-
Notifications
You must be signed in to change notification settings - Fork 149
Zero step authentication
Madhumita Subramaniam edited this page Jul 18, 2023
·
10 revisions
from org.gluu.oxauth.util import ServerUtil
from javax.servlet.http import Cookie
from javax.faces.context import FacesContext
from org.gluu.service.cdi.util import CdiUtil
from org.gluu.oxauth.security import Identity
from org.gluu.model.custom.script.type.auth import PersonAuthenticationType
from org.gluu.oxauth.service import AuthenticationService
from org.gluu.util import StringHelper
from org.gluu.jsf2.service import FacesService
import java
class PersonAuthentication(PersonAuthenticationType):
def __init__(self, currentTimeMillis):
self.currentTimeMillis = currentTimeMillis
def init(self, customScript, configurationAttributes):
print "ZeroStep. Initialization"
print "ZeroStep. Initialized successfully"
return True
def destroy(self, configurationAttributes):
print "ZeroStep. Destroy"
print "ZeroStep. Destroyed successfully"
return True
def getAuthenticationMethodClaims(self, requestParameters):
return None
def getApiVersion(self):
return 11
def isValidAuthenticationMethod(self, usageType, configurationAttributes):
return True
def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
return None
def authenticate(self, configurationAttributes, requestParameters, step):
authenticationService = CdiUtil.bean(AuthenticationService)
if (step == 1):
print "ZeroStep. Authenticate for step 1"
identity = CdiUtil.bean(Identity)
uid = identity.getWorkingParameter("uid")
password = identity.getWorkingParameter("password")
clientId = identity.getWorkingParameter("client_id")
if (StringHelper.isNotEmptyString(clientId) and StringHelper.equalsIgnoreCase(clientId,"0711c83d-ae06-43b0-ae2c-1905d30f3399")):
if (StringHelper.isNotEmptyString(uid) and StringHelper.isNotEmptyString(password)):
logged_in = authenticationService.authenticate(uid, password)
if logged_in is True:
# save cookie
cookie = Cookie("something", "something123")
cookie.setSecure(True)
cookie.setHttpOnly(True)
cookie.setMaxAge(7 * 24 * 60 * 60) # one week
response = self.getHttpResponse()
if response != None:
print "ZeroStep. persistCookie. Adding cookie to response"
response.addCookie(cookie)
return logged_in
return False
else:
return False
def prepareForStep(self, configurationAttributes, requestParameters, step):
if (step == 1):
uid = ServerUtil.getFirstValue(requestParameters, "uid")
password = ServerUtil.getFirstValue(requestParameters, "password")
clientId = ServerUtil.getFirstValue(requestParameters, "client_id")
identity = CdiUtil.bean(Identity)
identity.setWorkingParameter("uid",uid);
identity.setWorkingParameter("password",password);
identity.setWorkingParameter("client_id",client_id);
facesService = CdiUtil.bean(FacesService)
postlogin_url = "/oxauth/postlogin.htm"
facesService.redirectToExternalURL(postlogin_url)
return True
else:
return False
def getExtraParametersForStep(self, configurationAttributes, step):
return None
def getCountAuthenticationSteps(self, configurationAttributes):
return 1
def getPageForStep(self, configurationAttributes, step):
return ""
def getNextStep(self, configurationAttributes, requestParameters, step):
return -1
def getLogoutExternalUrl(self, configurationAttributes, requestParameters):
print "ZeroStep.Get external logout URL call"
return None
def logout(self, configurationAttributes, requestParameters):
return True
def getHttpResponse(self):
try:
return FacesContext.getCurrentInstance().getExternalContext().getResponse()
except:
print "ZeroStep. Error accessing HTTP response object: ", sys.exc_info()[1]
return None
URL as follows :
https://my.gluu.server/oxauth/authorize.htm?scope=openid+profile+email+user_name&acr_values=zeroStep&response_type=code&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug&state=5aebfb0b-53bc-42e0-b970-cba48094f02e&nonce=1fa46836-8414-4721-bc3b-efbbcaed3487&client_id=0711c83d-ae06-43b0-ae2c-1905d30f3399&uid=mike1&password=mike1