Example 1 with SpnegoAuthenticator
use of net.sourceforge.spnego.SpnegoAuthenticator in project OpenUnison by TremoloSecurity.
the class IWAAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
String header = request.getHeader("Authorization");
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
if (header == null) {
sendFail(request, response, as);
return;
}
SpnegoPrincipal principal = null;
for (String realm : this.domains.keySet()) {
SpnegoAuthenticator authenticator = this.domains.get(realm);
final SpnegoHttpServletResponse spnegoResponse = new SpnegoHttpServletResponse((HttpServletResponse) response);
try {
principal = authenticator.authenticate(request, spnegoResponse);
break;
} catch (GSSException gsse) {
logger.error("Could not authenticate IWA user", gsse);
} catch (Throwable t) {
logger.error("Could not authenticate IWA user", t);
}
}
if (principal == null) {
sendFail(request, response, as);
return;
}
MyVDConnection myvd = cfgMgr.getMyVD();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
// holder.getConfig().getAuthChains().get(urlChain);
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
try {
StringBuffer b = new StringBuffer();
b.append("(userPrincipalName=").append(principal.toString()).append(")");
LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, equal("userPrincipalName", principal.toString()).toString(), new ArrayList<String>());
if (res.hasMore()) {
logger.info("Loading user attributes");
LDAPEntry entry = res.next();
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
while (it.hasNext()) {
LDAPAttribute attrib = it.next();
Attribute attr = new Attribute(attrib.getName());
String[] vals = attrib.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
as.setSuccess(true);
request.getSession().removeAttribute("TREMOLO_IWA_CHECKED");
} else {
logger.info("user not found, failing");
as.setSuccess(false);
}
} catch (LDAPException e) {
logger.error("Could not authenticate user", e);
as.setSuccess(false);
sendFail(request, response, as);
return;
/*if (amt.getRequired().equals("required")) {
session.setAttribute(AuthSys.AUTH_RES, false);
}*/
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, true);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPEntry(com.novell.ldap.LDAPEntry)
GSSException(org.ietf.jgss.GSSException)
SpnegoHttpServletResponse(net.sourceforge.spnego.SpnegoHttpServletResponse)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HttpSession(javax.servlet.http.HttpSession)
SpnegoPrincipal(net.sourceforge.spnego.SpnegoPrincipal)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
SpnegoAuthenticator(net.sourceforge.spnego.SpnegoAuthenticator)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
Example 2 with SpnegoAuthenticator
use of net.sourceforge.spnego.SpnegoAuthenticator in project OpenUnison by TremoloSecurity.
the class IWAAuth method init.
@Override
public void init(ServletContext ctx, HashMap<String, Attribute> init) {
if (init.get("domain") != null) {
String krb5Conf = "[libdefaults]\n";
krb5Conf += " default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc\n";
krb5Conf += " default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc\n";
krb5Conf += " permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc\n";
if (init.get("domain").getValues().size() == 1) {
krb5Conf += " default_realm = " + init.get("domain").getValues().get(0) + "\n";
} else {
if (init.get("defaultDomain") == null) {
krb5Conf += " default_realm = " + init.get("domain").getValues().get(0) + "\n";
} else {
krb5Conf += " default_realm = " + init.get("defaultDomain").getValues().get(0) + "\n";
}
}
krb5Conf += "\n";
krb5Conf += "[realms]\n";
for (String domain : init.get("domain").getValues()) {
String domainKDC = init.get(domain + ".kdc").getValues().get(0);
krb5Conf += " " + domain + " = {\n";
