Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add validation for endpoint authentication properties in authenticator create flows #828

Merged
merged 7 commits into from
Feb 4, 2025
+61 −13
Merged

Add validation for endpoint authentication properties in authenticator create flows #828

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e7efd84
Add validation for endpoint authentication properties in authenticato…
ashanthamara Feb 4, 2025
ea246e4
Replace Authentication.Type.valueOf with Authentication.Type.valueOfName
ashanthamara Feb 4, 2025
f223c6c
Update framework version
ashanthamara Feb 4, 2025
8589ba2
Refactor federatedAuthenticatorConfig validation
ashanthamara Feb 4, 2025
84cb71b
Refactor error messages
ashanthamara Feb 4, 2025
7e784cd
Rename validation method names
ashanthamara Feb 4, 2025
95fe86c
Revert file change
ashanthamara Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .../java/org/wso2/carbon/identity/api/server/action/management/v1/util/ActionMapperUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public static Action buildActionRequest(Action.ActionTypes actionType, ActionMod
throws ActionMgtException {

Authentication authentication = ActionMapperUtil.buildAuthentication(
Authentication.Type.valueOf(actionModel.getEndpoint().getAuthentication().getType().toString()),
Authentication.Type.valueOfName(actionModel.getEndpoint().getAuthentication().getType().toString()),
actionModel.getEndpoint().getAuthentication().getProperties());

ActionRule actionRule = null;
Expand Down Expand Up @@ -97,7 +97,7 @@ public static Action buildUpdatingActionRequest(Action.ActionTypes actionType, A

Authentication authentication = null;
if (actionUpdateModel.getEndpoint().getAuthentication() != null) {
authentication = buildAuthentication(Authentication.Type.valueOf(actionUpdateModel.getEndpoint()
authentication = buildAuthentication(Authentication.Type.valueOfName(actionUpdateModel.getEndpoint()
.getAuthentication().getType().toString()),
actionUpdateModel.getEndpoint().getAuthentication().getProperties());
}
Expand Down
13 changes: 13 additions & 0 deletions ...on/identity/api/server/authenticators/v1/impl/LocalAuthenticatorConfigBuilderFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ public static Authenticator build(UserDefinedLocalAuthenticatorConfig config) {
public static UserDefinedLocalAuthenticatorConfig build(UserDefinedLocalAuthenticatorCreation config)
throws AuthenticatorMgtClientException {

validateUserDefinedLocalAuthenticatorConfig(config);
String authenticationType = AuthenticatorPropertyConstants.AuthenticationType.IDENTIFICATION.toString();
if (config.getAuthenticationType() != null) {
authenticationType = config.getAuthenticationType().toString();
Expand Down Expand Up @@ -147,4 +148,16 @@ private static AuthenticatorPropertyConstants.AuthenticationType resolveAuthenti
return AuthenticatorPropertyConstants.AuthenticationType.IDENTIFICATION;
}
}

private static void validateUserDefinedLocalAuthenticatorConfig(UserDefinedLocalAuthenticatorCreation config)
throws AuthenticatorMgtClientException {

if (config.getEndpoint().getAuthentication().getProperties() == null ||
malithie marked this conversation as resolved.
Show resolved Hide resolved
config.getEndpoint().getAuthentication().getProperties().isEmpty()) {
AuthenticatorMgtError error = AuthenticatorMgtError.ERROR_CODE_INVALID_ENDPOINT_CONFIG;
throw new AuthenticatorMgtClientException(error.getCode(), error.getMessage(),
"Endpoint authentication properties must be provided for user defined local authenticator: "
+ config.getName());
}
}
}
2 changes: 1 addition & 1 deletion ...main/java/org/wso2/carbon/identity/api/server/idp/v1/core/ServerIdpManagementService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2765,7 +2765,7 @@ private DefinedByType resolveDefinedByTypeToUpdateFederatedAuthenticator(String
If the authenticator config is present in the ApplicationAuthenticatorService list, return its type,
if not return USER. */
FederatedAuthenticatorConfig authenticatorConfig = ApplicationAuthenticatorService.getInstance()
.getFederatedAuthenticatorByName(authenticatorName);
.getFederatedAuthenticatorByName(authenticatorName, "test");
ashanthamara marked this conversation as resolved.
Show resolved Hide resolved
if (authenticatorConfig != null) {
return DefinedByType.valueOf(authenticatorConfig.getDefinedByType().toString());
}
Expand Down
55 changes: 45 additions & 10 deletions ...o2/carbon/identity/api/server/idp/v1/impl/FederatedAuthenticatorConfigBuilderFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ public static FederatedAuthenticatorConfig build(FederatedAuthenticatorPUTReques
new FederatedAuthenticatorConfigBuilderFactory.Config(authenticatorName,
getDisplayNameOfAuthenticator(authenticatorName),
authenticator.getEndpoint(), properties, authenticator.getIsEnabled(), definedByType);

validateFederatedAuthenticatorConfigForUpdateRequest(config);
return FederatedAuthenticatorConfigBuilderFactory.createFederatedAuthenticatorConfig(config);
}

Expand All @@ -105,6 +107,7 @@ public static FederatedAuthenticatorConfig build(FederatedAuthenticator authenti
getDisplayNameOfAuthenticator(authenticatorName),
authenticator.getEndpoint(), properties, authenticator.getIsEnabled(), definedByType);

validateFederatedAuthenticatorConfigForCreateRequest(config);
return FederatedAuthenticatorConfigBuilderFactory.createFederatedAuthenticatorConfig(config);
}

