gluu
公開メンバ関数 | 公開変数類 | 全メンバ一覧
cred-manager-external_super_gluu.PersonAuthentication クラス
cred-manager-external_super_gluu.PersonAuthentication の継承関係図
Inheritance graph
cred-manager-external_super_gluu.PersonAuthentication 連携図
Collaboration graph

公開メンバ関数

def __init__ (self, currentTimeMillis)
 
def init (self, configurationAttributes)
 
def destroy (self, configurationAttributes)
 
def getApiVersion (self)
 
def isValidAuthenticationMethod (self, usageType, configurationAttributes)
 
def getAlternativeAuthenticationMethod (self, usageType, configurationAttributes)
 
def authenticate (self, configurationAttributes, requestParameters, step)
 
def prepareForStep (self, configurationAttributes, requestParameters, step)
 
def getNextStep (self, configurationAttributes, requestParameters, step)
 
def getExtraParametersForStep (self, configurationAttributes, step)
 
def getCountAuthenticationSteps (self, configurationAttributes)
 
def getPageForStep (self, configurationAttributes, step)
 
def logout (self, configurationAttributes, requestParameters)
 
def processBasicAuthentication (self, credentials)
 
def validateSessionDeviceStatus (self, client_redirect_uri, session_device_status, user_name=None)
 
def getSessionDeviceStatus (self, session_attributes, user_name)
 
def initPushNotificationService (self, configurationAttributes)
 
def initNativePushNotificationService (self, configurationAttributes)
 
def initSnsPushNotificationService (self, configurationAttributes)
 
def initGluuPushNotificationService (self, configurationAttributes)
 
def loadPushNotificationCreds (self, configurationAttributes)
 
def sendPushNotification (self, client_redirect_uri, user, super_gluu_request)
 
def sendPushNotificationImpl (self, client_redirect_uri, user, super_gluu_request)
 
def getTargetEndpointArn (self, deviceRegistrationService, pushSnsService, platform, user, u2fDevice)
 
def getClientRedirecUri (self, session_attributes)
 
def setRequestScopedParameters (self, identity, step)
 
def addGeolocationData (self, session_attributes, super_gluu_request_dictionary)
 
def determineGeolocationData (self, remote_ip)
 
def isUserMemberOfGroup (self, user, attribute, group)
 
def processAuditGroup (self, user, attribute, group)
 
def hasEnrollments (self, configurationAttributes, user)
 

公開変数類

 currentTimeMillis
 
 client_redirect_uri
 
 registrationUri
 
 oneStep
 
 twoStep
 
 enabledPushNotifications
 
 androidUrl
 
 IOSUrl
 
 customLabel
 
 customQrOptions
 
 use_super_gluu_group
 
 super_gluu_group
 
 use_audit_group
 
 audit_group
 
 audit_email
 
 audit_attribute
 
 pushAndroidService
 
 pushAppleService
 
 pushSnsMode
 
 pushGluuMode
 
 pushAppleServiceProduction
 
 pushAndroidPlatformArn
 
 pushApplePlatformArn
 
 pushAndroidServiceAuth
 
 pushAppleServiceAuth
 

詳解

構築子と解体子

◆ __init__()

def cred-manager-external_super_gluu.PersonAuthentication.__init__ (   self,
  currentTimeMillis 
)
33  def __init__(self, currentTimeMillis):
34  self.currentTimeMillis = currentTimeMillis
35 

関数詳解

◆ addGeolocationData()

def cred-manager-external_super_gluu.PersonAuthentication.addGeolocationData (   self,
  session_attributes,
  super_gluu_request_dictionary 
)
946  def addGeolocationData(self, session_attributes, super_gluu_request_dictionary):
947  if session_attributes.containsKey("remote_ip"):
948  remote_ip = session_attributes.get("remote_ip")
949  if StringHelper.isNotEmpty(remote_ip):
950  print "Super-Gluu. Prepare for step 2. Adding req_ip and req_loc to super_gluu_request"
951  super_gluu_request_dictionary['req_ip'] = remote_ip
952 
953  remote_loc_dic = self.determineGeolocationData(remote_ip)
954  if remote_loc_dic == None:
955  print "Super-Gluu. Prepare for step 2. Failed to determine remote location by remote IP '%s'" % remote_ip
956  return
957 
958  remote_loc = "%s, %s, %s" % ( remote_loc_dic['country'], remote_loc_dic['regionName'], remote_loc_dic['city'] )
959  remote_loc_encoded = urllib.quote(remote_loc)
960  super_gluu_request_dictionary['req_loc'] = remote_loc_encoded
961 

◆ authenticate()

