Search in sources :

Example 96 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class WPLoginFilter method doFilter.

public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    boolean finishLogout = false;
    if (!request.getParameterNames().hasNext() && request.getQueryStringParams().size() == 0) {
        StringBuffer b = new StringBuffer();
        b.append(request.getRequestURL()).append("?redirect_to=").append(URLEncoder.encode(this.redirectTo, "UTF-8"));
        response.sendRedirect(b.toString());
        chain.setNoProxy(true);
        return;
    } else {
        Attribute action = request.getParameter("action");
        if (action != null) {
            if (action.getValues().get(0).equalsIgnoreCase("logout")) {
                finishLogout = true;
            }
        }
    }
    chain.nextFilter(request, response, chain);
    if (finishLogout) {
        response.sendRedirect(this.logoutURI);
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute)

Example 97 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class WPLoginFilter method initFilter.

public void initFilter(HttpFilterConfig config) throws Exception {
    Attribute attr = config.getAttribute("redirectTo");
    if (attr == null) {
        throw new Exception("redirectTo is required");
    }
    this.redirectTo = attr.getValues().get(0).toString();
    attr = config.getAttribute("logout");
    if (attr == null) {
        throw new Exception("logout is required");
    }
    this.logoutURI = attr.getValues().get(0).toString();
}
Also used : Attribute(com.tremolosecurity.saml.Attribute)

Example 98 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class DuoSecLogin method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    String integrationKey = authParams.get("duoIntegrationKey").getValues().get(0);
    String secretKey = authParams.get("duoSecretKey").getValues().get(0);
    String apiHostName = authParams.get("duoApiHostName").getValues().get(0);
    String userNameAttribute = authParams.get("userNameAttribute").getValues().get(0);
    String akey = authParams.get("duoAKey").getValues().get(0).trim();
    AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    logger.info("authInfo " + authInfo.getAuthChain());
    String userName = authInfo.getAttribs().get(userNameAttribute).getValues().get(0);
    String signedRequest = DuoWeb.signRequest(integrationKey, secretKey, akey, userName);
    if (signedRequest.startsWith("ERR|")) {
        throw new ServletException(signedRequest);
    }
    request.setAttribute("duo.apihost", apiHostName);
    request.setAttribute("duo.sigreq", signedRequest);
    request.getRequestDispatcher("/auth/forms/duo/duoauth.jsp").forward(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) ConfigManager(com.tremolosecurity.config.util.ConfigManager)

Example 99 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class TokenData method completeUserLogin.

