Example 1 with Authenticator
use of com.okta.idx.sdk.api.client.Authenticator in project okta-idx-java by okta.
the class ResponseHandler method selectAuthenticatorForm.
/**
* Return the view for select authenticator form.
* @param response the response
* @param title the view title
* @param session the session
* @return the view associated with the response authentication status.
*/
public ModelAndView selectAuthenticatorForm(AuthenticationResponse response, String title, HttpSession session) {
boolean canSkip = authenticationWrapper.isSkipAuthenticatorPresent(response.getProceedContext());
ModelAndView modelAndView = new ModelAndView("select-authenticator");
modelAndView.addObject("canSkip", canSkip);
List<String> factorMethods = new ArrayList<>();
for (Authenticator authenticator : response.getAuthenticators()) {
for (Authenticator.Factor factor : authenticator.getFactors()) {
factorMethods.add(factor.getMethod());
}
}
session.setAttribute("authenticators", response.getAuthenticators());
modelAndView.addObject("factorList", factorMethods);
modelAndView.addObject("authenticators", response.getAuthenticators());
modelAndView.addObject("title", title);
return modelAndView;
}
Also used :
ModelAndView(org.springframework.web.servlet.ModelAndView)
ArrayList(java.util.ArrayList)
Authenticator(com.okta.idx.sdk.api.client.Authenticator)
Example 2 with Authenticator
use of com.okta.idx.sdk.api.client.Authenticator in project okta-idx-java by okta.
the class HomeController method displaySelectAuthenticatorPage.
/**
* Display the select authenticator page.
*
* @param session the http session
* @param completedAuthenticatorType the last enrolled/verified authenticator type
* @return the select authenticators view.
*/
@GetMapping("/select-authenticator")
public ModelAndView displaySelectAuthenticatorPage(final HttpSession session, @RequestParam(value = "completed", required = false) final String completedAuthenticatorType) {
List<Authenticator> authenticators = (List<Authenticator>) session.getAttribute("authenticators");
if (completedAuthenticatorType != null) {
authenticators.removeIf(authenticator -> authenticator.getLabel().equals(completedAuthenticatorType));
}
TokenResponse tokenResponse = (TokenResponse) session.getAttribute("tokenResponse");
if (tokenResponse != null) {
return homeHelper.proceedToHome(tokenResponse, session);
}
ProceedContext proceedContext = Util.getProceedContextFromSession(session);
boolean canSkip = authenticationWrapper.isSkipAuthenticatorPresent(proceedContext);
ModelAndView modelAndView = new ModelAndView("select-authenticator");
modelAndView.addObject("title", "Select Authenticator");
modelAndView.addObject("canSkip", canSkip);
modelAndView.addObject("authenticators", authenticators);
return modelAndView;
}
Also used :
TokenResponse(com.okta.idx.sdk.api.response.TokenResponse)
ModelAndView(org.springframework.web.servlet.ModelAndView)
List(java.util.List)
LinkedList(java.util.LinkedList)
Authenticator(com.okta.idx.sdk.api.client.Authenticator)
ProceedContext(com.okta.idx.sdk.api.client.ProceedContext)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Example 3 with Authenticator
use of com.okta.idx.sdk.api.client.Authenticator in project okta-idx-java by okta.
the class LoginController method selectAuthenticator.
/**
* Handle authenticator selection during authentication.
