use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class DuoSecurityMultifactorProviderBypassConfiguration method duoSecurityCredentialMultifactorAuthenticationProviderBypass.
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@ConditionalOnMissingBean(name = "duoSecurityCredentialMultifactorAuthenticationProviderBypass")
public MultifactorAuthenticationProviderBypassEvaluator duoSecurityCredentialMultifactorAuthenticationProviderBypass(final ConfigurableApplicationContext applicationContext, final CasConfigurationProperties casProperties) {
return BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(applicationContext.getEnvironment())).supply(() -> {
val duoProps = casProperties.getAuthn().getMfa().getDuo();
val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
duoProps.stream().filter(duo -> StringUtils.isNotBlank(duo.getBypass().getCredentialClassType())).forEach(duo -> bypass.addMultifactorAuthenticationProviderBypassEvaluator(new CredentialMultifactorAuthenticationProviderBypassEvaluator(duo.getBypass(), duo.getId())));
if (bypass.isEmpty()) {
return NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance();
}
return bypass;
}).otherwiseProxy().get();
}
use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class DuoSecurityMultifactorProviderBypassConfiguration method duoSecurityPrincipalMultifactorAuthenticationProviderBypass.
@Bean
@ConditionalOnMissingBean(name = "duoSecurityPrincipalMultifactorAuthenticationProviderBypass")
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MultifactorAuthenticationProviderBypassEvaluator duoSecurityPrincipalMultifactorAuthenticationProviderBypass(final ConfigurableApplicationContext applicationContext, final CasConfigurationProperties casProperties) {
return BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(applicationContext.getEnvironment())).supply(() -> {
val duoProps = casProperties.getAuthn().getMfa().getDuo();
val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
duoProps.stream().filter(duo -> StringUtils.isNotBlank(duo.getBypass().getPrincipalAttributeName())).forEach(duo -> bypass.addMultifactorAuthenticationProviderBypassEvaluator(new PrincipalMultifactorAuthenticationProviderBypassEvaluator(duo.getBypass(), duo.getId())));
if (bypass.isEmpty()) {
return NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance();
}
return bypass;
}).otherwiseProxy().get();
}
use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class SwivelAuthenticationMultifactorProviderBypassConfiguration method swivelBypassEvaluator.
@ConditionalOnMissingBean(name = "swivelBypassEvaluator")
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MultifactorAuthenticationProviderBypassEvaluator swivelBypassEvaluator(final CasConfigurationProperties casProperties, @Qualifier("swivelPrincipalMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelPrincipalMultifactorAuthenticationProviderBypass, @Qualifier("swivelRegisteredServiceMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelRegisteredServiceMultifactorAuthenticationProviderBypass, @Qualifier("swivelRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator") final MultifactorAuthenticationProviderBypassEvaluator swivelRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator, @Qualifier("swivelAuthenticationMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelAuthenticationMultifactorAuthenticationProviderBypass, @Qualifier("swivelCredentialMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelCredentialMultifactorAuthenticationProviderBypass, @Qualifier("swivelHttpRequestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelHttpRequestMultifactorAuthenticationProviderBypass, @Qualifier("swivelGroovyMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelGroovyMultifactorAuthenticationProviderBypass, @Qualifier("swivelRestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelRestMultifactorAuthenticationProviderBypass) {
val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
val props = casProperties.getAuthn().getMfa().getSwivel().getBypass();
if (StringUtils.isNotBlank(props.getPrincipalAttributeName())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelPrincipalMultifactorAuthenticationProviderBypass);
}
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelRegisteredServiceMultifactorAuthenticationProviderBypass);
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator);
if (StringUtils.isNotBlank(props.getAuthenticationAttributeName()) || StringUtils.isNotBlank(props.getAuthenticationHandlerName()) || StringUtils.isNotBlank(props.getAuthenticationMethodName())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelAuthenticationMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getCredentialClassType())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelCredentialMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getHttpRequestHeaders()) || StringUtils.isNotBlank(props.getHttpRequestRemoteAddress())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelHttpRequestMultifactorAuthenticationProviderBypass);
}
if (props.getGroovy().getLocation() != null) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelGroovyMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getRest().getUrl())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelRestMultifactorAuthenticationProviderBypass);
}
return bypass;
}
Aggregations