def cred-manager-external_super_gluu.PersonAuthentication.authenticate (   self,
  configurationAttributes,
  requestParameters,
  step 
)
128  def authenticate(self, configurationAttributes, requestParameters, step):
129  authenticationService = CdiUtil.bean(AuthenticationService)
130 
131  identity = CdiUtil.bean(Identity)
132  credentials = identity.getCredentials()
133 
134  session_attributes = identity.getSessionId().getSessionAttributes()
135 
136  client_redirect_uri = self.getClientRedirecUri(session_attributes)
137  if client_redirect_uri == None:
138  print "Super-Gluu. Authenticate. redirect_uri is not set"
139  return False
140 
141  self.setRequestScopedParameters(identity, step)
142 
143  # Validate form result code and initialize QR code regeneration if needed (retry_current_step = True)
144  identity.setWorkingParameter("retry_current_step", False)
145  form_auth_result = ServerUtil.getFirstValue(requestParameters, "auth_result")
146  if StringHelper.isNotEmpty(form_auth_result):
147  print "Super-Gluu. Authenticate for step %s. Get auth_result: '%s'" % (step, form_auth_result)
148  if form_auth_result in ['error']:
149  return False
150 
151  if form_auth_result in ['timeout']:
152  if ((step == 1) and self.oneStep) or ((step == 2) and self.twoStep):
153  print "Super-Gluu. Authenticate for step %s. Reinitializing current step" % step
154  identity.setWorkingParameter("retry_current_step", True)
155  return False
156 
157  userService = CdiUtil.bean(UserService)
158  deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)
159  if step == 1:
160  print "Super-Gluu. Authenticate for step 1"
161 
162  user_name = credentials.getUsername()
163  if self.oneStep:
164  #This branch will never be taken
165  session_device_status = self.getSessionDeviceStatus(session_attributes, user_name)
166  if session_device_status == None:
167  return False
168 
169  u2f_device_id = session_device_status['device_id']
170 
171  validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status)
172  if validation_result:
173  print "Super-Gluu. Authenticate for step 1. User successfully authenticated with u2f_device '%s'" % u2f_device_id
174  else:
175  return False
176 
177  if not session_device_status['one_step']:
178  print "Super-Gluu. Authenticate for step 1. u2f_device '%s' is not one step device" % u2f_device_id
179  return False
180 
181  # There are two steps only in enrollment mode
182  if session_device_status['enroll']:
183  return validation_result
184 
185  identity.setWorkingParameter("super_gluu_count_login_steps", 1)
186 
187  user_inum = session_device_status['user_inum']
188 
189  u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id, "oxId")
190  if u2f_device == None:
191  print "Super-Gluu. Authenticate for step 1. Failed to load u2f_device '%s'" % u2f_device_id
192  return False
193 
194  logged_in = authenticationService.authenticate(user_name)
195  if not logged_in:
196  print "Super-Gluu. Authenticate for step 1. Failed to authenticate user '%s'" % user_name
197  return False
198 
199  print "Super-Gluu. Authenticate for step 1. User '%s' successfully authenticated with u2f_device '%s'" % (user_name, u2f_device_id)
200 
201  return True
202  elif self.twoStep:
203  authenticated_user = self.processBasicAuthentication(credentials)
204  if authenticated_user == None:
205  return False
206 
207  if (self.use_super_gluu_group):
208  print "Super-Gluu. Authenticate for step 1. Checking if user belong to super_gluu group"
209  is_member_super_gluu_group = self.isUserMemberOfGroup(authenticated_user, self.audit_attribute, self.super_gluu_group)
210  if (is_member_super_gluu_group):
211  print "Super-Gluu. Authenticate for step 1. User '%s' member of super_gluu group" % authenticated_user.getUserId()
212  super_gluu_count_login_steps = 2
213  else:
214  if self.use_audit_group:
215  self.processAuditGroup(authenticated_user, self.audit_attribute, self.audit_group)
216  super_gluu_count_login_steps = 1
217 
218  identity.setWorkingParameter("super_gluu_count_login_steps", super_gluu_count_login_steps)
219 
220  if super_gluu_count_login_steps == 1:
221  return True
222 
223  auth_method = 'authenticate'
224  enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton")
225  if StringHelper.isNotEmpty(enrollment_mode):
226  auth_method = 'enroll'
227 
228  if auth_method == 'authenticate':
229  user_inum = userService.getUserInum(authenticated_user)
230  u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, "oxId")
231  if u2f_devices_list.size() == 0:
232  auth_method = 'enroll'
233  print "Super-Gluu. Authenticate for step 1. There is no U2F '%s' user devices associated with application '%s'. Changing auth_method to '%s'" % (user_name, client_redirect_uri, auth_method)
234 
235  print "Super-Gluu. Authenticate for step 1. auth_method: '%s'" % auth_method
236 
237  identity.setWorkingParameter("super_gluu_auth_method", auth_method)
238 
239  return True
240 
241  return False
242  elif step == 2:
243  print "Super-Gluu. Authenticate for step 2"
244 
245  user = authenticationService.getAuthenticatedUser()
246  if (user == None):
247  print "Super-Gluu. Authenticate for step 2. Failed to determine user name"
248  return False
249  user_name = user.getUserId()
250 
251  session_attributes = identity.getSessionId().getSessionAttributes()
252 
253  session_device_status = self.getSessionDeviceStatus(session_attributes, user_name)
254  if session_device_status == None:
255  return False
256 
257  u2f_device_id = session_device_status['device_id']
258 
259  # There are two steps only in enrollment mode
260  if self.oneStep and session_device_status['enroll']:
261  authenticated_user = self.processBasicAuthentication(credentials)
262  if authenticated_user == None:
263  return False
264 
265  user_inum = userService.getUserInum(authenticated_user)
266 
267  attach_result = deviceRegistrationService.attachUserDeviceRegistration(user_inum, u2f_device_id)
268 
269  print "Super-Gluu. Authenticate for step 2. Result after attaching u2f_device '%s' to user '%s': '%s'" % (u2f_device_id, user_name, attach_result)
270 
271  return attach_result
272  elif self.twoStep:
273  if user_name == None:
274  print "Super-Gluu. Authenticate for step 2. Failed to determine user name"
275  return False
276 
277  validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status, user_name)
278  if validation_result:
279  print "Super-Gluu. Authenticate for step 2. User '%s' successfully authenticated with u2f_device '%s'" % (user_name, u2f_device_id)
280  else:
281  return False
282 
283  super_gluu_request = json.loads(session_device_status['super_gluu_request'])
284  auth_method = super_gluu_request['method']
285  if auth_method in ['enroll', 'authenticate']:
286  if validation_result and self.use_audit_group:
287  user = authenticationService.getAuthenticatedUser()
288  self.processAuditGroup(user, self.audit_attribute, self.audit_group)
289 
290  return validation_result
291 
292  print "Super-Gluu. Authenticate for step 2. U2F auth_method is invalid"
293 
294  return False
295  else:
296  return False
297 

◆ destroy()

def cred-manager-external_super_gluu.PersonAuthentication.destroy (   self,
  configurationAttributes 
)
110  def destroy(self, configurationAttributes):
111  print "Super-Gluu. Destroy"
112 
113  self.pushAndroidService = None
114  self.pushAppleService = None
115 
116  print "Super-Gluu. Destroyed successfully"
117  return True
118 

◆ determineGeolocationData()

def cred-manager-external_super_gluu.PersonAuthentication.determineGeolocationData (   self,
  remote_ip 
)
962  def determineGeolocationData(self, remote_ip):
963  print "Super-Gluu. Determine remote location. remote_ip: '%s'" % remote_ip
964  httpService = CdiUtil.bean(HttpService)
965 
966  http_client = httpService.getHttpsClient()
967  http_client_params = http_client.getParams()
968  http_client_params.setIntParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000)
969 
970  geolocation_service_url = "http://ip-api.com/json/%s?fields=49177" % remote_ip
971  geolocation_service_headers = { "Accept" : "application/json" }
972 
973  try:
974  http_service_response = httpService.executeGet(http_client, geolocation_service_url, geolocation_service_headers)
975  http_response = http_service_response.getHttpResponse()
976  except:
977  print "Super-Gluu. Determine remote location. Exception: ", sys.exc_info()[1]
978  return None
979 
980  try:
981  if not httpService.isResponseStastusCodeOk(http_response):
982  print "Super-Gluu. Determine remote location. Get invalid response from validation server: ", str(http_response.getStatusLine().getStatusCode())
983  httpService.consume(http_response)
984  return None
985 
986  response_bytes = httpService.getResponseContent(http_response)
987  response_string = httpService.convertEntityToString(response_bytes)
988  httpService.consume(http_response)
989  finally:
990  http_service_response.closeConnection()
991 
992  if response_string == None:
993  print "Super-Gluu. Determine remote location. Get empty response from location server"
994  return None
995 
996  response = json.loads(response_string)
997 
998  if not StringHelper.equalsIgnoreCase(response['status'], "success"):
999  print "Super-Gluu. Determine remote location. Get response with status: '%s'" % response['status']
1000  return None
1001 
1002  return response
1003 

