use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class DefaultDuoMultifactorAuthenticationProvider method supportsInternal.
@Override
protected boolean supportsInternal(final Event e, final Authentication authentication, final RegisteredService registeredService) {
if (!super.supportsInternal(e, authentication, registeredService)) {
return false;
}
final Principal principal = authentication.getPrincipal();
final DuoUserAccount acct = this.duoAuthenticationService.getDuoUserAccount(principal.getId());
LOGGER.debug("Found duo user account status [{}] for [{}]", acct, principal);
if (acct.getStatus() == DuoUserAccountAuthStatus.ALLOW) {
LOGGER.debug("Account status is set for allow/bypass for [{}]", principal);
return false;
}
if (acct.getStatus() == DuoUserAccountAuthStatus.DENY) {
LOGGER.warn("Account status is set to deny access to [{}]", principal);
}
return true;
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class BasicDuoSecurityAuthenticationService method authenticateDuoCredentialDirect.
private Pair<Boolean, String> authenticateDuoCredentialDirect(final Credential crds) {
try {
final DuoDirectCredential credential = DuoDirectCredential.class.cast(crds);
final Principal p = credential.getAuthentication().getPrincipal();
final Http request = buildHttpPostAuthRequest();
signHttpAuthRequest(request, p.getId());
final JSONObject result = (JSONObject) request.executeRequest();
LOGGER.debug("Duo authentication response: [{}]", result);
if ("allow".equalsIgnoreCase(result.getString("result"))) {
return Pair.of(Boolean.TRUE, crds.getId());
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return Pair.of(Boolean.FALSE, crds.getId());
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class DuoAuthenticationHandler method authenticateDuoCredential.
private AuthenticationHandlerExecutionResult authenticateDuoCredential(final Credential credential) throws FailedLoginException {
try {
final DuoCredential duoCredential = (DuoCredential) credential;
if (!duoCredential.isValid()) {
throw new GeneralSecurityException("Duo credential validation failed. Ensure a username " + " and the signed Duo response is configured and passed. Credential received: " + duoCredential);
}
final DuoSecurityAuthenticationService duoAuthenticationService = getDuoAuthenticationService();
final String duoVerifyResponse = duoAuthenticationService.authenticate(duoCredential).getValue();
LOGGER.debug("Response from Duo verify: [{}]", duoVerifyResponse);
final String primaryCredentialsUsername = duoCredential.getUsername();
final boolean isGoodAuthentication = duoVerifyResponse.equals(primaryCredentialsUsername);
if (isGoodAuthentication) {
LOGGER.info("Successful Duo authentication for [{}]", primaryCredentialsUsername);
final Principal principal = this.principalFactory.createPrincipal(duoVerifyResponse);
return createHandlerResult(credential, principal, new ArrayList<>());
}
throw new FailedLoginException("Duo authentication username " + primaryCredentialsUsername + " does not match Duo response: " + duoVerifyResponse);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
throw new FailedLoginException(e.getMessage());
}
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class DetermineDuoUserAccountAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
final Authentication authentication = WebUtils.getAuthentication(requestContext);
final Principal p = authentication.getPrincipal();
final Collection<MultifactorAuthenticationProvider> providers = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
for (final MultifactorAuthenticationProvider pr : providers) {
final DuoMultifactorAuthenticationProvider duoProvider = this.provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class);
final DuoSecurityAuthenticationService duoAuthenticationService = duoProvider.getDuoAuthenticationService();
final DuoUserAccount account = duoAuthenticationService.getDuoUserAccount(p.getId());
if (account.getStatus() == DuoUserAccountAuthStatus.ENROLL && StringUtils.isNotBlank(duoProvider.getRegistrationUrl())) {
requestContext.getFlowScope().put("duoRegistrationUrl", duoProvider.getRegistrationUrl());
return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_ENROLL);
}
}
return success();
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class PrepareDuoWebLoginFormAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
final Principal p = WebUtils.getAuthentication(requestContext).getPrincipal();
final DuoCredential c = requestContext.getFlowScope().get(CasWebflowConstants.VAR_ID_CREDENTIAL, DuoCredential.class);
c.setUsername(p.getId());
final Collection<MultifactorAuthenticationProvider> providers = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
providers.forEach(pr -> {
final DuoSecurityAuthenticationService duoAuthenticationService = provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class).getDuoAuthenticationService();
final MutableAttributeMap<Object> viewScope = requestContext.getViewScope();
viewScope.put("sigRequest", duoAuthenticationService.signRequestToken(p.getId()));
viewScope.put("apiHost", duoAuthenticationService.getApiHost());
viewScope.put("commandName", "credential");
viewScope.put("principal", p);
});
return success();
}
Aggregations