Examples with AuthChainType - com.tremolosecurity.config.xml.AuthChainType

Example 51 with AuthChainType

use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.

the class TokenPostAuth method lookupUser.

private AuthInfo lookupUser(HttpSession session, MyVDConnection myvd, String uidAttr, AuthChainType act, String uid, String subjectAuthMethod) throws ServletException {
    String filter = "";
    StringBuffer b = new StringBuffer();
    String userParam = uid;
    b.append('(').append(uidAttr).append('=').append(userParam).append(')');
    if (userParam == null) {
        filter = "(!(objectClass=*))";
    } else {
        filter = equal(uidAttr, userParam).toString();
    }
    try {
        String root = act.getRoot();
        if (root == null || root.trim().isEmpty()) {
            root = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
        }
        LDAPSearchResults res = myvd.search(root, 2, filter, new ArrayList<String>());
        if (res.hasMore()) {
            LDAPEntry entry = res.next();
            AuthChainType actForSubject = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(subjectAuthMethod);
            if (actForSubject == null) {
                logger.warn(new StringBuilder("No authentication chain named '").append(subjectAuthMethod).append("'"));
            }
            AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), actForSubject.getName(), actForSubject.getLevel());
            User user = new User(entry);
            user = idp.getMapper().mapUser(user);
            for (String attrName : user.getAttribs().keySet()) {
                authInfo.getAttribs().put(attrName, user.getAttribs().get(attrName));
            }
            return authInfo;
        } else {
            return null;
        }
    } catch (LDAPException | ProvisioningException e) {
        throw new ServletException("Could not lookup sts subject", e);
    }
}

Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) User(com.tremolosecurity.provisioning.core.User) ServletException(javax.servlet.ServletException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Example 52 with AuthChainType

use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.

the class U2fAuth method startAuthentication.

private void startAuthentication(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws ServletException, MalformedURLException, IOException {
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    // SharedSession.getSharedSession().getSession(req.getSession().getId());
    HttpSession session = ((HttpServletRequest) request).getSession();
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String challengeStoreAttribute = authParams.get("attribute").getValues().get(0);
    String encyrptionKeyName = authParams.get("encryptionKeyName").getValues().get(0);
    String uidAttributeName = authParams.get("uidAttributeName").getValues().get(0);
    String formURI = authParams.get("formURI").getValues().get(0);
    List<SecurityKeyData> keys;
    try {
        keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
    } catch (Exception e1) {
        throw new ServletException("Could not loak keys", e1);
    }
    Set<String> origins = new HashSet<String>();
    String appID = U2fUtil.getApplicationId(request);
    origins.add(appID);
    U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys), new BouncyCastleCrypto(), origins);
    String uid = userData.getAttribs().get(uidAttributeName).getValues().get(0);
    if (keys == null || keys.size() == 0) {
        if (amt.getRequired().equals("required")) {
            as.setSuccess(false);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
        return;
    }
    U2fSignRequest sigReq = null;
    try {
        sigReq = u2f.getSignRequest(uid, appID);
    } catch (U2FException e) {
        logger.error("Could not start authentication", e);
        if (amt.getRequired().equals("required")) {
            as.setSuccess(false);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
        return;
    }
    Gson gson = new Gson();
    request.getSession().setAttribute(AUTH_SIGN_REQ, sigReq);
    request.getSession().setAttribute(AUTH_SIGN_REQ_JSON, gson.toJson(sigReq));
    request.getSession().setAttribute(SERVER, u2f);
    response.sendRedirect(formURI);
}

Also used : U2FServer(com.google.u2f.server.U2FServer) BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) Gson(com.google.gson.Gson) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) ServletException(javax.servlet.ServletException) U2fSignRequest(com.google.u2f.server.messages.U2fSignRequest) SecurityKeyData(com.google.u2f.server.data.SecurityKeyData) U2FException(com.google.u2f.U2FException) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) HashSet(java.util.HashSet) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) AuthController(com.tremolosecurity.proxy.auth.AuthController) ServletException(javax.servlet.ServletException) U2FException(com.google.u2f.U2FException) MalformedURLException(java.net.MalformedURLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException)

Aggregations

AuthChainType (com.tremolosecurity.config.xml.AuthChainType)52 UrlHolder (com.tremolosecurity.config.util.UrlHolder)34 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)34 HttpSession (javax.servlet.http.HttpSession)33 HashMap (java.util.HashMap)32 ServletException (javax.servlet.ServletException)32 Attribute (com.tremolosecurity.saml.Attribute)28 HttpServletRequest (javax.servlet.http.HttpServletRequest)28 IOException (java.io.IOException)21 AuthController (com.tremolosecurity.proxy.auth.AuthController)19 LDAPException (com.novell.ldap.LDAPException)18 LDAPAttribute (com.novell.ldap.LDAPAttribute)17 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)14 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)13 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12 MalformedURLException (java.net.MalformedURLException)10 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 ArrayList (java.util.ArrayList)9 LDAPEntry (com.novell.ldap.LDAPEntry)8