◆ getAlternativeAuthenticationMethod()

def cred-manager-external_super_gluu.PersonAuthentication.getAlternativeAuthenticationMethod (   self,
  usageType,
  configurationAttributes 
)
125  def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
126  return None
127 

◆ getApiVersion()

def cred-manager-external_super_gluu.PersonAuthentication.getApiVersion (   self)
119  def getApiVersion(self):
120  return 2
121 

◆ getClientRedirecUri()

def cred-manager-external_super_gluu.PersonAuthentication.getClientRedirecUri (   self,
  session_attributes 
)
922  def getClientRedirecUri(self, session_attributes):
923  # Modified for cred-manager compliance.
924  #if not session_attributes.containsKey("redirect_uri"):
925  # return None
926  #return session_attributes.get("redirect_uri")
927  return self.client_redirect_uri
928 

◆ getCountAuthenticationSteps()

def cred-manager-external_super_gluu.PersonAuthentication.getCountAuthenticationSteps (   self,
  configurationAttributes 
)
416  def getCountAuthenticationSteps(self, configurationAttributes):
417  identity = CdiUtil.bean(Identity)
418  if identity.isSetWorkingParameter("super_gluu_count_login_steps"):
419  return identity.getWorkingParameter("super_gluu_count_login_steps")
420  else:
421  return 2
422 

◆ getExtraParametersForStep()

def cred-manager-external_super_gluu.PersonAuthentication.getExtraParametersForStep (   self,
  configurationAttributes,
  step 
)
402  def getExtraParametersForStep(self, configurationAttributes, step):
403  #This violates cred-manager restriction. However, self.oneStep and self.twoStep have to be False/True
404  #respectively as in this scenario only 2 or more steps make sense to call an external script dynamically.
405  #Parameter "display_register_action" used in default login.xhtml page of Gluu Server will not be set
406  if step == 1:
407  if self.oneStep:
408  return Arrays.asList("super_gluu_request")
409  elif self.twoStep:
410  return Arrays.asList("display_register_action")
411  elif step == 2:
412  return Arrays.asList("super_gluu_auth_method", "super_gluu_request")
413 
414  return None
415 

◆ getNextStep()

def cred-manager-external_super_gluu.PersonAuthentication.getNextStep (   self,
  configurationAttributes,
  requestParameters,
  step 
)
387  def getNextStep(self, configurationAttributes, requestParameters, step):
388  # If user not pass current step change step to previous
389  identity = CdiUtil.bean(Identity)
390  retry_current_step = identity.getWorkingParameter("retry_current_step")
391  if retry_current_step:
392  print "Super-Gluu. Get next step. Retrying current step"
393 
394  # Remove old QR code
395  identity.setWorkingParameter("super_gluu_request", "timeout")
396 
397  resultStep = step
398  return resultStep
399 
400  return -1
401 

◆ getPageForStep()

def cred-manager-external_super_gluu.PersonAuthentication.getPageForStep (   self,
  configurationAttributes,
  step 
)
423  def getPageForStep(self, configurationAttributes, step):
424  if step == 1:
425  if self.oneStep:
426  return "/auth/super-gluu/login.xhtml"
427  elif step == 2:
428  if self.oneStep:
429  return "/login.xhtml"
430  else:
431  identity = CdiUtil.bean(Identity)
432  authmethod = identity.getWorkingParameter("super_gluu_auth_method")
433  print "Super-Gluu. authmethod '%s'" % authmethod
434  if authmethod == "enroll":
435  return "/auth/super-gluu/login.xhtml"
436  else:
437  return "/auth/super-gluu/login.xhtml"
438 
439  return ""
440 

◆ getSessionDeviceStatus()

def cred-manager-external_super_gluu.PersonAuthentication.getSessionDeviceStatus (   self,
  session_attributes,
  user_name 
)
489  def getSessionDeviceStatus(self, session_attributes, user_name):
490  print "Super-Gluu. Get session device status"
491 
492  if not session_attributes.containsKey("super_gluu_request"):
493  print "Super-Gluu. Get session device status. There is no Super-Gluu request in session attributes"
494  return None
495 
496  # Check session state extended
497  if not session_attributes.containsKey("session_custom_state"):
498  print "Super-Gluu. Get session device status. There is no session_custom_state in session attributes"
499  return None
500 
501  session_custom_state = session_attributes.get("session_custom_state")
502  if not StringHelper.equalsIgnoreCase("approved", session_custom_state):
503  print "Super-Gluu. Get session device status. User '%s' not approve or not pass U2F authentication. session_custom_state: '%s'" % (user_name, session_custom_state)
504  return None
505 
506  # Try to find device_id in session attribute
507  if not session_attributes.containsKey("oxpush2_u2f_device_id"):
508  print "Super-Gluu. Get session device status. There is no u2f_device associated with this request"
509  return None
510 
511  # Try to find user_inum in session attribute
512  if not session_attributes.containsKey("oxpush2_u2f_device_user_inum"):
513  print "Super-Gluu. Get session device status. There is no user_inum associated with this request"
514  return None
515 
516  enroll = False
517  if session_attributes.containsKey("oxpush2_u2f_device_enroll"):
518  enroll = StringHelper.equalsIgnoreCase("true", session_attributes.get("oxpush2_u2f_device_enroll"))
519 
520  one_step = False
521  if session_attributes.containsKey("oxpush2_u2f_device_one_step"):
522  one_step = StringHelper.equalsIgnoreCase("true", session_attributes.get("oxpush2_u2f_device_one_step"))
523 
524  super_gluu_request = session_attributes.get("super_gluu_request")
525  u2f_device_id = session_attributes.get("oxpush2_u2f_device_id")
526  user_inum = session_attributes.get("oxpush2_u2f_device_user_inum")
527 
528  session_device_status = {"super_gluu_request": super_gluu_request, "device_id": u2f_device_id, "user_inum" : user_inum, "enroll" : enroll, "one_step" : one_step}
529  print "Super-Gluu. Get session device status. session_device_status: '%s'" % (session_device_status)
530 
531  return session_device_status
532 

