use of org.apereo.cas.services.RegisteredServiceMultifactorPolicy in project cas by apereo.
the class DefaultMultifactorTriggerSelectionStrategy method resolve.
@Override
public Optional<String> resolve(final Collection<MultifactorAuthenticationProvider> providers, final HttpServletRequest request, final RegisteredService service, final Principal principal) {
Optional<String> provider = Optional.empty();
// short-circuit if we don't have any available MFA providers
if (providers == null || providers.isEmpty()) {
return provider;
}
final Set<String> validProviderIds = providers.stream().map(MultifactorAuthenticationProvider::getId).collect(Collectors.toSet());
// check for an opt-in provider id parameter trigger, we only care about the first value
if (!provider.isPresent() && request != null) {
provider = Optional.ofNullable(request.getParameter(requestParameter)).filter(validProviderIds::contains);
}
// check for a RegisteredService configured trigger
if (!provider.isPresent() && service != null) {
final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
if (shouldApplyRegisteredServiceMultifactorPolicy(policy, principal)) {
provider = policy.getMultifactorAuthenticationProviders().stream().filter(validProviderIds::contains).findFirst();
}
}
// check for principal attribute trigger
if (!provider.isPresent() && principal != null && StringUtils.hasText(globalPrincipalAttributeNameTriggers)) {
provider = StreamSupport.stream(ATTR_NAMES.split(globalPrincipalAttributeNameTriggers).spliterator(), false).map(principal.getAttributes()::get).filter(Objects::nonNull).map(CollectionUtils::toCollection).flatMap(Set::stream).filter(String.class::isInstance).map(String.class::cast).filter(validProviderIds::contains).findFirst();
}
// return the resolved trigger
return provider;
}
use of org.apereo.cas.services.RegisteredServiceMultifactorPolicy in project cas by apereo.
the class RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final RegisteredServiceMultifactorPolicy policy = service != null ? service.getMultifactorPolicy() : null;
if (policy == null || service.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) {
LOGGER.debug("Authentication policy is absent or does not contain any multifactor authentication providers");
return null;
}
if (StringUtils.isBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(policy.getPrincipalAttributeValueToMatch())) {
LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication");
return null;
}
final Principal principal = authentication.getPrincipal();
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
return resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(policy.getPrincipalAttributeNameTrigger()), service, context, providers, Pattern.compile(policy.getPrincipalAttributeValueToMatch()).asPredicate());
}
use of org.apereo.cas.services.RegisteredServiceMultifactorPolicy in project cas by apereo.
the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
if (policy == null || policy.getMultifactorAuthenticationProviders().isEmpty()) {
LOGGER.debug("Authentication policy does not contain any multifactor authentication providers");
return null;
}
if (StringUtils.isNotBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isNotBlank(policy.getPrincipalAttributeValueToMatch())) {
LOGGER.debug("Authentication policy for [{}] has defined principal attribute triggers. Skipping...", service.getServiceId());
return null;
}
return resolveEventPerAuthenticationProvider(authentication.getPrincipal(), context, service);
}
use of org.apereo.cas.services.RegisteredServiceMultifactorPolicy in project cas by apereo.
the class DefaultRegisteredServiceFactory method createRegisteredService.
@Override
public RegisteredService createRegisteredService(final ServiceData data) {
final RegisteredService svc = this.registeredServiceMapper.toRegisteredService(data);
if (svc instanceof AbstractRegisteredService) {
final AbstractRegisteredService absSvc = (AbstractRegisteredService) svc;
final RegisteredServiceAccessStrategy accessStrategy = this.accessStrategyMapper.toAccessStrategy(data);
if (accessStrategy != null) {
absSvc.setAccessStrategy(accessStrategy);
}
final RegisteredServiceUsernameAttributeProvider usernameAttributeProvider = this.usernameAttributeProviderMapper.toUsernameAttributeProvider(data);
if (usernameAttributeProvider != null) {
absSvc.setUsernameAttributeProvider(usernameAttributeProvider);
}
final RegisteredServiceProxyPolicy proxyPolicy = this.proxyPolicyMapper.toProxyPolicy(data);
if (proxyPolicy != null) {
absSvc.setProxyPolicy(proxyPolicy);
}
final RegisteredServiceAttributeReleasePolicy attrPolicy = this.attributeReleasePolicyMapper.toAttributeReleasePolicy(data);
if (attrPolicy != null) {
absSvc.setAttributeReleasePolicy(attrPolicy);
}
final RegisteredServiceMultifactorPolicy mfaPolicy = this.multifactorAuthenticationMapper.toMultifactorPolicy(data);
if (mfaPolicy != null) {
absSvc.setMultifactorPolicy(mfaPolicy);
}
}
return svc;
}
use of org.apereo.cas.services.RegisteredServiceMultifactorPolicy in project cas by apereo.
the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
if (policy == null || policy.getMultifactorAuthenticationProviders().isEmpty()) {
LOGGER.debug("Authentication policy does not contain any multifactor authentication providers");
return null;
}
if (StringUtils.isNotBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isNotBlank(policy.getPrincipalAttributeValueToMatch())) {
LOGGER.debug("Authentication policy for [{}] has defined principal attribute triggers. Skipping...", service.getServiceId());
return null;
}
return resolveEventPerAuthenticationProvider(authentication.getPrincipal(), context, service);
}
Aggregations