/** * @param provisioningEntity * @param provisionByRoleList * @param tenantDomain * @return * @throws CarbonException * @throws UserStoreException */ protected boolean canUserBeProvisioned(ProvisioningEntity provisioningEntity, String[] provisionByRoleList, String tenantDomain) throws UserStoreException, CarbonException { if (provisioningEntity.getEntityType() != ProvisioningEntityType.USER || provisionByRoleList == null || provisionByRoleList.length == 0) { // we apply restrictions only for users. // if service provider's out-bound provisioning configuration does not define any roles // to be provisioned then we apply no restrictions. return true; } String userName = getUserName(provisioningEntity.getAttributes()); List<String> roleListOfUser = getUserRoles(userName, tenantDomain); for (String provisionByRole : provisionByRoleList) { if (roleListOfUser.contains(provisionByRole)) { return true; } } return false; }
/** * @param identityProviderName * @param connectorType * @param provisioningEntity * @param tenantId * @throws IdentityApplicationManagementException */ public void addProvisioningEntity(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException { provisioningMgtDAO.addProvisioningEntity(identityProviderName, connectorType, provisioningEntity, tenantId); if (log.isDebugEnabled()) { log.debug("Caching newly added Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + "&& provisioningIdentifier=" + provisioningEntity.getIdentifier().getIdentifier()); } ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity, tenantDomain); ProvisioningEntityCacheEntry entry = new ProvisioningEntityCacheEntry(); ProvisioningEntity cachedProvisioningEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getOperation()); ProvisionedIdentifier provisionedIdentifier = provisioningEntity.getIdentifier(); cachedProvisioningEntity.setIdentifier(provisionedIdentifier); entry.setProvisioningEntity(cachedProvisioningEntity); provisioningEntityCache.addToCache(cacheKey, entry); }
@Override public ProvisionedIdentifier provision(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException { String provisionedId = null; if (provisioningEntity.isJitProvisioning() && !isJitProvisioningEnabled()) { log.debug("JIT provisioning disabled for SPML connector"); return null; } if (provisioningEntity != null) { if (provisioningEntity.getEntityType() == ProvisioningEntityType.USER) { if (provisioningEntity.getOperation() == ProvisioningOperation.DELETE) { deleteUser(provisioningEntity); } else if (provisioningEntity.getOperation() == ProvisioningOperation.PUT) { updateUser(provisioningEntity); } else if (provisioningEntity.getOperation() == ProvisioningOperation.POST) { provisionedId = createUser(provisioningEntity); } else { log.warn("Unsupported provisioning opertaion."); } } else { log.warn("Unsupported provisioning opertaion."); } } // creates a provisioned identifier for the provisioned user. ProvisionedIdentifier identifier = new ProvisionedIdentifier(); identifier.setIdentifier(provisionedId); return identifier; }
private String generateMessageOnFailureProvisioningOperation(String idPName, String connectorType, ProvisioningEntity provisioningEntity) { if (log.isDebugEnabled()) { String errMsg = "Provisioning failed for IDP = " + idPName + " " + "Connector Type =" + connectorType + " "; errMsg += " Provisioned entity name = " + provisioningEntity.getEntityName() + " For operation = " + provisioningEntity.getOperation() + " " + "failed "; log.error(errMsg); } return "Provisioning failed for IDP = " + idPName + " " + "with Entity name=" + provisioningEntity.getEntityName(); }
/** * Initiates the SCIM2 operation. * * @param provisioningEntity * @return provisionedEntity * @throws IdentityProvisioningException */ @Override public ProvisionedIdentifier provision(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException { if (provisioningEntity != null) { if (provisioningEntity.isJitProvisioning() && !isJitProvisioningEnabled()) { log.debug("JIT provisioning disabled for SCIM 2.0 connector"); return null; } if (provisioningEntity.getEntityType() == ProvisioningEntityType.USER) { provisionUser(provisioningEntity); } else if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP) { provisionGroup(provisioningEntity); } else { log.warn("Unsupported provisioning entity : " + provisioningEntity.getEntityName()); } } return null; }
