Search in sources :

Example 6 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (multifactorMap == null || multifactorMap.isEmpty()) {
        LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    final Set<Event> providerFound = checkRequireMultifactorProvidersForRequest(context, service, authentication);
    if (providerFound != null && !providerFound.isEmpty()) {
        LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
        return providerFound;
    }
    return null;
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 7 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequireMultifactorProvidersForRequest.

private Set<Event> checkRequireMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
    final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
    final String clientIp = clientInfo.getClientIpAddress();
    LOGGER.debug("Located client IP address as [{}]", clientIp);
    final String agent = WebUtils.getHttpServletRequestUserAgent();
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    final Set<Map.Entry> entries = multifactorMap.entrySet();
    for (final Map.Entry entry : entries) {
        final String mfaMethod = entry.getKey().toString();
        final String pattern = entry.getValue().toString();
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaMethod);
        if (!providerFound.isPresent()) {
            LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
            throw new AuthenticationException();
        }
        if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
            return buildEvent(context, service, authentication, providerFound.get());
        }
        if (checkRequestGeoLocation(clientIp, mfaMethod, pattern)) {
            return buildEvent(context, service, authentication, providerFound.get());
        }
    }
    return null;
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Map(java.util.Map)

Example 8 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class InitialAuthenticationAttemptWebflowEventResolver method returnAuthenticationExceptionEventIfNeeded.

private Event returnAuthenticationExceptionEventIfNeeded(final Exception e) {
    final Exception ex;
    if (e instanceof AuthenticationException || e instanceof AbstractTicketException) {
        ex = e;
    } else if (e.getCause() instanceof AuthenticationException || e.getCause() instanceof AbstractTicketException) {
        ex = (Exception) e.getCause();
    } else {
        return null;
    }
    LOGGER.debug(ex.getMessage(), ex);
    return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, ex);
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)

Example 9 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class RequestParameterMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (StringUtils.isBlank(mfaRequestParameter)) {
        LOGGER.debug("No request parameter is defined to trigger multifactor authentication.");
        return null;
    }
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final String[] values = request.getParameterValues(mfaRequestParameter);
    if (values != null && values.length > 0) {
        LOGGER.debug("Received request parameter [{}] as [{}]", mfaRequestParameter, values);
        final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (providerMap == null || providerMap.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context to satisfy [{}]", (Object[]) values);
            throw new AuthenticationException();
        }
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values[0]);
        if (providerFound.isPresent()) {
            final MultifactorAuthenticationProvider provider = providerFound.get();
            if (provider.isAvailable(service)) {
                LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
                final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
                return Collections.singleton(event);
            }
            LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
            return null;
        } else {
            LOGGER.warn("No multifactor provider could be found for request parameter [{}]", (Object[]) values);
            throw new AuthenticationException();
        }
    }
    LOGGER.debug("No value could be found for request parameter [{}]", mfaRequestParameter);
    return null;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 10 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class ServiceWarningAction method doExecute.

@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final Service service = WebUtils.getService(context);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
    final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
    if (authentication == null) {
        throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
    }
    final Credential credential = WebUtils.getCredential(context);
    final AuthenticationResultBuilder authenticationResultBuilder = authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
    final AuthenticationResult authenticationResult = authenticationResultBuilder.build(service);
    final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
    WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
    if (request.getParameterMap().containsKey("ignorewarn")) {
        if (Boolean.valueOf(request.getParameter("ignorewarn").toString())) {
            this.warnCookieGenerator.removeCookie(response);
        }
    }
    return new Event(this, CasWebflowConstants.STATE_ID_REDIRECT);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Credential(org.apereo.cas.authentication.Credential) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) HttpServletResponse(javax.servlet.http.HttpServletResponse) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) Service(org.apereo.cas.authentication.principal.Service) Event(org.springframework.webflow.execution.Event) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AuthenticationResultBuilder(org.apereo.cas.authentication.AuthenticationResultBuilder) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)

Aggregations

AuthenticationException (org.apereo.cas.authentication.AuthenticationException)21 Event (org.springframework.webflow.execution.Event)10 Authentication (org.apereo.cas.authentication.Authentication)9 MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)7 InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)7 RegisteredService (org.apereo.cas.services.RegisteredService)6 HashMap (java.util.HashMap)5 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)5 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)5 Credential (org.apereo.cas.authentication.Credential)5 Map (java.util.Map)4 AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)4 GeneralSecurityException (java.security.GeneralSecurityException)3 Optional (java.util.Optional)3 AccountLockedException (javax.security.auth.login.AccountLockedException)3 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 PreventedException (org.apereo.cas.authentication.PreventedException)3 Service (org.apereo.cas.authentication.principal.Service)3 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)3