigDTO = (SAML2ProtocolConfigDTO) inboundProtocolConfigurationDTO;
+ try {
+ return updateSAMLInbound(serviceProvider, saml2ProtocolConfigDTO);
+ } catch (IdentitySAML2ClientException e) {
+ throw new IdentityApplicationManagementClientException(e.getErrorCode(), e.getMessage(), e);
+ } catch (IdentitySAML2SSOException e) {
+ throw new IdentityApplicationManagementException(e.getErrorCode(), e.getMessage(), e);
+ }
+ }
+
+ /**
+ * Deletes the inbound authentication request config.
+ *
+ * @param issuer Issuer of the SAMl2 application.
+ * @throws IdentityApplicationManagementException If an error occurs while deleting the config.
+ */
+ @Override
+ public void handleConfigDeletion(String issuer) throws IdentityApplicationManagementException {
+
+ try {
+ IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService().removeServiceProvider(issuer,
+ false);
+ } catch (IdentityException e) {
+ throw new IdentityApplicationManagementException(e.getErrorCode(), e.getMessage(), e);
+ }
+ }
+
+ /**
+ * Retrieves the inbound authentication request config.
+ *
+ * @param issuer Issuer of the SAMl2 application.
+ * @return InboundProtocolConfigurationDTO.
+ * @throws IdentityApplicationManagementException If an error occurs while retrieving the config.
+ */
+ @Override
+ public InboundProtocolConfigurationDTO handleConfigRetrieval(String issuer)
+ throws IdentityApplicationManagementException {
+
+ try {
+ SAML2ProtocolConfigDTO saml2ProtocolConfigDTO = new SAML2ProtocolConfigDTO();
+ SAMLSSOServiceProviderDTO samlSSOServiceProviderDTO = IdentitySAMLSSOServiceComponentHolder.getInstance()
+ .getSamlSSOConfigService().getServiceProvider(issuer);
+ saml2ProtocolConfigDTO.setManualConfiguration(samlSSOServiceProviderDTO);
+ return saml2ProtocolConfigDTO;
+ } catch (IdentityException e) {
+ throw new IdentityApplicationManagementException(e.getErrorCode(), e.getMessage(), e);
+ }
+ }
+
+ private static SAML2ProtocolConfigDTO getSAML2ProtocolConfigDTO(InboundProtocolsDTO inboundProtocolsDTO) {
+
+ InboundProtocolConfigurationDTO inboundProtocolConfigurationDTO = inboundProtocolsDTO
+ .getInboundProtocolConfigurationMap().get(SAML2);
+ return (SAML2ProtocolConfigDTO) inboundProtocolConfigurationDTO;
+ }
+
+ private InboundAuthenticationRequestConfig createSAMLInbound(ServiceProvider serviceProvider,
+ SAML2ProtocolConfigDTO saml2Configuration)
+ throws IdentitySAML2SSOException {
+
+ SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = getSamlSsoServiceProviderDTO(saml2Configuration);
+
+ // Set certificate if available.
