Example 1 with OptionalWarningAccountStateHandler
use of org.apereo.cas.authentication.support.OptionalWarningAccountStateHandler in project cas by apereo.
the class LdapAuthenticationConfiguration method createLdapPasswordPolicyConfiguration.
private static LdapPasswordPolicyConfiguration createLdapPasswordPolicyConfiguration(final LdapAuthenticationProperties l, final Authenticator authenticator) {
final LdapPasswordPolicyConfiguration cfg = new LdapPasswordPolicyConfiguration(l.getPasswordPolicy());
final Set<AuthenticationResponseHandler> handlers = new HashSet<>();
if (cfg.getPasswordWarningNumberOfDays() > 0) {
LOGGER.debug("Password policy authentication response handler is set to accommodate directory type: [{}]", l.getPasswordPolicy().getType());
switch(l.getPasswordPolicy().getType()) {
case AD:
handlers.add(new ActiveDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
break;
case FreeIPA:
handlers.add(new FreeIPAAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays()), cfg.getLoginFailures()));
break;
case EDirectory:
handlers.add(new EDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
break;
default:
handlers.add(new PasswordPolicyAuthenticationResponseHandler());
handlers.add(new PasswordExpirationAuthenticationResponseHandler());
break;
}
} else {
LOGGER.debug("Password warning number of days is undefined; LDAP authentication may NOT support " + "EDirectory, AD and FreeIPA to handle password policy authentication responses");
}
authenticator.setAuthenticationResponseHandlers((AuthenticationResponseHandler[]) handlers.toArray(new AuthenticationResponseHandler[handlers.size()]));
LOGGER.debug("LDAP authentication response handlers configured are: [{}]", handlers);
if (StringUtils.isNotBlank(l.getPasswordPolicy().getWarningAttributeName()) && StringUtils.isNotBlank(l.getPasswordPolicy().getWarningAttributeValue())) {
LOGGER.debug("Configuring an warning account state handler for LDAP authentication for warning attribute [{}] and value [{}]", l.getPasswordPolicy().getWarningAttributeName(), l.getPasswordPolicy().getWarningAttributeValue());
final OptionalWarningAccountStateHandler accountHandler = new OptionalWarningAccountStateHandler();
accountHandler.setDisplayWarningOnMatch(l.getPasswordPolicy().isDisplayWarningOnMatch());
accountHandler.setWarnAttributeName(l.getPasswordPolicy().getWarningAttributeName());
accountHandler.setWarningAttributeValue(l.getPasswordPolicy().getWarningAttributeValue());
accountHandler.setAttributesToErrorMap(l.getPasswordPolicy().getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
} else {
final DefaultAccountStateHandler accountHandler = new DefaultAccountStateHandler();
accountHandler.setAttributesToErrorMap(l.getPasswordPolicy().getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
LOGGER.debug("Configuring the default account state handler for LDAP authentication");
}
return cfg;
}
Also used :
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
AuthenticationResponseHandler(org.ldaptive.auth.AuthenticationResponseHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
LdapPasswordPolicyConfiguration(org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
DefaultAccountStateHandler(org.apereo.cas.authentication.support.DefaultAccountStateHandler)
HashSet(java.util.HashSet)
OptionalWarningAccountStateHandler(org.apereo.cas.authentication.support.OptionalWarningAccountStateHandler)
Aggregations
HashSet (java.util.HashSet)1
DefaultAccountStateHandler (org.apereo.cas.authentication.support.DefaultAccountStateHandler)1
LdapPasswordPolicyConfiguration (org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)1
OptionalWarningAccountStateHandler (org.apereo.cas.authentication.support.OptionalWarningAccountStateHandler)1
AuthenticationResponseHandler (org.ldaptive.auth.AuthenticationResponseHandler)1
ActiveDirectoryAuthenticationResponseHandler (org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)1
EDirectoryAuthenticationResponseHandler (org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)1
FreeIPAAuthenticationResponseHandler (org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)1
PasswordExpirationAuthenticationResponseHandler (org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)1
PasswordPolicyAuthenticationResponseHandler (org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)1
