-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add audit logs improvements #396
Conversation
@@ -0,0 +1,43 @@ | |||
package org.wso2.carbon.identity.sso.saml; | |||
/* | |||
* Copyright (c) 2023, WSO2 Inc. (https://www.wso2.org) All Rights Reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
update the license header
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed this class and moved to string constant. Using enum might give some additional restrictions. In future, we need to have an osgi service to register all the suppported events. Using that, we can have some REST API to get the supported events
|
||
} | ||
|
||
AuthenticatedUser buildAuthenticatedUser(String tenantAwareUser, String tenantDomain) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any reason not to define an access modifier?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
} | ||
|
||
return IdentityTenantUtil.getTenantDomainFromContext(); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
loggedInUser = buildAuthenticatedUser(tenantAwareLoggedInUsername, tenantDomain); | ||
} | ||
return loggedInUser; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -113,7 +136,17 @@ public SAMLSSOServiceProviderDTO addSAMLServiceProvider(SAMLSSOServiceProviderDT | |||
String message = "A Service Provider with the name: " + issuer + " is already loaded from the file system."; | |||
throw buildClientException(CONFLICTING_SAML_ISSUER, message); | |||
} | |||
return persistSAMLServiceProvider(serviceProviderDO); | |||
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = persistSAMLServiceProvider(serviceProviderDO); | |||
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){ | |
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) { |
formatting issue. check other places as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -0,0 +1,43 @@ | |||
package org.wso2.carbon.identity.sso.saml; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package should go after the license header
} | ||
|
||
public String getEventId() { | ||
return this.eventId; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check formatting
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId()); | ||
auditLogBuilder.data(buildSPData(serviceProviderDO)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId()); | |
auditLogBuilder.data(buildSPData(serviceProviderDO)); | |
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId()) | |
.data(buildSPData(serviceProviderDO)); |
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId()); | ||
auditLogBuilder.data(buildSPData(serviceProviderDO)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId()); | |
auditLogBuilder.data(buildSPData(serviceProviderDO)); | |
SAMLLogEventConstants.EventCatalog.CREATE_SAML_APPLICATION.getEventId()) | |
.data(buildSPData(serviceProviderDO)); |
|
||
} | ||
|
||
private AuthenticatedUser getLoggedInUser(String tenantDomain) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
better if we can make the return type Optional
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
|
||
} | ||
|
||
private AuthenticatedUser getLoggedInUser(String tenantDomain) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
private AuthenticatedUser getLoggedInUser(String tenantDomain) { | |
private Optional<AuthenticatedUser> getLoggedInUser(String tenantDomain) { |
AuthenticatedUser loggedInUser = null; | ||
if (StringUtils.isNotEmpty(tenantAwareLoggedInUsername)) { | ||
loggedInUser = buildAuthenticatedUser(tenantAwareLoggedInUsername, tenantDomain); | ||
} | ||
return loggedInUser; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AuthenticatedUser loggedInUser = null; | |
if (StringUtils.isNotEmpty(tenantAwareLoggedInUsername)) { | |
loggedInUser = buildAuthenticatedUser(tenantAwareLoggedInUsername, tenantDomain); | |
} | |
return loggedInUser; | |
return Optional.ofNullable(tenantAwareLoggedInUsername) | |
.filter(StringUtils::isNotEmpty) | |
.map(username -> buildAuthenticatedUser(username, tenantDomain)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
|
||
return persistSAMLServiceProvider(samlssoServiceProviderDO); | ||
SAMLSSOServiceProviderDTO samlssoServiceProviderDTO = persistSAMLServiceProvider(samlssoServiceProviderDO); | ||
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check formatting
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){ | |
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
return persistenceManager.removeServiceProvider(registry, issuer); | ||
boolean isSuccess = persistenceManager.removeServiceProvider(registry, issuer); | ||
if (isSuccess) { | ||
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()){ | |
if (ApplicationMgtUtil.isLegacyAuditLogsDisabledInAppMgt()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
d8be135
to
be51fcc
Compare
PR builder started |
PR builder completed |
PR builder started |
PR builder completed |
} | ||
return IdentityTenantUtil.getTenantDomainFromContext(); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
String loggedInUserId = CarbonContext.getThreadLocalCarbonContext().getUserId(); | ||
if (StringUtils.isNotBlank(loggedInUserId)){ | ||
return Optional.of(loggedInUserId); | ||
} else { | ||
String tenantDomain = getLoggedInTenantDomain(); | ||
Optional<AuthenticatedUser> loggedInUser = getLoggedInUser(tenantDomain); | ||
if (loggedInUser.isPresent()) { | ||
return Optional.ofNullable(IdentityUtil.getInitiatorId(loggedInUser.get().getUserName(), tenantDomain)); | ||
} | ||
} | ||
return Optional.empty(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
String loggedInUserId = CarbonContext.getThreadLocalCarbonContext().getUserId(); | |
if (StringUtils.isNotBlank(loggedInUserId)){ | |
return Optional.of(loggedInUserId); | |
} else { | |
String tenantDomain = getLoggedInTenantDomain(); | |
Optional<AuthenticatedUser> loggedInUser = getLoggedInUser(tenantDomain); | |
if (loggedInUser.isPresent()) { | |
return Optional.ofNullable(IdentityUtil.getInitiatorId(loggedInUser.get().getUserName(), tenantDomain)); | |
} | |
} | |
return Optional.empty(); | |
return Optional.ofNullable(CarbonContext.getThreadLocalCarbonContext().getUserId()) | |
.filter(StringUtils::isNotBlank) | |
.or(() -> getLoggedInUser(getLoggedInTenantDomain()) | |
.map(loggedInUser -> IdentityUtil.getInitiatorId(loggedInUser.getUserName(), getLoggedInTenantDomain()))); |
6ebfe95
to
bff5251
Compare
...ntity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
Outdated
Show resolved
Hide resolved
PR builder started |
PR builder completed |
PassiveSTSTests are failing. It is not related to this flow, and this is an intermittent test failure. Hence merging the PR.
|
Fixes part of wso2/product-is#5037
Create SAML application
This PR adds new audit logs for SAML application management.
To enable these audit logs, we need to add below config in the deployment.toml file
By adding below config, you can enable new audit logs only for application management component, and the legacy audit logs will be available for other components.
By adding below config, you can enable new audit logs , and the legacy audit logs will not available for other components. These new audit logs are currently inprogress only for application-mgt component
Sample audit logs
Create SAML app
Update SAML app protocol configs
Delete SAML application