Example 1 with DuoUserAccount
use of org.apereo.cas.adaptors.duo.DuoUserAccount in project cas by apereo.
the class DefaultDuoMultifactorAuthenticationProvider method supportsInternal.
@Override
protected boolean supportsInternal(final Event e, final Authentication authentication, final RegisteredService registeredService) {
if (!super.supportsInternal(e, authentication, registeredService)) {
return false;
}
final Principal principal = authentication.getPrincipal();
final DuoUserAccount acct = this.duoAuthenticationService.getDuoUserAccount(principal.getId());
LOGGER.debug("Found duo user account status [{}] for [{}]", acct, principal);
if (acct.getStatus() == DuoUserAccountAuthStatus.ALLOW) {
LOGGER.debug("Account status is set for allow/bypass for [{}]", principal);
return false;
}
if (acct.getStatus() == DuoUserAccountAuthStatus.DENY) {
LOGGER.warn("Account status is set to deny access to [{}]", principal);
}
return true;
}
Also used :
DuoUserAccount(org.apereo.cas.adaptors.duo.DuoUserAccount)
Principal(org.apereo.cas.authentication.principal.Principal)
Example 2 with DuoUserAccount
use of org.apereo.cas.adaptors.duo.DuoUserAccount in project cas by apereo.
the class BaseDuoSecurityAuthenticationService method getDuoUserAccount.
@Override
public DuoUserAccount getDuoUserAccount(final String username) {
final DuoUserAccount account = new DuoUserAccount(username);
account.setStatus(DuoUserAccountAuthStatus.AUTH);
try {
final Http userRequest = buildHttpPostUserPreAuthRequest(username);
signHttpUserPreAuthRequest(userRequest);
LOGGER.debug("Contacting Duo to inquire about username [{}]", username);
final String userResponse = userRequest.executeHttpRequest().body().string();
final String jsonResponse = URLDecoder.decode(userResponse, StandardCharsets.UTF_8.name());
LOGGER.debug("Received Duo admin response [{}]", jsonResponse);
final JsonNode result = MAPPER.readTree(jsonResponse);
if (result.has(RESULT_KEY_RESPONSE) && result.has(RESULT_KEY_STAT) && result.get(RESULT_KEY_STAT).asText().equalsIgnoreCase("OK")) {
final JsonNode response = result.get(RESULT_KEY_RESPONSE);
final String authResult = response.get(RESULT_KEY_RESULT).asText().toUpperCase();
final DuoUserAccountAuthStatus status = DuoUserAccountAuthStatus.valueOf(authResult);
account.setStatus(status);
account.setMessage(response.get(RESULT_KEY_STATUS_MESSAGE).asText());
if (status == DuoUserAccountAuthStatus.ENROLL) {
final String enrollUrl = response.get(RESULT_KEY_ENROLL_PORTAL_URL).asText();
account.setEnrollPortalUrl(enrollUrl);
}
}
} catch (final Exception e) {
LOGGER.warn("Reaching Duo has failed with error: [{}]", e.getMessage(), e);
}
return account;
}
Also used :
DuoUserAccount(org.apereo.cas.adaptors.duo.DuoUserAccount)
Http(com.duosecurity.client.Http)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
DuoUserAccountAuthStatus(org.apereo.cas.adaptors.duo.DuoUserAccountAuthStatus)
Example 3 with DuoUserAccount
use of org.apereo.cas.adaptors.duo.DuoUserAccount in project cas by apereo.
the class DetermineDuoUserAccountAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
final Authentication authentication = WebUtils.getAuthentication(requestContext);
final Principal p = authentication.getPrincipal();
final Collection<MultifactorAuthenticationProvider> providers = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
for (final MultifactorAuthenticationProvider pr : providers) {
final DuoMultifactorAuthenticationProvider duoProvider = this.provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class);
final DuoSecurityAuthenticationService duoAuthenticationService = duoProvider.getDuoAuthenticationService();
final DuoUserAccount account = duoAuthenticationService.getDuoUserAccount(p.getId());
if (account.getStatus() == DuoUserAccountAuthStatus.ENROLL && StringUtils.isNotBlank(duoProvider.getRegistrationUrl())) {
requestContext.getFlowScope().put("duoRegistrationUrl", duoProvider.getRegistrationUrl());
return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_ENROLL);
}
}
return success();
}
Also used :
DuoUserAccount(org.apereo.cas.adaptors.duo.DuoUserAccount)
Authentication(org.apereo.cas.authentication.Authentication)
DuoMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
DuoMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider)
VariegatedMultifactorAuthenticationProvider(org.apereo.cas.services.VariegatedMultifactorAuthenticationProvider)
DuoSecurityAuthenticationService(org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService)
Principal(org.apereo.cas.authentication.principal.Principal)
EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)
Aggregations
DuoUserAccount (org.apereo.cas.adaptors.duo.DuoUserAccount)3
Principal (org.apereo.cas.authentication.principal.Principal)2
Http (com.duosecurity.client.Http)1
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
DuoUserAccountAuthStatus (org.apereo.cas.adaptors.duo.DuoUserAccountAuthStatus)1
DuoMultifactorAuthenticationProvider (org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider)1
DuoSecurityAuthenticationService (org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService)1
Authentication (org.apereo.cas.authentication.Authentication)1
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)1
VariegatedMultifactorAuthenticationProvider (org.apereo.cas.services.VariegatedMultifactorAuthenticationProvider)1
EventFactorySupport (org.springframework.webflow.action.EventFactorySupport)1
