use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.
the class TimedMultifactorAuthenticationTrigger method checkTimedMultifactorProvidersForRequest.
/**
* Check timed multifactor providers for request optional.
*
* @param service the service
* @return the provider
*/
protected Optional<MultifactorAuthenticationProvider> checkTimedMultifactorProvidersForRequest(final RegisteredService service) {
val timedMultifactor = casProperties.getAuthn().getAdaptive().getPolicy().getRequireTimedMultifactor();
val now = LocalDateTime.now(ZoneId.systemDefault());
val dow = DayOfWeek.from(now);
val dayNamesForToday = Arrays.stream(TextStyle.values()).map(style -> dow.getDisplayName(style, Locale.getDefault())).collect(Collectors.toList());
val timed = timedMultifactor.stream().filter(t -> {
var providerEvent = !t.getOnDays().isEmpty() && t.getOnDays().stream().anyMatch(dayNamesForToday::contains);
if (t.getOnOrAfterHour() >= 0) {
providerEvent = now.getHour() >= t.getOnOrAfterHour();
}
if (t.getOnOrBeforeHour() >= 0) {
providerEvent = now.getHour() <= t.getOnOrBeforeHour();
}
return providerEvent;
}).findFirst().orElse(null);
if (timed != null) {
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
val providerFound = MultifactorAuthenticationUtils.resolveProvider(providerMap, timed.getProviderId());
if (providerFound.isEmpty()) {
LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] absent in the configuration.", timed.getProviderId(), service, timed.getProviderId());
throw new AuthenticationException();
}
return providerFound;
}
return Optional.empty();
}
use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.
the class MultifactorAuthenticationProviderBypassAuditResourceResolver method resolveFrom.
@Override
public String[] resolveFrom(final JoinPoint joinPoint, final Object object) {
val jp = AopUtils.unWrapJoinPoint(joinPoint);
val args = jp.getArgs();
if (args != null) {
val authn = (Authentication) args[0];
val provider = (MultifactorAuthenticationProvider) args[2];
val values = new HashMap<String, Object>();
values.put("principal", authn.getPrincipal().getId());
values.put("provider", provider.getId());
values.put("execution", object);
return new String[] { toResourceString(values) };
}
return ArrayUtils.EMPTY_STRING_ARRAY;
}
use of org.apereo.cas.authentication.MultifactorAuthenticationProvider in project cas by apereo.
the class GlobalMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final HttpServletResponse response, final Service service) {
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return Optional.empty();
}
val globalProviderId = casProperties.getAuthn().getMfa().getTriggers().getGlobal().getGlobalProviderId();
if (StringUtils.isBlank(globalProviderId)) {
LOGGER.trace("No value could be found for for the global provider id");
return Optional.empty();
}
LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
}
val providers = org.springframework.util.StringUtils.commaDelimitedListToSet(globalProviderId);
val resolvedProviders = providers.stream().map(provider -> MultifactorAuthenticationUtils.resolveProvider(providerMap, provider)).filter(Optional::isPresent).map(Optional::get).sorted(Comparator.comparing(MultifactorAuthenticationProvider::getOrder)).collect(Collectors.toList());
if (resolvedProviders.size() != providers.size()) {
handleAbsentMultifactorProvider(globalProviderId, resolvedProviders);
}
if (resolvedProviders.size() == 1) {
return resolveSingleMultifactorProvider(resolvedProviders.get(0));
}
return resolveMultifactorProvider(authentication, registeredService, resolvedProviders);
}
Aggregations