use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class PrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
if (attributeNames.isEmpty()) {
LOGGER.debug("Attribute name to determine event is not configured for [{}]", principal.getId());
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
if (providers.size() == 1 && StringUtils.isNotBlank(globalPrincipalAttributeValueRegex)) {
final MultifactorAuthenticationProvider provider = providers.iterator().next();
LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
return resolveEventViaPrincipalAttribute(principal, attributeNames, service, context, providers, input -> input != null && input.matches(globalPrincipalAttributeValueRegex));
}
return resolveEventViaPrincipalAttribute(principal, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveEventPerAuthenticationProvider.
/**
* Resolve event per authentication provider event.
*
* @param principal the principal
* @param context the context
* @param service the service
* @return the event
*/
protected Set<Event> resolveEventPerAuthenticationProvider(final Principal principal, final RequestContext context, final RegisteredService service) {
try {
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
if (providers != null && !providers.isEmpty()) {
final MultifactorAuthenticationProvider provider = this.multifactorAuthenticationProviderSelector.resolve(providers, service, principal);
LOGGER.debug("Selected multifactor authentication provider for this transaction is [{}]", provider);
if (!provider.isAvailable(service)) {
LOGGER.warn("Multifactor authentication provider [{}] could not be verified/reached.", provider);
return null;
}
final String identifier = provider.getId();
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(identifier, context, buildEventAttributeMap(principal, service, provider));
return Collections.singleton(event);
}
LOGGER.debug("No multifactor authentication providers could be located for [{}]", service);
return null;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RestEndpointMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final String restEndpoint = this.restEndpoint;
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
if (StringUtils.isBlank(restEndpoint)) {
LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
LOGGER.debug("Contacting [{}] to inquire about [{}]", restEndpoint, principal.getId());
final RestTemplate restTemplate = new RestTemplate();
final ResponseEntity<String> responseEntity = restTemplate.postForEntity(restEndpoint, principal.getId(), String.class);
if (responseEntity != null && responseEntity.getStatusCode() == HttpStatus.OK) {
final String results = responseEntity.getBody();
if (StringUtils.isNotBlank(results)) {
LOGGER.debug("Result returned from the rest endpoint is [{}]", results);
final MultifactorAuthenticationProvider restProvider = flattenedProviders.stream().filter(p -> p.matches(results)).findFirst().orElse(null);
if (restProvider != null) {
LOGGER.debug("Found multifactor authentication provider [{}]", restProvider.getId());
return Collections.singleton(new Event(this, restProvider.getId()));
}
LOGGER.debug("No multifactor authentication provider could be matched against [{}]", results);
return Collections.emptySet();
}
}
LOGGER.debug("No providers are available to match rest endpoint results");
return Collections.emptySet();
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class FirstMultifactorAuthenticationProviderSelector method resolve.
@Override
public MultifactorAuthenticationProvider resolve(final Collection<MultifactorAuthenticationProvider> providers, final RegisteredService service, final Principal principal) {
final Iterator<MultifactorAuthenticationProvider> it = providers.iterator();
final MultifactorAuthenticationProvider provider = it.next();
LOGGER.debug("Selected the first provider [{}] for service [{}] out of [{}] providers", provider, service, providers.size());
return provider;
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class AbstractCasWebflowEventResolver method resolveEventViaAttribute.
private Set<Event> resolveEventViaAttribute(final Principal principal, final Map<String, Object> attributesToExamine, final Collection<String> attributeNames, final RegisteredService service, final RequestContext context, final Collection<MultifactorAuthenticationProvider> providers, final Predicate<String> predicate) {
if (providers == null || providers.isEmpty()) {
LOGGER.debug("No authentication provider is associated with this service");
return null;
}
LOGGER.debug("Locating attribute value for attribute(s): [{}]", attributeNames);
for (final String attributeName : attributeNames) {
final Object attributeValue = attributesToExamine.get(attributeName);
if (attributeValue == null) {
LOGGER.debug("Attribute value for [{}] to determine event is not configured for [{}]", attributeName, principal.getId());
continue;
}
LOGGER.debug("Selecting a multifactor authentication provider out of [{}] for [{}] and service [{}]", providers, principal.getId(), service);
final MultifactorAuthenticationProvider provider = this.multifactorAuthenticationProviderSelector.resolve(providers, service, principal);
LOGGER.debug("Located attribute value [{}] for [{}]", attributeValue, attributeNames);
Set<Event> results = resolveEventViaSingleAttribute(principal, attributeValue, service, context, provider, predicate);
if (results == null || results.isEmpty()) {
results = resolveEventViaMultivaluedAttribute(principal, attributeValue, service, context, provider, predicate);
}
if (results != null && !results.isEmpty()) {
LOGGER.debug("Resolved set of events based on the attribute [{}] are [{}]", attributeName, results);
return results;
}
}
LOGGER.debug("No set of events based on the attribute(s) [{}] could be matched", attributeNames);
return null;
}
Aggregations