Example 1 with MultifactorAuthenticationProvider
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (multifactorMap == null || multifactorMap.isEmpty()) {
LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final Set<Event> providerFound = checkRequireMultifactorProvidersForRequest(context, service, authentication);
if (providerFound != null && !providerFound.isEmpty()) {
LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
return providerFound;
}
return null;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Example 2 with MultifactorAuthenticationProvider
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequireMultifactorProvidersForRequest.
private Set<Event> checkRequireMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
final String clientIp = clientInfo.getClientIpAddress();
LOGGER.debug("Located client IP address as [{}]", clientIp);
final String agent = WebUtils.getHttpServletRequestUserAgent();
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
final Set<Map.Entry> entries = multifactorMap.entrySet();
for (final Map.Entry entry : entries) {
final String mfaMethod = entry.getKey().toString();
final String pattern = entry.getValue().toString();
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaMethod);
if (!providerFound.isPresent()) {
LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
throw new AuthenticationException();
}
if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
return buildEvent(context, service, authentication, providerFound.get());
}
if (checkRequestGeoLocation(clientIp, mfaMethod, pattern)) {
return buildEvent(context, service, authentication, providerFound.get());
}
}
return null;
}
Also used :
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Map(java.util.Map)
Example 3 with MultifactorAuthenticationProvider
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final RegisteredServiceMultifactorPolicy policy = service != null ? service.getMultifactorPolicy() : null;
if (policy == null || service.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) {
LOGGER.debug("Authentication policy is absent or does not contain any multifactor authentication providers");
return null;
}
if (StringUtils.isBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(policy.getPrincipalAttributeValueToMatch())) {
LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication");
return null;
}
final Principal principal = authentication.getPrincipal();
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
return resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(policy.getPrincipalAttributeNameTrigger()), service, context, providers, Pattern.compile(policy.getPrincipalAttributeValueToMatch()).asPredicate());
}
Also used :
RegisteredServiceMultifactorPolicy(org.apereo.cas.services.RegisteredServiceMultifactorPolicy)
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Principal(org.apereo.cas.authentication.principal.Principal)
Example 4 with MultifactorAuthenticationProvider
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RequestParameterMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (StringUtils.isBlank(mfaRequestParameter)) {
LOGGER.debug("No request parameter is defined to trigger multifactor authentication.");
return null;
}
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final String[] values = request.getParameterValues(mfaRequestParameter);
if (values != null && values.length > 0) {
LOGGER.debug("Received request parameter [{}] as [{}]", mfaRequestParameter, values);
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to satisfy [{}]", (Object[]) values);
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values[0]);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider provider = providerFound.get();
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
} else {
LOGGER.warn("No multifactor provider could be found for request parameter [{}]", (Object[]) values);
throw new AuthenticationException();
}
}
LOGGER.debug("No value could be found for request parameter [{}]", mfaRequestParameter);
return null;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Example 5 with MultifactorAuthenticationProvider
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class DuoAuthenticationHandler method getDuoAuthenticationService.
private DuoAuthenticationService getDuoAuthenticationService() {
final RequestContext requestContext = RequestContextHolder.getRequestContext();
if (requestContext == null) {
throw new IllegalArgumentException("No request context is held to locate the Duo authentication service");
}
final Collection<MultifactorAuthenticationProvider> col = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
if (col.isEmpty()) {
throw new IllegalArgumentException("No multifactor providers are found in the current request context");
}
final MultifactorAuthenticationProvider pr = col.iterator().next();
return provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class).getDuoAuthenticationService();
}
Also used :
RequestContext(org.springframework.webflow.execution.RequestContext)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
VariegatedMultifactorAuthenticationProvider(org.apereo.cas.services.VariegatedMultifactorAuthenticationProvider)
Aggregations
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)16
Authentication (org.apereo.cas.authentication.Authentication)11
Event (org.springframework.webflow.execution.Event)11
RegisteredService (org.apereo.cas.services.RegisteredService)10
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)7
Map (java.util.Map)5
RequestContext (org.springframework.webflow.execution.RequestContext)5
Set (java.util.Set)4
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)4
AuthenticationServiceSelectionPlan (org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)4
AuthenticationSystemSupport (org.apereo.cas.authentication.AuthenticationSystemSupport)4
Principal (org.apereo.cas.authentication.principal.Principal)4
MultifactorAuthenticationProviderSelector (org.apereo.cas.services.MultifactorAuthenticationProviderSelector)4
ServicesManager (org.apereo.cas.services.ServicesManager)4
TicketRegistrySupport (org.apereo.cas.ticket.registry.TicketRegistrySupport)4
BaseMultifactorAuthenticationProviderEventResolver (org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)4
WebUtils (org.apereo.cas.web.support.WebUtils)4
Logger (org.slf4j.Logger)4
LoggerFactory (org.slf4j.LoggerFactory)4
CookieGenerator (org.springframework.web.util.CookieGenerator)4