+ if (samlssoServiceProviderDTO.getCertificateContent() != null) {
+ serviceProvider.setCertificateContent(base64Encode(samlssoServiceProviderDTO.getCertificateContent()));
+ }
+
+ return createInboundAuthenticationRequestConfig(samlssoServiceProviderDTO);
+ }
+
+ private static SAMLSSOServiceProviderDTO getSamlSsoServiceProviderDTO(SAML2ProtocolConfigDTO saml2ProtocolConfigDTO)
+ throws IdentitySAML2SSOException {
+
+ SAMLSSOServiceProviderDTO samlManualConfiguration = saml2ProtocolConfigDTO.getManualConfiguration();
+
+ if (saml2ProtocolConfigDTO.getMetadataFile() != null) {
+ return createSAMLSpWithMetadataFile(saml2ProtocolConfigDTO.getMetadataFile());
+ } else if (saml2ProtocolConfigDTO.getMetadataURL() != null) {
+ return createSAMLSpWithMetadataUrl(saml2ProtocolConfigDTO.getMetadataURL());
+ } else if (samlManualConfiguration != null) {
+ return createSAMLSpWithManualConfiguration(samlManualConfiguration);
+ } else {
+ throw new IdentitySAML2ClientException("Invalid SAML2 Configuration. One of metadataFile, metaDataUrl or " +
+ "serviceProvider manual configuration needs to be present.");
+ }
+ }
+
+ private static SAMLSSOServiceProviderDTO createSAMLSpWithMetadataFile(String encodedMetaFileContent)
+ throws IdentitySAML2SSOException {
+
+ byte[] metaData = Base64.getDecoder().decode(encodedMetaFileContent.getBytes(StandardCharsets.UTF_8));
+ String base64DecodedMetadata = new String(metaData, StandardCharsets.UTF_8);
+
+ return IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService()
+ .uploadRPServiceProvider(base64DecodedMetadata, false);
+ }
+
+ private static SAMLSSOServiceProviderDTO createSAMLSpWithMetadataUrl(String metadataUrl)
+ throws IdentitySAML2SSOException {
+
+ return IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService()
+ .createServiceProviderWithMetadataURL(metadataUrl, false);
+ }
+
+ private static SAMLSSOServiceProviderDTO createSAMLSpWithManualConfiguration(
+ SAMLSSOServiceProviderDTO samlssoServiceProviderDTO) throws IdentitySAML2SSOException {
+
+ try {
+ return IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService()
+ .createServiceProvider(samlssoServiceProviderDTO, false);
+ } catch (IdentityException e) {
+ throw handleException("Error while creating SAML2 service provider.", e);
+ }
+ }
+
+ private static String base64Encode(String content) {
+
+ return new String(Base64.getEncoder().encode(content.getBytes(StandardCharsets.UTF_8)),
+ (StandardCharsets.UTF_8));
+ }
+
+ InboundAuthenticationRequestConfig updateSAMLInbound(ServiceProvider application,
+ SAML2ProtocolConfigDTO saml2ProtocolConfigDTO)
+ throws IdentitySAML2SSOException {
+
+ // First we identify whether this is a insert or update.
+ Optional optionalInboundAuthKey = getInboundAuthKey(application, SAML2);
+ InboundAuthenticationRequestConfig updatedInbound;
+ if (optionalInboundAuthKey.isPresent()) {
+ // This is an update.
+ SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = updateSamlSSoServiceProviderDTO(
+ saml2ProtocolConfigDTO, optionalInboundAuthKey.get());
+
+ // Set certificate if available.
+ if (samlssoServiceProviderDTO.getCertificateContent() != null) {
+ application.setCertificateContent(base64Encode(samlssoServiceProviderDTO.getCertificateContent()));
+ }
+ updatedInbound = createInboundAuthenticationRequestConfig(samlssoServiceProviderDTO);
+ } else {
+ updatedInbound = createSAMLInbound(application, saml2ProtocolConfigDTO);
+ }
+ return updatedInbound;
+ }
+
+ private static SAMLSSOServiceProviderDTO updateSamlSSoServiceProviderDTO(
+ SAML2ProtocolConfigDTO saml2ProtocolConfigDTO, String currentIssuer)
+ throws IdentitySAML2SSOException {
+
+ SAMLSSOServiceProviderDTO samlManualConfiguration = saml2ProtocolConfigDTO.getManualConfiguration();
