Example 1 with LdapPasswordPolicyHandlingStrategy
use of org.apereo.cas.authentication.support.LdapPasswordPolicyHandlingStrategy in project cas by apereo.
the class LdapAuthenticationConfiguration method ldapAuthenticationHandlers.
@Bean
public Collection<AuthenticationHandler> ldapAuthenticationHandlers() {
final Collection<AuthenticationHandler> handlers = new HashSet<>();
casProperties.getAuthn().getLdap().stream().filter(ldapInstanceConfigurationPredicate()).forEach(l -> {
final Multimap<String, Object> multiMapAttributes = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(l.getPrincipalAttributeList());
LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", multiMapAttributes, l.getLdapUrl());
LOGGER.debug("Creating LDAP authenticator for [{}] and baseDn [{}]", l.getLdapUrl(), l.getBaseDn());
final Authenticator authenticator = LdapUtils.newLdaptiveAuthenticator(l);
LOGGER.debug("Ldap authenticator configured with return attributes [{}] for [{}] and baseDn [{}]", multiMapAttributes.keySet(), l.getLdapUrl(), l.getBaseDn());
LOGGER.debug("Creating LDAP password policy handling strategy for [{}]", l.getLdapUrl());
final LdapPasswordPolicyHandlingStrategy strategy = createLdapPasswordPolicyHandlingStrategy(l);
LOGGER.debug("Creating LDAP authentication handler for [{}]", l.getLdapUrl());
final LdapAuthenticationHandler handler = new LdapAuthenticationHandler(l.getName(), servicesManager, ldapPrincipalFactory(), l.getOrder(), authenticator, strategy);
handler.setCollectDnAttribute(l.isCollectDnAttribute());
final List<String> additionalAttributes = l.getAdditionalAttributes();
if (StringUtils.isNotBlank(l.getPrincipalAttributeId())) {
additionalAttributes.add(l.getPrincipalAttributeId());
}
if (StringUtils.isNotBlank(l.getPrincipalDnAttributeName())) {
handler.setPrincipalDnAttributeName(l.getPrincipalDnAttributeName());
}
handler.setAllowMultiplePrincipalAttributeValues(l.isAllowMultiplePrincipalAttributeValues());
handler.setAllowMissingPrincipalAttributeValue(l.isAllowMissingPrincipalAttributeValue());
handler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(l.getPasswordEncoder()));
handler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(l.getPrincipalTransformation()));
if (StringUtils.isNotBlank(l.getCredentialCriteria())) {
LOGGER.debug("Ldap authentication for [{}] is filtering credentials by [{}]", l.getLdapUrl(), l.getCredentialCriteria());
handler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(l.getCredentialCriteria()));
}
if (StringUtils.isBlank(l.getPrincipalAttributeId())) {
LOGGER.debug("No principal id attribute is found for LDAP authentication via [{}]", l.getLdapUrl());
} else {
handler.setPrincipalIdAttribute(l.getPrincipalAttributeId());
LOGGER.debug("Using principal id attribute [{}] for LDAP authentication via [{}]", l.getPrincipalAttributeId(), l.getLdapUrl());
}
if (l.getPasswordPolicy().isEnabled()) {
LOGGER.debug("Password policy is enabled for [{}]. Constructing password policy configuration", l.getLdapUrl());
final LdapPasswordPolicyConfiguration cfg = createLdapPasswordPolicyConfiguration(l, authenticator, multiMapAttributes);
handler.setPasswordPolicyConfiguration(cfg);
}
final Map<String, Object> attributes = CollectionUtils.wrap(multiMapAttributes);
handler.setPrincipalAttributeMap(attributes);
LOGGER.debug("Initializing LDAP authentication handler for [{}]", l.getLdapUrl());
handler.initialize();
handlers.add(handler);
});
return handlers;
}
Also used :
AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler)
LdapAuthenticationHandler(org.apereo.cas.authentication.LdapAuthenticationHandler)
GroovyLdapPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.GroovyLdapPasswordPolicyHandlingStrategy)
LdapPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.LdapPasswordPolicyHandlingStrategy)
RejectResultCodeLdapPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.RejectResultCodeLdapPasswordPolicyHandlingStrategy)
DefaultLdapPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy)
LdapPasswordPolicyConfiguration(org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)
LdapAuthenticationHandler(org.apereo.cas.authentication.LdapAuthenticationHandler)
Authenticator(org.ldaptive.auth.Authenticator)
HashSet(java.util.HashSet)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
HashSet (java.util.HashSet)1
AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)1
LdapAuthenticationHandler (org.apereo.cas.authentication.LdapAuthenticationHandler)1
DefaultLdapPasswordPolicyHandlingStrategy (org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy)1
GroovyLdapPasswordPolicyHandlingStrategy (org.apereo.cas.authentication.support.GroovyLdapPasswordPolicyHandlingStrategy)1
LdapPasswordPolicyConfiguration (org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)1
LdapPasswordPolicyHandlingStrategy (org.apereo.cas.authentication.support.LdapPasswordPolicyHandlingStrategy)1
RejectResultCodeLdapPasswordPolicyHandlingStrategy (org.apereo.cas.authentication.support.RejectResultCodeLdapPasswordPolicyHandlingStrategy)1
Authenticator (org.ldaptive.auth.Authenticator)1
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)1
Bean (org.springframework.context.annotation.Bean)1