if(provisioningEntity.getEntityName() == null) { setProvisioningEntityName(provisioningEntity); ProvisioningOperation provisioningOp = provisioningEntity.getOperation(); if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList (provisionByRoleList).contains(provisioningEntity.getEntityName())) { Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes(); List<String> newUsersList = attributes.get(ClaimMapping.build( IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false)); outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.POST, mappedUserClaims); Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, tenantDomainName, connector, connectorType, idPName, dao); outboundProEntity.setIdentifier(provisionedIdentifier); outboundProEntity.setJitProvisioning(jitProvisioning); boolean isBlocking = entry.getValue().isBlocking(); executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking); outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.DELETE, mappedUserClaims); Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, tenantDomainName, connector, connectorType, idPName, dao); outboundProEntity.setIdentifier(provisionedUserIdentifier); outboundProEntity.setJitProvisioning(jitProvisioning); boolean isBlocking = entry.getValue().isBlocking(); executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
provisioningEntity.getAttributes(); ProvisioningEntityType provisioningEntityType = provisioningEntity.getEntityType(); ProvisioningOperation provisioningOperation = provisioningEntity.getOperation(); .setEntityName(UserCoreUtil.addDomainToName(provisionedEntityName, userStoreDomain)); return provisioningEntity;
"identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Hence remove from cache"); "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName());
if (provisioningEntity.getOperation() == ProvisioningOperation.DELETE) { deleteProvisionedEntityIdentifier(idPName, connectorType, provisioningEntity, tenantDomainName); } else if (provisioningEntity.getOperation() == ProvisioningOperation.POST) { provisioningEntity.setIdentifier(provisionedIdentifier); } else if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && provisioningEntity.getOperation() == ProvisioningOperation.PUT) { String errMsg = " Provisioning for Entity " + provisioningEntity.getEntityName() + " For operation = " + provisioningEntity.getOperation(); log.error(errMsg, e); throw new IdentityProvisioningException(errMsg, e);
prepStmt.setString(2, provisioningEntity.getEntityType().toString()); prepStmt.setString(3, IdentityUtil.extractDomainFromName(provisioningEntity.getEntityName())); prepStmt.setString(4, UserCoreUtil.removeDomainFromName(provisioningEntity.getEntityName())); prepStmt.setString(5, provisioningEntity.getIdentifier().getIdentifier()); prepStmt.setInt(6, tenantId); prepStmt.setString(7, localId);
if (provisioningEntity.isJitProvisioning() && !isJitProvisioningEnabled()) { log.debug("JIT provisioning disabled for Salesforce connector"); return null; if (provisioningEntity.getEntityType() == ProvisioningEntityType.USER) { if (provisioningEntity.getOperation() == ProvisioningOperation.DELETE) { deleteUser(provisioningEntity); } else if (provisioningEntity.getOperation() == ProvisioningOperation.POST) { provisionedId = createUser(provisioningEntity); } else if (provisioningEntity.getOperation() == ProvisioningOperation.PUT) { update(provisioningEntity.getIdentifier().getIdentifier(), buildJsonObject(provisioningEntity)); } else {
ProvisioningRuleConstanats.XACML_CATAGORY_USER); RowDTO userDTO = createRowDTO(provisioningEntity.getEntityName(), EntitlementPolicyConstants.STRING_DATA_TYPE, ProvisioningRuleConstanats.XACML_ATTRIBUTE_USER, ProvisioningRuleConstanats .XACML_CATAGORY_USER); ProvisioningRuleConstanats.XACML_CATAGORY_IDENTITY_ACTION); if (provisioningEntity.getOperation().equals(ProvisioningOperation.POST)) { RowDTO provisioningClaimGroupDTO = createRowDTO(StringUtils.substringBetween(provisioningEntity.getAttributes().get(ClaimMapping.build( IdentityProvisioningConstants.GROUP_CLAIM_URI, null, null, false)).toString(), "[", "]"), EntitlementPolicyConstants.STRING_DATA_TYPE, createRowDTO(provisioningEntity.getOperation().toString(), EntitlementPolicyConstants.STRING_DATA_TYPE, ProvisioningRuleConstanats.XACML_ATTRIBUTE_OPERATION, ProvisioningRuleConstanats.XACML_CATAGORY_PROVISIONING); if (provisioningEntity.getInboundAttributes() != null) { Iterator<Map.Entry<String, String>> claimIterator = provisioningEntity.getInboundAttributes().entrySet ().iterator(); while (claimIterator.hasNext()) {
