Search in sources :

Example 11 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class TimedMultifactorAuthenticationTrigger method checkTimedMultifactorProvidersForRequest.

/**
 * Check timed multifactor providers for request optional.
 *
 * @param service the service
 * @return the provider
 */
protected Optional<MultifactorAuthenticationProvider> checkTimedMultifactorProvidersForRequest(final RegisteredService service) {
    val timedMultifactor = casProperties.getAuthn().getAdaptive().getPolicy().getRequireTimedMultifactor();
    val now = LocalDateTime.now(ZoneId.systemDefault());
    val dow = DayOfWeek.from(now);
    val dayNamesForToday = Arrays.stream(TextStyle.values()).map(style -> dow.getDisplayName(style, Locale.getDefault())).collect(Collectors.toList());
    val timed = timedMultifactor.stream().filter(t -> {
        var providerEvent = !t.getOnDays().isEmpty() && t.getOnDays().stream().anyMatch(dayNamesForToday::contains);
        if (t.getOnOrAfterHour() >= 0) {
            providerEvent = now.getHour() >= t.getOnOrAfterHour();
        }
        if (t.getOnOrBeforeHour() >= 0) {
            providerEvent = now.getHour() <= t.getOnOrBeforeHour();
        }
        return providerEvent;
    }).findFirst().orElse(null);
    if (timed != null) {
        val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        val providerFound = MultifactorAuthenticationUtils.resolveProvider(providerMap, timed.getProviderId());
        if (providerFound.isEmpty()) {
            LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] absent in the configuration.", timed.getProviderId(), service, timed.getProviderId());
            throw new AuthenticationException();
        }
        return providerFound;
    }
    return Optional.empty();
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) Ordered(org.springframework.core.Ordered) Setter(lombok.Setter) Arrays(java.util.Arrays) Getter(lombok.Getter) RequiredArgsConstructor(lombok.RequiredArgsConstructor) LocalDateTime(java.time.LocalDateTime) MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider) MultifactorAuthenticationTrigger(org.apereo.cas.authentication.MultifactorAuthenticationTrigger) MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Locale(java.util.Locale) MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) TextStyle(java.time.format.TextStyle) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) ApplicationContext(org.springframework.context.ApplicationContext) Collectors(java.util.stream.Collectors) RegisteredService(org.apereo.cas.services.RegisteredService) ZoneId(java.time.ZoneId) Slf4j(lombok.extern.slf4j.Slf4j) Service(org.apereo.cas.authentication.principal.Service) DayOfWeek(java.time.DayOfWeek) Optional(java.util.Optional) AuthenticationException(org.apereo.cas.authentication.AuthenticationException)

Example 12 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class MultifactorAuthenticationProviderBypassAuditResourceResolver method resolveFrom.

@Override
public String[] resolveFrom(final JoinPoint joinPoint, final Object object) {
    val jp = AopUtils.unWrapJoinPoint(joinPoint);
    val args = jp.getArgs();
    if (args != null) {
        val authn = (Authentication) args[0];
        val provider = (MultifactorAuthenticationProvider) args[2];
        val values = new HashMap<String, Object>();
        values.put("principal", authn.getPrincipal().getId());
        values.put("provider", provider.getId());
        values.put("execution", object);
        return new String[] { toResourceString(values) };
    }
    return ArrayUtils.EMPTY_STRING_ARRAY;
}
Also used : lombok.val(lombok.val) HashMap(java.util.HashMap) Authentication(org.apereo.cas.authentication.Authentication) MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider)

Example 13 with MultifactorAuthenticationProvider

use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.

the class GlobalMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final HttpServletResponse response, final Service service) {
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return Optional.empty();
    }
    val globalProviderId = casProperties.getAuthn().getMfa().getTriggers().getGlobal().getGlobalProviderId();
    if (StringUtils.isBlank(globalProviderId)) {
        LOGGER.trace("No value could be found for for the global provider id");
        return Optional.empty();
    }
    LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
    val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
        throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
    }
    val providers = org.springframework.util.StringUtils.commaDelimitedListToSet(globalProviderId);
    val resolvedProviders = providers.stream().map(provider -> MultifactorAuthenticationUtils.resolveProvider(providerMap, provider)).filter(Optional::isPresent).map(Optional::get).sorted(Comparator.comparing(MultifactorAuthenticationProvider::getOrder)).collect(Collectors.toList());
    if (resolvedProviders.size() != providers.size()) {
        handleAbsentMultifactorProvider(globalProviderId, resolvedProviders);
    }
    if (resolvedProviders.size() == 1) {
        return resolveSingleMultifactorProvider(resolvedProviders.get(0));
    }
    return resolveMultifactorProvider(authentication, registeredService, resolvedProviders);
}
Also used : lombok.val(lombok.val) Optional(java.util.Optional) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException) MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider)

Aggregations

lombok.val (lombok.val)13 MultifactorAuthenticationProvider (org.apereo.cas.authentication.MultifactorAuthenticationProvider)13 Authentication (org.apereo.cas.authentication.Authentication)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 Optional (java.util.Optional)9 RegisteredService (org.apereo.cas.services.RegisteredService)8 Slf4j (lombok.extern.slf4j.Slf4j)7 MultifactorAuthenticationUtils (org.apereo.cas.authentication.MultifactorAuthenticationUtils)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 RequiredArgsConstructor (lombok.RequiredArgsConstructor)6 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)6 MultifactorAuthenticationTrigger (org.apereo.cas.authentication.MultifactorAuthenticationTrigger)6 Service (org.apereo.cas.authentication.principal.Service)6 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)6 ApplicationContext (org.springframework.context.ApplicationContext)6 Getter (lombok.Getter)5 Setter (lombok.Setter)5 Ordered (org.springframework.core.Ordered)5 Collectors (java.util.stream.Collectors)4 MultifactorAuthenticationProviderAbsentException (org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)4