From 77fed26e666b6c310a68afceaf4edfe9dd8e7dc2 Mon Sep 17 00:00:00 2001
From: "Les Wardwell (lwardwel)" <Les.Wardwell@quest.com>
Date: Wed, 5 Jul 2023 12:14:44 -0700
Subject: [PATCH 1/3] TFS 422847: Update SafeguardJava to use Core
 AuthenticationProviders

---
 .../authentication/AuthenticatorBase.java     | 55 +++++++------------
 1 file changed, 19 insertions(+), 36 deletions(-)

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
index 91d8eb4..369b90f 100644
--- a/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
+++ b/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
@@ -169,21 +169,11 @@ public String resolveProviderToScope(String provider) throws SafeguardForJavaExc
         {
             CloseableHttpResponse response;
             Map<String,String> headers = new HashMap<>();
-            Map<String,String> parameters = new HashMap<>();
             
             headers.clear();
-            parameters.clear();
-
             headers.put(HttpHeaders.ACCEPT, "application/json");
-            headers.put(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
-            parameters.put("response_type", "token");
-            parameters.put("redirect_uri", "urn:InstalledApplication");
-            parameters.put("loginRequestStep", "1");
-
-            response = rstsClient.execPOST("UserLogin/LoginController", parameters, headers, null, new JsonBody("RelayState="));
-                
-            if (response == null || (!Utils.isSuccessful(response.getStatusLine().getStatusCode())))
-                response = rstsClient.execGET("UserLogin/LoginController", parameters, headers, null);
+        
+            response = coreClient.execPOST("AuthenticationProviders", null, headers, null, null);
             
             if (response == null)
                 throw new SafeguardForJavaException("Unable to connect to RSTS to find identity provider scopes");
@@ -204,7 +194,7 @@ public String resolveProviderToScope(String provider) throws SafeguardForJavaExc
             //    - This allows the caller to specify the provider Id rather than the full RSTSProviderId.
             //    - Such a broad check could provide some issues with false matching, however since this
             //      was in the original code, this check has been left in place.
-            Provider scope = getMatchingScope(provider, knownScopes);
+            String scope = getMatchingScope(provider, knownScopes);
 
             if (scope == null)
             {
@@ -212,12 +202,12 @@ public String resolveProviderToScope(String provider) throws SafeguardForJavaExc
                 knownScopes.forEach((p) -> {
                     if (s.length() > 0)
                         s.append(", ");
-                    s.append(p.DisplayName + ", " + p.Id);
+                    s.append(p.Name + ", " + p.RstsProviderId);
                 });
                 throw new SafeguardForJavaException(String.format("Unable to find scope matching '%s' in [%s]", provider, s.toString()));
             }
             
-            return String.format("rsts:sts:primaryproviderid:%s", scope.Id);
+            return scope;
         }
         catch (SafeguardForJavaException ex) {
             throw ex;
@@ -252,35 +242,29 @@ protected void finalize() throws Throwable {
     }
     
     private class Provider {
-        private String Id;
-        private String DisplayName;
-
-        public Provider(String Id, String DisplayName) {
-            this.Id = Id;
-            this.DisplayName = DisplayName;
-        }
-
-        public String getId() {
-            return Id;
-        }
-
-        public String getDisplayName() {
-            return DisplayName;
+        private String RstsProviderId;
+        private String Name;
+        private String RstsProviderScope;
+
+        public Provider(String RstsProviderId, String Name, String RstsProviderScope) {
+            this.RstsProviderId = RstsProviderId;
+            this.Name = Name;
+            this.RstsProviderScope = RstsProviderScope;
         }
     }
+    
     private List<Provider> parseLoginResponse(String response) {
         
