Example 26 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class GroovyScriptMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final Service service = resolveServiceFromAuthenticationRequest(context);
final RegisteredService registeredService = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (groovyScript == null) {
LOGGER.debug("No groovy script is configured for multifactor authentication");
return null;
}
if (!ResourceUtils.doesResourceExist(groovyScript)) {
LOGGER.warn("No groovy script is found at [{}] for multifactor authentication", groovyScript);
return null;
}
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
if (registeredService == null || service == null) {
LOGGER.debug("No registered service is available to determine event for principal [{}]", authentication.getPrincipal());
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
try {
final Object[] args = { service, registeredService, authentication, LOGGER };
final String provider = ScriptingUtils.executeGroovyScript(groovyScript, args, String.class);
LOGGER.debug("Groovy script run for [{}] returned the provider id [{}]", service, provider);
if (StringUtils.isBlank(provider)) {
return null;
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, provider);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider multifactorAuthenticationProvider = providerFound.get();
if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
final Event event = validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), registeredService, multifactorAuthenticationProvider));
return CollectionUtils.wrapSet(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", multifactorAuthenticationProvider);
return null;
}
LOGGER.warn("No multifactor provider could be found for [{}]", provider);
throw new AuthenticationException();
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Example 27 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
if (policy == null || policy.getMultifactorAuthenticationProviders().isEmpty()) {
LOGGER.debug("Authentication policy does not contain any multifactor authentication providers");
return null;
}
if (StringUtils.isNotBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isNotBlank(policy.getPrincipalAttributeValueToMatch())) {
LOGGER.debug("Authentication policy for [{}] has defined principal attribute triggers. Skipping...", service.getServiceId());
return null;
}
return resolveEventPerAuthenticationProvider(authentication.getPrincipal(), context, service);
}
Also used :
RegisteredServiceMultifactorPolicy(org.apereo.cas.services.RegisteredServiceMultifactorPolicy)
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
Example 28 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class RestEndpointMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
if (StringUtils.isBlank(restEndpoint)) {
LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
LOGGER.debug("Contacting [{}] to inquire about [{}]", restEndpoint, principal.getId());
final String results = callRestEndpointForMultifactor(principal, context);
if (StringUtils.isNotBlank(results)) {
return resolveMultifactorEventViaRestResult(results, flattenedProviders);
}
LOGGER.debug("No providers are available to match rest endpoint results");
return new HashSet<>(0);
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Principal(org.apereo.cas.authentication.principal.Principal)
HashSet(java.util.HashSet)
Example 29 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (multifactorMap == null || multifactorMap.isEmpty()) {
LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final Set<Event> providerFound = checkRequireMultifactorProvidersForRequest(context, service, authentication);
if (providerFound != null && !providerFound.isEmpty()) {
LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
return providerFound;
}
return null;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Example 30 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class TimedMultifactorAuthenticationPolicyEventResolver method checkTimedMultifactorProvidersForRequest.
private Set<Event> checkTimedMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
final LocalDateTime now = LocalDateTime.now();
final DayOfWeek dow = DayOfWeek.from(now);
final List<String> dayNamesForToday = Arrays.stream(TextStyle.values()).map(style -> dow.getDisplayName(style, Locale.getDefault())).collect(Collectors.toList());
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
final TimeBasedAuthenticationProperties timed = this.timedMultifactor.stream().filter(t -> {
boolean providerEvent = false;
if (!t.getOnDays().isEmpty()) {
providerEvent = t.getOnDays().stream().filter(dayNamesForToday::contains).findAny().isPresent();
}
if (t.getOnOrAfterHour() >= 0) {
providerEvent = now.getHour() >= t.getOnOrAfterHour();
}
if (t.getOnOrBeforeHour() >= 0) {
providerEvent = now.getHour() <= t.getOnOrBeforeHour();
}
return providerEvent;
}).findFirst().orElse(null);
if (timed != null) {
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, timed.getProviderId());
if (!providerFound.isPresent()) {
LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] absent in the configuration.", timed.getProviderId(), service, timed.getProviderId());
throw new AuthenticationException();
}
return buildEvent(context, service, authentication, providerFound.get());
}
return null;
}
Also used :
LocalDateTime(java.time.LocalDateTime)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
Arrays(java.util.Arrays)
MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector)
LocalDateTime(java.time.LocalDateTime)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
RequestContext(org.springframework.webflow.execution.RequestContext)
TimeBasedAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.TimeBasedAuthenticationProperties)
Authentication(org.apereo.cas.authentication.Authentication)
Locale(java.util.Locale)
Map(java.util.Map)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport)
MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils)
CookieGenerator(org.springframework.web.util.CookieGenerator)
ServicesManager(org.apereo.cas.services.ServicesManager)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
TextStyle(java.time.format.TextStyle)
Audit(org.apereo.inspektr.audit.annotation.Audit)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
RegisteredService(org.apereo.cas.services.RegisteredService)
BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
DayOfWeek(java.time.DayOfWeek)
Optional(java.util.Optional)
WebUtils(org.apereo.cas.web.support.WebUtils)
Event(org.springframework.webflow.execution.Event)
DayOfWeek(java.time.DayOfWeek)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
TimeBasedAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.TimeBasedAuthenticationProperties)
Aggregations
Authentication (org.apereo.cas.authentication.Authentication)125
RegisteredService (org.apereo.cas.services.RegisteredService)58
Service (org.apereo.cas.authentication.principal.Service)44
lombok.val (lombok.val)38
HttpServletRequest (javax.servlet.http.HttpServletRequest)32
Slf4j (lombok.extern.slf4j.Slf4j)32
Principal (org.apereo.cas.authentication.principal.Principal)26
Event (org.springframework.webflow.execution.Event)25
Optional (java.util.Optional)23
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)22
Test (org.junit.Test)21
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)20
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)19
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)17
Collection (java.util.Collection)16
StringUtils (org.apache.commons.lang3.StringUtils)16
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)15
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)15
WebUtils (org.apereo.cas.web.support.WebUtils)14
RequestContext (org.springframework.webflow.execution.RequestContext)14
