Search in sources :

Example 21 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class DefaultDuoMultifactorAuthenticationProvider method supportsInternal.

@Override
protected boolean supportsInternal(final Event e, final Authentication authentication, final RegisteredService registeredService) {
    if (!super.supportsInternal(e, authentication, registeredService)) {
        return false;
    }
    final Principal principal = authentication.getPrincipal();
    final DuoUserAccount acct = this.duoAuthenticationService.getDuoUserAccount(principal.getId());
    LOGGER.debug("Found duo user account status [{}] for [{}]", acct, principal);
    if (acct.getStatus() == DuoUserAccountAuthStatus.ALLOW) {
        LOGGER.debug("Account status is set for allow/bypass for [{}]", principal);
        return false;
    }
    if (acct.getStatus() == DuoUserAccountAuthStatus.DENY) {
        LOGGER.warn("Account status is set to deny access to [{}]", principal);
    }
    return true;
}
Also used : DuoUserAccount(org.apereo.cas.adaptors.duo.DuoUserAccount) Principal(org.apereo.cas.authentication.principal.Principal)

Example 22 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class BasicDuoSecurityAuthenticationService method authenticateDuoCredentialDirect.

private Pair<Boolean, String> authenticateDuoCredentialDirect(final Credential crds) {
    try {
        final DuoDirectCredential credential = DuoDirectCredential.class.cast(crds);
        final Principal p = credential.getAuthentication().getPrincipal();
        final Http request = buildHttpPostAuthRequest();
        signHttpAuthRequest(request, p.getId());
        final JSONObject result = (JSONObject) request.executeRequest();
        LOGGER.debug("Duo authentication response: [{}]", result);
        if ("allow".equalsIgnoreCase(result.getString("result"))) {
            return Pair.of(Boolean.TRUE, crds.getId());
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return Pair.of(Boolean.FALSE, crds.getId());
}
Also used : JSONObject(org.json.JSONObject) Http(com.duosecurity.client.Http) Principal(org.apereo.cas.authentication.principal.Principal)

Example 23 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class DuoAuthenticationHandler method authenticateDuoCredential.

private AuthenticationHandlerExecutionResult authenticateDuoCredential(final Credential credential) throws FailedLoginException {
    try {
        final DuoCredential duoCredential = (DuoCredential) credential;
        if (!duoCredential.isValid()) {
            throw new GeneralSecurityException("Duo credential validation failed. Ensure a username " + " and the signed Duo response is configured and passed. Credential received: " + duoCredential);
        }
        final DuoSecurityAuthenticationService duoAuthenticationService = getDuoAuthenticationService();
        final String duoVerifyResponse = duoAuthenticationService.authenticate(duoCredential).getValue();
        LOGGER.debug("Response from Duo verify: [{}]", duoVerifyResponse);
        final String primaryCredentialsUsername = duoCredential.getUsername();
        final boolean isGoodAuthentication = duoVerifyResponse.equals(primaryCredentialsUsername);
        if (isGoodAuthentication) {
            LOGGER.info("Successful Duo authentication for [{}]", primaryCredentialsUsername);
            final Principal principal = this.principalFactory.createPrincipal(duoVerifyResponse);
            return createHandlerResult(credential, principal, new ArrayList<>());
        }
        throw new FailedLoginException("Duo authentication username " + primaryCredentialsUsername + " does not match Duo response: " + duoVerifyResponse);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        throw new FailedLoginException(e.getMessage());
    }
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) GeneralSecurityException(java.security.GeneralSecurityException) Principal(org.apereo.cas.authentication.principal.Principal) GeneralSecurityException(java.security.GeneralSecurityException) FailedLoginException(javax.security.auth.login.FailedLoginException)

Example 24 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class DetermineDuoUserAccountAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) {
    final Authentication authentication = WebUtils.getAuthentication(requestContext);
    final Principal p = authentication.getPrincipal();
    final Collection<MultifactorAuthenticationProvider> providers = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
    for (final MultifactorAuthenticationProvider pr : providers) {
        final DuoMultifactorAuthenticationProvider duoProvider = this.provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class);
        final DuoSecurityAuthenticationService duoAuthenticationService = duoProvider.getDuoAuthenticationService();
        final DuoUserAccount account = duoAuthenticationService.getDuoUserAccount(p.getId());
        if (account.getStatus() == DuoUserAccountAuthStatus.ENROLL && StringUtils.isNotBlank(duoProvider.getRegistrationUrl())) {
            requestContext.getFlowScope().put("duoRegistrationUrl", duoProvider.getRegistrationUrl());
            return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_ENROLL);
        }
    }
    return success();
}
Also used : DuoUserAccount(org.apereo.cas.adaptors.duo.DuoUserAccount) Authentication(org.apereo.cas.authentication.Authentication) DuoMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) DuoMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider) VariegatedMultifactorAuthenticationProvider(org.apereo.cas.services.VariegatedMultifactorAuthenticationProvider) DuoSecurityAuthenticationService(org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService) Principal(org.apereo.cas.authentication.principal.Principal) EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)

Example 25 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class PrepareDuoWebLoginFormAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) {
    final Principal p = WebUtils.getAuthentication(requestContext).getPrincipal();
    final DuoCredential c = requestContext.getFlowScope().get(CasWebflowConstants.VAR_ID_CREDENTIAL, DuoCredential.class);
    c.setUsername(p.getId());
    final Collection<MultifactorAuthenticationProvider> providers = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
    providers.forEach(pr -> {
        final DuoSecurityAuthenticationService duoAuthenticationService = provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class).getDuoAuthenticationService();
        final MutableAttributeMap<Object> viewScope = requestContext.getViewScope();
        viewScope.put("sigRequest", duoAuthenticationService.signRequestToken(p.getId()));
        viewScope.put("apiHost", duoAuthenticationService.getApiHost());
        viewScope.put("commandName", "credential");
        viewScope.put("principal", p);
    });
    return success();
}
Also used : DuoCredential(org.apereo.cas.adaptors.duo.authn.DuoCredential) DuoMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) DuoMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoMultifactorAuthenticationProvider) VariegatedMultifactorAuthenticationProvider(org.apereo.cas.services.VariegatedMultifactorAuthenticationProvider) DuoSecurityAuthenticationService(org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService) Principal(org.apereo.cas.authentication.principal.Principal)

Aggregations

Principal (org.apereo.cas.authentication.principal.Principal)114 HashMap (java.util.HashMap)33 RegisteredService (org.apereo.cas.services.RegisteredService)31 Test (org.junit.Test)29 Authentication (org.apereo.cas.authentication.Authentication)26 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)26 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)26 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)25 Map (java.util.Map)23 Slf4j (lombok.extern.slf4j.Slf4j)23 lombok.val (lombok.val)19 List (java.util.List)15 StringUtils (org.apache.commons.lang3.StringUtils)15 OAuthCode (org.apereo.cas.ticket.code.OAuthCode)15 CollectionUtils (org.apereo.cas.util.CollectionUtils)15 ArrayList (java.util.ArrayList)14 Optional (java.util.Optional)14 Service (org.apereo.cas.authentication.principal.Service)14 Collection (java.util.Collection)11 Collectors (java.util.stream.Collectors)10