*
* @param authenticatorType the authenticatorType
* @param session the session
* @param action the submit or cancel action from form post
* @return select authenticator view or select factor view or error view
*/
@PostMapping(value = "/select-authenticator")
public ModelAndView selectAuthenticator(@RequestParam("authenticator-type") final String authenticatorType, @RequestParam(value = "action") final String action, final HttpSession session) {
AuthenticationResponse authenticationResponse = null;
Authenticator foundAuthenticator = null;
ProceedContext proceedContext = Util.getProceedContextFromSession(session);
if ("skip".equals(action)) {
logger.info("Skipping {} authenticator", authenticatorType);
authenticationResponse = idxAuthenticationWrapper.skipAuthenticatorEnrollment(proceedContext);
return responseHandler.handleKnownTransitions(authenticationResponse, session);
}
List<Authenticator> authenticators = (List<Authenticator>) session.getAttribute("authenticators");
if ("webauthn".equals(authenticatorType)) {
ModelAndView modelAndView;
Optional<Authenticator> authenticatorOptional = authenticators.stream().filter(auth -> auth.getType().equals(authenticatorType)).findFirst();
String authId = authenticatorOptional.get().getId();
AuthenticationResponse enrollResponse = idxAuthenticationWrapper.enrollAuthenticator(proceedContext, authId);
Util.updateSession(session, enrollResponse.getProceedContext());
String webauthnCredentialId = enrollResponse.getWebAuthnParams().getWebauthnCredentialId();
if (webauthnCredentialId != null) {
modelAndView = new ModelAndView("select-webauthn-authenticator");
modelAndView.addObject("title", "Select Webauthn Authenticator");
modelAndView.addObject("webauthnCredentialId", webauthnCredentialId);
modelAndView.addObject("challengeData", enrollResponse.getWebAuthnParams().getCurrentAuthenticator().getValue().getContextualData().getChallengeData());
} else {
modelAndView = new ModelAndView("enroll-webauthn-authenticator");
modelAndView.addObject("title", "Enroll Webauthn Authenticator");
modelAndView.addObject("currentAuthenticator", enrollResponse.getWebAuthnParams().getCurrentAuthenticator());
}
return modelAndView;
}
if ("okta_verify".equals(authenticatorType)) {
ModelAndView modelAndView;
Optional<Authenticator> authenticatorOptional = authenticators.stream().filter(auth -> auth.getType().equals(authenticatorType)).findFirst();
Assert.isTrue(authenticatorOptional.isPresent(), "Authenticator not found");
// Looking for QRCODE factor
Optional<Authenticator.Factor> factorOptional = authenticatorOptional.get().getFactors().stream().filter(x -> "QRCODE".equals(x.getLabel())).findFirst();
Assert.isTrue(factorOptional.isPresent(), "Authenticator not found");
authenticationResponse = idxAuthenticationWrapper.selectFactor(proceedContext, factorOptional.get());
Util.setProceedContextForPoll(session, authenticationResponse.getProceedContext());
List<Authenticator.Factor> factors = authenticatorOptional.get().getFactors().stream().filter(x -> !"QRCODE".equals(x.getLabel())).collect(Collectors.toList());
modelAndView = new ModelAndView("setup-okta-verify");
modelAndView.addObject("qrCode", authenticationResponse.getContextualData().getQrcode().getHref());
modelAndView.addObject("channelName", "qrcode");
modelAndView.addObject("factors", factors);
modelAndView.addObject("authenticatorId", authenticatorOptional.get().getId());
modelAndView.addObject("pollTimeout", authenticationResponse.getProceedContext().getRefresh());
return modelAndView;
}
for (Authenticator authenticator : authenticators) {
if (authenticatorType.equals(authenticator.getType())) {
foundAuthenticator = authenticator;
if (foundAuthenticator.getFactors().size() == 1) {
authenticationResponse = idxAuthenticationWrapper.selectAuthenticator(proceedContext, authenticator);
if (authenticationResponse.getContextualData() != null) {