◆ getTargetEndpointArn()

def cred-manager-external_super_gluu.PersonAuthentication.getTargetEndpointArn (   self,
  deviceRegistrationService,
  pushSnsService,
  platform,
  user,
  u2fDevice 
)
865  def getTargetEndpointArn(self, deviceRegistrationService, pushSnsService, platform, user, u2fDevice):
866  targetEndpointArn = None
867 
868  # Return endpoint ARN if it created already
869  notificationConf = u2fDevice.getDeviceNotificationConf()
870  if StringHelper.isNotEmpty(notificationConf):
871  notificationConfJson = json.loads(notificationConf)
872  targetEndpointArn = notificationConfJson['sns_endpoint_arn']
873  if StringHelper.isNotEmpty(targetEndpointArn):
874  print "Super-Gluu. Get target endpoint ARN. There is already created target endpoint ARN"
875  return targetEndpointArn
876 
877  # Create endpoint ARN
878  pushClient = None
879  pushClientAuth = None
880  platformApplicationArn = None
881  if platform == PushPlatform.GCM:
882  pushClient = self.pushAndroidService
883  if self.pushSnsMode:
884  platformApplicationArn = self.pushAndroidPlatformArn
885  if self.pushGluuMode:
886  pushClientAuth = self.pushAndroidServiceAuth
887  elif platform == PushPlatform.APNS:
888  pushClient = self.pushAppleService
889  if self.pushSnsMode:
890  platformApplicationArn = self.pushApplePlatformArn
891  if self.pushGluuMode:
892  pushClientAuth = self.pushAppleServiceAuth
893  else:
894  return None
895 
896  deviceData = u2fDevice.getDeviceData()
897  pushToken = deviceData.getPushToken()
898 
899  print "Super-Gluu. Get target endpoint ARN. Attempting to create target endpoint ARN for user: '%s'" % user.getUserId()
900  if self.pushSnsMode:
901  targetEndpointArn = pushSnsService.createPlatformArn(pushClient, platformApplicationArn, pushToken, user)
902  else:
903  customUserData = pushSnsService.getCustomUserData(user)
904  registerDeviceResponse = pushClient.registerDevice(pushClientAuth, pushToken, customUserData);
905  if registerDeviceResponse != None and registerDeviceResponse.getStatusCode() == 200:
906  targetEndpointArn = registerDeviceResponse.getEndpointArn()
907 
908  if StringHelper.isEmpty(targetEndpointArn):
909  print "Super-Gluu. Failed to get endpoint ARN for user: '%s'" % user.getUserId()
910  return None
911 
912  print "Super-Gluu. Get target endpoint ARN. Create target endpoint ARN '%s' for user: '%s'" % (targetEndpointArn, user.getUserId())
913 
914  # Store created endpoint ARN in device entry
915  userInum = user.getAttribute("inum")
916  u2fDeviceUpdate = deviceRegistrationService.findUserDeviceRegistration(userInum, u2fDevice.getId())
917  u2fDeviceUpdate.setDeviceNotificationConf('{"sns_endpoint_arn" : "%s"}' % targetEndpointArn)
918  deviceRegistrationService.updateDeviceRegistration(userInum, u2fDeviceUpdate)
919 
920  return targetEndpointArn
921 

◆ hasEnrollments()

def cred-manager-external_super_gluu.PersonAuthentication.hasEnrollments (   self,
  configurationAttributes,
  user 
)
1030  def hasEnrollments(self, configurationAttributes, user):
1031 
1032  inum = user.getAttribute("inum")
1033  devRegService = CdiUtil.bean(DeviceRegistrationService)
1034  app_id = configurationAttributes.get("client_redirect_uri").getValue2()
1035  userDevices = devRegService.findUserDeviceRegistrations(inum, app_id, "oxStatus")
1036 
1037  hasDevices = False
1038  for device in userDevices:
1039  if device.getStatus().getValue() == "active":
1040  hasDevices = True
1041  break
1042 
1043  return hasDevices

◆ init()

def cred-manager-external_super_gluu.PersonAuthentication.init (   self,
  configurationAttributes 
)
36  def init(self, configurationAttributes):
37  print "Super-Gluu. Initialization"
38 
39  # Modified for cred-manager compliance
40  self.client_redirect_uri = configurationAttributes.get("client_redirect_uri").getValue2()
41 
42  if not configurationAttributes.containsKey("authentication_mode"):
43  print "Super-Gluu. Initialization. Property authentication_mode is mandatory"
44  return False
45 
46  self.registrationUri = None
47  if configurationAttributes.containsKey("registration_uri"):
48  self.registrationUri = configurationAttributes.get("registration_uri").getValue2()
49 
50  authentication_mode = configurationAttributes.get("authentication_mode").getValue2()
51  if StringHelper.isEmpty(authentication_mode):
52  print "Super-Gluu. Initialization. Failed to determine authentication_mode. authentication_mode configuration parameter is empty"
53  return False
54 
55  self.oneStep = StringHelper.equalsIgnoreCase(authentication_mode, "one_step")
56  self.twoStep = StringHelper.equalsIgnoreCase(authentication_mode, "two_step")
57 
58  if not (self.oneStep or self.twoStep):
59  print "Super-Gluu. Initialization. Valid authentication_mode values are one_step and two_step"
60  return False
61 
62  self.enabledPushNotifications = self.initPushNotificationService(configurationAttributes)
63 
64  self.androidUrl = None
65  if configurationAttributes.containsKey("supergluu_android_download_url"):
66  self.androidUrl = configurationAttributes.get("supergluu_android_download_url").getValue2()
67 
68  self.IOSUrl = None
69  if configurationAttributes.containsKey("supergluu_ios_download_url"):
70  self.IOSUrl = configurationAttributes.get("supergluu_ios_download_url").getValue2()
71 
72  self.customLabel = None
73  if configurationAttributes.containsKey("label"):
74  self.customLabel = configurationAttributes.get("label").getValue2()
75 
76  self.customQrOptions = {}
77  if configurationAttributes.containsKey("qr_options"):
78  self.customQrOptions = configurationAttributes.get("qr_options").getValue2()
79 
80  self.use_super_gluu_group = False
81  if configurationAttributes.containsKey("super_gluu_group"):
82  self.super_gluu_group = configurationAttributes.get("super_gluu_group").getValue2()
83  self.use_super_gluu_group = True
84  print "Super-Gluu. Initialization. Using super_gluu only if user belong to group: %s" % self.super_gluu_group
85 
86  self.use_audit_group = False
87  if configurationAttributes.containsKey("audit_group"):
88  self.audit_group = configurationAttributes.get("audit_group").getValue2()
89 
90  if (not configurationAttributes.containsKey("audit_group_email")):
91  print "Super-Gluu. Initialization. Property audit_group_email is not specified"
92  return False
93 
94  self.audit_email = configurationAttributes.get("audit_group_email").getValue2()
95  self.use_audit_group = True
96 
97  print "Super-Gluu. Initialization. Using audit group: %s" % self.audit_group
98 
99  if self.use_super_gluu_group or self.use_audit_group:
100  if not configurationAttributes.containsKey("audit_attribute"):
101  print "Super-Gluu. Initialization. Property audit_attribute is not specified"
102  return False
103  else:
104  self.audit_attribute = configurationAttributes.get("audit_attribute").getValue2()
105 
106  print "Super-Gluu. Initialized successfully. oneStep: '%s', twoStep: '%s', pushNotifications: '%s', customLabel: '%s'" % (self.oneStep, self.twoStep, self.enabledPushNotifications, self.customLabel)
107 
108  return True
109 

