Example 21 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class AnonAuth method setAnonCtx.
private void setAnonCtx(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws ServletException, IOException {
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = request.getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
AuthMechType amt = act.getAuthMech().get(as.getId());
createSession(session, act);
as.setSuccess(true);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
Also used :
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 22 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class AuthMgrSys method doAuthMgr.
public void doAuthMgr(HttpServletRequest request, HttpServletResponse response, NextSys nextSys, AuthStep as) throws ServletException, IOException {
// String prefix = "/auth";
// uri = uri.substring(prefix.length());
String uri = request.getRequestURI();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
ConfigManager cfgMgr = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
String actName = "";
if (actl != null && actl.getHolder() == null && holder == null) {
AuthMechanism authMech = cfgMgr.getAuthMech(request.getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(request, response);
if (finalURL != null) {
try {
holder = cfgMgr.findURL(finalURL);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(request, params);
actl.setHolder(new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) request).getQueryStringParams()));
request.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
String authChain = holder.getUrl().getAuthChain();
holder.getConfig().getAuthManager().loadAmtParams(request.getSession(), act.getAuthMech().get(0));
} catch (Exception e) {
throw new ServletException("Could not run authentication", e);
}
}
} else {
throw new ServletException("Unknown URI : " + request.getRequestURI());
}
}
if (actl != null && actl.getHolder() != null) {
actName = actl.getHolder().getAuthChainName();
} else {
if (holder != null) {
actName = holder.getUrl().getAuthChain();
} else {
actName = null;
}
}
AuthChainType act = actName != null ? cfgMgr.getAuthChains().get(actName) : null;
AuthMechanism mech = cfgMgr.getAuthMech(uri);
if (mech == null || act == null) {
nextSys.nextSys(request, response);
return;
}
act = AuthManagerImpl.buildACT(act, cfgMgr);
int step = 0;
if (as != null) {
AuthMechType amt = act.getAuthMech().get(as.getId());
String amtName = amt.getName();
MechanismType mech2 = cfgMgr.getAuthMechs().get(amtName);
if (!request.getRequestURI().endsWith(mech2.getUri())) {
logger.warn("Attempted double post");
StringBuilder sb = new StringBuilder().append(cfgMgr.getAuthFormsPath()).append("/resetChain.jsp");
response.sendRedirect(sb.toString());
return;
}
step = as.getId();
}
String authMechName = act.getAuthMech().get(step).getName();
MechanismType mt = cfgMgr.getAuthMechs().get(authMechName);
String ruri = request.getRequestURI();
String forwardedURI = (String) request.getAttribute("javax.servlet.forward.request_uri");
if (forwardedURI != null) {
ruri = forwardedURI;
}
if (request.getMethod().equalsIgnoreCase("get")) {
mech.doGet(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("post")) {
mech.doPost(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("put") || request.getMethod().equalsIgnoreCase("patch")) {
mech.doPut(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("delete")) {
mech.doDelete(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("head")) {
mech.doHead(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("options")) {
mech.doOptions(request, response, as);
} else {
mech.doGet(request, response, as);
}
// check for a failed authenction
// Boolean bool = (Boolean) request.getAttribute(AuthMgrSys.AU_RES);
// HttpSession session = ((HttpServletRequest) request).getSession(true);
// session = SharedSession.getSharedSession().getSession(session.getId());
// AuthInfo authData = (AuthInfo) session.getAttribute(AuthSys.AUTH_DATA);
// String urlChain = holder.getUrl().getAuthChain();
// AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
/*if (urlChain != null && bool != null) {
processAuthResp(request, response, holder, bool);
}*/
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 23 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class BasicAuth method checkBasicAuth.
public static boolean checkBasicAuth(HttpServletRequest request, HttpServletResponse response, ConfigManager cfgMgr, BasicAuthImpl authImpl, AuthStep as) throws IOException, ServletException {
String basicHdr = request.getHeader("Authorization");
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String realmName = authParams.get("realmName").getValues().get(0);
String uidAttr = "uid";
if (authParams.get("uidAttr") != null) {
uidAttr = authParams.get("uidAttr").getValues().get(0);
}
if (basicHdr == null) {
as.setExecuted(false);
sendFail(response, realmName);
return false;
}
basicHdr = basicHdr.substring(basicHdr.indexOf(' ') + 1);
String headerVal = new String(Base64.decode(basicHdr));
String userName = headerVal.substring(0, headerVal.indexOf(':'));
String password = headerVal.substring(headerVal.indexOf(':') + 1);
MyVDConnection myvd = cfgMgr.getMyVD();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
AuthMechType amt = act.getAuthMech().get(as.getId());
try {
authImpl.doAuth(request, session, uidAttr, userName, password, myvd, act, amt, as, cfgMgr);
} catch (LDAPException e) {
if (e.getResultCode() != LDAPException.INVALID_CREDENTIALS) {
logger.error("Could not authenticate user", e);
}
as.setExecuted(true);
as.setSuccess(false);
sendFail(response, realmName);
return false;
/*if (amt.getRequired().equals("required")) {
session.setAttribute(AuthSys.AUTH_RES, false);
}*/
}
return true;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPException(com.novell.ldap.LDAPException)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
Example 24 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class SendMessageThread method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
String splashRedirect = authParams.get("splashRedirect").getValues().get(0);
String noUserSplash = authParams.get("noUserSplash").getValues().get(0);
if (request.getParameter("email") != null) {
generateResetKey(request, response, splashRedirect, noUserSplash, as, act, this.lookupAttributeName);
return;
} else if (request.getParameter("key") != null) {
String key = request.getParameter("key");
org.hibernate.Session con = null;
try {
con = this.sessionFactory.openSession();
finishLogin(request, response, session, act, as.getId(), amt, minValidKey, key, con, reqHolder, as);
} catch (SQLException e) {
throw new ServletException("Could not complete login", e);
} finally {
if (con != null) {
con.close();
}
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
HttpSession(javax.servlet.http.HttpSession)
Session(javax.mail.Session)
Example 25 with AuthMechType
use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.