session.setAttribute("totp", authenticationResponse.getContextualData());
} else {
session.removeAttribute("totp");
}
} else {
// user should select the factor in a separate view
ModelAndView modelAndView = new ModelAndView("select-factor");
modelAndView.addObject("title", "Select Factor");
modelAndView.addObject("authenticatorId", foundAuthenticator.getId());
modelAndView.addObject("factors", foundAuthenticator.getFactors());
return modelAndView;
}
}
}
if (responseHandler.needsToShowErrors(authenticationResponse)) {
ModelAndView modelAndView = new ModelAndView("select-authenticator");
modelAndView.addObject("errors", authenticationResponse.getErrors());
return modelAndView;
}
ModelAndView terminalTransition = responseHandler.handleTerminalTransitions(authenticationResponse, session);
if (terminalTransition != null) {
return terminalTransition;
}
switch(authenticationResponse.getAuthenticationStatus()) {
case AWAITING_AUTHENTICATOR_VERIFICATION_DATA:
return responseHandler.verifyForm();
case AWAITING_AUTHENTICATOR_ENROLLMENT:
case AWAITING_AUTHENTICATOR_ENROLLMENT_DATA:
return responseHandler.registerVerifyForm(foundAuthenticator);
case AWAITING_POLL_ENROLLMENT:
return responseHandler.setupOktaVerifyForm(session);
default:
return responseHandler.handleKnownTransitions(authenticationResponse, session);
}
}
Also used :
RequestParam(org.springframework.web.bind.annotation.RequestParam)
Arrays(java.util.Arrays)
Qrcode(com.okta.idx.sdk.api.model.Qrcode)
ContextualData(com.okta.idx.sdk.api.model.ContextualData)
Util(com.okta.spring.example.helpers.Util)
AuthenticationResponse(com.okta.idx.sdk.api.response.AuthenticationResponse)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Controller(org.springframework.stereotype.Controller)
Authenticator(com.okta.idx.sdk.api.client.Authenticator)
UserProfile(com.okta.idx.sdk.api.model.UserProfile)
ResponseHandler(com.okta.spring.example.helpers.ResponseHandler)
RequestBody(org.springframework.web.bind.annotation.RequestBody)
ProceedContext(com.okta.idx.sdk.api.client.ProceedContext)
IDXAuthenticationWrapper(com.okta.idx.sdk.api.client.IDXAuthenticationWrapper)
VerifyChannelDataOptions(com.okta.idx.sdk.api.model.VerifyChannelDataOptions)
PollResults(com.okta.spring.example.helpers.PollResults)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
VerifyAuthenticatorOptions(com.okta.idx.sdk.api.model.VerifyAuthenticatorOptions)
HttpSession(javax.servlet.http.HttpSession)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
Strings(com.okta.commons.lang.Strings)
VerifyAuthenticatorAnswer(com.okta.idx.sdk.api.model.VerifyAuthenticatorAnswer)
Assert(com.okta.commons.lang.Assert)
Logger(org.slf4j.Logger)
FormValue(com.okta.idx.sdk.api.model.FormValue)
AuthenticationOptions(com.okta.idx.sdk.api.model.AuthenticationOptions)
AuthenticationStatus(com.okta.idx.sdk.api.model.AuthenticationStatus)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Collectors(java.util.stream.Collectors)
WebAuthnRequest(com.okta.idx.sdk.api.request.WebAuthnRequest)
ModelAndView(org.springframework.web.servlet.ModelAndView)
List(java.util.List)
Optional(java.util.Optional)
ModelAndView(org.springframework.web.servlet.ModelAndView)
List(java.util.List)
AuthenticationResponse(com.okta.idx.sdk.api.response.AuthenticationResponse)
Authenticator(com.okta.idx.sdk.api.client.Authenticator)
ProceedContext(com.okta.idx.sdk.api.client.ProceedContext)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
Example 4 with Authenticator
use of com.okta.idx.sdk.api.client.Authenticator in project okta-idx-java by okta.
the class LoginController method selectFactor.
/**
* Handle factor selection during authentication.
*
* @param authenticatorId the authenticator ID of selected authenticator
* @param mode the sms or voice factor mode
* @param session the session
* @return the view associated with authentication response.