+
+ if (saml2ProtocolConfigDTO.getMetadataFile() != null) {
+ return updateSAMLSpWithMetadataFile(saml2ProtocolConfigDTO.getMetadataFile(), currentIssuer);
+ } else if (saml2ProtocolConfigDTO.getMetadataURL() != null) {
+ return updateSAMLSpWithMetadataUrl(saml2ProtocolConfigDTO.getMetadataURL(), currentIssuer);
+ } else if (samlManualConfiguration != null) {
+ return updateSAMLSpWithManualConfiguration(samlManualConfiguration, currentIssuer);
+ } else {
+ throw new IdentitySAML2ClientException("Invalid SAML2 Configuration. One of metadataFile, metaDataUrl or " +
+ "serviceProvider manual configuration needs to be present.");
+ }
+ }
+
+ private static SAMLSSOServiceProviderDTO updateSAMLSpWithMetadataFile(String encodedMetaFileContent,
+ String currentIssuer)
+ throws IdentitySAML2SSOException {
+
+ byte[] metaData = Base64.getDecoder().decode(encodedMetaFileContent.getBytes(StandardCharsets.UTF_8));
+ String base64DecodedMetadata = new String(metaData, StandardCharsets.UTF_8);
+
+ return IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService()
+ .updateRPServiceProviderWithMetadata(base64DecodedMetadata, currentIssuer, false);
+ }
+
+ private static SAMLSSOServiceProviderDTO updateSAMLSpWithMetadataUrl(String metadataUrl, String currentIssuer)
+ throws IdentitySAML2SSOException {
+
+ return IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService()
+ .updateServiceProviderWithMetadataURL(metadataUrl, currentIssuer, false);
+ }
+
+ private static SAMLSSOServiceProviderDTO updateSAMLSpWithManualConfiguration(
+ SAMLSSOServiceProviderDTO samlssoServiceProviderDTO, String currentIssuer)
+ throws IdentitySAML2SSOException {
+ try {
+ return IdentitySAMLSSOServiceComponentHolder.getInstance().getSamlSSOConfigService().updateServiceProvider(
+ samlssoServiceProviderDTO, currentIssuer, false);
+ } catch (IdentityException e) {
+ // The above service always returns exception with error code, error message and cause.
+ throw handleException(e.getMessage(), e);
+ }
+ }
+
+ private static InboundAuthenticationRequestConfig createInboundAuthenticationRequestConfig(
+ SAMLSSOServiceProviderDTO samlssoServiceProviderDTO) throws IdentitySAML2SSOException {
+
+ InboundAuthenticationRequestConfig samlInbound = new InboundAuthenticationRequestConfig();
+ samlInbound.setInboundAuthType(FrameworkConstants.StandardInboundProtocols.SAML2);
+ samlInbound.setInboundAuthKey(samlssoServiceProviderDTO.getIssuer());
+ if (samlssoServiceProviderDTO.isEnableAttributeProfile()) {
+ Property[] properties = new Property[1];
+ Property property = new Property();
+ property.setName(ATTRIBUTE_CONSUMING_SERVICE_INDEX);
+ if (StringUtils.isNotBlank(samlssoServiceProviderDTO.getAttributeConsumingServiceIndex())) {
+ property.setValue(samlssoServiceProviderDTO.getAttributeConsumingServiceIndex());
+ } else {
+ try {
+ property.setValue(Integer.toString(IdentityUtil.getRandomInteger()));
+ } catch (IdentityException e) {
+ throw handleException(e.getMessage(), e);
+ }
+ }
+ properties[0] = property;
+ samlInbound.setProperties(properties);
+ }
+ samlInbound.setData(samlssoServiceProviderDTO.getAuditLogData());
+ return samlInbound;
+ }
+
+ private static IdentitySAML2SSOException handleException(String message, IdentityException ex) {
+
+ if (ex instanceof IdentitySAML2ClientException) {
+ return (IdentitySAML2ClientException) ex;
+ } else if (ex instanceof IdentitySAML2SSOException) {
+ return (IdentitySAML2SSOException) ex;
+ }
+ else {
+ return new IdentitySAML2SSOException(ex.getErrorCode(), message, ex);
+ }
+ }
+}
diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConfigServiceImpl.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConfigServiceImpl.java
index 3e81e9cae..6c9e8ff58 100644
