Example 1 with MultifactorAuthenticationProviderAbsentException
use of org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException in project cas by apereo.
the class AdaptiveMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final HttpServletResponse response, final Service service) {
val multifactorMap = casProperties.getAuthn().getAdaptive().getPolicy().getRequireMultifactor();
if (service == null || authentication == null) {
LOGGER.trace("No service or authentication is available to determine event for principal");
return Optional.empty();
}
if (multifactorMap == null || multifactorMap.isEmpty()) {
LOGGER.trace("Adaptive authentication is not configured to require multifactor authentication");
return Optional.empty();
}
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
}
val clientInfo = ClientInfoHolder.getClientInfo();
val clientIp = clientInfo.getClientIpAddress();
LOGGER.debug("Located client IP address as [{}]", clientIp);
val agent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
val entries = multifactorMap.entrySet();
for (final Map.Entry entry : entries) {
val mfaMethod = entry.getKey().toString();
val pattern = entry.getValue().toString();
val providerFound = MultifactorAuthenticationUtils.resolveProvider(providerMap, mfaMethod);
if (providerFound.isEmpty()) {
LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
throw new AuthenticationException();
}
if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
return providerFound;
}
if (checkRequestGeoLocation(httpServletRequest, clientIp, mfaMethod, pattern)) {
return providerFound;
}
}
return Optional.empty();
}
Also used :
lombok.val(lombok.val)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)
Map(java.util.Map)
Example 2 with MultifactorAuthenticationProviderAbsentException
use of org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException in project cas by apereo.
the class GlobalMultifactorAuthenticationTrigger method handleAbsentMultifactorProvider.
/**
* Handle absent multifactor provider.
*
* @param globalProviderId the global provider id
* @param resolvedProviders the resolved providers
*/
protected void handleAbsentMultifactorProvider(final String globalProviderId, final List<MultifactorAuthenticationProvider> resolvedProviders) {
val providerIds = resolvedProviders.stream().map(MultifactorAuthenticationProvider::getId).collect(Collectors.joining(","));
val message = String.format("Not all requested multifactor providers could be found. " + "Requested providers are [%s] and resolved providers are [%s]", globalProviderId, providerIds);
LOGGER.warn(message, globalProviderId);
throw new MultifactorAuthenticationProviderAbsentException(message);
}
Also used :
lombok.val(lombok.val)
MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)
Example 3 with MultifactorAuthenticationProviderAbsentException
use of org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException in project cas by apereo.
the class HttpRequestMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final HttpServletResponse response, final Service service) {
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return Optional.empty();
}
val values = resolveEventFromHttpRequest(httpServletRequest);
if (values != null && !values.isEmpty()) {
LOGGER.debug("Received request as [{}]", values);
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to satisfy [{}]", values);
throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
}
val providerFound = MultifactorAuthenticationUtils.resolveProvider(providerMap, values.get(0));
if (providerFound.isPresent()) {
return providerFound;
}
LOGGER.warn("No multifactor provider could be found for request parameter [{}]", values);
throw new AuthenticationException();
}
return Optional.empty();
}
Also used :
lombok.val(lombok.val)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)
Example 4 with MultifactorAuthenticationProviderAbsentException
use of org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException in project cas by apereo.
the class TimedMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final HttpServletResponse response, final Service service) {
val timedMultifactor = casProperties.getAuthn().getAdaptive().getPolicy().getRequireTimedMultifactor();
if (service == null || authentication == null) {
LOGGER.trace("No service or authentication is available to determine event for principal");
return Optional.empty();
}
if (timedMultifactor == null || timedMultifactor.isEmpty()) {
LOGGER.trace("Adaptive authentication is not configured to require multifactor authentication by time");
return Optional.empty();
}
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
}
return checkTimedMultifactorProvidersForRequest(registeredService);
}
Also used :
lombok.val(lombok.val)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)
Example 5 with MultifactorAuthenticationProviderAbsentException
use of org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException in project cas by apereo.
the class OidcMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
val acr = getAuthenticationClassReference(request, response);
if (StringUtils.isBlank(acr)) {
LOGGER.debug("No ACR provided in the authentication request");
return Optional.empty();
}
val values = List.of(org.springframework.util.StringUtils.delimitedListToStringArray(acr, " "));
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
throw new AuthenticationException(new MultifactorAuthenticationProviderAbsentException());
}
val authnContexts = casProperties.getAuthn().getOidc().getCore().getAuthenticationContextReferenceMappings();
val mappings = CollectionUtils.convertDirectedListToMap(authnContexts);
val mappedAcrValues = values.stream().map(acrValue -> mappings.getOrDefault(acrValue, acrValue)).collect(Collectors.toList());
LOGGER.debug("Mapped ACR values are [{}] to compare against [{}]", mappedAcrValues, providerMap.values());
return providerMap.values().stream().filter(v -> mappedAcrValues.contains(v.getId())).findAny();
}
Also used :
lombok.val(lombok.val)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
Ordered(org.springframework.core.Ordered)
UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder)
Setter(lombok.Setter)
Getter(lombok.Getter)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider)
MultifactorAuthenticationTrigger(org.apereo.cas.authentication.MultifactorAuthenticationTrigger)
StringUtils(org.apache.commons.lang3.StringUtils)
MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authentication(org.apereo.cas.authentication.Authentication)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils)
JEEContext(org.pac4j.core.context.JEEContext)
MultifactorAuthenticationProviderResolver(org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
CasProtocolConstants(org.apereo.cas.CasProtocolConstants)
OAuth20Constants(org.apereo.cas.support.oauth.OAuth20Constants)
Unchecked(org.jooq.lambda.Unchecked)
OAuth20Utils(org.apereo.cas.support.oauth.util.OAuth20Utils)
URIBuilder(org.apache.http.client.utils.URIBuilder)
lombok.val(lombok.val)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ApplicationContext(org.springframework.context.ApplicationContext)
Collectors(java.util.stream.Collectors)
RegisteredService(org.apereo.cas.services.RegisteredService)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
Service(org.apereo.cas.authentication.principal.Service)
Optional(java.util.Optional)
EncodingUtils(org.apereo.cas.util.EncodingUtils)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProviderAbsentException(org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)
Aggregations
lombok.val (lombok.val)8
MultifactorAuthenticationProviderAbsentException (org.apereo.cas.authentication.MultifactorAuthenticationProviderAbsentException)8
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)7
Optional (java.util.Optional)3
MultifactorAuthenticationProvider (org.apereo.cas.authentication.MultifactorAuthenticationProvider)3
Map (java.util.Map)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Getter (lombok.Getter)2
RequiredArgsConstructor (lombok.RequiredArgsConstructor)2
Setter (lombok.Setter)2
Slf4j (lombok.extern.slf4j.Slf4j)2
StringUtils (org.apache.commons.lang3.StringUtils)2
Authentication (org.apereo.cas.authentication.Authentication)2
MultifactorAuthenticationTrigger (org.apereo.cas.authentication.MultifactorAuthenticationTrigger)2
MultifactorAuthenticationUtils (org.apereo.cas.authentication.MultifactorAuthenticationUtils)2
Service (org.apereo.cas.authentication.principal.Service)2
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)2
RegisteredService (org.apereo.cas.services.RegisteredService)2
ApplicationContext (org.springframework.context.ApplicationContext)2
