Examples with Service org.apereo.cas.authentication.principal.Service used on opensource projects

Example 26 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class WSFederationAuthenticationServiceSelectionStrategy method getReplyAsParameter.

private static Optional<NameValuePair> getReplyAsParameter(final Service service) {
    try {
        final URIBuilder builder = new URIBuilder(service.getId());
        final Optional param = builder.getQueryParams().stream().filter(p -> p.getName().equals(WSFederationConstants.WREPLY)).findFirst();
        return param;
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return Optional.empty();
}

Example 27 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class SecurityTokenServiceAuthenticationMetaDataPopulator method populateAttributes.

@Override
public void populateAttributes(final AuthenticationBuilder builder, final AuthenticationTransaction transaction) {
    if (!this.selectionStrategy.supports(transaction.getService())) {
        return;
    }
    final Service service = this.selectionStrategy.resolveServiceFrom(transaction.getService());
    if (service != null) {
        final WSFederationRegisteredService rp = this.servicesManager.findServiceBy(service, WSFederationRegisteredService.class);
        if (rp == null || !rp.getAccessStrategy().isServiceAccessAllowed()) {
            LOGGER.warn("Service [{}] is not allowed to use SSO.", rp);
            throw new UnauthorizedSsoServiceException();
        }
        final SecurityTokenServiceClient sts = clientBuilder.buildClientForSecurityTokenRequests(rp);
        invokeSecurityTokenServiceForToken(transaction, builder, rp, sts);
    }
}

Example 28 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class WsFederationAction method prepareLoginViewWithWsFederationClients.

private void prepareLoginViewWithWsFederationClients(final RequestContext context) {
    final List<WsFedClient> clients = new ArrayList<>();
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final Service service = (Service) context.getFlowScope().get(CasProtocolConstants.PARAMETER_SERVICE);
    this.configurations.forEach(cfg -> {
        final WsFedClient c = new WsFedClient();
        c.setName(cfg.getName());
        final String id = UUID.randomUUID().toString();
        final String rpId = wsFederationHelper.getRelyingPartyIdentifier(service, cfg);
        c.setAuthorizationUrl(cfg.getAuthorizationUrl(rpId, id));
        c.setReplyingPartyId(rpId);
        c.setId(id);
        c.setRedirectUrl(WsFederationNavigationController.getRelativeRedirectUrlFor(cfg, service, request));
        c.setAutoRedirect(cfg.isAutoRedirect());
        clients.add(c);
    });
    context.getFlowScope().put("wsfedUrls", clients);
}

Example 29 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class DefaultSingleSignOnParticipationStrategy method isParticipating.

@Override
public boolean isParticipating(final RequestContext ctx) {
    if (renewEnabled && ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
        LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
        return this.createSsoSessionCookieOnRenewAuthentications;
    }
    final Authentication authentication = WebUtils.getAuthentication(ctx);
    final Service service = WebUtils.getService(ctx);
    if (service != null) {
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (registeredService != null) {
            final Authentication ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
            try {
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
                final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
                LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso);
                return isAllowedForSso;
            } finally {
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
            }
        }
    }
    return true;
}

Example 30 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class GroovyScriptMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final Service service = resolveServiceFromAuthenticationRequest(context);
    final RegisteredService registeredService = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (groovyScript == null) {
        LOGGER.debug("No groovy script is configured for multifactor authentication");
        return null;
    }
    if (!ResourceUtils.doesResourceExist(groovyScript)) {
        LOGGER.warn("No groovy script is found at [{}] for multifactor authentication", groovyScript);
        return null;
    }
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (registeredService == null || service == null) {
        LOGGER.debug("No registered service is available to determine event for principal [{}]", authentication.getPrincipal());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    try {
        final Object[] args = { service, registeredService, authentication, LOGGER };
        final String provider = ScriptingUtils.executeGroovyScript(groovyScript, args, String.class);
        LOGGER.debug("Groovy script run for [{}] returned the provider id [{}]", service, provider);
        if (StringUtils.isBlank(provider)) {
            return null;
        }
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, provider);
        if (providerFound.isPresent()) {
            final MultifactorAuthenticationProvider multifactorAuthenticationProvider = providerFound.get();
            if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
                final Event event = validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), registeredService, multifactorAuthenticationProvider));
                return CollectionUtils.wrapSet(event);
            }
            LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", multifactorAuthenticationProvider);
            return null;
        }
        LOGGER.warn("No multifactor provider could be found for [{}]", provider);
        throw new AuthenticationException();
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}