--- a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConfigServiceImpl.java
+++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConfigServiceImpl.java
@@ -116,9 +116,14 @@ public boolean updateRPServiceProvider(SAMLSSOServiceProviderDTO serviceProvider
* @throws IdentityException
*/
public SAMLSSOServiceProviderDTO createServiceProvider(SAMLSSOServiceProviderDTO spDto) throws IdentityException {
-
+
+ return createServiceProvider(spDto, true);
+ }
+
+ SAMLSSOServiceProviderDTO createServiceProvider(SAMLSSOServiceProviderDTO spDto, boolean enableAuditing) throws IdentityException {
+
validateSAMLSSOServiceProviderDTO(spDto);
- SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
+ SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry(), enableAuditing);
try {
return configAdmin.addSAMLServiceProvider(spDto);
} catch (IdentityException ex) {
@@ -137,8 +142,15 @@ public SAMLSSOServiceProviderDTO createServiceProvider(SAMLSSOServiceProviderDTO
public SAMLSSOServiceProviderDTO updateServiceProvider(SAMLSSOServiceProviderDTO serviceProviderDTO, String currentIssuer)
throws IdentityException {
+ return updateServiceProvider(serviceProviderDTO, currentIssuer, true);
+ }
+
+ SAMLSSOServiceProviderDTO updateServiceProvider(SAMLSSOServiceProviderDTO serviceProviderDTO, String currentIssuer,
+ boolean enableAuditing)
+ throws IdentityException {
+
validateSAMLSSOServiceProviderDTO(serviceProviderDTO);
- SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
+ SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry(), enableAuditing);
try {
return configAdmin.updateSAMLServiceProvider(serviceProviderDTO, currentIssuer);
} catch (IdentityException ex) {
@@ -179,8 +191,14 @@ private void validateSAMLSSOServiceProviderDTO(SAMLSSOServiceProviderDTO service
public SAMLSSOServiceProviderDTO uploadRPServiceProvider(String metadata) throws IdentitySAML2SSOException {
+ return uploadRPServiceProvider(metadata, true);
+ }
+
+ SAMLSSOServiceProviderDTO uploadRPServiceProvider(String metadata, boolean enableAuditing)
+ throws IdentitySAML2SSOException {
+
try {
- SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
+ SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry(), enableAuditing);
if (log.isDebugEnabled()) {
log.debug("Creating SAML Service Provider with metadata: " + metadata);
}
@@ -202,8 +220,15 @@ public SAMLSSOServiceProviderDTO uploadRPServiceProvider(String metadata) throws
public SAMLSSOServiceProviderDTO updateRPServiceProviderWithMetadata(String metadata, String currentIssuer)
throws IdentitySAML2SSOException {
+ return updateRPServiceProviderWithMetadata(metadata, currentIssuer, true);
+ }
+
+ SAMLSSOServiceProviderDTO updateRPServiceProviderWithMetadata(String metadata, String currentIssuer,
+ boolean enableAuditing)
+ throws IdentitySAML2SSOException {
+
try {
- SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
+ SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry(), enableAuditing);
if (log.isDebugEnabled()) {
log.debug("Updating SAML Service Provider with metadata: " + metadata);
}
@@ -222,7 +247,13 @@ public SAMLSSOServiceProviderDTO updateRPServiceProviderWithMetadata(String meta
*/
public SAMLSSOServiceProviderDTO createServiceProviderWithMetadataURL(String metadataUrl)
throws IdentitySAML2SSOException {
-
+
+ return createServiceProviderWithMetadataURL(metadataUrl, true);
+ }
+
+ SAMLSSOServiceProviderDTO createServiceProviderWithMetadataURL(String metadataUrl, boolean enableAuditing)
+ throws IdentitySAML2SSOException {
+
try {
URL url = new URL(metadataUrl);
URLConnection con = url.openConnection();
@@ -230,7 +261,7 @@ public SAMLSSOServiceProviderDTO createServiceProviderWithMetadataURL(String met
con.setReadTimeout(getReadTimeoutInMillis());