the class SAML2Auth method procLogoutResp.
private String procLogoutResp(HttpServletRequest request, HttpServletResponse response, DocumentBuilderFactory factory, String saml, String relayState, String url) throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, Exception, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, ServletException {
LogoutResponseUnmarshaller marshaller = new LogoutResponseUnmarshaller();
DocumentBuilder builder = factory.newDocumentBuilder();
Element root = builder.parse(new InputSource(new StringReader(saml))).getDocumentElement();
LogoutResponse logout = (LogoutResponse) marshaller.unmarshall(root);
String issuer = logout.getIssuer().getValue();
boolean found = false;
String algType = null;
String logoutURL = null;
List<String> sigKeys = new ArrayList<String>();
// Search for the right mechanism configuration
for (String chainname : cfgMgr.getAuthChains().keySet()) {
AuthChainType act = cfgMgr.getAuthChains().get(chainname);
for (AuthMechType amt : act.getAuthMech()) {
for (ParamWithValueType pt : amt.getParams().getParam()) {
String value = "";
if (pt.getValue() != null && !pt.getValue().isBlank()) {
value = pt.getValue();
} else {
value = pt.getValueAttribute();
}
if (pt.getName().equalsIgnoreCase("entityID") && value.equalsIgnoreCase(issuer)) {
// found the correct mechanism
found = true;
for (ParamWithValueType ptx : amt.getParams().getParam()) {
String valuex = "";
if (ptx.getValue() != null && !ptx.getValue().isBlank()) {
valuex = pt.getValue();
} else {
valuex = ptx.getValueAttribute();
}
if (ptx.getName().equalsIgnoreCase("sigAlg")) {
algType = valuex;
} else if (ptx.getName().equalsIgnoreCase("logoutURL")) {
logoutURL = valuex;
} else if (ptx.getName().equalsIgnoreCase("idpSigKeyName")) {
sigKeys.add(valuex);
}
}
break;
}
}
if (found) {
break;
}
}
if (found) {
break;
}
}
if (!found) {
throw new ServletException("Entity ID '" + issuer + "' not found");
}
String authnSig = request.getParameter("Signature");
if (authnSig != null) {
String sigAlg = request.getParameter("SigAlg");
StringBuffer query = new StringBuffer();
String qs = request.getQueryString();
query.append(OpenSAMLUtils.getRawQueryStringParameter(qs, "SAMLResponse"));
query.append('&');
query.append(OpenSAMLUtils.getRawQueryStringParameter(qs, "RelayState"));
query.append('&');
query.append(OpenSAMLUtils.getRawQueryStringParameter(qs, "SigAlg"));
boolean validated = false;
for (String sigKeyName : sigKeys) {
java.security.cert.X509Certificate cert = this.cfgMgr.getCertificate(sigKeyName);
if (cert == null) {
continue;
}
String xmlAlg = SAML2Auth.xmlDigSigAlgs.get(algType);
if (!sigAlg.equalsIgnoreCase(xmlAlg)) {
throw new Exception("Invalid signature algorithm : '" + sigAlg + "'");
}
/*if (! logout.getDestination().equals(request.getRequestURL().toString())) {
throw new Exception("Invalid destination");
}*/
java.security.Signature sigv = java.security.Signature.getInstance(SAML2Auth.javaDigSigAlgs.get(algType));
sigv.initVerify(cert.getPublicKey());
sigv.update(query.toString().getBytes("UTF-8"));
if (sigv.verify(Base64.decodeBase64(authnSig.getBytes("UTF-8")))) {
validated = true;
}
}
if (!validated) {
throw new Exception("Signature verification failed");
}
}
response.sendRedirect(logoutURL);
return logoutURL;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
InputSource(org.xml.sax.InputSource)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
XSString(org.opensaml.core.xml.schema.XSString)
UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
LDAPException(com.novell.ldap.LDAPException)
MarshallingException(org.opensaml.core.xml.io.MarshallingException)
IOException(java.io.IOException)
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
ServletException(javax.servlet.ServletException)
SignatureException(java.security.SignatureException)
SAXException(org.xml.sax.SAXException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InitializationException(org.opensaml.core.config.InitializationException)
MalformedURLException(java.net.MalformedURLException)
CertificateException(java.security.cert.CertificateException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
LogoutResponseUnmarshaller(org.opensaml.saml.saml2.core.impl.LogoutResponseUnmarshaller)
ServletException(javax.servlet.ServletException)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
StringReader(java.io.StringReader)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Aggregations
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)35
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)34
HashMap (java.util.HashMap)28
UrlHolder (com.tremolosecurity.config.util.UrlHolder)26
HttpSession (javax.servlet.http.HttpSession)24
Attribute (com.tremolosecurity.saml.Attribute)23
HttpServletRequest (javax.servlet.http.HttpServletRequest)23
ServletException (javax.servlet.ServletException)22
IOException (java.io.IOException)15
LDAPAttribute (com.novell.ldap.LDAPAttribute)14
LDAPException (com.novell.ldap.LDAPException)12
AuthController (com.tremolosecurity.proxy.auth.AuthController)11
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)10
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)8
MechanismType (com.tremolosecurity.config.xml.MechanismType)7
MyVDConnection (com.tremolosecurity.proxy.myvd.MyVDConnection)7
ArrayList (java.util.ArrayList)7
ConfigManager (com.tremolosecurity.config.util.ConfigManager)6
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)5
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5
