use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.
the class MultifactorAuthenticationProviderBypassTests method verifyMultifactorAuthenticationBypassByHttpRequestRemoteHost.
@Test
public void verifyMultifactorAuthenticationBypassByHttpRequestRemoteHost() {
val applicationContext = new StaticApplicationContext();
applicationContext.refresh();
ApplicationContextProvider.holdApplicationContext(applicationContext);
ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
val request = new MockHttpServletRequest();
request.setRemoteHost("somewhere.example.org");
val props = new MultifactorAuthenticationProviderBypassProperties();
props.setHttpRequestRemoteAddress(".+example\\.org");
val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser");
val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal);
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
val bypass = new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId());
val service = MultifactorAuthenticationTestUtils.getRegisteredService();
assertFalse(bypass.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
}
use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.
the class MultifactorAuthenticationProviderBypassTests method verifyMultifactorAuthenticationBypassByPrincipalAttributes.
@Test
public void verifyMultifactorAuthenticationBypassByPrincipalAttributes() {
val applicationContext = new StaticApplicationContext();
applicationContext.refresh();
ApplicationContextProvider.holdApplicationContext(applicationContext);
ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
val request = new MockHttpServletRequest();
val props = new MultifactorAuthenticationProviderBypassProperties();
props.setPrincipalAttributeName("givenName");
props.setPrincipalAttributeValue("CAS");
val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("givenName", "CAS"));
val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal, CollectionUtils.wrap("authnFlag", "bypass"));
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
val bypass = new PrincipalMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId());
val service = MultifactorAuthenticationTestUtils.getRegisteredService();
assertFalse(bypass.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
}
use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.
the class MultifactorAuthenticationProviderBypassTests method verifyMultifactorAuthenticationBypassByAuthenticationCredentialClass.
@Test
public void verifyMultifactorAuthenticationBypassByAuthenticationCredentialClass() {
val applicationContext = new StaticApplicationContext();
applicationContext.refresh();
ApplicationContextProvider.holdApplicationContext(applicationContext);
ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
val request = new MockHttpServletRequest();
val props = new MultifactorAuthenticationProviderBypassProperties();
props.setCredentialClassType(Credential.class.getName());
val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser");
val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal);
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
val bypass = new CredentialMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId());
val service = MultifactorAuthenticationTestUtils.getRegisteredService();
assertFalse(bypass.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
}
use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.
the class CredentialMultifactorAuthenticationProviderBypassEvaluatorTests method verifyOperation.
@Test
public void verifyOperation() {
val applicationContext = new StaticApplicationContext();
applicationContext.refresh();
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
val eval = new DefaultChainingMultifactorAuthenticationBypassProvider();
val bypassProps = new MultifactorAuthenticationProviderBypassProperties();
bypassProps.setCredentialClassType(UsernamePasswordCredential.class.getName());
eval.addMultifactorAuthenticationProviderBypassEvaluator(new CredentialMultifactorAuthenticationProviderBypassEvaluator(bypassProps, TestMultifactorAuthenticationProvider.ID));
val principal = CoreAuthenticationTestUtils.getPrincipal(Map.of("cn", List.of("example")));
val authentication = CoreAuthenticationTestUtils.getAuthentication(principal);
val registeredService = CoreAuthenticationTestUtils.getRegisteredService();
val policy = new DefaultRegisteredServiceMultifactorPolicy();
when(registeredService.getMultifactorPolicy()).thenReturn(policy);
assertFalse(eval.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, provider, new MockHttpServletRequest()));
bypassProps.setCredentialClassType(BasicIdentifiableCredential.class.getName());
assertTrue(eval.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, provider, new MockHttpServletRequest()));
}
use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.
the class DefaultRequestedAuthenticationContextValidatorTests method verifyRequestedAuthenticationIsAlreadyBypass.
@Test
public void verifyRequestedAuthenticationIsAlreadyBypass() {
val applicationContext = buildApplicationContext();
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
val props = new MultifactorAuthenticationProviderBypassProperties();
props.setAuthenticationAttributeName("givenName");
props.setAuthenticationAttributeValue("Not Bypassed");
val bypass = new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(props, TestMultifactorAuthenticationProvider.ID);
provider.setBypassEvaluator(bypass);
val servicesManager = mock(ServicesManager.class);
val validator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator(servicesManager, Optional.of(provider), applicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
val assertion = mock(Assertion.class);
val principal = MultifactorAuthenticationTestUtils.getPrincipal(CASUSER);
val attrs = new HashMap<String, List<Object>>();
attrs.put(MultifactorAuthenticationProviderBypassEvaluator.AUTHENTICATION_ATTRIBUTE_BYPASS_MFA, List.of(true));
attrs.put(MultifactorAuthenticationProviderBypassEvaluator.AUTHENTICATION_ATTRIBUTE_BYPASS_MFA_PROVIDER, List.of(TestMultifactorAuthenticationProvider.ID));
val auth = MultifactorAuthenticationTestUtils.getAuthentication(principal, attrs);
when(assertion.getPrimaryAuthentication()).thenReturn(auth);
val result = validator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse());
assertTrue(result.isSuccess());
}
Aggregations