Example 1 with LdapAuthenticationHandler
use of org.apereo.cas.authentication.LdapAuthenticationHandler in project cas by apereo.
the class LdapAuthenticationConfiguration method ldapAuthenticationHandlers.
@Bean
public Collection<AuthenticationHandler> ldapAuthenticationHandlers() {
final Collection<AuthenticationHandler> handlers = new HashSet<>();
casProperties.getAuthn().getLdap().stream().filter(ldapInstanceConfigurationPredicate()).forEach(l -> {
final Map<String, String> attributes = Beans.transformPrincipalAttributesListIntoMap(l.getPrincipalAttributeList());
LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", attributes, l.getLdapUrl());
LOGGER.debug("Creating ldap authenticator for [{}] and baseDn [{}]", l.getLdapUrl(), l.getBaseDn());
final Authenticator authenticator = Beans.newLdaptiveAuthenticator(l);
authenticator.setReturnAttributes(attributes.keySet().toArray(new String[] {}));
LOGGER.debug("Ldap authenticator configured with return attributes [{}] for [{}] and baseDn [{}]", attributes.keySet(), l.getLdapUrl(), l.getBaseDn());
LOGGER.debug("Creating ldap authentication handler for [{}]", l.getLdapUrl());
final LdapAuthenticationHandler handler = new LdapAuthenticationHandler(l.getName(), servicesManager, ldapPrincipalFactory(), l.getOrder(), authenticator);
final List<String> additionalAttrs = l.getAdditionalAttributes();
if (StringUtils.isNotBlank(l.getPrincipalAttributeId())) {
additionalAttrs.add(l.getPrincipalAttributeId());
}
handler.setAdditionalAttributes(additionalAttrs);
handler.setAllowMultiplePrincipalAttributeValues(l.isAllowMultiplePrincipalAttributeValues());
handler.setAllowMissingPrincipalAttributeValue(l.isAllowMissingPrincipalAttributeValue());
handler.setPasswordEncoder(Beans.newPasswordEncoder(l.getPasswordEncoder()));
handler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(l.getPrincipalTransformation()));
if (StringUtils.isNotBlank(l.getCredentialCriteria())) {
LOGGER.debug("Ldap authentication for [{}] is filtering credentials by [{}]", l.getLdapUrl(), l.getCredentialCriteria());
final Predicate<String> predicate = Pattern.compile(l.getCredentialCriteria()).asPredicate();
handler.setCredentialSelectionPredicate(credential -> predicate.test(credential.getId()));
}
handler.setPrincipalAttributeMap(attributes);
if (StringUtils.isBlank(l.getPrincipalAttributeId())) {
LOGGER.debug("No principal id attribute is found for ldap authentication via [{}]", l.getLdapUrl());
} else {
handler.setPrincipalIdAttribute(l.getPrincipalAttributeId());
LOGGER.debug("Using principal id attribute [{}] for ldap authentication via [{}]", l.getPrincipalAttributeId(), l.getLdapUrl());
}
if (l.getPasswordPolicy().isEnabled()) {
LOGGER.debug("Password policy is enabled for [{}]. Constructing password policy configuration", l.getLdapUrl());
handler.setPasswordPolicyConfiguration(createLdapPasswordPolicyConfiguration(l, authenticator));
}
LOGGER.debug("Initializing ldap authentication handler for [{}]", l.getLdapUrl());
handler.initialize();
handlers.add(handler);
});
return handlers;
}
Also used :
AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler)
LdapAuthenticationHandler(org.apereo.cas.authentication.LdapAuthenticationHandler)
LdapAuthenticationHandler(org.apereo.cas.authentication.LdapAuthenticationHandler)
Authenticator(org.ldaptive.auth.Authenticator)
HashSet(java.util.HashSet)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
HashSet (java.util.HashSet)1
AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)1
LdapAuthenticationHandler (org.apereo.cas.authentication.LdapAuthenticationHandler)1
Authenticator (org.ldaptive.auth.Authenticator)1
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)1
Bean (org.springframework.context.annotation.Bean)1