◆ initGluuPushNotificationService()

def cred-manager-external_super_gluu.PersonAuthentication.initGluuPushNotificationService (   self,
  configurationAttributes 
)
644  def initGluuPushNotificationService(self, configurationAttributes):
645  print "Super-Gluu. Initialize Gluu notification services"
646 
647  self.pushGluuMode = True
648 
649  creds = self.loadPushNotificationCreds(configurationAttributes)
650  if creds == None:
651  return False
652 
653  try:
654  gluu_conf = creds["gluu"]
655  android_creds = creds["android"]["gluu"]
656  ios_creds = creds["ios"]["gluu"]
657  except:
658  print "Super-Gluu. Initialize Gluu notification services. Invalid credentials file format"
659  return False
660 
661  self.pushAndroidService = None
662  self.pushAppleService = None
663  if not (android_creds["enabled"] or ios_creds["enabled"]):
664  print "Super-Gluu. Initialize Gluu notification services. Gluu disabled for all platforms"
665  return False
666 
667  gluu_server_uri = gluu_conf["server_uri"]
668  notifyClientFactory = NotifyClientFactory.instance()
669  metadataConfiguration = None
670  try:
671  metadataConfiguration = notifyClientFactory.createMetaDataConfigurationService(gluu_server_uri).getMetadataConfiguration()
672  except:
673  print "Super-Gluu. Initialize Gluu notification services. Failed to load metadata. Exception: ", sys.exc_info()[1]
674  return False
675 
676  gluuClient = notifyClientFactory.createNotifyService(metadataConfiguration)
677  encryptionService = CdiUtil.bean(EncryptionService)
678 
679  if android_creds["enabled"]:
680  gluu_access_key = android_creds["access_key"]
681  gluu_secret_access_key = android_creds["secret_access_key"]
682 
683  try:
684  gluu_secret_access_key = encryptionService.decrypt(gluu_secret_access_key)
685  except:
686  # Ignore exception. Password is not encrypted
687  print "Super-Gluu. Initialize Gluu notification services. Assuming that 'gluu_secret_access_key' in not encrypted"
688 
689  self.pushAndroidService = gluuClient
690  self.pushAndroidServiceAuth = notifyClientFactory.getAuthorization(gluu_access_key, gluu_secret_access_key);
691  print "Super-Gluu. Initialize Gluu notification services. Created Android notification service"
692 
693  if ios_creds["enabled"]:
694  gluu_access_key = ios_creds["access_key"]
695  gluu_secret_access_key = ios_creds["secret_access_key"]
696 
697  try:
698  gluu_secret_access_key = encryptionService.decrypt(gluu_secret_access_key)
699  except:
700  # Ignore exception. Password is not encrypted
701  print "Super-Gluu. Initialize Gluu notification services. Assuming that 'gluu_secret_access_key' in not encrypted"
702 
703  self.pushAppleService = gluuClient
704  self.pushAppleServiceAuth = notifyClientFactory.getAuthorization(gluu_access_key, gluu_secret_access_key);
705  print "Super-Gluu. Initialize Gluu notification services. Created iOS notification service"
706 
707  enabled = self.pushAndroidService != None or self.pushAppleService != None
708 
709  return enabled
710 

◆ initNativePushNotificationService()

def cred-manager-external_super_gluu.PersonAuthentication.initNativePushNotificationService (   self,
  configurationAttributes 
)
547  def initNativePushNotificationService(self, configurationAttributes):
548  print "Super-Gluu. Initialize native notification services"
549 
550  creds = self.loadPushNotificationCreds(configurationAttributes)
551  if creds == None:
552  return False
553 
554  try:
555  android_creds = creds["android"]["gcm"]
556  ios_creds = creds["ios"]["apns"]
557  except:
558  print "Super-Gluu. Initialize native notification services. Invalid credentials file format"
559  return False
560 
561  self.pushAndroidService = None
562  self.pushAppleService = None
563  if android_creds["enabled"]:
564  self.pushAndroidService = Sender(android_creds["api_key"])
565  print "Super-Gluu. Initialize native notification services. Created Android notification service"
566 
567  if ios_creds["enabled"]:
568  p12_file_path = ios_creds["p12_file_path"]
569  p12_passowrd = ios_creds["p12_password"]
570 
571  try:
572  encryptionService = CdiUtil.bean(EncryptionService)
573  p12_passowrd = encryptionService.decrypt(p12_passowrd)
574  except:
575  # Ignore exception. Password is not encrypted
576  print "Super-Gluu. Initialize native notification services. Assuming that 'p12_passowrd' password in not encrypted"
577 
578  apnsServiceBuilder = APNS.newService().withCert(p12_file_path, p12_passowrd)
579  if ios_creds["production"]:
580  self.pushAppleService = apnsServiceBuilder.withProductionDestination().build()
581  else:
582  self.pushAppleService = apnsServiceBuilder.withSandboxDestination().build()
583 
584  self.pushAppleServiceProduction = ios_creds["production"]
585 
586  print "Super-Gluu. Initialize native notification services. Created iOS notification service"
587 
588  enabled = self.pushAndroidService != None or self.pushAppleService != None
589 
590  return enabled
591 

◆ initPushNotificationService()

def cred-manager-external_super_gluu.PersonAuthentication.initPushNotificationService (   self,
  configurationAttributes 
)
533  def initPushNotificationService(self, configurationAttributes):
534  print "Super-Gluu. Initialize Native/SNS/Gluu notification services"
535 
536  self.pushSnsMode = False
537  self.pushGluuMode = False
538  if configurationAttributes.containsKey("notification_service_mode"):
539  notificationServiceMode = configurationAttributes.get("notification_service_mode").getValue2()
540  if StringHelper.equalsIgnoreCase(notificationServiceMode, "sns"):
541  return self.initSnsPushNotificationService(configurationAttributes)
542  elif StringHelper.equalsIgnoreCase(notificationServiceMode, "gluu"):
543  return self.initGluuPushNotificationService(configurationAttributes)
544 
545  return self.initNativePushNotificationService(configurationAttributes)
546 