try (InputStream inputStream = new BoundedInputStream(con.getInputStream(), getMaxSizeInBytes())) {
String metadata = IOUtils.toString(inputStream);
- return uploadRPServiceProvider(metadata);
+ return uploadRPServiceProvider(metadata, enableAuditing);
}
} catch (IOException e) {
throw handleIOException(URL_NOT_FOUND, "Non-existing metadata URL for SAML service provider creation in tenantDomain: "
@@ -249,6 +280,13 @@ public SAMLSSOServiceProviderDTO createServiceProviderWithMetadataURL(String met
public SAMLSSOServiceProviderDTO updateServiceProviderWithMetadataURL(String metadataUrl, String currentIssuer)
throws IdentitySAML2SSOException {
+ return updateServiceProviderWithMetadataURL(metadataUrl, currentIssuer, true);
+ }
+
+ SAMLSSOServiceProviderDTO updateServiceProviderWithMetadataURL(String metadataUrl, String currentIssuer,
+ boolean enableAuditing)
+ throws IdentitySAML2SSOException {
+
try {
URL url = new URL(metadataUrl);
URLConnection connection = url.openConnection();
@@ -256,12 +294,12 @@ public SAMLSSOServiceProviderDTO updateServiceProviderWithMetadataURL(String met
connection.setReadTimeout(getReadTimeoutInMillis());
try (InputStream inputStream = new BoundedInputStream(connection.getInputStream(), getMaxSizeInBytes())) {
String metadata = IOUtils.toString(inputStream);
- return updateRPServiceProviderWithMetadata(metadata, currentIssuer);
+ return updateRPServiceProviderWithMetadata(metadata, currentIssuer, enableAuditing);
}
} catch (IOException e) {
throw handleIOException(URL_NOT_FOUND,
"Non-existing metadata URL for SAML service provider creation in tenantDomain: "
- + getTenantDomain(), e);
+ + getTenantDomain(), e);
}
}
@@ -459,8 +497,13 @@ public String getKeyEncryptionAlgorithmURIByConfig() {
*/
public boolean removeServiceProvider(String issuer) throws IdentityException {
+ return removeServiceProvider(issuer, true);
+ }
+
+ boolean removeServiceProvider(String issuer, boolean enableAuditing) throws IdentityException {
+
try {
- SAMLSSOConfigAdmin ssoConfigAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
+ SAMLSSOConfigAdmin ssoConfigAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry(), enableAuditing);
return ssoConfigAdmin.removeServiceProvider(issuer);
} catch (IdentityException ex) {
String msg = "Error removing SAML SP with issuer: " + issuer + " in tenantDomain: " + getTenantDomain();
@@ -557,9 +600,12 @@ private Registry getGovernanceRegistry() {
private IdentitySAML2SSOException handleException(String message, IdentityException ex) {
setErrorCodeIfNotDefined(ex);
- if (ex instanceof IdentitySAML2SSOException) {
+ if (ex instanceof IdentitySAML2ClientException) {
+ return (IdentitySAML2ClientException) ex;
+ } else if (ex instanceof IdentitySAML2SSOException) {
return (IdentitySAML2SSOException) ex;
- } else {
+ }
+ else {
return new IdentitySAML2SSOException(ex.getErrorCode(), message, ex);
}
}
diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
index f766bac5e..1ab36d2fc 100644
--- a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
+++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
@@ -209,6 +209,7 @@ public static class LogConstants {
public static final String CREATE_SAML_APPLICATION = "CREATE SAML APPLICATION";
public static final String DELETE_SAML_APPLICATION = "DELETE SAML APPLICATION";
+ public static final String UPDATE_SAML_APPLICATION = "UPDATE SAML APPLICATION";
public static final String SAML_INBOUND_SERVICE = "saml-inbound-service";
/**
diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
index 0c98ed85f..d6d3f9655 100644
--- a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
+++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
@@ -18,8 +18,6 @@
package org.wso2.carbon.identity.sso.saml.admin;
