diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java index 40ad2fb904b5..7805ecfd177f 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/FederatedAuthenticatorConfig.java @@ -22,6 +22,7 @@ import org.apache.axiom.om.OMElement; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants.DefinedByType; import java.io.Serializable; import java.util.ArrayList; @@ -63,6 +64,9 @@ public class FederatedAuthenticatorConfig implements Serializable { @XmlElement(name = "Tags") protected String[] tags; + @XmlElement(name = "DefinedBy") + protected DefinedByType definedByType; + public static FederatedAuthenticatorConfig build(OMElement federatedAuthenticatorConfigOM) { if (federatedAuthenticatorConfigOM == null) { @@ -101,9 +105,15 @@ public static FederatedAuthenticatorConfig build(OMElement federatedAuthenticato Property[] propertiesArr = propertiesArrList.toArray(new Property[propertiesArrList.size()]); federatedAuthenticatorConfig.setProperties(propertiesArr); } + } else if ("DefinedBy".equals(elementName)) { + federatedAuthenticatorConfig.setDefinedByType(DefinedByType.valueOf(element.getText())); } } + if (federatedAuthenticatorConfig.getDefinedByType() == null) { + federatedAuthenticatorConfig.setDefinedByType(DefinedByType.SYSTEM); + } + return federatedAuthenticatorConfig; } @@ -230,4 +240,24 @@ public void setTags(String[] tagList) { tags = tagList; } + + /** + * Get the defined by type of the federated authenticator config. + * + * @return DefinedByType + */ + public DefinedByType getDefinedByType() { + + return definedByType; + } + + /** + * Set the defined by type of the federated authenticator config. + * + * @param type The defined by type of the federated authenticator config. + */ + public void setDefinedByType(DefinedByType type) { + + definedByType = type; + } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java index cfe369a544e3..89e09a467774 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/LocalAuthenticatorConfig.java @@ -22,6 +22,7 @@ import org.apache.axiom.om.OMElement; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants.DefinedByType; import org.wso2.carbon.identity.base.IdentityConstants; import java.io.Serializable; @@ -63,6 +64,9 @@ public class LocalAuthenticatorConfig implements Serializable { @XmlElement(name = "Tags") protected String[] tags; + @XmlElement(name = "DefinedBy") + protected DefinedByType definedByType; + /* * * @@ -111,8 +115,15 @@ public static LocalAuthenticatorConfig build(OMElement localAuthenticatorConfigO Property[] propertiesArr = propertiesArrList.toArray(new Property[0]); localAuthenticatorConfig.setProperties(propertiesArr); } + } else if ("DefinedBy".equals(member.getLocalName())) { + localAuthenticatorConfig.setDefinedByType(DefinedByType.valueOf(member.getText())); } } + + if (localAuthenticatorConfig.getDefinedByType() == null) { + localAuthenticatorConfig.setDefinedByType(DefinedByType.SYSTEM); + } + return localAuthenticatorConfig; } @@ -224,4 +235,24 @@ public void setTags(String[] tagList) { tags = tagList; } + + /** + * Get the defined by type of the Local authenticator config. + * + * @return DefinedByType + */ + public DefinedByType getDefinedByType() { + + return definedByType; + } + + /** + * Set the defined by type of the Local authenticator config. + * + * @param type The defined by type of the local authenticator config. + */ + public void setDefinedByType(DefinedByType type) { + + definedByType = type; + } } diff --git a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java index 0da3dc5a37a1..6e56cf90bade 100644 --- a/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java +++ b/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/model/RequestPathAuthenticatorConfig.java @@ -20,6 +20,7 @@ import org.apache.axiom.om.OMElement; import org.apache.commons.collections.CollectionUtils; +import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants; import java.util.ArrayList; import java.util.Iterator; @@ -74,6 +75,10 @@ public static RequestPathAuthenticatorConfig build(OMElement requestPathAuthenti } } } + + // Since custom request path authenticators are not allowed, the definedBy type will always be set to SYSTEM. + requestPathAuthenticatorConfig.setDefinedByType(AuthenticatorPropertyConstants.DefinedByType.SYSTEM); + return requestPathAuthenticatorConfig; } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java index 6c974a31d83b..fe89fd929b3d 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/ApplicationAuthenticator.java @@ -24,6 +24,7 @@ import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData; import org.wso2.carbon.identity.application.common.model.Property; +import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants.DefinedByType; import java.io.Serializable; import java.util.List; @@ -171,4 +172,13 @@ default String getI18nKey() { return StringUtils.EMPTY; } + /** + * Get the authenticator type. Default value will be SYSTEM. + * + * @return Authenticator Type. + */ + default DefinedByType getDefinedByType() { + + return DefinedByType.SYSTEM; + } } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java index c781132f5f08..42ecadb98176 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java @@ -99,6 +99,7 @@ import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; +import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants.DefinedByType; import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService; import org.wso2.carbon.identity.configuration.mgt.core.ConfigurationManager; import org.wso2.carbon.identity.core.handler.HandlerComparator; @@ -508,6 +509,7 @@ protected void setAuthenticator(ApplicationAuthenticator authenticator) { localAuthenticatorConfig.setTags(getTags(authenticator)); AuthenticatorConfig fileBasedConfig = getAuthenticatorConfig(authenticator.getName()); localAuthenticatorConfig.setEnabled(fileBasedConfig.isEnabled()); + localAuthenticatorConfig.setDefinedByType(DefinedByType.SYSTEM); ApplicationAuthenticatorService.getInstance().addLocalAuthenticator(localAuthenticatorConfig); } else if (authenticator instanceof FederatedApplicationAuthenticator) { FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig(); @@ -515,6 +517,7 @@ protected void setAuthenticator(ApplicationAuthenticator authenticator) { federatedAuthenticatorConfig.setProperties(configProperties); federatedAuthenticatorConfig.setDisplayName(authenticator.getFriendlyName()); federatedAuthenticatorConfig.setTags(getTags(authenticator)); + federatedAuthenticatorConfig.setDefinedByType(DefinedByType.SYSTEM); ApplicationAuthenticatorService.getInstance().addFederatedAuthenticator(federatedAuthenticatorConfig); } else if (authenticator instanceof RequestPathApplicationAuthenticator) { RequestPathAuthenticatorConfig reqPathAuthenticatorConfig = new RequestPathAuthenticatorConfig(); @@ -524,6 +527,7 @@ protected void setAuthenticator(ApplicationAuthenticator authenticator) { reqPathAuthenticatorConfig.setTags(getTags(authenticator)); AuthenticatorConfig fileBasedConfig = getAuthenticatorConfig(authenticator.getName()); reqPathAuthenticatorConfig.setEnabled(fileBasedConfig.isEnabled()); + reqPathAuthenticatorConfig.setDefinedByType(DefinedByType.SYSTEM); ApplicationAuthenticatorService.getInstance().addRequestPathAuthenticator(reqPathAuthenticatorConfig); } diff --git a/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/AuthenticatorPropertyConstants.java b/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/AuthenticatorPropertyConstants.java new file mode 100644 index 000000000000..e7852cea8b4b --- /dev/null +++ b/components/identity-core/org.wso2.carbon.identity.base/src/main/java/org/wso2/carbon/identity/base/AuthenticatorPropertyConstants.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.base; + +public class AuthenticatorPropertyConstants { + + /** + * The Defined by Types - SYSTEM: system define authenticator, USER: user defined authentication extension. + */ + public enum DefinedByType { + + SYSTEM, + USER + } +} diff --git a/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java b/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java index c383da9a34ff..28d969c61d75 100644 --- a/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java +++ b/components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java @@ -18,15 +18,12 @@ package org.wso2.carbon.idp.mgt; -import org.apache.axiom.om.util.Base64; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.NotImplementedException; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.core.util.KeyStoreManager; import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService; import org.wso2.carbon.identity.application.common.ProvisioningConnectorService; import org.wso2.carbon.identity.application.common.model.ClaimConfig; @@ -43,10 +40,9 @@ import org.wso2.carbon.identity.application.common.model.SubProperty; import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants; import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil; +import org.wso2.carbon.identity.base.AuthenticatorPropertyConstants.DefinedByType; import org.wso2.carbon.identity.base.IdentityConstants; import org.wso2.carbon.identity.base.IdentityException; -import org.wso2.carbon.identity.core.ServiceURLBuilder; -import org.wso2.carbon.identity.core.URLBuilderException; import org.wso2.carbon.identity.core.model.ExpressionNode; import org.wso2.carbon.identity.core.model.FilterTreeBuilder; import org.wso2.carbon.identity.core.model.Node; @@ -70,15 +66,8 @@ import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.core.UserCoreConstants; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; -import org.wso2.carbon.utils.security.KeystoreUtils; import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.URI; -import java.net.URISyntaxException; -import java.security.KeyStore; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; import java.sql.Connection; import java.util.ArrayList; import java.util.Arrays; @@ -89,7 +78,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import java.util.stream.Collectors; import java.util.stream.Stream; import javax.xml.stream.XMLStreamException; @@ -171,6 +159,7 @@ public void addResidentIdP(IdentityProvider identityProvider, String tenantDomai if (saml2SSOResidentAuthenticatorConfig == null) { saml2SSOResidentAuthenticatorConfig = new FederatedAuthenticatorConfig(); saml2SSOResidentAuthenticatorConfig.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.NAME); + saml2SSOResidentAuthenticatorConfig.setDefinedByType(DefinedByType.SYSTEM); } if (saml2SSOResidentAuthenticatorConfig.getProperties() == null) { saml2SSOResidentAuthenticatorConfig.setProperties(new Property[0]); @@ -255,6 +244,7 @@ public void addResidentIdP(IdentityProvider identityProvider, String tenantDomai FederatedAuthenticatorConfig oidcAuthenticationConfig = new FederatedAuthenticatorConfig(); oidcAuthenticationConfig.setProperties(new Property[]{oidcProperty}); oidcAuthenticationConfig.setName(IdentityApplicationConstants.Authenticator.OIDC.NAME); + oidcAuthenticationConfig.setDefinedByType(DefinedByType.SYSTEM); Property passiveStsProperty = new Property(); passiveStsProperty.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_ENTITY_ID); @@ -263,6 +253,7 @@ public void addResidentIdP(IdentityProvider identityProvider, String tenantDomai FederatedAuthenticatorConfig passiveStsAuthenticationConfig = new FederatedAuthenticatorConfig(); passiveStsAuthenticationConfig.setProperties(new Property[]{passiveStsProperty}); passiveStsAuthenticationConfig.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.NAME); + passiveStsAuthenticationConfig.setDefinedByType(DefinedByType.SYSTEM); FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = {saml2SSOResidentAuthenticatorConfig, passiveStsAuthenticationConfig, oidcAuthenticationConfig};