◆ initSnsPushNotificationService()

def cred-manager-external_super_gluu.PersonAuthentication.initSnsPushNotificationService (   self,
  configurationAttributes 
)
592  def initSnsPushNotificationService(self, configurationAttributes):
593  print "Super-Gluu. Initialize SNS notification services"
594  self.pushSnsMode = True
595 
596  creds = self.loadPushNotificationCreds(configurationAttributes)
597  if creds == None:
598  return False
599 
600  try:
601  sns_creds = creds["sns"]
602  android_creds = creds["android"]["sns"]
603  ios_creds = creds["ios"]["sns"]
604  except:
605  print "Super-Gluu. Initialize SNS notification services. Invalid credentials file format"
606  return False
607 
608  self.pushAndroidService = None
609  self.pushAppleService = None
610  if not (android_creds["enabled"] or ios_creds["enabled"]):
611  print "Super-Gluu. Initialize SNS notification services. SNS disabled for all platforms"
612  return False
613 
614  sns_access_key = sns_creds["access_key"]
615  sns_secret_access_key = sns_creds["secret_access_key"]
616  sns_region = sns_creds["region"]
617 
618  encryptionService = CdiUtil.bean(EncryptionService)
619 
620  try:
621  sns_secret_access_key = encryptionService.decrypt(sns_secret_access_key)
622  except:
623  # Ignore exception. Password is not encrypted
624  print "Super-Gluu. Initialize SNS notification services. Assuming that 'sns_secret_access_key' in not encrypted"
625 
626  pushSnsService = CdiUtil.bean(PushSnsService)
627  pushClient = pushSnsService.createSnsClient(sns_access_key, sns_secret_access_key, sns_region)
628 
629  if android_creds["enabled"]:
630  self.pushAndroidService = pushClient
631  self.pushAndroidPlatformArn = android_creds["platform_arn"]
632  print "Super-Gluu. Initialize SNS notification services. Created Android notification service"
633 
634  if ios_creds["enabled"]:
635  self.pushAppleService = pushClient
636  self.pushApplePlatformArn = ios_creds["platform_arn"]
637  self.pushAppleServiceProduction = ios_creds["production"]
638  print "Super-Gluu. Initialize SNS notification services. Created iOS notification service"
639 
640  enabled = self.pushAndroidService != None or self.pushAppleService != None
641 
642  return enabled
643 

◆ isUserMemberOfGroup()

def cred-manager-external_super_gluu.PersonAuthentication.isUserMemberOfGroup (   self,
  user,
  attribute,
  group 
)
1004  def isUserMemberOfGroup(self, user, attribute, group):
1005  is_member = False
1006  member_of_list = user.getAttributeValues(attribute)
1007  if (member_of_list != None):
1008  for member_of in member_of_list:
1009  if StringHelper.equalsIgnoreCase(group, member_of) or member_of.endswith(group):
1010  is_member = True
1011  break
1012 
1013  return is_member
1014 

◆ isValidAuthenticationMethod()

def cred-manager-external_super_gluu.PersonAuthentication.isValidAuthenticationMethod (   self,
  usageType,
  configurationAttributes 
)
122  def isValidAuthenticationMethod(self, usageType, configurationAttributes):
123  return True
124 

◆ loadPushNotificationCreds()

def cred-manager-external_super_gluu.PersonAuthentication.loadPushNotificationCreds (   self,
  configurationAttributes 
)
711  def loadPushNotificationCreds(self, configurationAttributes):
712  print "Super-Gluu. Initialize notification services"
713  if not configurationAttributes.containsKey("credentials_file"):
714  return None
715 
716  super_gluu_creds_file = configurationAttributes.get("credentials_file").getValue2()
717 
718  # Load credentials from file
719  f = open(super_gluu_creds_file, 'r')
720  try:
721  creds = json.loads(f.read())
722  except:
723  print "Super-Gluu. Initialize notification services. Failed to load credentials from file:", super_gluu_creds_file
724  return None
725  finally:
726  f.close()
727 
728  return creds
729 

◆ logout()

def cred-manager-external_super_gluu.PersonAuthentication.logout (   self,
  configurationAttributes,
  requestParameters 
)
441  def logout(self, configurationAttributes, requestParameters):
442  return True
443 

◆ prepareForStep()

def cred-manager-external_super_gluu.PersonAuthentication.prepareForStep (   self,
  configurationAttributes,
  requestParameters,
  step 
)
298  def prepareForStep(self, configurationAttributes, requestParameters, step):
299  identity = CdiUtil.bean(Identity)
300  session_attributes = identity.getSessionId().getSessionAttributes()
301 
302  client_redirect_uri = self.getClientRedirecUri(session_attributes)
303  if client_redirect_uri == None:
304  print "Super-Gluu. Prepare for step. redirect_uri is not set"
305  return False
306 
307  #This call is harmless with respect to cred-manager restrictions
308  self.setRequestScopedParameters(identity, step)
309 
310  if step == 1:
311  print "Super-Gluu. Prepare for step 1"
312  if self.oneStep:
313  #This branch will never be taken (see note in getExtraParametersForStep)
314  session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()
315  if StringHelper.isEmpty(session_id):
316  print "Super-Gluu. Prepare for step 2. Failed to determine session_id"
317  return False
318 
319  issuer = CdiUtil.bean(ConfigurationFactory).getConfiguration().getIssuer()
320  super_gluu_request_dictionary = {'app': client_redirect_uri,
321  'issuer': issuer,
322  'state': session_id,
323  'created': datetime.datetime.now().isoformat()}
324 
325  self.addGeolocationData(session_attributes, super_gluu_request_dictionary)
326 
327  super_gluu_request = json.dumps(super_gluu_request_dictionary, separators=(',',':'))
328  print "Super-Gluu. Prepare for step 1. Prepared super_gluu_request:", super_gluu_request
329 
330  identity.setWorkingParameter("super_gluu_request", super_gluu_request)
331  elif self.twoStep:
332  identity.setWorkingParameter("display_register_action", True)
333 
334  return True
335  elif step == 2:
336  print "Super-Gluu. Prepare for step 2"
337  if self.oneStep:
338  return True
339 
340  authenticationService = CdiUtil.bean(AuthenticationService)
341  user = authenticationService.getAuthenticatedUser()
342  if user == None:
343  print "Super-Gluu. Prepare for step 2. Failed to determine user name"
344  return False
345 
346  if session_attributes.containsKey("super_gluu_request"):
347  super_gluu_request = session_attributes.get("super_gluu_request")
348  if not StringHelper.equalsIgnoreCase(super_gluu_request, "timeout"):
349  print "Super-Gluu. Prepare for step 2. Request was generated already"
350  return True
351 
352  session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()
353  if StringHelper.isEmpty(session_id):
354  print "Super-Gluu. Prepare for step 2. Failed to determine session_id"
355  return False
356 
357  auth_method = session_attributes.get("super_gluu_auth_method")
358  if StringHelper.isEmpty(auth_method):
359  print "Super-Gluu. Prepare for step 2. Failed to determine auth_method"
360  return False
361 
362  print "Super-Gluu. Prepare for step 2. auth_method: '%s'" % auth_method
363 
364  issuer = CdiUtil.bean(ConfigurationFactory).getAppConfiguration().getIssuer()
365  super_gluu_request_dictionary = {'username': user.getUserId(),
366  'app': client_redirect_uri,
367  'issuer': issuer,
368  'method': auth_method,
369  'state': session_id,
370  'created': datetime.datetime.now().isoformat()}
371 
372  self.addGeolocationData(session_attributes, super_gluu_request_dictionary)
373 
374  super_gluu_request = json.dumps(super_gluu_request_dictionary, separators=(',',':'))
375  print "Super-Gluu. Prepare for step 2. Prepared super_gluu_request:", super_gluu_request
376 
377  identity.setWorkingParameter("super_gluu_request", super_gluu_request)
378  identity.setWorkingParameter("super_gluu_auth_method", auth_method)
379 
380  if auth_method in ['authenticate']:
381  self.sendPushNotification(client_redirect_uri, user, super_gluu_request)
382 
383  return True
384  else:
385  return False
386 