private void completeUserLogin(HttpServletRequest request, HttpServletResponse response, String code, String clientID, String clientSecret, UrlHolder holder, AuthInfo authData) throws ServletException, IOException, MalformedURLException {
    String lastMileToken = null;
    try {
        lastMileToken = this.inflate(code);
        lastMileToken = new String(org.bouncycastle.util.encoders.Base64.encode(lastMileToken.getBytes("UTF-8")));
    } catch (Exception e) {
        throw new ServletException("Could not inflate code", e);
    }
    OpenIDConnectTrust trust = this.trusts.get(clientID);
    if (!trust.isPublicEndpoint()) {
        if (!clientSecret.equals(trust.getClientSecret())) {
            AccessLog.log(AccessEvent.AzFail, holder.getApp(), (HttpServletRequest) request, authData, "NONE");
            response.sendError(403);
            return;
        }
    }
    ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    SecretKey codeKey = cfg.getSecretKey(trust.getCodeLastmileKeyName());
    com.tremolosecurity.lastmile.LastMile lmreq = new com.tremolosecurity.lastmile.LastMile();
    try {
        lmreq.loadLastMielToken(lastMileToken, codeKey);
    } catch (Exception e) {
        logger.warn("Could not decrypt code token", e);
        response.sendError(403);
        AccessLog.log(AccessEvent.AzFail, holder.getApp(), (HttpServletRequest) request, authData, "NONE");
        return;
    }
    if (!lmreq.isValid()) {
        response.sendError(403);
        logger.warn("Could not validate code token");
        AccessLog.log(AccessEvent.AzFail, holder.getApp(), (HttpServletRequest) request, authData, "NONE");
        return;
    }
    Attribute dn = null;
    Attribute scopes = null;
    Attribute nonce = null;
    Attribute authChainName = null;
    for (Attribute attr : lmreq.getAttributes()) {
        if (attr.getName().equalsIgnoreCase("dn")) {
            dn = attr;
        } else if (attr.getName().equalsIgnoreCase("scope")) {
            scopes = attr;
        } else if (attr.getName().equalsIgnoreCase("nonce")) {
            nonce = attr;
        } else if (attr.getName().equalsIgnoreCase("authChainName")) {
            authChainName = attr;
        }
    }
    ConfigManager cfgMgr = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    DateTime now = new DateTime();
    DateTime notBefore = now.minus(trust.getCodeTokenTimeToLive());
    DateTime notAfter = now.plus(trust.getCodeTokenTimeToLive());
    int authLevel = lmreq.getLoginLevel();
    String authMethod = lmreq.getAuthChain();
    try {
        lmreq = new com.tremolosecurity.lastmile.LastMile(request.getRequestURI(), notBefore, notAfter, authLevel, authMethod);
    } catch (URISyntaxException e) {
        throw new ServletException("Could not request access token", e);
    }
    OpenIDConnectAccessToken access = new OpenIDConnectAccessToken();
    /*
		lmreq.getAttributes().add(new Attribute("dn",dn.getValues().get(0)));
		SecretKey key = cfgMgr.getSecretKey(trust.getAccessLastmileKeyName());
		String accessToken = null;
		try {
			accessToken = lmreq.generateLastMileToken(key);
		} catch (Exception e) {
			throw new ServletException("Could not generate access token",e);
		}*/
    String accessToken = null;
    OidcSessionState oidcSession = createUserSession(request, clientID, holder, trust, dn.getValues().get(0), cfgMgr, access, (nonce != null ? nonce.getValues().get(0) : UUID.randomUUID().toString()), authChainName.getValues().get(0));
    access.setRefresh_token(oidcSession.getRefreshToken());
    Gson gson = new Gson();
    String json = gson.toJson(access);
    response.setContentType("application/json");
    response.getOutputStream().write(json.getBytes("UTF-8"));
    response.getOutputStream().flush();
    if (logger.isDebugEnabled()) {
        logger.debug("Token JSON : '" + json + "'");
    }
    AuthInfo remUser = new AuthInfo();
    remUser.setUserDN(dn.getValues().get(0));
    request.getSession().setAttribute(new StringBuilder().append("OIDC_SESSION_ID_").append(this.idpName).toString(), oidcSession.getSessionID());
    AccessLog.log(AccessEvent.AzSuccess, holder.getApp(), (HttpServletRequest) request, remUser, "NONE");
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) Gson(com.google.gson.Gson) URISyntaxException(java.net.URISyntaxException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) LDAPException(com.novell.ldap.LDAPException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) URISyntaxException(java.net.URISyntaxException) InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) JoseException(org.jose4j.lang.JoseException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ParseException(org.json.simple.parser.ParseException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) MalformedURLException(java.net.MalformedURLException) BadPaddingException(javax.crypto.BadPaddingException) ConfigManager(com.tremolosecurity.config.util.ConfigManager) DateTime(org.joda.time.DateTime) ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecretKey(javax.crypto.SecretKey) OidcSessionState(com.tremolosecurity.idp.providers.oidc.model.OidcSessionState)

Example 100 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class ScaleMain method startSubjectWorkflow.

private void startSubjectWorkflow(StringBuffer errors, WorkflowRequest req, WFCall wfCall, TremoloUser tu, String subject, LDAPEntry entry, PreCheckResponse preCheckResp) {
    if (entry == null) {
        tu.setUid(subject);
        tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), subject));
    } else {
        tu.setUid(entry.getAttribute(this.scaleConfig.getUidAttributeName()).getStringValue());
        tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), entry.getAttribute(this.scaleConfig.getUidAttributeName()).getStringValue()));
    }
    if (req.isDoPreApproval() && preCheckResp.isCanPreApprove()) {
        wfCall.getRequestParams().put(Approval.IMMEDIATE_ACTION, req.isApproved());
        wfCall.getRequestParams().put(Approval.REASON, req.getApprovalReason());
        wfCall.getRequestParams().put(Approval.SEND_NOTIFICATION, "false");
    }
    try {
        com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
        exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
    } catch (Exception e) {
        logger.error("Could not update user", e);
        errors.append("user " + subject + " did not get submitted, please contact your system administrator;");
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException)

Aggregations

Attribute (com.tremolosecurity.saml.Attribute)268 LDAPAttribute (com.novell.ldap.LDAPAttribute)90 HashMap (java.util.HashMap)89 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87 IOException (java.io.IOException)69 ArrayList (java.util.ArrayList)53 LDAPException (com.novell.ldap.LDAPException)51 ServletException (javax.servlet.ServletException)48 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46 AuthController (com.tremolosecurity.proxy.auth.AuthController)45 LDAPEntry (com.novell.ldap.LDAPEntry)43 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43 HttpSession (javax.servlet.http.HttpSession)40 Gson (com.google.gson.Gson)35 User (com.tremolosecurity.provisioning.core.User)33 HttpServletRequest (javax.servlet.http.HttpServletRequest)33 UrlHolder (com.tremolosecurity.config.util.UrlHolder)31 UnsupportedEncodingException (java.io.UnsupportedEncodingException)30 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28 HashSet (java.util.HashSet)26