Search in sources :

Example 36 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class PersonDirectoryPrincipalResolverTests method verifyAttributesWithPrincipal.

@Test
public void verifyAttributesWithPrincipal() {
    final PersonDirectoryPrincipalResolver resolver = new PersonDirectoryPrincipalResolver(CoreAuthenticationTestUtils.getAttributeRepository(), "cn");
    final Credential c = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final Principal p = resolver.resolve(c, null);
    assertNotNull(p);
    assertNotEquals(p.getId(), CoreAuthenticationTestUtils.CONST_USERNAME);
    assertTrue(p.getAttributes().containsKey("memberOf"));
}
Also used : PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) Credential(org.apereo.cas.authentication.Credential) Test(org.junit.Test)

Example 37 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class PersonDirectoryPrincipalResolverTests method verifyNoAttributesWithPrincipal.

@Test
public void verifyNoAttributesWithPrincipal() {
    final PersonDirectoryPrincipalResolver resolver = new PersonDirectoryPrincipalResolver(CoreAuthenticationTestUtils.getAttributeRepository(), CoreAuthenticationTestUtils.CONST_USERNAME);
    final Credential c = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final Principal p = resolver.resolve(c, null);
    assertNotNull(p);
}
Also used : PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) Credential(org.apereo.cas.authentication.Credential) Test(org.junit.Test)

Example 38 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class AbstractServiceValidateController method handleTicketValidation.

/**
 * Handle ticket validation model and view.
 *
 * @param request         the request
 * @param service         the service
 * @param serviceTicketId the service ticket id
 * @return the model and view
 */
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final WebApplicationService service, final String serviceTicketId) {
    TicketGrantingTicket proxyGrantingTicketId = null;
    final Credential serviceCredential = getServiceCredentialsFromRequest(service, request);
    if (serviceCredential != null) {
        try {
            proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
        } catch (final AuthenticationException e) {
            LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
        } catch (final InvalidTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential, e);
            return generateErrorView(e.getCode(), new Object[] { serviceTicketId }, request, service);
        } catch (final AbstractTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential, e);
            return generateErrorView(e.getCode(), new Object[] { serviceCredential.getId() }, request, service);
        }
    }
    final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
    if (!validateAssertion(request, serviceTicketId, assertion, service)) {
        return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request, service);
    }
    final Pair<Boolean, Optional<MultifactorAuthenticationProvider>> ctxResult = validateAuthenticationContext(assertion, request);
    if (!ctxResult.getKey()) {
        throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
    }
    String proxyIou = null;
    if (serviceCredential != null && this.proxyHandler != null && this.proxyHandler.canHandle(serviceCredential)) {
        proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
        if (StringUtils.isEmpty(proxyIou)) {
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
        }
    } else {
        LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", this.proxyHandler);
    }
    onSuccessfulValidation(serviceTicketId, assertion);
    LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
    return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getValue(), proxyGrantingTicketId);
}
Also used : Credential(org.apereo.cas.authentication.Credential) HttpBasedServiceCredential(org.apereo.cas.authentication.HttpBasedServiceCredential) Optional(java.util.Optional) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) Assertion(org.apereo.cas.validation.Assertion) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)

Example 39 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class ECPProfileHandlerController method handleEcpRequest.

/**
     * Handle ecp request.
     *
     * @param response the response
     * @param request  the request
     * @throws Exception the exception
     */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML2_IDP_ECP_PROFILE_SSO, consumes = { MediaType.TEXT_XML_VALUE, "application/vnd.paos.xml" })
public void handleEcpRequest(final HttpServletResponse response, final HttpServletRequest request) throws Exception {
    final MessageContext soapContext = decodeSoapRequest(request);
    final Credential credential = extractBasicAuthenticationCredential(request, response);
    if (credential == null) {
        LOGGER.error("Credentials could not be extracted from the SAML ECP request");
        return;
    }
    if (soapContext == null) {
        LOGGER.error("SAML ECP request could not be determined from the authentication request");
        return;
    }
    handleEcpRequest(response, request, soapContext, credential);
}
Also used : UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Credential(org.apereo.cas.authentication.Credential) MessageContext(org.opensaml.messaging.context.MessageContext) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 40 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class TicketOrCredentialPrincipalResolverTests method verifyResolverServiceTicket.

@Test
public void verifyResolverServiceTicket() throws Exception {
    final Credential c = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), c);
    final TicketGrantingTicket ticketId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket st = getCentralAuthenticationService().grantServiceTicket(ticketId.getId(), CoreAuthenticationTestUtils.getService(), ctx);
    final TicketOrCredentialPrincipalResolver res = new TicketOrCredentialPrincipalResolver(getCentralAuthenticationService());
    final JoinPoint jp = mock(JoinPoint.class);
    when(jp.getArgs()).thenReturn(new Object[] { st.getId() });
    final String result = res.resolveFrom(jp, null);
    assertNotNull(result);
    assertEquals(result, c.getId());
}
Also used : Credential(org.apereo.cas.authentication.Credential) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) JoinPoint(org.aspectj.lang.JoinPoint) Test(org.junit.Test)

Aggregations

Credential (org.apereo.cas.authentication.Credential)67 Test (org.junit.Test)39 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)29 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)26 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)18 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)13 Service (org.apereo.cas.authentication.principal.Service)13 HttpBasedServiceCredential (org.apereo.cas.authentication.HttpBasedServiceCredential)11 HashMap (java.util.HashMap)10 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)10 CachedData (net.spy.memcached.CachedData)9 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)9 LinkedHashMap (java.util.LinkedHashMap)8 RegisteredService (org.apereo.cas.services.RegisteredService)8 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)7 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)7 MockServletContext (org.springframework.mock.web.MockServletContext)7 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)7 MockRequestContext (org.springframework.webflow.test.MockRequestContext)7