◆ processAuditGroup()

def cred-manager-external_super_gluu.PersonAuthentication.processAuditGroup (   self,
  user,
  attribute,
  group 
)
1015  def processAuditGroup(self, user, attribute, group):
1016  is_member = self.isUserMemberOfGroup(user, attribute, group)
1017  if (is_member):
1018  print "Super-Gluu. Authenticate for processAuditGroup. User '%s' member of audit group" % user.getUserId()
1019  print "Super-Gluu. Authenticate for processAuditGroup. Sending e-mail about user '%s' login to %s" % (user.getUserId(), self.audit_email)
1020 
1021  # Send e-mail to administrator
1022  user_id = user.getUserId()
1023  mailService = CdiUtil.bean(MailService)
1024  subject = "User log in: %s" % user_id
1025  body = "User log in: %s" % user_id
1026  mailService.sendMail(self.audit_email, subject, body)
1027 

◆ processBasicAuthentication()

def cred-manager-external_super_gluu.PersonAuthentication.processBasicAuthentication (   self,
  credentials 
)
444  def processBasicAuthentication(self, credentials):
445  authenticationService = CdiUtil.bean(AuthenticationService)
446 
447  # Modified for cred-manager compliance
448  user = authenticationService.getAuthenticatedUser()
449  if user == None:
450  user_name = credentials.getUsername()
451  user_password = credentials.getPassword()
452 
453  if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
454  authenticationService.authenticate(user_name, user_password)
455  user = authenticationService.getAuthenticatedUser()
456 
457  return user
458 

◆ sendPushNotification()

def cred-manager-external_super_gluu.PersonAuthentication.sendPushNotification (   self,
  client_redirect_uri,
  user,
  super_gluu_request 
)
730  def sendPushNotification(self, client_redirect_uri, user, super_gluu_request):
731  try:
732  self.sendPushNotificationImpl(client_redirect_uri, user, super_gluu_request)
733  except:
734  print "Super-Gluu. Send push notification. Failed to send push notification: ", sys.exc_info()[1]
735 

◆ sendPushNotificationImpl()

def cred-manager-external_super_gluu.PersonAuthentication.sendPushNotificationImpl (   self,
  client_redirect_uri,
  user,
  super_gluu_request 
)
736  def sendPushNotificationImpl(self, client_redirect_uri, user, super_gluu_request):
737  if not self.enabledPushNotifications:
738  return
739 
740  user_name = user.getUserId()
741  print "Super-Gluu. Send push notification. Loading user '%s' devices" % user_name
742 
743  send_notification = False
744  send_notification_result = True
745 
746  userService = CdiUtil.bean(UserService)
747  deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)
748 
749  user_inum = userService.getUserInum(user_name)
750 
751  send_android = 0
752  send_ios = 0
753  u2f_devices_list = deviceRegistrationService.findUserDeviceRegistrations(user_inum, client_redirect_uri, "oxId", "oxDeviceData", "oxDeviceNotificationConf")
754  if u2f_devices_list.size() > 0:
755  for u2f_device in u2f_devices_list:
756  device_data = u2f_device.getDeviceData()
757 
758  # Device data which Super-Gluu gets during enrollment
759  if device_data == None:
760  continue
761 
762  platform = device_data.getPlatform()
763  push_token = device_data.getPushToken()
764  debug = False
765 
766  if StringHelper.equalsIgnoreCase(platform, "ios") and StringHelper.isNotEmpty(push_token):
767  # Sending notification to iOS user's device
768  if self.pushAppleService == None:
769  print "Super-Gluu. Send push notification. Apple native push notification service is not enabled"
770  else:
771  send_notification = True
772 
773  title = "Super-Gluu"
774  message = "Super-Gluu login request to: %s" % client_redirect_uri
775 
776  if self.pushSnsMode or self.pushGluuMode:
777  pushSnsService = CdiUtil.bean(PushSnsService)
778  targetEndpointArn = self.getTargetEndpointArn(deviceRegistrationService, pushSnsService, PushPlatform.APNS, user, u2f_device)
779  if targetEndpointArn == None:
780  return
781 
782  send_notification = True
783 
784  sns_push_request_dictionary = { "aps":
785  { "badge": 0,
786  "alert" : {"body": message, "title" : title},
787  "category": "ACTIONABLE",
788  "content-available": "1",
789  "sound": 'default'
790  },
791  "request" : super_gluu_request
792  }
793  push_message = json.dumps(sns_push_request_dictionary, separators=(',',':'))
794 
795  if self.pushSnsMode:
796  apple_push_platform = PushPlatform.APNS
797  if not self.pushAppleServiceProduction:
798  apple_push_platform = PushPlatform.APNS_SANDBOX
799 
800  send_notification_result = pushSnsService.sendPushMessage(self.pushAppleService, apple_push_platform, targetEndpointArn, push_message, None)
801  if debug:
802  print "Super-Gluu. Send iOS SNS push notification. token: '%s', message: '%s', send_notification_result: '%s', apple_push_platform: '%s'" % (push_token, push_message, send_notification_result, apple_push_platform)
803  elif self.pushGluuMode:
804  send_notification_result = self.pushAppleService.sendNotification(self.pushAppleServiceAuth, targetEndpointArn, push_message)
805  if debug:
806  print "Super-Gluu. Send iOS Gluu push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result)
807  else:
808  additional_fields = { "request" : super_gluu_request }
809 
810  msgBuilder = APNS.newPayload().alertBody(message).alertTitle(title).sound("default")
811  msgBuilder.category('ACTIONABLE').badge(0)
812  msgBuilder.forNewsstand()
813  msgBuilder.customFields(additional_fields)
814  push_message = msgBuilder.build()
815 
816  send_notification_result = self.pushAppleService.push(push_token, push_message)
817  if debug:
818  print "Super-Gluu. Send iOS Native push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result)
819  send_ios = send_ios + 1
820 
821  if StringHelper.equalsIgnoreCase(platform, "android") and StringHelper.isNotEmpty(push_token):
822  # Sending notification to Android user's device
823  if self.pushAndroidService == None:
824  print "Super-Gluu. Send native push notification. Android native push notification service is not enabled"
825  else:
826  send_notification = True
827 
828  title = "Super-Gluu"
829  if self.pushSnsMode or self.pushGluuMode:
830  pushSnsService = CdiUtil.bean(PushSnsService)
831  targetEndpointArn = self.getTargetEndpointArn(deviceRegistrationService, pushSnsService, PushPlatform.GCM, user, u2f_device)
832  if targetEndpointArn == None:
833  return
834 
835  send_notification = True
836 
837  sns_push_request_dictionary = { "collapse_key": "single",
838  "content_available": True,
839  "time_to_live": 60,
840  "data":
841  { "message" : super_gluu_request,
842  "title" : title }
843  }
844  push_message = json.dumps(sns_push_request_dictionary, separators=(',',':'))
845 
846  if self.pushSnsMode:
847  send_notification_result = pushSnsService.sendPushMessage(self.pushAndroidService, PushPlatform.GCM, targetEndpointArn, push_message, None)
848  if debug:
849  print "Super-Gluu. Send Android SNS push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result)
850  elif self.pushGluuMode:
851  send_notification_result = self.pushAndroidService.sendNotification(self.pushAndroidServiceAuth, targetEndpointArn, push_message)
852  if debug:
853  print "Super-Gluu. Send Android Gluu push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result)
854  else:
855  msgBuilder = Message.Builder().addData("message", super_gluu_request).addData("title", title).collapseKey("single").contentAvailable(True)
856  push_message = msgBuilder.build()
857 
858  send_notification_result = self.pushAndroidService.send(push_message, push_token, 3)
859  if debug:
860  print "Super-Gluu. Send Android Native push notification. token: '%s', message: '%s', send_notification_result: '%s'" % (push_token, push_message, send_notification_result)
861  send_android = send_android + 1
862 
863  print "Super-Gluu. Send push notification. send_android: '%s', send_ios: '%s'" % (send_android, send_ios)
864 