-import com.google.gson.Gson;
-import com.google.gson.reflect.TypeToken;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -28,7 +26,6 @@
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
-import org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
@@ -52,12 +49,12 @@
import java.security.KeyStore;
import java.security.cert.CertificateException;
-import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.USER;
import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.LogConstants.TARGET_APPLICATION;
+import static org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.isEnableV2AuditLogs;
import static org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils.triggerAuditLogEvent;
import static org.wso2.carbon.identity.sso.saml.Error.CONFLICTING_SAML_ISSUER;
import static org.wso2.carbon.identity.sso.saml.Error.INVALID_REQUEST;
@@ -73,11 +70,18 @@ public class SAMLSSOConfigAdmin {
private static final Log log = LogFactory.getLog(SAMLSSOConfigAdmin.class);
private UserRegistry registry;
private final int tenantId;
+ private boolean enableAuditing = true;
public SAMLSSOConfigAdmin(Registry userRegistry) {
registry = (UserRegistry) userRegistry;
tenantId = ((UserRegistry) userRegistry).getTenantId();
}
+
+ public SAMLSSOConfigAdmin(Registry userRegistry, boolean enableAuditing) {
+
+ this(userRegistry);
+ this.enableAuditing = enableAuditing;
+ }
/**
* Add a new service provider
@@ -102,14 +106,14 @@ public boolean addRelyingPartyServiceProvider(SAMLSSOServiceProviderDTO serviceP
}
boolean isSuccess = IdentitySAMLSSOServiceComponentHolder.getInstance().getSAMLSSOServiceProviderManager()
.addServiceProvider(serviceProviderDO, tenantId);
- if (isSuccess && ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) {
+ if (isSuccess && isEnableV2AuditLogs() && enableAuditing) {
Optional initiatorId = getInitiatorId();
if (initiatorId.isPresent()) {
AuditLog.AuditLogBuilder auditLogBuilder = new AuditLog.AuditLogBuilder(
initiatorId.get(), USER,
issuer, TARGET_APPLICATION,
SAMLSSOConstants.LogConstants.CREATE_SAML_APPLICATION)
- .data(buildSPData(serviceProviderDO));
+ .data(SAMLSSOUtil.buildSPData(serviceProviderDO));
triggerAuditLogEvent(auditLogBuilder, true);
} else {
log.error("Error getting the logged in userId");
@@ -169,14 +173,16 @@ public SAMLSSOServiceProviderDTO addSAMLServiceProvider(SAMLSSOServiceProviderDT
throw buildClientException(CONFLICTING_SAML_ISSUER, message);
}
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = persistSAMLServiceProvider(serviceProviderDO);
- if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) {
+ Map spDataMap = SAMLSSOUtil.buildSPData(serviceProviderDO);
+ samlssoServiceProviderDTO.setAuditLogData(spDataMap);
+ if (isEnableV2AuditLogs() && enableAuditing) {
Optional initiatorId = getInitiatorId();
if (initiatorId.isPresent()) {
AuditLog.AuditLogBuilder auditLogBuilder = new AuditLog.AuditLogBuilder(
initiatorId.get(), USER,
issuer, TARGET_APPLICATION,
SAMLSSOConstants.LogConstants.CREATE_SAML_APPLICATION)
- .data(buildSPData(serviceProviderDO));
+ .data(spDataMap);
triggerAuditLogEvent(auditLogBuilder, true);
} else {
log.error("Error getting the logged in userId");
@@ -191,18 +197,6 @@ public SAMLSSOServiceProviderDTO addSAMLServiceProvider(SAMLSSOServiceProviderDT
}
}
- private static Map buildSPData(SAMLSSOServiceProviderDO app) {
-
- if (app == null) {
- return new HashMap<>();
- }
-
- Gson gson = new Gson();
- String json = gson.toJson(app);
- return gson.fromJson(json, new TypeToken
+
+ com.google.code.gson
+ gson
+ ${com.google.code.gson.version}
+
@@ -473,9 +478,11 @@
4.4.14.wso2v1
4.5.13.wso2v1
1.2.0.wso2v1
- 1.6.1.wso2v12
+ 1.6.1-wso2v40
2.9.4.wso2v1
2.13.2
+ 2.9.0
+ [2.3.1,3.0.0)
3.2.0
2.3.1