Examples with MultifactorAuthenticationProvider org.apereo.cas.authentication.MultifactorAuthenticationProvider used on opensource projects

Example 1 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class GrouperMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
    val grouperField = casProperties.getAuthn().getMfa().getTriggers().getGrouper().getGrouperGroupField();
    if (StringUtils.isBlank(grouperField)) {
        LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
        return Optional.empty();
    }
    if (authentication == null || registeredService == null) {
        LOGGER.debug("No authentication or service is available to determine event for principal");
        return Optional.empty();
    }
    val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    val principal = authentication.getPrincipal();
    val results = grouperFacade.getGroupsForSubjectId(principal.getId());
    if (results.isEmpty()) {
        LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
        return Optional.empty();
    }
    val groupField = GrouperGroupField.valueOf(grouperField);
    val values = results.stream().map(wsGetGroupsResult -> Stream.of(wsGetGroupsResult.getWsGroups())).flatMap(Function.identity()).map(g -> GrouperFacade.getGrouperGroupAttribute(groupField, g)).collect(Collectors.toSet());
    return MultifactorAuthenticationUtils.resolveProvider(providerMap, values);
}

Example 2 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class SamlIdPMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
    val context = new JEEContext(request, response);
    val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
    val mappings = getAuthenticationContextMappings();
    return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
        val clazz = ref.getURI();
        return mappings.containsKey(clazz);
    }).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
        val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
        return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
    });
}

Example 3 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final HttpServletResponse response, final Service service) {
    if (authentication == null || registeredService == null) {
        LOGGER.debug("No authentication or service is available to determine event for principal");
        return Optional.empty();
    }
    val policy = registeredService.getMultifactorPolicy();
    if (policy == null || registeredService.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) {
        LOGGER.trace("Authentication policy is absent or does not contain any multifactor authentication providers");
        return Optional.empty();
    }
    if (StringUtils.isBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(policy.getPrincipalAttributeValueToMatch())) {
        LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication");
        return Optional.empty();
    }
    val principal = multifactorAuthenticationProviderResolver.resolvePrincipal(authentication.getPrincipal());
    val providers = MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderForService(registeredService, applicationContext);
    if (providers.size() > 1) {
        val resolvedProvider = multifactorAuthenticationProviderSelector.resolve(providers, registeredService, principal);
        providers.clear();
        providers.add(resolvedProvider);
    }
    LOGGER.debug("Resolved multifactor providers are [{}]", providers);
    val result = multifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(policy.getPrincipalAttributeNameTrigger()), registeredService, Optional.empty(), providers, (attributeValue, mfaProvider) -> attributeValue != null && RegexUtils.matches(Pattern.compile(policy.getPrincipalAttributeValueToMatch()), attributeValue));
    if (result != null && !result.isEmpty()) {
        return CollectionUtils.firstElement(result).map(value -> MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(value.toString(), this.applicationContext)).orElseGet(() -> unmatchedMultifactorAuthenticationTrigger(principal, registeredService));
    }
    return unmatchedMultifactorAuthenticationTrigger(principal, registeredService);
}

Example 4 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class OidcMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
    val acr = getAuthenticationClassReference(request, response);
    if (StringUtils.isBlank(acr)) {
        LOGGER.debug("No ACR provided in the authentication request");
        return Optional.empty();
    }
    val values = List.of(org.springframework.util.StringUtils.delimitedListToStringArray(acr, " "));
    val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
        throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
    }
    val authnContexts = casProperties.getAuthn().getOidc().getCore().getAuthenticationContextReferenceMappings();
    val mappings = CollectionUtils.convertDirectedListToMap(authnContexts);
    val mappedAcrValues = values.stream().map(acrValue -> mappings.getOrDefault(acrValue, acrValue)).collect(Collectors.toList());
    LOGGER.debug("Mapped ACR values are [{}] to compare against [{}]", mappedAcrValues, providerMap.values());
    return providerMap.values().stream().filter(v -> mappedAcrValues.contains(v.getId())).findAny();
}

Example 5 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class CompositeProviderSelectionMultifactorWebflowEventResolver method filterEventsByMultifactorAuthenticationProvider.

@Override
protected Optional<Pair<Collection<Event>, Collection<MultifactorAuthenticationProvider>>> filterEventsByMultifactorAuthenticationProvider(final Collection<Event> resolveEvents, final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request) {
    val composite = resolveEvents.stream().allMatch(event -> event.getId().equalsIgnoreCase(ChainingMultifactorAuthenticationProvider.DEFAULT_IDENTIFIER));
    if (!composite) {
        return super.filterEventsByMultifactorAuthenticationProvider(resolveEvents, authentication, registeredService, request);
    }
    val event = resolveEvents.iterator().next();
    val chainingProvider = (ChainingMultifactorAuthenticationProvider) event.getAttributes().get(MultifactorAuthenticationProvider.class.getName());
    return chainingProvider.getMultifactorAuthenticationProviders().stream().map(provider -> getConfigurationContext().getAuthenticationContextValidator().validate(authentication, provider.getId(), Optional.ofNullable(registeredService))).filter(MultifactorAuthenticationContextValidationResult::isSuccess).map(result -> {
        val validatedProvider = result.getProvider().orElseThrow();
        val validatedEvent = CollectionUtils.wrapCollection(new Event(this, validatedProvider.getId(), event.getAttributes()));
        val validatedProviders = CollectionUtils.wrapCollection(validatedProvider);
        return Optional.of(Pair.of(validatedEvent, validatedProviders));
    }).findAny().orElseGet(() -> {
        val activeProviders = chainingProvider.getMultifactorAuthenticationProviders().stream().filter(provider -> {
            val bypass = provider.getBypassEvaluator();
            return bypass == null || bypass.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, provider, request);
        }).collect(Collectors.toList());
        LOGGER.debug("Finalized set of resolved events are [{}] with providers [{}]", resolveEvents, activeProviders);
        return activeProviders.isEmpty() ? Optional.empty() : Optional.of(Pair.of(resolveEvents, activeProviders));
    });
}