Example 16 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class FormLoginAuthMech method doPost.
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
String userDN = null;
MyVDConnection myvd = cfgMgr.getMyVD();
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) req).getSession();
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
if (holder == null) {
throw new ServletException("Holder is null");
}
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String uidAttr = "uid";
if (authParams.get("uidAttr") != null) {
uidAttr = authParams.get("uidAttr").getValues().get(0);
}
boolean uidIsFilter = false;
if (authParams.get("uidIsFilter") != null) {
uidIsFilter = authParams.get("uidIsFilter").getValues().get(0).equalsIgnoreCase("true");
}
String filter = "";
if (uidIsFilter) {
StringBuffer b = new StringBuffer();
int lastIndex = 0;
int index = uidAttr.indexOf('$');
while (index >= 0) {
b.append(uidAttr.substring(lastIndex, index));
lastIndex = uidAttr.indexOf('}', index) + 1;
String reqName = uidAttr.substring(index + 2, lastIndex - 1);
b.append(req.getParameter(reqName));
index = uidAttr.indexOf('$', index + 1);
}
b.append(uidAttr.substring(lastIndex));
filter = b.toString();
} else {
StringBuffer b = new StringBuffer();
String userParam = req.getParameter("user");
b.append('(').append(uidAttr).append('=').append(userParam).append(')');
if (userParam == null) {
filter = "(!(objectClass=*))";
} else {
filter = equal(uidAttr, userParam).toString();
}
}
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
String password = req.getParameter("pwd");
if (password == null || password.trim().length() == 0) {
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
return;
}
try {
LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, filter, new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
userDN = entry.getDN();
myvd.bind(entry.getDN(), req.getParameter("pwd"));
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
while (it.hasNext()) {
LDAPAttribute attrib = it.next();
Attribute attr = new Attribute(attrib.getName());
String[] vals = attrib.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
as.setSuccess(true);
} else {
req.setAttribute(ProxyConstants.AUTH_FAILED_USER_DN, userDN);
as.setSuccess(false);
}
} catch (LDAPException e) {
if (e.getResultCode() != LDAPException.INVALID_CREDENTIALS) {
logger.error("Could not authenticate user", e);
}
req.setAttribute(ProxyConstants.AUTH_FAILED_USER_DN, userDN);
as.setSuccess(false);
}
String redirectToURL = req.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
ProxyRequest pr = (ProxyRequest) req;
pr.removeParameter("pwd");
pr.removeParameter("user");
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
LDAPEntry(com.novell.ldap.LDAPEntry)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
Example 17 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class IWAAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
String header = request.getHeader("Authorization");
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
if (header == null) {
sendFail(request, response, as);
return;
}
SpnegoPrincipal principal = null;
for (String realm : this.domains.keySet()) {
SpnegoAuthenticator authenticator = this.domains.get(realm);
final SpnegoHttpServletResponse spnegoResponse = new SpnegoHttpServletResponse((HttpServletResponse) response);
try {
principal = authenticator.authenticate(request, spnegoResponse);
break;
} catch (GSSException gsse) {
logger.error("Could not authenticate IWA user", gsse);
} catch (Throwable t) {
logger.error("Could not authenticate IWA user", t);
}
}
if (principal == null) {
sendFail(request, response, as);
return;
}
MyVDConnection myvd = cfgMgr.getMyVD();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
// holder.getConfig().getAuthChains().get(urlChain);
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
try {
StringBuffer b = new StringBuffer();
b.append("(userPrincipalName=").append(principal.toString()).append(")");
LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, equal("userPrincipalName", principal.toString()).toString(), new ArrayList<String>());
if (res.hasMore()) {
logger.info("Loading user attributes");
LDAPEntry entry = res.next();
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
while (it.hasNext()) {
LDAPAttribute attrib = it.next();
Attribute attr = new Attribute(attrib.getName());
String[] vals = attrib.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
as.setSuccess(true);
request.getSession().removeAttribute("TREMOLO_IWA_CHECKED");
} else {
logger.info("user not found, failing");
as.setSuccess(false);
}
} catch (LDAPException e) {
logger.error("Could not authenticate user", e);
as.setSuccess(false);
sendFail(request, response, as);
return;
/*if (amt.getRequired().equals("required")) {
session.setAttribute(AuthSys.AUTH_RES, false);
}*/
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, true);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPEntry(com.novell.ldap.LDAPEntry)
GSSException(org.ietf.jgss.GSSException)
SpnegoHttpServletResponse(net.sourceforge.spnego.SpnegoHttpServletResponse)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HttpSession(javax.servlet.http.HttpSession)
SpnegoPrincipal(net.sourceforge.spnego.SpnegoPrincipal)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
