Skip to content

Commit

Permalink
Merge pull request #254 from sadilchamishka/set-correct-user-name-for…
Browse files Browse the repository at this point in the history 
…-org-sso-users

Improve the post authentication handler to set the correct username in the carbon context for organization SSO users
  • Loading branch information
@sadilchamishka
sadilchamishka authored Nov 15, 2023
2 parents 7401281 + d8ff9bb commit ac48afb
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 7 deletions.
3 changes: 3 additions & 0 deletions components/org.wso2.carbon.identity.auth.service/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,9 @@
org.osgi.util.tracker; version="${osgi.util.tracker.imp.pkg.version.range}",
org.wso2.carbon.core.*; version="${carbon.kernel.imp.pkg.version.range}",
org.wso2.carbon.user.core.util; version="${carbon.kernel.imp.pkg.version.range}",
org.wso2.carbon.user.core.common; version="${carbon.kernel.imp.pkg.version.range}",
org.wso2.carbon.user.core.service; version="${carbon.kernel.imp.pkg.version.range}",
org.wso2.carbon.user.api; version="${carbon.user.api.imp.pkg.version.range}",
org.wso2.carbon.utils.*; version="${carbon.kernel.imp.pkg.version.range}",
org.wso2.carbon.identity.application.common.model.*;
version="${carbon.identity.package.import.version.range}"
Expand Down
50 changes: 43 additions & 7 deletions ...ce/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,15 @@
import org.wso2.carbon.identity.auth.service.exception.AuthClientException;
import org.wso2.carbon.identity.auth.service.exception.AuthServerException;
import org.wso2.carbon.identity.auth.service.exception.AuthenticationFailException;
import org.wso2.carbon.identity.auth.service.internal.AuthenticationServiceHolder;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

Expand Down Expand Up @@ -112,14 +118,11 @@ protected void postAuthenticate(MessageContext messageContext, AuthenticationRes
}

if (user.getTenantDomain() != null && (user.getTenantDomain()
.equalsIgnoreCase(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()) ||
StringUtils.isNotEmpty(authorizedOrganization))) {
.equalsIgnoreCase(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()))) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(IdentityUtil.addDomainToName
(user.getUserName(), user.getUserStoreDomain()));
// Set the user's resident organization if user is accessing an organization
PrivilegedCarbonContext.getThreadLocalCarbonContext()
.setUserResidentOrganizationId(userResidentOrganization);
}

// Set the user id to the Carbon context if the user authentication is succeeded.
try {
AuthenticatedUser authenticatedUser;
Expand All @@ -130,16 +133,49 @@ protected void postAuthenticate(MessageContext messageContext, AuthenticationRes
String userName = MultitenantUtils.getTenantAwareUsername(authenticatedUser.getUserName());
userName = UserCoreUtil.removeDomainFromName(userName);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserId(userName);
return;
} else {
PrivilegedCarbonContext.getThreadLocalCarbonContext()
.setUserId(authenticatedUser.getUserId());
}
} else {
authenticatedUser = new AuthenticatedUser(user);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserId(authenticatedUser.getUserId());
}
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserId(authenticatedUser.getUserId());
} catch (UserIdNotFoundException e) {
LOG.error("User id not found for user: " + user.getLoggableMaskedUserId());
}

if (StringUtils.isNotEmpty(authorizedOrganization)) {
// Set the user's resident organization if user is accessing an organization
PrivilegedCarbonContext.getThreadLocalCarbonContext()
.setUserResidentOrganizationId(userResidentOrganization);
if (((AuthenticatedUser) user).isFederatedUser()) {
updateUserNameInContextForOrganizationSsoUsers(userResidentOrganization);
}
}
}
}
}

private void updateUserNameInContextForOrganizationSsoUsers(String userResidentOrganization) {

try {
String tenantDomain = AuthenticationServiceHolder.getInstance().getOrganizationManager()
.resolveTenantDomain(userResidentOrganization);
int tenantId = AuthenticationServiceHolder.getInstance().getRealmService().getTenantManager()
.getTenantId(tenantDomain);
RealmService realmService = AuthenticationServiceHolder.getInstance().getRealmService();
UserRealm tenantUserRealm = realmService.getTenantUserRealm(tenantId);
if (tenantUserRealm != null) {
String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
org.wso2.carbon.user.core.common.User user =
((AbstractUserStoreManager) tenantUserRealm.getUserStoreManager()).getUser(userId, null);
if (user != null && StringUtils.isNotEmpty(user.getUsername())) {
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(user.getUsername());
}
}
} catch (OrganizationManagementException | UserStoreException e) {
LOG.error("Authenticated user's username could not be resolved.", e);
}
}
}

0 comments on commit ac48afb

Please sign in to comment.