krb5Conf += " kdc = " + domainKDC + "\n";
krb5Conf += " default_domain = " + domain + "\n";
krb5Conf += " }\n\n";
}
krb5Conf += "[domain_realm]\n";
for (String domain : init.get("domain").getValues()) {
krb5Conf += " ." + domain + " = " + domain + "\n";
}
String pathToKrb5 = ctx.getRealPath("/WEB-INF/krb5.conf");
logger.info("Path to krb5.conf : '" + pathToKrb5 + "'");
String pathToLogin = "file://" + ctx.getRealPath("/WEB-INF/login.conf");
logger.info("Path to login.conf : '" + pathToLogin + "'");
try {
PrintWriter out = new PrintWriter(new OutputStreamWriter(new FileOutputStream(pathToKrb5)));
out.println(krb5Conf);
out.flush();
out.close();
} catch (FileNotFoundException e) {
logger.error("Could not create krb5.conf", e);
}
this.domains = new HashMap<String, SpnegoAuthenticator>();
for (String domain : init.get("domain").getValues()) {
HashMap<String, String> spnegoCfg = new HashMap<String, String>();
spnegoCfg.put("spnego.allow.basic", "false");
spnegoCfg.put("spnego.allow.localhost", "false");
spnegoCfg.put("spnego.allow.unsecure.basic", "false");
spnegoCfg.put("spnego.login.client.module", "spnego-client");
spnegoCfg.put("spnego.krb5.conf", pathToKrb5);
spnegoCfg.put("spnego.login.conf", pathToLogin);
spnegoCfg.put("spnego.login.server.module", "spnego-server");
spnegoCfg.put("spnego.prompt.ntlm", "false");
spnegoCfg.put("spnego.logger.level", "1");
spnegoCfg.put("spnego.allow.delegation", "false");
// String domain = init.get("domain").getValues().get(0);
String userName = init.get(domain + ".userName").getValues().get(0);
String password = init.get(domain + ".password").getValues().get(0);
spnegoCfg.put("spnego.preauth.username", userName);
spnegoCfg.put("spnego.preauth.password", password);
try {
SpnegoAuthenticator authenticator = new SpnegoAuthenticator(spnegoCfg);
this.domains.put(domain.toLowerCase(), authenticator);
} catch (LoginException e) {
logger.error("Could not initiate KDC connection", e);
} catch (FileNotFoundException e) {
logger.error("Could not initiate KDC connection", e);
} catch (GSSException e) {
logger.error("Could not initiate KDC connection", e);
} catch (PrivilegedActionException e) {
logger.error("Could not initiate KDC connection", e);
} catch (URISyntaxException e) {
logger.error("Could not initiate KDC connection", e);
}
}
this.cfgMgr = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
}
}
Also used :
HashMap(java.util.HashMap)
PrivilegedActionException(java.security.PrivilegedActionException)
FileNotFoundException(java.io.FileNotFoundException)
URISyntaxException(java.net.URISyntaxException)
SpnegoAuthenticator(net.sourceforge.spnego.SpnegoAuthenticator)
GSSException(org.ietf.jgss.GSSException)
FileOutputStream(java.io.FileOutputStream)
LoginException(javax.security.auth.login.LoginException)
OutputStreamWriter(java.io.OutputStreamWriter)
PrintWriter(java.io.PrintWriter)
Aggregations
HashMap (java.util.HashMap)2
SpnegoAuthenticator (net.sourceforge.spnego.SpnegoAuthenticator)2
GSSException (org.ietf.jgss.GSSException)2
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
LDAPEntry (com.novell.ldap.LDAPEntry)1
LDAPException (com.novell.ldap.LDAPException)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
UrlHolder (com.tremolosecurity.config.util.UrlHolder)1
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1
MyVDConnection (com.tremolosecurity.proxy.myvd.MyVDConnection)1
Attribute (com.tremolosecurity.saml.Attribute)1
FileNotFoundException (java.io.FileNotFoundException)1
FileOutputStream (java.io.FileOutputStream)1
OutputStreamWriter (java.io.OutputStreamWriter)1
PrintWriter (java.io.PrintWriter)1
URISyntaxException (java.net.URISyntaxException)1
PrivilegedActionException (java.security.PrivilegedActionException)1
LoginException (javax.security.auth.login.LoginException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
