Example 21 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class DateTimeAuthenticationRequestRiskCalculator method calculateScore.
@Override
protected BigDecimal calculateScore(final HttpServletRequest request, final Authentication authentication, final RegisteredService service, final Collection<CasEvent> events) {
final ZonedDateTime timestamp = ZonedDateTime.now(ZoneOffset.UTC);
LOGGER.debug("Filtering authentication events for timestamp [{}]", timestamp);
final int hoursFromNow = timestamp.plusHours(windowInHours).getHour();
final int hoursBeforeNow = timestamp.minusHours(windowInHours).getHour();
final long count = events.stream().map(time -> {
final Instant instant = ChronoZonedDateTime.from(time.getCreationTime()).toInstant();
final ZonedDateTime zdt = ZonedDateTime.ofInstant(instant, ZoneOffset.UTC);
return zdt.getHour();
}).filter(hour -> hour <= hoursFromNow && hour >= hoursBeforeNow).count();
LOGGER.debug("Total authentication events found for [{}] in a [{}]h window: [{}]", timestamp, windowInHours, count);
if (count == events.size()) {
LOGGER.debug("Principal [{}] has always authenticated from [{}]", authentication.getPrincipal(), timestamp);
return LOWEST_RISK_SCORE;
}
return getFinalAveragedScore(count, events.size());
}
Also used :
CasEventRepository(org.apereo.cas.support.events.CasEventRepository)
BigDecimal(java.math.BigDecimal)
Slf4j(lombok.extern.slf4j.Slf4j)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChronoZonedDateTime(java.time.chrono.ChronoZonedDateTime)
Authentication(org.apereo.cas.authentication.Authentication)
ZonedDateTime(java.time.ZonedDateTime)
Collection(java.util.Collection)
ZoneOffset(java.time.ZoneOffset)
Instant(java.time.Instant)
RegisteredService(org.apereo.cas.services.RegisteredService)
CasEvent(org.apereo.cas.support.events.dao.CasEvent)
ChronoZonedDateTime(java.time.chrono.ChronoZonedDateTime)
ZonedDateTime(java.time.ZonedDateTime)
Instant(java.time.Instant)
Example 22 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class DefaultSingleSignOnParticipationStrategy method isParticipating.
@Override
public boolean isParticipating(final RequestContext ctx) {
if (renewEnabled && ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
return this.createSsoSessionCookieOnRenewAuthentications;
}
final Authentication authentication = WebUtils.getAuthentication(ctx);
final Service service = WebUtils.getService(ctx);
if (service != null) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService != null) {
final Authentication ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
try {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso);
return isAllowedForSso;
} finally {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
}
}
}
return true;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
Service(org.apereo.cas.authentication.principal.Service)
RegisteredService(org.apereo.cas.services.RegisteredService)
Example 23 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class InitialAuthenticationAttemptWebflowEventResolver method determineRegisteredServiceForEvent.
private RegisteredService determineRegisteredServiceForEvent(final RequestContext context, final Service service) {
RegisteredService registeredService = null;
if (service != null) {
LOGGER.debug("Locating service [{}] in service registry to determine authentication policy", service);
registeredService = this.servicesManager.findServiceBy(service);
LOGGER.debug("Locating authentication event in the request context...");
final Authentication authn = WebUtils.getAuthentication(context);
LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
final AuditableExecutionResult result = this.registeredServiceAccessStrategyEnforcer.execute(audit);
result.throwExceptionIfNeeded();
}
return registeredService;
}
Also used :
AuditableContext(org.apereo.cas.audit.AuditableContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)
Example 24 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
if (attributeNames.isEmpty()) {
LOGGER.debug("Authentication attribute name to determine event is not configured");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
if (providers.size() == 1 && StringUtils.isNotBlank(globalAuthenticationAttributeValueRegex)) {
final MultifactorAuthenticationProvider provider = providers.iterator().next();
LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> input != null && input.matches(globalAuthenticationAttributeValueRegex));
}
return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Collection(java.util.Collection)
MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
Set(java.util.Set)
StringUtils(org.apache.commons.lang3.StringUtils)
RequestContext(org.springframework.webflow.execution.RequestContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)
Slf4j(lombok.extern.slf4j.Slf4j)
Authentication(org.apereo.cas.authentication.Authentication)
StringUtils.commaDelimitedListToSet(org.springframework.util.StringUtils.commaDelimitedListToSet)
Map(java.util.Map)
AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport)
MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils)
WebUtils(org.apereo.cas.web.support.WebUtils)
CookieGenerator(org.springframework.web.util.CookieGenerator)
Event(org.springframework.webflow.execution.Event)
ServicesManager(org.apereo.cas.services.ServicesManager)
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Example 25 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
if (StringUtils.isBlank(globalProviderId)) {
LOGGER.debug("No value could be found for request parameter [{}]", globalProviderId);
return null;
}
LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, globalProviderId);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider provider = providerFound.get();
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service);
final Map<String, Object> attributes = buildEventAttributeMap(authentication.getPrincipal(), service, provider);
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, attributes);
return CollectionUtils.wrapSet(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", provider);
return null;
}
LOGGER.warn("No multifactor provider could be found for [{}]", globalProviderId);
throw new AuthenticationException();
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Aggregations
Authentication (org.apereo.cas.authentication.Authentication)125
RegisteredService (org.apereo.cas.services.RegisteredService)58
Service (org.apereo.cas.authentication.principal.Service)44
lombok.val (lombok.val)38
HttpServletRequest (javax.servlet.http.HttpServletRequest)32
Slf4j (lombok.extern.slf4j.Slf4j)32
Principal (org.apereo.cas.authentication.principal.Principal)26
Event (org.springframework.webflow.execution.Event)25
Optional (java.util.Optional)23
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)22
Test (org.junit.Test)21
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)20
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)19
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)17
Collection (java.util.Collection)16
StringUtils (org.apache.commons.lang3.StringUtils)16
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)15
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)15
WebUtils (org.apereo.cas.web.support.WebUtils)14
RequestContext (org.springframework.webflow.execution.RequestContext)14