private String getLocalIdFromProvisioningEntity(ProvisioningEntity provisioningEntity) { Map<org.wso2.carbon.identity.application.common.model.ClaimMapping, List<String>> attributeMap = provisioningEntity.getAttributes(); if (!attributeMap.isEmpty()) { List<String> attributeValues = attributeMap.get(org.wso2.carbon.identity.application.common.model.ClaimMapping.build( IdentityProvisioningConstants.ID_CLAIM_URI, null, null, false)); if (attributeValues != null && !attributeValues.isEmpty()) { return attributeValues.get(0); } } return null; }
ProvisionedIdentifier provisionedIdentifier = provisioningEntity.getIdentifier(); + provisioningEntity.getEntityName(), e); log.debug("updating user :" + provisioningEntity.getEntityName() + " with the primaryEmail : " + provisionedIdentifier.getIdentifier());
spml2Client.setSOAPAction("SPMLModifyRequest"); if (provisioningEntity != null && provisioningEntity.getIdentifier() != null) { provisioningIdentifier = provisioningEntity.getIdentifier().getIdentifier(); } else { if (isDebugEnabled) { Modification modification = new Modification(); Map<String, String> claims = getSingleValuedClaims(provisioningEntity.getAttributes()); Iterator claimsKeySet = claims.entrySet().iterator();
private ProvisioningEntity getInboundProvisioningEntity(ProvisioningEntity provisioningEntity, String tenantDomain, ProvisioningOperation operation, String userName) throws CarbonException, UserStoreException { Map<ClaimMapping, List<String>> outboundAttributes = new HashMap<>(); if (userName != null) { outboundAttributes.put(ClaimMapping.build( IdentityProvisioningConstants.USERNAME_CLAIM_URI, null, null, false), Arrays.asList(new String[]{userName})); } List<String> roleListOfUser = getUserRoles(userName, tenantDomain); if (roleListOfUser != null) { outboundAttributes.put(ClaimMapping.build( IdentityProvisioningConstants.GROUP_CLAIM_URI, null, null, false), roleListOfUser); } String domainAwareName = userName; String domainName = getDomainFromName(provisioningEntity.getEntityName()); if (domainName != null && !domainName.equals(UserCoreConstants.INTERNAL_DOMAIN)) { if (log.isDebugEnabled()) { log.debug("Adding domain name : " + domainName + " to user : " + userName); } domainAwareName = UserCoreUtil.addDomainToName(userName, domainName); } ProvisioningEntity inboundProvisioningEntity = new ProvisioningEntity( ProvisioningEntityType.USER, domainAwareName, operation, outboundAttributes); inboundProvisioningEntity.setInboundAttributes(getUserClaims(userName, tenantDomain)); return inboundProvisioningEntity; }
List<String> groupNames = getGroupNames(groupEntity.getAttributes()); String groupName = null; if (CollectionUtils.isNotEmpty(groupNames)) { List<String> userList = getUserNames(groupEntity.getAttributes()); setGroupMembers(group, userList); scimProvsioningClient = new ProvisioningClient(scimProvider, group, additionalInformation); if (ProvisioningOperation.PUT.equals(groupEntity.getOperation())) { scimProvsioningClient.provisionUpdateGroup();
Map<String, String> inboundAttributes = provisioningEntity.getInboundAttributes(); inboundAttributes, spClaimMappings, provisioningEntity.getAttributes(), tenantDomainName); } else { inboundAttributes, inboundClaimDialect, provisioningEntity.getAttributes(), tenantDomainName); inboundAttributes, spClaimMappings, provisioningEntity.getAttributes()); } else { inboundAttributes, inboundClaimDialect, provisioningEntity.getAttributes(), tenantDomainName);
/** * Alter username while changing user to active state to inactive state. This is necessary when adding previously * deleted users. * * @param provisioningEntity * @return * @throws IdentityProvisioningException */ protected String alterUsername(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException { if (StringUtils.isBlank(provisioningEntity.getEntityName())) { throw new IdentityProvisioningException("Could Not Find Entity Name from Provisioning Entity"); } String alteredUsername = SalesforceConnectorConstants.SALESFORCE_OLD_USERNAME_PREFIX + UUIDGenerator.generateUUID() + provisioningEntity.getEntityName(); if (log.isDebugEnabled()) { log.debug("Alter username: " + provisioningEntity.getEntityName() + " to: " + alteredUsername + "while deleting user"); } return alteredUsername; } }
ProvisioningEntity provisioningEntity = new ProvisioningEntity( ProvisioningEntityType.USER, domainAwareName, ProvisioningOperation.PATCH, outboundAttributes); provisioningEntity.setInboundAttributes(inboundAttributes);