*/
@PostMapping("/select-factor")
public ModelAndView selectFactor(@RequestParam("authenticatorId") final String authenticatorId, @RequestParam("mode") final String mode, final HttpSession session) {
ProceedContext proceedContext = Util.getProceedContextFromSession(session);
List<Authenticator> authenticators = (List<Authenticator>) session.getAttribute("authenticators");
Authenticator foundAuthenticator = null;
for (Authenticator auth : authenticators) {
if (auth.getId().equals(authenticatorId)) {
foundAuthenticator = auth;
}
}
Assert.notNull(foundAuthenticator, "Authenticator not found");
AuthenticationResponse authenticationResponse = null;
Authenticator.Factor foundFactor = null;
for (Authenticator.Factor factor : foundAuthenticator.getFactors()) {
if (factor.getMethod().equals(mode)) {
foundFactor = factor;
authenticationResponse = idxAuthenticationWrapper.selectFactor(proceedContext, foundFactor);
Optional.ofNullable(authenticationResponse.getContextualData()).map(ContextualData::getQrcode).map(Qrcode::getHref).ifPresent(qrCode -> {
session.setAttribute("qrCode", qrCode);
session.setAttribute("channelName", "qrcode");
});
if ("totp".equals(foundFactor.getMethod())) {
session.setAttribute("totp", "totp");
}
break;
}
}
Assert.notNull(foundFactor, "Factor not found");
ModelAndView terminalTransition = responseHandler.handleTerminalTransitions(authenticationResponse, session);
if (terminalTransition != null) {
return terminalTransition;
}
switch(authenticationResponse.getAuthenticationStatus()) {
case AWAITING_AUTHENTICATOR_VERIFICATION_DATA:
return responseHandler.verifyForm();
case AWAITING_AUTHENTICATOR_ENROLLMENT:
case AWAITING_AUTHENTICATOR_ENROLLMENT_DATA:
return responseHandler.registerVerifyForm(foundFactor);
case AWAITING_CHANNEL_DATA_ENROLLMENT:
return responseHandler.oktaVerifyViaChannelDataForm(foundFactor, session);
case AWAITING_POLL_ENROLLMENT:
return responseHandler.setupOktaVerifyForm(session);
case AWAITING_CHALLENGE_POLL:
return responseHandler.oktaVerifyChallenge(authenticationResponse);
default:
return responseHandler.handleKnownTransitions(authenticationResponse, session);
}
}
Also used :
ContextualData(com.okta.idx.sdk.api.model.ContextualData)
ModelAndView(org.springframework.web.servlet.ModelAndView)
List(java.util.List)
AuthenticationResponse(com.okta.idx.sdk.api.response.AuthenticationResponse)
Authenticator(com.okta.idx.sdk.api.client.Authenticator)
ProceedContext(com.okta.idx.sdk.api.client.ProceedContext)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
Aggregations
Authenticator (com.okta.idx.sdk.api.client.Authenticator)4
ModelAndView (org.springframework.web.servlet.ModelAndView)4
ProceedContext (com.okta.idx.sdk.api.client.ProceedContext)3
List (java.util.List)3
ContextualData (com.okta.idx.sdk.api.model.ContextualData)2
AuthenticationResponse (com.okta.idx.sdk.api.response.AuthenticationResponse)2
GetMapping (org.springframework.web.bind.annotation.GetMapping)2
PostMapping (org.springframework.web.bind.annotation.PostMapping)2
Assert (com.okta.commons.lang.Assert)1
Strings (com.okta.commons.lang.Strings)1
IDXAuthenticationWrapper (com.okta.idx.sdk.api.client.IDXAuthenticationWrapper)1
AuthenticationOptions (com.okta.idx.sdk.api.model.AuthenticationOptions)1
AuthenticationStatus (com.okta.idx.sdk.api.model.AuthenticationStatus)1
FormValue (com.okta.idx.sdk.api.model.FormValue)1
Qrcode (com.okta.idx.sdk.api.model.Qrcode)1
UserProfile (com.okta.idx.sdk.api.model.UserProfile)1
VerifyAuthenticatorAnswer (com.okta.idx.sdk.api.model.VerifyAuthenticatorAnswer)1
VerifyAuthenticatorOptions (com.okta.idx.sdk.api.model.VerifyAuthenticatorOptions)1
VerifyChannelDataOptions (com.okta.idx.sdk.api.model.VerifyChannelDataOptions)1
WebAuthnRequest (com.okta.idx.sdk.api.request.WebAuthnRequest)1
