Search in sources :

Example 1 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class K8sInjectImpersonation method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Iterator<String> it = request.getHeaderNames();
    List<String> toRemove = new ArrayList<String>();
    while (it.hasNext()) {
        String headerName = it.next();
        if (headerName.toLowerCase().startsWith("impersonate-") || headerName.equalsIgnoreCase("Authorization")) {
            toRemove.add(headerName);
        }
    }
    for (String headerToRemove : toRemove) {
        request.removeHeader(headerToRemove);
    }
    request.removeHeader("Authorization");
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    request.addHeader(new Attribute("Impersonate-User", userData.getAttribs().get(this.userNameAttribute).getValues().get(0)));
    Attribute groups = new Attribute("Impersonate-Group");
    groups.getValues().add("system:authenticated");
    Attribute fromUser = userData.getAttribs().get(this.groupAttribute);
    if (fromUser != null) {
        groups.getValues().addAll(fromUser.getValues());
    }
    if (groups.getValues().size() > 0) {
        request.addHeader(groups);
    }
    OpenShiftTarget target = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
    request.addHeader(new Attribute("Authorization", new StringBuilder().append("Bearer ").append(target.getAuthToken()).toString()));
    HashMap<String, String> uriParams = (HashMap<String, String>) request.getAttribute("TREMOLO_URI_PARAMS");
    uriParams.put("k8s_url", target.getUrl());
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 2 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class RegisterPasswordResetAuth method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    AuthController ac = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL));
    AuthInfo au = ac.getAuthInfo();
    Attribute uid = au.getAttribs().get(this.uidAttribute);
    if (uid == null) {
        logger.warn("Attribute : '" + this.uidAttribute + "' does not exist");
        as.setSuccess(false);
    } else {
        ResetUserPasswordOnLogout logoutHandler = new ResetUserPasswordOnLogout(this.workflowName, this.uidAttribute, uid.getValues().get(0));
        LogoutUtil.insertFirstLogoutHandler(request, logoutHandler);
        as.setSuccess(true);
    }
    holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) AuthController(com.tremolosecurity.proxy.auth.AuthController) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Example 3 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class SamlTransaction method doFederation.

private void doFederation(HttpServletRequest request, HttpServletResponse response, String issuer, String nameID, String authnCtx, String url, String relayState, Saml2Trust trust) throws Exception, ServletException, IOException {
    if (authnCtx == null) {
        authnCtx = trust.params.get("defaultAuthCtx").getValues().get(0);
    }
    if (nameID == null) {
        nameID = trust.params.get("defaultNameId").getValues().get(0);
    }
    String authChain = trust.authChainMap.get(authnCtx);
    if (authChain == null) {
        StringBuffer b = new StringBuffer();
        b.append("IdP does not have an authenticaiton chain configured with '").append(authnCtx).append("'");
        throw new Exception(b.toString());
    }
    String nameIDAttr = trust.nameIDMap.get(nameID);
    if (logger.isDebugEnabled()) {
        logger.debug("Auth Chain : '" + authChain + "'");
        logger.debug("NameID Attr : '" + nameIDAttr + "'");
    }
    HttpSession session = request.getSession();
    AuthInfo authData = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    AuthChainType act = holder.getConfig().getAuthChains().get(authChain);
    if (url == null) {
        url = trust.params.get("httpPostRespURL").getValues().get(0);
    }
    SamlTransaction transaction = new SamlTransaction();
    transaction.issuer = issuer;
    transaction.nameIDAttr = nameIDAttr;
    transaction.nameIDFormat = nameID;
    transaction.postToURL = url;
    transaction.authnCtxName = authnCtx;
    transaction.relayState = relayState;
    session.setAttribute(Saml2Idp.TRANSACTION_DATA, transaction);
    if (authData == null || !authData.isAuthComplete() && !(authData.getAuthLevel() < act.getLevel())) {
        nextAuth(request, response, session, false, act);
    } else {
        if (authData.getAuthLevel() < act.getLevel()) {
            // step up authentication, clear existing auth data
            /*AuthController controller = ((AuthController) session.getAttribute(AuthSys.AUTH_CTL));
				controller.setHolder(null);
				for (AuthStep as : controller.getAuthSteps()) {
					as.setExecuted(false);
					as.setSuccess(false);
				}*/
            session.removeAttribute(ProxyConstants.AUTH_CTL);
            holder.getConfig().createAnonUser(session);
            nextAuth(request, response, session, false, act);
        } else {
            // chain.doFilter(req, resp);
            // next.nextSys((HttpServletRequest) req, (HttpServletResponse) resp);
            StringBuffer b = genFinalURL(request);
            response.sendRedirect(b.toString());
        }
    }
}
Also used : UrlHolder(com.tremolosecurity.config.util.UrlHolder) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) HttpSession(javax.servlet.http.HttpSession) AuthController(com.tremolosecurity.proxy.auth.AuthController) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) ServletException(javax.servlet.ServletException) SignatureException(java.security.SignatureException) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SAXException(org.xml.sax.SAXException) InvalidKeyException(java.security.InvalidKeyException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InitializationException(org.opensaml.core.config.InitializationException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 4 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class DNBase2Attribute method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HttpSession session = request.getSession();
    if (session.getAttribute(key) == null) {
        AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        boolean isMember = false;
        if (authInfo.getUserDN().toLowerCase().endsWith(this.dn)) {
            isMember = true;
            logger.debug("User is member");
        } else {
            isMember = false;
            logger.debug("User is NOT member");
        }
        if (isMember) {
            Attribute attr = authInfo.getAttribs().get(this.attributeName);
            if (attr == null) {
                attr = new Attribute(this.attributeName);
                authInfo.getAttribs().put(this.attributeName, attr);
            }
            attr.getValues().add(this.attributeValue);
        }
        session.setAttribute(key, key);
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) HttpSession(javax.servlet.http.HttpSession) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 5 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class Group2Attribute method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HttpSession session = request.getSession();
    if (session.getAttribute(key) == null) {
        AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        boolean isMember = false;
        StringBuffer filter = new StringBuffer();
        LDAPSearchResults res = cfgMgr.getMyVD().search(groupDN, 0, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attribs);
        if (res.hasMore()) {
            res.next();
            isMember = true;
            logger.debug("User is member");
        } else {
            isMember = false;
            logger.debug("User is NOT member");
        }
        if (isMember) {
            Attribute attr = authInfo.getAttribs().get(this.attributeName);
            if (attr == null) {
                attr = new Attribute(this.attributeName);
                authInfo.getAttribs().put(this.attributeName, attr);
            }
            attr.getValues().add(this.attributeValue);
        }
        session.setAttribute(key, key);
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) Attribute(com.tremolosecurity.saml.Attribute) HttpSession(javax.servlet.http.HttpSession) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Aggregations

AuthController (com.tremolosecurity.proxy.auth.AuthController)76 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)59 Attribute (com.tremolosecurity.saml.Attribute)45 ServletException (javax.servlet.ServletException)28 HttpSession (javax.servlet.http.HttpSession)28 UrlHolder (com.tremolosecurity.config.util.UrlHolder)26 HashMap (java.util.HashMap)25 IOException (java.io.IOException)24 LDAPAttribute (com.novell.ldap.LDAPAttribute)21 LDAPException (com.novell.ldap.LDAPException)19 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)19 Gson (com.google.gson.Gson)18 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)14 ConfigManager (com.tremolosecurity.config.util.ConfigManager)14 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12 MalformedURLException (java.net.MalformedURLException)12 ArrayList (java.util.ArrayList)12 LDAPEntry (com.novell.ldap.LDAPEntry)11