◆ setRequestScopedParameters()

def cred-manager-external_super_gluu.PersonAuthentication.setRequestScopedParameters (   self,
  identity,
  step 
)
929  def setRequestScopedParameters(self, identity, step):
930  downloadMap = HashMap()
931  if self.registrationUri != None:
932  identity.setWorkingParameter("external_registration_uri", self.registrationUri)
933 
934  if self.androidUrl!= None and step == 1:
935  downloadMap.put("android", self.androidUrl)
936 
937  if self.IOSUrl != None and step == 1:
938  downloadMap.put("ios", self.IOSUrl)
939 
940  if self.customLabel != None:
941  identity.setWorkingParameter("super_gluu_label", self.customLabel)
942 
943  identity.setWorkingParameter("download_url",downloadMap)
944  identity.setWorkingParameter("super_gluu_qr_options", self.customQrOptions)
945 

◆ validateSessionDeviceStatus()

def cred-manager-external_super_gluu.PersonAuthentication.validateSessionDeviceStatus (   self,
  client_redirect_uri,
  session_device_status,
  user_name = None 
)
459  def validateSessionDeviceStatus(self, client_redirect_uri, session_device_status, user_name = None):
460  userService = CdiUtil.bean(UserService)
461  deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)
462 
463  u2f_device_id = session_device_status['device_id']
464 
465  u2f_device = None
466  if session_device_status['enroll'] and session_device_status['one_step']:
467  u2f_device = deviceRegistrationService.findOneStepUserDeviceRegistration(u2f_device_id)
468  if u2f_device == None:
469  print "Super-Gluu. Validate session device status. There is no one step u2f_device '%s'" % u2f_device_id
470  return False
471  else:
472  # Validate if user has specified device_id enrollment
473  user_inum = userService.getUserInum(user_name)
474 
475  if session_device_status['one_step']:
476  user_inum = session_device_status['user_inum']
477 
478  u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id)
479  if u2f_device == None:
480  print "Super-Gluu. Validate session device status. There is no u2f_device '%s' associated with user '%s'" % (u2f_device_id, user_inum)
481  return False
482 
483  if not StringHelper.equalsIgnoreCase(client_redirect_uri, u2f_device.application):
484  print "Super-Gluu. Validate session device status. u2f_device '%s' associated with other application '%s'" % (u2f_device_id, u2f_device.application)
485  return False
486 
487  return True
488 

メンバ詳解

◆ androidUrl

cred-manager-external_super_gluu.PersonAuthentication.androidUrl

◆ audit_attribute

cred-manager-external_super_gluu.PersonAuthentication.audit_attribute

◆ audit_email

cred-manager-external_super_gluu.PersonAuthentication.audit_email

◆ audit_group

cred-manager-external_super_gluu.PersonAuthentication.audit_group

◆ client_redirect_uri

cred-manager-external_super_gluu.PersonAuthentication.client_redirect_uri

◆ currentTimeMillis

cred-manager-external_super_gluu.PersonAuthentication.currentTimeMillis

◆ customLabel

cred-manager-external_super_gluu.PersonAuthentication.customLabel

◆ customQrOptions

cred-manager-external_super_gluu.PersonAuthentication.customQrOptions

◆ enabledPushNotifications

cred-manager-external_super_gluu.PersonAuthentication.enabledPushNotifications

◆ IOSUrl

cred-manager-external_super_gluu.PersonAuthentication.IOSUrl

◆ oneStep

cred-manager-external_super_gluu.PersonAuthentication.oneStep

◆ pushAndroidPlatformArn

cred-manager-external_super_gluu.PersonAuthentication.pushAndroidPlatformArn

◆ pushAndroidService

cred-manager-external_super_gluu.PersonAuthentication.pushAndroidService

◆ pushAndroidServiceAuth

cred-manager-external_super_gluu.PersonAuthentication.pushAndroidServiceAuth

◆ pushApplePlatformArn

cred-manager-external_super_gluu.PersonAuthentication.pushApplePlatformArn

◆ pushAppleService

cred-manager-external_super_gluu.PersonAuthentication.pushAppleService

◆ pushAppleServiceAuth

cred-manager-external_super_gluu.PersonAuthentication.pushAppleServiceAuth

◆ pushAppleServiceProduction

cred-manager-external_super_gluu.PersonAuthentication.pushAppleServiceProduction

◆ pushGluuMode

cred-manager-external_super_gluu.PersonAuthentication.pushGluuMode

◆ pushSnsMode

cred-manager-external_super_gluu.PersonAuthentication.pushSnsMode

◆ registrationUri

cred-manager-external_super_gluu.PersonAuthentication.registrationUri

◆ super_gluu_group

cred-manager-external_super_gluu.PersonAuthentication.super_gluu_group

◆ twoStep

cred-manager-external_super_gluu.PersonAuthentication.twoStep

◆ use_audit_group

cred-manager-external_super_gluu.PersonAuthentication.use_audit_group

◆ use_super_gluu_group

cred-manager-external_super_gluu.PersonAuthentication.use_super_gluu_group
このクラス詳解は次のファイルから抽出されました:
2018年09月30日(日) 14時45分02秒作成 - gluu / 構成:   doxygen 1.8.13