Expand Down Expand Up @@ -191,10 +194,8 @@ private static FederatedAuthenticatorConfig createFederatedAuthenticatorConfig(C
return federatedAuthenticatorConfig;
}

private static FederatedAuthenticatorConfig createSystemDefinedFederatedAuthenticator(
Config config) throws IdentityProviderManagementClientException {
private static FederatedAuthenticatorConfig createSystemDefinedFederatedAuthenticator(Config config) {

validateSystemDefinedFederatedAuthenticatorModel(config);
FederatedAuthenticatorConfig authConfig = new FederatedAuthenticatorConfig();
authConfig.setDefinedByType(DefinedByType.SYSTEM);
authConfig.setProperties(config.properties.toArray(new Property[0]));
Expand All @@ -215,17 +216,17 @@ private static void validateSystemDefinedFederatedAuthenticatorModel(Config conf
private static UserDefinedFederatedAuthenticatorConfig createUserDefinedFederatedAuthenticator(Config config)
throws IdentityProviderManagementClientException {

validateUserDefinedFederatedAuthenticatorModel(config);

try {
UserDefinedFederatedAuthenticatorConfig authConfig = new UserDefinedFederatedAuthenticatorConfig();
UserDefinedAuthenticatorEndpointConfig.UserDefinedAuthenticatorEndpointConfigBuilder endpointConfigBuilder =
new UserDefinedAuthenticatorEndpointConfig.UserDefinedAuthenticatorEndpointConfigBuilder();
endpointConfigBuilder.uri(config.endpoint.getUri());
endpointConfigBuilder.authenticationType(config.endpoint.getAuthentication().getType().toString());
endpointConfigBuilder.authenticationProperties(config.endpoint.getAuthentication().getProperties()
.entrySet().stream().collect(Collectors.toMap(
Map.Entry::getKey, entry -> entry.getValue().toString())));
if (config.endpoint.getAuthentication().getProperties() != null) {
endpointConfigBuilder.authenticationProperties(config.endpoint.getAuthentication().getProperties()
.entrySet().stream().collect(Collectors.toMap(
Map.Entry::getKey, entry -> entry.getValue().toString())));
}
authConfig.setEndpointConfig(endpointConfigBuilder.build());

return authConfig;
Expand All @@ -236,7 +237,41 @@ private static UserDefinedFederatedAuthenticatorConfig createUserDefinedFederate
}
}

private static void validateUserDefinedFederatedAuthenticatorModel(Config config)
private static void validateFederatedAuthenticatorConfigForCreateRequest(Config config)
throws IdentityProviderManagementClientException {

if (config.definedByType == DefinedByType.SYSTEM) {
validateSystemDefinedFederatedAuthenticatorModel(config);
} else {
validateUserDefinedFederatedAuthenticatorModelForCreateRequest(config);
}
}

private static void validateUserDefinedFederatedAuthenticatorModelForCreateRequest(Config config)
throws IdentityProviderManagementClientException {

validateUserDefinedFederatedAuthenticatorModelForUpdateRequest(config);
if (config.endpoint.getAuthentication().getProperties() == null ||
config.endpoint.getAuthentication().getProperties().isEmpty()) {
throw new IdentityProviderManagementClientException(
Constants.ErrorMessage.ERROR_CODE_INVALID_INPUT.getCode(),
Constants.ErrorMessage.ERROR_CODE_INVALID_INPUT.getMessage(),
"Endpoint authentication properties must be provided for user defined federated authenticator: "
+ config.authenticatorName);
}
}

private static void validateFederatedAuthenticatorConfigForUpdateRequest(Config config)
throws IdentityProviderManagementClientException {

if (config.definedByType == DefinedByType.SYSTEM) {
validateSystemDefinedFederatedAuthenticatorModel(config);
} else {
validateUserDefinedFederatedAuthenticatorModelForUpdateRequest(config);
}
}

private static void validateUserDefinedFederatedAuthenticatorModelForUpdateRequest(Config config)
throws IdentityProviderManagementClientException {

// The User-defined authenticator configs must not have properties configurations; throw an error if they do.
Expand Down Expand Up @@ -337,7 +372,7 @@ private static void validateSamlMetadata(List<Property> samlAuthenticatorPropert
}

/**
* Verify if scopes have not been set in both Scopes field and Additional Query Parameters field
* Verify if scopes have not been set in both Scopes field and Additional Query Parameters field.
*
* @param oidcAuthenticatorProperties Authenticator properties of OIDC authenticator.
*/
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -848,7 +848,7 @@
<maven.buildnumber.plugin.version>1.4</maven.buildnumber.plugin.version>
<org.apache.felix.annotations.version>1.2.4</org.apache.felix.annotations.version>
<identity.governance.version>1.11.27</identity.governance.version>
<carbon.identity.framework.version>7.7.180</carbon.identity.framework.version>
<carbon.identity.framework.version>7.7.185</carbon.identity.framework.version>
<maven.findbugsplugin.version>3.0.5</maven.findbugsplugin.version>
<findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
<maven.checkstyleplugin.excludes>**/gen/**/*</maven.checkstyleplugin.excludes>
Expand Down
Loading