Examples with Authentication org.apereo.cas.authentication.Authentication used on opensource projects

Example 61 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class GroovyScriptMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final Service service = resolveServiceFromAuthenticationRequest(context);
    final RegisteredService registeredService = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (groovyScript == null) {
        LOGGER.debug("No groovy script is configured for multifactor authentication");
        return null;
    }
    if (!ResourceUtils.doesResourceExist(groovyScript)) {
        LOGGER.warn("No groovy script is found at [{}] for multifactor authentication", groovyScript);
        return null;
    }
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (registeredService == null || service == null) {
        LOGGER.debug("No registered service is available to determine event for principal [{}]", authentication.getPrincipal());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    try {
        final Object[] args = { service, registeredService, authentication, LOGGER };
        final String provider = ScriptingUtils.executeGroovyScript(groovyScript, args, String.class);
        LOGGER.debug("Groovy script run for [{}] returned the provider id [{}]", service, provider);
        if (StringUtils.isBlank(provider)) {
            return null;
        }
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, provider);
        if (providerFound.isPresent()) {
            final MultifactorAuthenticationProvider multifactorAuthenticationProvider = providerFound.get();
            if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
                final Event event = validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), registeredService, multifactorAuthenticationProvider));
                return CollectionUtils.wrapSet(event);
            }
            LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", multifactorAuthenticationProvider);
            return null;
        }
        LOGGER.warn("No multifactor provider could be found for [{}]", provider);
        throw new AuthenticationException();
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}

Example 62 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
    if (policy == null || policy.getMultifactorAuthenticationProviders().isEmpty()) {
        LOGGER.debug("Authentication policy does not contain any multifactor authentication providers");
        return null;
    }
    if (StringUtils.isNotBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isNotBlank(policy.getPrincipalAttributeValueToMatch())) {
        LOGGER.debug("Authentication policy for [{}] has defined principal attribute triggers. Skipping...", service.getServiceId());
        return null;
    }
    return resolveEventPerAuthenticationProvider(authentication.getPrincipal(), context, service);
}

Example 63 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class RestEndpointMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    final Principal principal = authentication.getPrincipal();
    if (StringUtils.isBlank(restEndpoint)) {
        LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
    LOGGER.debug("Contacting [{}] to inquire about [{}]", restEndpoint, principal.getId());
    final String results = callRestEndpointForMultifactor(principal, context);
    if (StringUtils.isNotBlank(results)) {
        return resolveMultifactorEventViaRestResult(results, flattenedProviders);
    }
    LOGGER.debug("No providers are available to match rest endpoint results");
    return new HashSet<>(0);
}

Example 64 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (multifactorMap == null || multifactorMap.isEmpty()) {
        LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    final Set<Event> providerFound = checkRequireMultifactorProvidersForRequest(context, service, authentication);
    if (providerFound != null && !providerFound.isEmpty()) {
        LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
        return providerFound;
    }
    return null;
}

Example 65 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class TimedMultifactorAuthenticationPolicyEventResolver method checkTimedMultifactorProvidersForRequest.

private Set<Event> checkTimedMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
    final LocalDateTime now = LocalDateTime.now();
    final DayOfWeek dow = DayOfWeek.from(now);
    final List<String> dayNamesForToday = Arrays.stream(TextStyle.values()).map(style -> dow.getDisplayName(style, Locale.getDefault())).collect(Collectors.toList());
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    final TimeBasedAuthenticationProperties timed = this.timedMultifactor.stream().filter(t -> {
        boolean providerEvent = false;
        if (!t.getOnDays().isEmpty()) {
            providerEvent = t.getOnDays().stream().filter(dayNamesForToday::contains).findAny().isPresent();
        }
        if (t.getOnOrAfterHour() >= 0) {
            providerEvent = now.getHour() >= t.getOnOrAfterHour();
        }
        if (t.getOnOrBeforeHour() >= 0) {
            providerEvent = now.getHour() <= t.getOnOrBeforeHour();
        }
        return providerEvent;
    }).findFirst().orElse(null);
    if (timed != null) {
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, timed.getProviderId());
        if (!providerFound.isPresent()) {
            LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] absent in the configuration.", timed.getProviderId(), service, timed.getProviderId());
            throw new AuthenticationException();
        }
        return buildEvent(context, service, authentication, providerFound.get());
    }
    return null;
}