Process user groups with custom logic post SAML authentication
Hi All,
I have scenario where I want to process and transform the user groups received in SAML response post authentication to the format that matches with AEM groups and assign the users to the groups. Our application is running on Cloud Service.
@8220494(name = "CustomAuthenticationInfoPostProcessor", service = AuthenticationInfoPostProcessor.class, immediate = true)
public class CustomAuthenticationInfoPostProcessor implements AuthenticationInfoPostProcessor {
public static final Logger LOG = LoggerFactory.getLogger(CustomAuthenticationInfoPostProcessor.class);
@3214626
private SlingSettingsService slingSettingsService;
@3214626
private ResourceResolverFactory resolverFactory;
private ResourceResolver resolver;
@9944223
public void postProcess(AuthenticationInfo info, HttpServletRequest request, HttpServletResponse response) {
//HttpServletRequest httpRequest = null;
LOG.info("CustomAuthenticationInfoPostProcessor invoked");
LOG.info("HttpServletRequest data"+request.getAuthType()+","+request.getContextPath()+","+request.getHeaderNames().toString()+","+request.getRequestURL());
//httpRequest = request;
String requestURL = request.getRequestURL().toString();
Set<String> runModes = slingSettingsService.getRunModes();
LOG.info("runModes : "+runModes);
if (runModes.contains("publish") && requestURL.contains("custompath/saml_login")
) {
if (info != null) {
LOG.info("info not null ");
Map<String, Object> params = new HashMap<>();
params.put(ResourceResolverFactory.SUBSERVICE, "userManagerService");
LOG.info("params : "+params);
try {
LOG.debug("resolverFactory:"+resolverFactory);
resolver = resolverFactory.getServiceResourceResolver(params);
LOG.debug("resolver:"+resolver);
String userID = info.getUser();
LOG.info("userID : "+userID);
if (StringUtils.isNotEmpty(userID)) {
Session session = resolver.adaptTo(Session.class);
UserManager userManager = resolver.adaptTo(UserManager.class);
Authorizable user;
try {
user = userManager.getAuthorizable(userID);
if (user != null) {
LOG.info("user is available");
Set<String> userGroupsToAdd = getGroupsFromAttributes(user);
if (user != null && userGroupsToAdd != null) {
LOG.info("Syncing user groups: " + user.getID() + " " + userGroupsToAdd.toString());
}
Set<String> existingGroupNames = new HashSet<>();
Iterator<Authorizable> iter = userManager.findAuthorizables("jcr:primaryType","rep:Group");
while (iter.hasNext()) {
Authorizable authorizable = iter.next();
if (authorizable.getPath().startsWith("/home/groups/customerpath")) {
LOG.info("authorizable.getID().toLowerCase(): "+authorizable.getID().toLowerCase());
existingGroupNames.add(authorizable.getID().toLowerCase());
}
}
for (String existingGroupName : existingGroupNames) {
LOG.info("existingGroupName: "+existingGroupName);
if (userManager.getAuthorizable(existingGroupName) != null) {
if (userGroupsToAdd.contains(existingGroupName)) {
((Group) userManager.getAuthorizable(existingGroupName)).addMember(user);
} else {
((Group) userManager.getAuthorizable(existingGroupName)).removeMember(user);
}
}
}
session.save();
}
} catch (RepositoryException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
} catch (LoginException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
I dont see code getting executed after LOG.info("params : "+params); is there any auto terminate that will happen if certain condition is not met in the Authentication framework.
Can you suggest the best approach to solve this problem.
Thanks all in advance