Example 1 with OidcClientModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl in project midpoint by Evolveum.
the class OidcAuthorizationRequestRedirectFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
OidcClientModuleAuthenticationImpl moduleAuthentication = (OidcClientModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
try {
OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request);
if (authorizationRequest != null) {
this.sendRedirectForAuthorization(request, response, authorizationRequest);
moduleAuthentication.setRequestState(RequestState.SENDED);
return;
}
} catch (Exception ex) {
unsuccessfulAuthentication(request, response, new InternalAuthenticationServiceException("web.security.provider.invalid", ex));
return;
}
try {
filterChain.doFilter(request, response);
} catch (IOException ex) {
throw ex;
} catch (Exception ex) {
// Check to see if we need to handle ClientAuthorizationRequiredException
Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
ClientAuthorizationRequiredException authzEx = (ClientAuthorizationRequiredException) this.throwableAnalyzer.getFirstThrowableOfType(ClientAuthorizationRequiredException.class, causeChain);
if (authzEx != null) {
try {
OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request, authzEx.getClientRegistrationId());
if (authorizationRequest == null) {
throw authzEx;
}
this.sendRedirectForAuthorization(request, response, authorizationRequest);
moduleAuthentication.setRequestState(RequestState.SENDED);
this.requestCache.saveRequest(request, response);
} catch (Exception failed) {
unsuccessfulAuthentication(request, response, new InternalAuthenticationServiceException("web.security.provider.invalid", failed));
}
return;
}
if (ex instanceof ServletException) {
throw (ServletException) ex;
}
if (ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
throw new RuntimeException(ex);
}
} else {
throw new AuthenticationServiceException("Unsupported type of Authentication");
}
}
Also used :
ServletException(javax.servlet.ServletException)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)
ClientAuthorizationRequiredException(org.springframework.security.oauth2.client.ClientAuthorizationRequiredException)
InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException)
IOException(java.io.IOException)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
ServletException(javax.servlet.ServletException)
InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
ClientAuthorizationRequiredException(org.springframework.security.oauth2.client.ClientAuthorizationRequiredException)
IOException(java.io.IOException)
InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 2 with OidcClientModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl in project midpoint by Evolveum.
the class OidcClientLogoutSuccessHandler method determineTargetUrl.
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
String targetUrl = null;
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mPAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mPAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication instanceof OidcClientModuleAuthenticationImpl) {
Authentication internalAuthentication = moduleAuthentication.getAuthentication();
if (internalAuthentication instanceof PreAuthenticatedAuthenticationToken || internalAuthentication instanceof AnonymousAuthenticationToken) {
Object details = internalAuthentication.getDetails();
if (details instanceof OAuth2LoginAuthenticationToken && ((OAuth2LoginAuthenticationToken) details).getDetails() instanceof OidcUser) {
OAuth2LoginAuthenticationToken oidcAuthentication = (OAuth2LoginAuthenticationToken) details;
String registrationId = oidcAuthentication.getClientRegistration().getRegistrationId();
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
URI endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
if (endSessionEndpoint != null) {
String idToken = this.idToken(oidcAuthentication);
String postLogoutRedirectUri = this.postLogoutRedirectUri(request);
targetUrl = this.endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri);
}
}
}
}
}
return targetUrl != null ? targetUrl : super.determineTargetUrl(request, response);
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
URI(java.net.URI)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)
Example 3 with OidcClientModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl in project midpoint by Evolveum.
the class OidcClientModuleFactory method createEmptyModuleAuthentication.
public ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcClientModuleWebSecurityConfiguration configuration, ServletRequest request) {
OidcClientModuleAuthenticationImpl moduleAuthentication = new OidcClientModuleAuthenticationImpl();
List<IdentityProvider> providers = new ArrayList<>();
configuration.getClientRegistrationRepository().forEach(client -> {
String authRequestPrefixUrl = request.getServletContext().getContextPath() + configuration.getPrefixOfModule() + OidcClientModuleAuthenticationImpl.AUTHORIZATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID;
IdentityProvider mp = new IdentityProvider().setLinkText(client.getClientName()).setRedirectLink(authRequestPrefixUrl.replace("{registrationId}", client.getRegistrationId()));
providers.add(mp);
});
moduleAuthentication.setClientsRepository(configuration.getClientRegistrationRepository());
moduleAuthentication.setProviders(providers);
moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
return moduleAuthentication;
}
Also used :
OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)
ArrayList(java.util.ArrayList)
IdentityProvider(com.evolveum.midpoint.authentication.api.IdentityProvider)
Example 4 with OidcClientModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl in project midpoint by Evolveum.
the class OidcClientProvider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
Authentication token;
if (authentication instanceof OAuth2LoginAuthenticationToken) {
OAuth2LoginAuthenticationToken oidcAuthenticationToken = (OAuth2LoginAuthenticationToken) authentication;
OAuth2LoginAuthenticationToken oidcAuthentication;
try {
oidcAuthentication = (OAuth2LoginAuthenticationToken) oidcProvider.authenticate(oidcAuthenticationToken);
} catch (AuthenticationException e) {
getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
throw e;
}
OidcClientModuleAuthenticationImpl oidcModule = (OidcClientModuleAuthenticationImpl) AuthUtil.getProcessingModule();
try {
String enteredUsername = oidcAuthentication.getName();
if (StringUtils.isEmpty(enteredUsername)) {
LOGGER.error("Oidc attribute, which define username don't contains value");
throw new AuthenticationServiceException("web.security.provider.invalid");
}
token = getPreAuthenticationToken(enteredUsername, focusType, requireAssignment, channel);
} catch (AuthenticationException e) {
oidcModule.setAuthentication(oidcAuthenticationToken);
LOGGER.info("Authentication with oidc module failed: {}", e.getMessage());
throw e;
}
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)4
Authentication (org.springframework.security.core.Authentication)3
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
AuthenticationException (org.springframework.security.core.AuthenticationException)2
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)2
IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)1
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)1
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1
IOException (java.io.IOException)1
URI (java.net.URI)1
ArrayList (java.util.ArrayList)1
ServletException (javax.servlet.ServletException)1
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1
InternalAuthenticationServiceException (org.springframework.security.authentication.InternalAuthenticationServiceException)1
ClientAuthorizationRequiredException (org.springframework.security.oauth2.client.ClientAuthorizationRequiredException)1
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)1
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)1
OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)1
PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)1