         List<Provider> providers = new ArrayList<>();
         ObjectMapper mapper = new ObjectMapper();
         
         try {
-            JsonNode jsonNodeRoot = mapper.readTree(response);
-            JsonNode jsonNodeProviders = jsonNodeRoot.get("Providers");
+            JsonNode jsonNodeProviders = mapper.readTree(response);
             Iterator<JsonNode> iter = jsonNodeProviders.elements();
             
             while(iter.hasNext()){
 		JsonNode providerNode=iter.next();
-                Provider p = new Provider(getJsonValue(providerNode, "Id"), getJsonValue(providerNode, "DisplayName"));
+                Provider p = new Provider(getJsonValue(providerNode, "RstsProviderId"), getJsonValue(providerNode, "Name"), getJsonValue(providerNode, "RstsProviderScope"));
 		providers.add(p);
             }            
         } catch (IOException ex) {
@@ -290,10 +274,10 @@ private List<Provider> parseLoginResponse(String response) {
         return providers;
     }
     
-    private Provider getMatchingScope(String provider, List<Provider> providers) {
+    private String getMatchingScope(String provider, List<Provider> providers) {
         for (Provider s : providers) {
-            if (s.DisplayName.equalsIgnoreCase(provider) || s.Id.equalsIgnoreCase(provider))
-                return s;
+            if (s.Name.equalsIgnoreCase(provider) || s.RstsProviderId.equalsIgnoreCase(provider))
+                return s.RstsProviderScope;
         }
         return null;
     }
@@ -304,5 +288,4 @@ private String getJsonValue(JsonNode node, String propName) {
         }
         return null;
     }
-
 }

From 917e4981b16b0fc1aa73decea5cd8d2b9edf7fb4 Mon Sep 17 00:00:00 2001
From: "Les Wardwell (lwardwel)" <Les.Wardwell@quest.com>
Date: Wed, 5 Jul 2023 13:33:23 -0700
Subject: [PATCH 2/3] GET not POST

---
 .../safeguardjava/authentication/AuthenticatorBase.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
index 369b90f..9105ad0 100644
--- a/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
+++ b/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
@@ -173,7 +173,7 @@ public String resolveProviderToScope(String provider) throws SafeguardForJavaExc
             headers.clear();
             headers.put(HttpHeaders.ACCEPT, "application/json");
         
-            response = coreClient.execPOST("AuthenticationProviders", null, headers, null, null);
+            response = coreClient.execGET("AuthenticationProviders", null, headers, null, null);
             
             if (response == null)
                 throw new SafeguardForJavaException("Unable to connect to RSTS to find identity provider scopes");

From f8283b7e05bb4d3ba34462fc174b28c552d7bcdf Mon Sep 17 00:00:00 2001
From: "Les Wardwell (lwardwel)" <Les.Wardwell@quest.com>
Date: Wed, 5 Jul 2023 16:08:06 -0700
Subject: [PATCH 3/3] Fix a null ref bug due to passing extra null input
 mistaken for unnecessary client certificate.

---
 .../safeguardjava/authentication/AuthenticatorBase.java      | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
index 9105ad0..1a473c0 100644
--- a/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
+++ b/src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.java
@@ -4,7 +4,6 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.oneidentity.safeguard.safeguardjava.Utils;
 import com.oneidentity.safeguard.safeguardjava.data.AccessTokenBody;
-import com.oneidentity.safeguard.safeguardjava.data.JsonBody;
 import com.oneidentity.safeguard.safeguardjava.exceptions.ObjectDisposedException;
 import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
 import com.oneidentity.safeguard.safeguardjava.restclient.RestClient;
@@ -173,8 +172,8 @@ public String resolveProviderToScope(String provider) throws SafeguardForJavaExc
             headers.clear();
             headers.put(HttpHeaders.ACCEPT, "application/json");
         
-            response = coreClient.execGET("AuthenticationProviders", null, headers, null, null);
-            
+            response = coreClient.execGET("AuthenticationProviders", null, headers, null);
+                        
             if (response == null)
                 throw new SafeguardForJavaException("Unable to connect to RSTS to find identity provider scopes");