Examples with MultifactorAuthenticationProvider org.apereo.cas.services.MultifactorAuthenticationProvider used on opensource projects

Example 21 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class BaseRequestMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final List<String> values = resolveEventFromHttpRequest(request);
    if (values != null && !values.isEmpty()) {
        LOGGER.debug("Received request as [{}]", values);
        final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
        if (providerMap == null || providerMap.isEmpty()) {
            LOGGER.error("No multifactor authentication providers are available in the application context to satisfy [{}]", values);
            throw new AuthenticationException();
        }
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values.get(0));
        if (providerFound.isPresent()) {
            final MultifactorAuthenticationProvider provider = providerFound.get();
            if (provider.isAvailable(service)) {
                LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
                final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
                return CollectionUtils.wrapSet(event);
            }
            LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
            return null;
        }
        LOGGER.warn("No multifactor provider could be found for request parameter [{}]", values);
        throw new AuthenticationException();
    }
    return null;
}

Example 22 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class GrouperMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (StringUtils.isBlank(grouperField)) {
        LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
        return null;
    }
    if (authentication == null || service == null) {
        LOGGER.debug("No authentication or service is available to determine event for principal");
        return null;
    }
    final Principal principal = authentication.getPrincipal();
    final Collection<WsGetGroupsResult> results = GrouperFacade.getGroupsForSubjectId(principal.getId());
    if (results.isEmpty()) {
        LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    final GrouperGroupField groupField = GrouperGroupField.valueOf(grouperField);
    final Set<String> values = results.stream().map(wsGetGroupsResult -> Stream.of(wsGetGroupsResult.getWsGroups())).flatMap(Function.identity()).map(g -> GrouperFacade.getGrouperGroupAttribute(groupField, g)).collect(Collectors.toSet());
    final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values);
    if (providerFound.isPresent()) {
        final MultifactorAuthenticationProvider provider = providerFound.get();
        if (provider.isAvailable(service)) {
            LOGGER.debug("Attempting to build event based on the authentication provider [{}] and service [{}]", provider, service.getName());
            final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
            return CollectionUtils.wrapSet(event);
        }
        LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
        return null;
    }
    LOGGER.debug("No multifactor provider could be found based on [{}]'s Grouper groups", principal.getId());
    return null;
}

Example 23 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class AbstractServiceValidateController method validateAuthenticationContext.

/**
 * Validate authentication context pair.
 *
 * @param assertion the assertion
 * @param request   the request
 * @return the pair
 */
protected Pair<Boolean, Optional<MultifactorAuthenticationProvider>> validateAuthenticationContext(final Assertion assertion, final HttpServletRequest request) {
    LOGGER.debug("Locating the primary authentication associated with this service request [{}]", assertion.getService());
    final RegisteredService service = this.servicesManager.findServiceBy(assertion.getService());
    RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(assertion.getService(), service);
    final Map<String, MultifactorAuthenticationProvider> providers = this.applicationContext.getBeansOfType(MultifactorAuthenticationProvider.class, false, true);
    final Authentication authentication = assertion.getPrimaryAuthentication();
    final Optional<String> requestedContext = this.multifactorTriggerSelectionStrategy.resolve(providers.values(), request, service, authentication);
    if (!requestedContext.isPresent()) {
        LOGGER.debug("No particular authentication context is required for this request");
        return Pair.of(Boolean.TRUE, Optional.empty());
    }
    return this.authenticationContextValidator.validate(authentication, requestedContext.get(), service);
}

Example 24 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (attributeNames.isEmpty()) {
        LOGGER.debug("Authentication attribute name to determine event is not configured");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
    if (providers.size() == 1 && StringUtils.isNotBlank(globalAuthenticationAttributeValueRegex)) {
        final MultifactorAuthenticationProvider provider = providers.iterator().next();
        LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
        return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> input != null && input.matches(globalAuthenticationAttributeValueRegex));
    }
    return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}

Example 25 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    final String mfaId = globalProviderId;
    if (StringUtils.isBlank(mfaId)) {
        LOGGER.debug("No value could be found for request parameter [{}]", mfaId);
        return null;
    }
    LOGGER.debug("Attempting to globally activate [{}]", mfaId);
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle " + mfaId);
        throw new AuthenticationException();
    }
    final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaId);
    if (providerFound.isPresent()) {
        if (providerFound.get().isAvailable(service)) {
            LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", providerFound.get(), service.getName());
            final Event event = validateEventIdForMatchingTransitionInContext(providerFound.get().getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, providerFound.get()));
            return Collections.singleton(event);
        }
        LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
        return null;
    }
    LOGGER.warn("No multifactor provider could be found for [{}]", mfaId);
    throw new AuthenticationException();
}