use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
final String mfaId = globalProviderId;
if (StringUtils.isBlank(mfaId)) {
LOGGER.debug("No value could be found for request parameter [{}]", mfaId);
return null;
}
LOGGER.debug("Attempting to globally activate [{}]", mfaId);
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle " + mfaId);
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaId);
if (providerFound.isPresent()) {
if (providerFound.get().isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", providerFound.get(), service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(providerFound.get().getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, providerFound.get()));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
}
LOGGER.warn("No multifactor provider could be found for [{}]", mfaId);
throw new AuthenticationException();
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class PrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
if (attributeNames.isEmpty()) {
LOGGER.debug("Attribute name to determine event is not configured for [{}]", principal.getId());
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
if (providers.size() == 1 && StringUtils.isNotBlank(globalPrincipalAttributeValueRegex)) {
final MultifactorAuthenticationProvider provider = providers.iterator().next();
LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
return resolveEventViaPrincipalAttribute(principal, attributeNames, service, context, providers, input -> input != null && input.matches(globalPrincipalAttributeValueRegex));
}
return resolveEventViaPrincipalAttribute(principal, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveEventPerAuthenticationProvider.
/**
* Resolve event per authentication provider event.
*
* @param principal the principal
* @param context the context
* @param service the service
* @return the event
*/
protected Set<Event> resolveEventPerAuthenticationProvider(final Principal principal, final RequestContext context, final RegisteredService service) {
try {
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
if (providers != null && !providers.isEmpty()) {
final MultifactorAuthenticationProvider provider = this.multifactorAuthenticationProviderSelector.resolve(providers, service, principal);
LOGGER.debug("Selected multifactor authentication provider for this transaction is [{}]", provider);
if (!provider.isAvailable(service)) {
LOGGER.warn("Multifactor authentication provider [{}] could not be verified/reached.", provider);
return null;
}
final String identifier = provider.getId();
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(identifier, context, buildEventAttributeMap(principal, service, provider));
return Collections.singleton(event);
}
LOGGER.debug("No multifactor authentication providers could be located for [{}]", service);
return null;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RestEndpointMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final String restEndpoint = this.restEndpoint;
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
if (StringUtils.isBlank(restEndpoint)) {
LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
LOGGER.debug("Contacting [{}] to inquire about [{}]", restEndpoint, principal.getId());
final RestTemplate restTemplate = new RestTemplate();
final ResponseEntity<String> responseEntity = restTemplate.postForEntity(restEndpoint, principal.getId(), String.class);
if (responseEntity != null && responseEntity.getStatusCode() == HttpStatus.OK) {
final String results = responseEntity.getBody();
if (StringUtils.isNotBlank(results)) {
LOGGER.debug("Result returned from the rest endpoint is [{}]", results);
final MultifactorAuthenticationProvider restProvider = flattenedProviders.stream().filter(p -> p.matches(results)).findFirst().orElse(null);
if (restProvider != null) {
LOGGER.debug("Found multifactor authentication provider [{}]", restProvider.getId());
return Collections.singleton(new Event(this, restProvider.getId()));
}
LOGGER.debug("No multifactor authentication provider could be matched against [{}]", results);
return Collections.emptySet();
}
}
LOGGER.debug("No providers are available to match rest endpoint results");
return Collections.emptySet();
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class FirstMultifactorAuthenticationProviderSelector method resolve.
@Override
public MultifactorAuthenticationProvider resolve(final Collection<MultifactorAuthenticationProvider> providers, final RegisteredService service, final Principal principal) {
final Iterator<MultifactorAuthenticationProvider> it = providers.iterator();
final MultifactorAuthenticationProvider provider = it.next();
LOGGER.debug("Selected the first provider [{}] for service [{}] out of [{}] providers", provider, service, providers.size());
return provider;
}
Aggregations