log.debug("No credentials found for external login module. ignoring.");
return false;
}
try {
SyncedIdentity sId = null;
if (userId != null) {
sId = syncHandler.findIdentity(getUserManager(), userId);
// if there exists an authorizable with the given userid but is not an external one or if it belongs to
// another IDP, we just ignore it.
if (sId != null) {
if (sId.getExternalIdRef() == null) {
log.debug("ignoring local user: {}", sId.getId());
return false;
}
if (!sId.getExternalIdRef().getProviderName().equals(idp.getName())) {
if (log.isDebugEnabled()) {
log.debug("ignoring foreign identity: {} (idp={})", sId.getExternalIdRef().getString(), idp.getName());
}
return false;
}
}
}
if (preAuthLogin != null) {
externalUser = idp.getUser(preAuthLogin.getUserId());
} else {
externalUser = idp.authenticate(credentials);
}
if (externalUser != null) {
log.debug("IDP {} returned valid user {}", idp.getName(), externalUser);
if (credentials != null) {
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
}
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, externalUser.getId());
syncUser(externalUser);
return true;
} else {
if (log.isDebugEnabled()) {
if (userId != null) {
log.debug("IDP {} returned null for simple creds of {}", idp.getName(), userId);
} else {
log.debug("IDP {} returned null for {}", idp.getName(), credentials);
}
}
if (sId != null) {
// invalidate the user if it exists as synced variant
log.debug("local user exists for '{}'. re-validating.", sId.getId());
validateUser(sId.getId());
}
return false;
}
} catch (ExternalIdentityException e) {
log.error("Error while authenticating '{}' with {}",