SpnegoAuthenticator(net.sourceforge.spnego.SpnegoAuthenticator)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
Example 18 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class SendMessageThread method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
if (!this.enabled) {
throw new ServletException("Operation Not Supported");
}
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
if (holder == null) {
String finalURL = this.getFinalURL(request, response);
try {
holder = cfgMgr.findURL(finalURL);
request.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
} catch (Exception e) {
throw new ServletException("Could not run authentication", e);
}
}
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
if (request.getParameter("email") != null) {
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
String splashRedirect = authParams.get("splashRedirect").getValues().get(0);
String noUserSplash = authParams.get("noUserSplash").getValues().get(0);
generateResetKey(request, response, splashRedirect, noUserSplash, as, act, this.lookupAttributeName);
return;
} else if (request.getParameter("key") == null) {
String emailCollectionRedir = authParams.get("emailCollectionRedir").getValues().get(0);
response.sendRedirect(emailCollectionRedir);
return;
} else {
String key = request.getParameter("key");
org.hibernate.Session con = null;
try {
con = this.sessionFactory.openSession();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
if (as == null || ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthSteps().size() == 0) {
// like saml2 idp initiated, this is a special use case
ArrayList<AuthStep> auths = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthSteps();
int id = 0;
for (AuthMechType amt : act.getAuthMech()) {
AuthStep asx = new AuthStep();
asx.setId(id);
asx.setExecuted(false);
asx.setRequired(amt.getRequired().equals("required"));
asx.setSuccess(false);
auths.add(asx);
id++;
}
as = auths.get(0);
}
AuthMechType amt = act.getAuthMech().get(as.getId());
finishLogin(request, response, session, act, as.getId(), amt, minValidKey, key, con, reqHolder, as);
} catch (SQLException e) {
throw new ServletException("Could not complete login", e);
} finally {
if (con != null) {
con.close();
}
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
HttpSession(javax.servlet.http.HttpSession)
ArrayList(java.util.ArrayList)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
ServletException(javax.servlet.ServletException)
MessagingException(javax.mail.MessagingException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
HttpSession(javax.servlet.http.HttpSession)
Session(javax.mail.Session)
Example 19 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class SecretQuestionAuth method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
MyVDConnection myvd = cfgMgr.getMyVD();
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String alg = authParams.get("alg").getValues().get(0);
String salt = authParams.get("salt").getValues().get(0);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
ArrayList<SecretQuestion> questions = (ArrayList<SecretQuestion>) request.getSession(true).getAttribute("TREMOLO_SECRET_ANSWERS");
if (questions == null) {
this.doGet(request, response, as);
return;
}
int i = 0;
StringBuffer b = new StringBuffer();
for (SecretQuestion sq : questions) {
b.setLength(0);
b.append("answer").append(i);
String answer = request.getParameter(b.toString());
if (!sq.checkAnswer(alg, answer, salt)) {
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
}
i++;
}
as.setSuccess(true);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
ArrayList(java.util.ArrayList)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
Example 20 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class AcknowledgeAuthMech method doPost.
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
if (req.getParameter("acknowledge") == null) {
this.doGet(req, resp, as);
return;
}
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) req).getSession();
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
if (req.getParameter("acknowledge") != null && req.getParameter("acknowledge").equalsIgnoreCase("yes")) {
as.setSuccess(true);
} else {
as.setSuccess(false);
}
String redirectToURL = req.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Aggregations
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)35
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)34
HashMap (java.util.HashMap)28
UrlHolder (com.tremolosecurity.config.util.UrlHolder)26
HttpSession (javax.servlet.http.HttpSession)24
Attribute (com.tremolosecurity.saml.Attribute)23
HttpServletRequest (javax.servlet.http.HttpServletRequest)23
ServletException (javax.servlet.ServletException)22
IOException (java.io.IOException)15
LDAPAttribute (com.novell.ldap.LDAPAttribute)14
LDAPException (com.novell.ldap.LDAPException)12
AuthController (com.tremolosecurity.proxy.auth.AuthController)11
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)10
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)8
MechanismType (com.tremolosecurity.config.xml.MechanismType)7
MyVDConnection (com.tremolosecurity.proxy.myvd.MyVDConnection)7
ArrayList (java.util.ArrayList)7
ConfigManager (com.tremolosecurity.config.util.ConfigManager)6
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)5
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5
