use of com.duosecurity.Client in project cas by apereo.
the class DuoSecurityUniversalPromptPrepareLoginAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
val authentication = WebUtils.getInProgressAuthentication();
val duoSecurityIdentifier = WebUtils.getMultifactorAuthenticationProviderById(requestContext);
val provider = duoProviderBean.getProvider(duoSecurityIdentifier);
val client = provider.getDuoAuthenticationService().getDuoClient().map(c -> (Client) c).orElseThrow(() -> new RuntimeException("Unable to locate Duo Security client"));
val state = client.generateState();
val factory = (TransientSessionTicketFactory) ticketFactory.get(TransientSessionTicket.class);
val properties = new LinkedHashMap<String, Object>();
properties.put("duoProviderId", duoSecurityIdentifier);
properties.put(Authentication.class.getSimpleName(), authentication);
properties.put(AuthenticationResultBuilder.class.getSimpleName(), WebUtils.getAuthenticationResultBuilder(requestContext));
properties.put(AuthenticationResult.class.getSimpleName(), WebUtils.getAuthenticationResult(requestContext));
properties.put(Credential.class.getSimpleName(), WebUtils.getMultifactorAuthenticationParentCredential(requestContext));
val flowScope = requestContext.getFlowScope().asMap();
properties.put(MutableAttributeMap.class.getSimpleName(), flowScope);
Optional.ofNullable(WebUtils.getRegisteredService(requestContext)).ifPresent(registeredService -> properties.put(RegisteredService.class.getSimpleName(), registeredService));
val service = WebUtils.getService(requestContext);
val ticket = factory.create(state, service, properties);
ticketRegistry.addTicket(ticket);
LOGGER.debug("Stored Duo Security session via [{}]", ticket);
val principal = resolvePrincipal(authentication.getPrincipal());
val authUrl = client.createAuthUrl(principal.getId(), ticket.getId());
requestContext.getFlowScope().put("duoUniversalPromptLoginUrl", authUrl);
LOGGER.debug("Redirecting to Duo Security url at [{}]", authUrl);
return success(ticket);
}
Aggregations