Search in sources :

Example 26 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class PrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    final Principal principal = authentication.getPrincipal();
    if (attributeNames.isEmpty()) {
        LOGGER.debug("Attribute name to determine event is not configured for [{}]", principal.getId());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
    if (providers.size() == 1 && StringUtils.isNotBlank(globalPrincipalAttributeValueRegex)) {
        final MultifactorAuthenticationProvider provider = providers.iterator().next();
        LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
        return resolveEventViaPrincipalAttribute(principal, attributeNames, service, context, providers, input -> input != null && input.matches(globalPrincipalAttributeValueRegex));
    }
    return resolveEventViaPrincipalAttribute(principal, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Logger(org.slf4j.Logger) Audit(org.apereo.inspektr.audit.annotation.Audit) Collection(java.util.Collection) MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector) LoggerFactory(org.slf4j.LoggerFactory) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan) TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport) Set(java.util.Set) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) RegisteredService(org.apereo.cas.services.RegisteredService) BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver) Authentication(org.apereo.cas.authentication.Authentication) StringUtils.commaDelimitedListToSet(org.springframework.util.StringUtils.commaDelimitedListToSet) Map(java.util.Map) AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport) Principal(org.apereo.cas.authentication.principal.Principal) WebUtils(org.apereo.cas.web.support.WebUtils) CookieGenerator(org.springframework.web.util.CookieGenerator) Event(org.springframework.webflow.execution.Event) ServicesManager(org.apereo.cas.services.ServicesManager) RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Principal(org.apereo.cas.authentication.principal.Principal)

Example 27 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class RegisteredServiceMultifactorAuthenticationPolicyEventResolver method resolveEventPerAuthenticationProvider.

/**
     * Resolve event per authentication provider event.
     *
     * @param principal the principal
     * @param context   the context
     * @param service   the service
     * @return the event
     */
protected Set<Event> resolveEventPerAuthenticationProvider(final Principal principal, final RequestContext context, final RegisteredService service) {
    try {
        final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
        if (providers != null && !providers.isEmpty()) {
            final MultifactorAuthenticationProvider provider = this.multifactorAuthenticationProviderSelector.resolve(providers, service, principal);
            LOGGER.debug("Selected multifactor authentication provider for this transaction is [{}]", provider);
            if (!provider.isAvailable(service)) {
                LOGGER.warn("Multifactor authentication provider [{}] could not be verified/reached.", provider);
                return null;
            }
            final String identifier = provider.getId();
            LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
            final Event event = validateEventIdForMatchingTransitionInContext(identifier, context, buildEventAttributeMap(principal, service, provider));
            return Collections.singleton(event);
        }
        LOGGER.debug("No multifactor authentication providers could be located for [{}]", service);
        return null;
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 28 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class RestEndpointMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    final String restEndpoint = this.restEndpoint;
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    final Principal principal = authentication.getPrincipal();
    if (StringUtils.isBlank(restEndpoint)) {
        LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
    LOGGER.debug("Contacting [{}] to inquire about [{}]", restEndpoint, principal.getId());
    final RestTemplate restTemplate = new RestTemplate();
    final ResponseEntity<String> responseEntity = restTemplate.postForEntity(restEndpoint, principal.getId(), String.class);
    if (responseEntity != null && responseEntity.getStatusCode() == HttpStatus.OK) {
        final String results = responseEntity.getBody();
        if (StringUtils.isNotBlank(results)) {
            LOGGER.debug("Result returned from the rest endpoint is [{}]", results);
            final MultifactorAuthenticationProvider restProvider = flattenedProviders.stream().filter(p -> p.matches(results)).findFirst().orElse(null);
            if (restProvider != null) {
                LOGGER.debug("Found multifactor authentication provider [{}]", restProvider.getId());
                return Collections.singleton(new Event(this, restProvider.getId()));
            }
            LOGGER.debug("No multifactor authentication provider could be matched against [{}]", results);
            return Collections.emptySet();
        }
    }
    LOGGER.debug("No providers are available to match rest endpoint results");
    return Collections.emptySet();
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) RestTemplate(org.springframework.web.client.RestTemplate) Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Principal(org.apereo.cas.authentication.principal.Principal)

Example 29 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class FirstMultifactorAuthenticationProviderSelector method resolve.

@Override
public MultifactorAuthenticationProvider resolve(final Collection<MultifactorAuthenticationProvider> providers, final RegisteredService service, final Principal principal) {
    final Iterator<MultifactorAuthenticationProvider> it = providers.iterator();
    final MultifactorAuthenticationProvider provider = it.next();
    LOGGER.debug("Selected the first provider [{}] for service [{}] out of [{}] providers", provider, service, providers.size());
    return provider;
}
Also used : MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 30 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class AbstractCasWebflowEventResolver method resolveEventViaAttribute.

private Set<Event> resolveEventViaAttribute(final Principal principal, final Map<String, Object> attributesToExamine, final Collection<String> attributeNames, final RegisteredService service, final RequestContext context, final Collection<MultifactorAuthenticationProvider> providers, final Predicate<String> predicate) {
    if (providers == null || providers.isEmpty()) {
        LOGGER.debug("No authentication provider is associated with this service");
        return null;
    }
    LOGGER.debug("Locating attribute value for attribute(s): [{}]", attributeNames);
    for (final String attributeName : attributeNames) {
        final Object attributeValue = attributesToExamine.get(attributeName);
        if (attributeValue == null) {
            LOGGER.debug("Attribute value for [{}] to determine event is not configured for [{}]", attributeName, principal.getId());
            continue;
        }
        LOGGER.debug("Selecting a multifactor authentication provider out of [{}] for [{}] and service [{}]", providers, principal.getId(), service);
        final MultifactorAuthenticationProvider provider = this.multifactorAuthenticationProviderSelector.resolve(providers, service, principal);
        LOGGER.debug("Located attribute value [{}] for [{}]", attributeValue, attributeNames);
        Set<Event> results = resolveEventViaSingleAttribute(principal, attributeValue, service, context, provider, predicate);
        if (results == null || results.isEmpty()) {
            results = resolveEventViaMultivaluedAttribute(principal, attributeValue, service, context, provider, predicate);
        }
        if (results != null && !results.isEmpty()) {
            LOGGER.debug("Resolved set of events based on the attribute [{}] are [{}]", attributeName, results);
            return results;
        }
    }
    LOGGER.debug("No set of events based on the attribute(s) [{}] could be matched", attributeNames);
    return null;
}
Also used : Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Aggregations

MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)35 Authentication (org.apereo.cas.authentication.Authentication)21 RegisteredService (org.apereo.cas.services.RegisteredService)20 Event (org.springframework.webflow.execution.Event)20 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)14 Map (java.util.Map)9 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)8 Principal (org.apereo.cas.authentication.principal.Principal)8 Set (java.util.Set)7 ServicesManager (org.apereo.cas.services.ServicesManager)7 RequestContext (org.springframework.webflow.execution.RequestContext)7 AuthenticationServiceSelectionPlan (org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)6 AuthenticationSystemSupport (org.apereo.cas.authentication.AuthenticationSystemSupport)6 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)6 MultifactorAuthenticationProviderSelector (org.apereo.cas.services.MultifactorAuthenticationProviderSelector)6 TicketRegistrySupport (org.apereo.cas.ticket.registry.TicketRegistrySupport)6 BaseMultifactorAuthenticationProviderEventResolver (org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)6 WebUtils (org.apereo.cas.web.support.WebUtils)6 CookieGenerator (org.springframework.web.util.CookieGenerator)6 Collection (java.util.Collection)5