Example 1 with AuthenticationRiskContingencyResponse
use of org.apereo.cas.api.AuthenticationRiskContingencyResponse in project cas by apereo.
the class RiskAwareAuthenticationWebflowEventResolver method handlePossibleSuspiciousAttempt.
/**
* Handle possible suspicious attempt.
*
* @param request the request
* @param authentication the authentication
* @param service the service
* @return the set
*/
protected Set<Event> handlePossibleSuspiciousAttempt(final HttpServletRequest request, final Authentication authentication, final RegisteredService service) {
this.eventPublisher.publishEvent(new CasRiskBasedAuthenticationEvaluationStartedEvent(this, authentication, service));
LOGGER.debug("Evaluating possible suspicious authentication attempt for [{}]", authentication.getPrincipal());
final AuthenticationRiskScore score = authenticationRiskEvaluator.eval(authentication, service, request);
if (score.isRiskGreaterThan(threshold)) {
this.eventPublisher.publishEvent(new CasRiskyAuthenticationDetectedEvent(this, authentication, service, score));
LOGGER.debug("Calculated risk score [{}] for authentication request by [{}] is above the risk threshold [{}].", score.getScore(), authentication.getPrincipal(), threshold);
this.eventPublisher.publishEvent(new CasRiskBasedAuthenticationMitigationStartedEvent(this, authentication, service, score));
final AuthenticationRiskContingencyResponse res = authenticationRiskMitigator.mitigate(authentication, service, score, request);
this.eventPublisher.publishEvent(new CasRiskyAuthenticationMitigatedEvent(this, authentication, service, res));
return CollectionUtils.wrapSet(res.getResult());
}
LOGGER.debug("Authentication request for [{}] is below the risk threshold", authentication.getPrincipal());
return null;
}
Also used :
AuthenticationRiskScore(org.apereo.cas.api.AuthenticationRiskScore)
AuthenticationRiskContingencyResponse(org.apereo.cas.api.AuthenticationRiskContingencyResponse)
CasRiskBasedAuthenticationMitigationStartedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationMitigationStartedEvent)
CasRiskBasedAuthenticationEvaluationStartedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent)
CasRiskyAuthenticationMitigatedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationMitigatedEvent)
CasRiskyAuthenticationDetectedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationDetectedEvent)
Example 2 with AuthenticationRiskContingencyResponse
use of org.apereo.cas.api.AuthenticationRiskContingencyResponse in project cas by apereo.
the class MultifactorAuthenticationContingencyPlan method executeInternal.
@Override
protected AuthenticationRiskContingencyResponse executeInternal(final Authentication authentication, final RegisteredService service, final AuthenticationRiskScore score, final HttpServletRequest request) {
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.warn("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
String id = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getMfaProvider();
if (StringUtils.isBlank(id)) {
if (providerMap.size() == 1) {
id = providerMap.values().iterator().next().getId();
} else {
LOGGER.warn("No multifactor authentication providers are specified to handle risk-based authentication");
throw new AuthenticationException();
}
}
final String attributeName = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getRiskyAuthenticationAttribute();
final Authentication newAuthn = DefaultAuthenticationBuilder.newInstance(authentication).addAttribute(attributeName, Boolean.TRUE).build();
LOGGER.debug("Updated authentication to remember risk-based authn via [{}]", attributeName);
authentication.update(newAuthn);
return new AuthenticationRiskContingencyResponse(new Event(this, id));
}
Also used :
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
AuthenticationRiskContingencyResponse(org.apereo.cas.api.AuthenticationRiskContingencyResponse)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Aggregations
AuthenticationRiskContingencyResponse (org.apereo.cas.api.AuthenticationRiskContingencyResponse)2
AuthenticationRiskScore (org.apereo.cas.api.AuthenticationRiskScore)1
Authentication (org.apereo.cas.authentication.Authentication)1
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)1
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)1
CasRiskBasedAuthenticationEvaluationStartedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent)1
CasRiskBasedAuthenticationMitigationStartedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationMitigationStartedEvent)1
CasRiskyAuthenticationDetectedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationDetectedEvent)1
CasRiskyAuthenticationMitigatedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationMitigatedEvent)1
Event (org.springframework.webflow.execution.Event)1
