use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class SingleSignOnSessionsReportController method getActiveSsoSessions.
/**
* Gets sso sessions.
*
* @param option the option
* @return the sso sessions
*/
private Collection<Map<String, Object>> getActiveSsoSessions(final SsoSessionReportOptions option) {
final Collection<Map<String, Object>> activeSessions = new ArrayList<>();
final ISOStandardDateFormat dateFormat = new ISOStandardDateFormat();
getNonExpiredTicketGrantingTickets().stream().map(TicketGrantingTicket.class::cast).filter(tgt -> !(option == SsoSessionReportOptions.DIRECT && tgt.getProxiedBy() != null)).forEach(tgt -> {
final Authentication authentication = tgt.getAuthentication();
final Principal principal = authentication.getPrincipal();
final Map<String, Object> sso = new HashMap<>(SsoSessionAttributeKeys.values().length);
sso.put(SsoSessionAttributeKeys.AUTHENTICATED_PRINCIPAL.getAttributeKey(), principal.getId());
sso.put(SsoSessionAttributeKeys.AUTHENTICATION_DATE.getAttributeKey(), authentication.getAuthenticationDate());
sso.put(SsoSessionAttributeKeys.AUTHENTICATION_DATE_FORMATTED.getAttributeKey(), dateFormat.format(DateTimeUtils.dateOf(authentication.getAuthenticationDate())));
sso.put(SsoSessionAttributeKeys.NUMBER_OF_USES.getAttributeKey(), tgt.getCountOfUses());
sso.put(SsoSessionAttributeKeys.TICKET_GRANTING_TICKET.getAttributeKey(), tgt.getId());
sso.put(SsoSessionAttributeKeys.PRINCIPAL_ATTRIBUTES.getAttributeKey(), principal.getAttributes());
sso.put(SsoSessionAttributeKeys.AUTHENTICATION_ATTRIBUTES.getAttributeKey(), authentication.getAttributes());
if (option != SsoSessionReportOptions.DIRECT) {
if (tgt.getProxiedBy() != null) {
sso.put(SsoSessionAttributeKeys.IS_PROXIED.getAttributeKey(), Boolean.TRUE);
sso.put(SsoSessionAttributeKeys.PROXIED_BY.getAttributeKey(), tgt.getProxiedBy().getId());
} else {
sso.put(SsoSessionAttributeKeys.IS_PROXIED.getAttributeKey(), Boolean.FALSE);
}
}
sso.put(SsoSessionAttributeKeys.AUTHENTICATED_SERVICES.getAttributeKey(), tgt.getServices());
activeSessions.add(sso);
});
return activeSessions;
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class YubiKeyAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
final YubiKeyCredential yubiKeyCredential = (YubiKeyCredential) credential;
final String otp = yubiKeyCredential.getToken();
if (!YubicoClient.isValidOTPFormat(otp)) {
LOGGER.debug("Invalid OTP format [{}]", otp);
throw new AccountNotFoundException("OTP format is invalid");
}
final Authentication authentication = WebUtils.getInProgressAuthentication();
if (authentication == null) {
throw new IllegalArgumentException("CAS has no reference to an authentication event to locate a principal");
}
final Principal principal = authentication.getPrincipal();
final String uid = principal.getId();
final String publicId = registry.getAccountValidator().getTokenPublicId(otp);
if (!this.registry.isYubiKeyRegisteredFor(uid, publicId)) {
LOGGER.debug("YubiKey public id [{}] is not registered for user [{}]", publicId, uid);
throw new AccountNotFoundException("YubiKey id is not recognized in registry");
}
try {
final VerificationResponse response = this.client.verify(otp);
final ResponseStatus status = response.getStatus();
if (status.compareTo(ResponseStatus.OK) == 0) {
LOGGER.debug("YubiKey response status [{}] at [{}]", status, response.getTimestamp());
return createHandlerResult(yubiKeyCredential, this.principalFactory.createPrincipal(uid));
}
throw new FailedLoginException("Authentication failed with status: " + status);
} catch (final YubicoVerificationException | YubicoValidationFailure e) {
LOGGER.error(e.getMessage(), e);
throw new FailedLoginException("YubiKey validation failed: " + e.getMessage());
}
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class CookieRetrievingCookieGenerator method isRememberMeAuthentication.
private boolean isRememberMeAuthentication(final RequestContext requestContext) {
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
final String value = request.getParameter(RememberMeCredential.REQUEST_PARAMETER_REMEMBER_ME);
LOGGER.debug("Locating request parameter [{}] with value [{}]", RememberMeCredential.REQUEST_PARAMETER_REMEMBER_ME, value);
boolean isRememberMe = StringUtils.isNotBlank(value) && WebUtils.isRememberMeAuthenticationEnabled(requestContext);
if (!isRememberMe) {
LOGGER.debug("Request does not indicate a remember-me authentication event. Locating authentication object from the request context...");
final Authentication auth = WebUtils.getAuthentication(requestContext);
if (auth != null) {
final Map<String, Object> attributes = auth.getAttributes();
LOGGER.debug("Located authentication attributes [{}]", attributes);
if (attributes.containsKey(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME)) {
final Object rememberMeValue = attributes.getOrDefault(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, false);
LOGGER.debug("Located remember-me authentication attribute [{}]", rememberMeValue);
isRememberMe = CollectionUtils.wrapSet(rememberMeValue).contains(true);
}
}
}
LOGGER.debug("Is this request from a remember-me authentication event? [{}]", BooleanUtils.toStringYesNo(isRememberMe));
return isRememberMe;
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class TicketValidationResourceResolver method resolveFrom.
@Override
public String[] resolveFrom(final JoinPoint joinPoint, final Object object) {
final List<String> auditResourceResults = new ArrayList<>();
final String ticketId = AopUtils.unWrapJoinPoint(joinPoint).getArgs()[0].toString();
auditResourceResults.add(ticketId);
if (object instanceof Assertion) {
final Assertion assertion = Assertion.class.cast(object);
final Authentication authn = assertion.getPrimaryAuthentication();
try (StringWriter writer = new StringWriter()) {
final ObjectWriter objectWriter = mapper.writer();
final Map<String, Object> results = new LinkedHashMap<>();
results.put("principal", authn.getPrincipal().getId());
final Map<String, Object> attributes = new LinkedHashMap<>(authn.getAttributes());
attributes.putAll(authn.getPrincipal().getAttributes());
results.put("attributes", attributes);
objectWriter.writeValue(writer, results);
auditResourceResults.add(writer.toString());
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
}
return auditResourceResults.toArray(new String[] {});
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class UniquePrincipalAuthenticationPolicy method isSatisfiedBy.
@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
try {
final Principal authPrincipal = authentication.getPrincipal();
final long count = this.ticketRegistry.getTickets(t -> {
boolean pass = TicketGrantingTicket.class.isInstance(t) && !t.isExpired();
if (pass) {
final Principal principal = TicketGrantingTicket.class.cast(t).getAuthentication().getPrincipal();
pass = principal.getId().equalsIgnoreCase(authPrincipal.getId());
}
return pass;
}).count();
if (count == 0) {
LOGGER.debug("Authentication policy is satisfied with [{}]", authPrincipal.getId());
return true;
}
LOGGER.warn("Authentication policy cannot be satisfied for principal [{}] because [{}] sessions currently exist", authPrincipal.getId(), count);
return false;
} catch (final Exception e) {
throw new GeneralSecurityException(e);
}
}
Aggregations