use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveMultifactorProviderViaPredicate.
@Override
@SneakyThrows
protected Set<Event> resolveMultifactorProviderViaPredicate(final RequestContext context, final RegisteredService service, final Principal principal, final Collection<MultifactorAuthenticationProvider> providers) {
if (predicateResource == null || !ResourceUtils.doesResourceExist(predicateResource)) {
LOGGER.debug("No groovy script predicate is defined to decide which multifactor authentication provider should be chosen");
return null;
}
final Object[] args = { service, principal, providers, LOGGER };
final Predicate<MultifactorAuthenticationProvider> predicate = ScriptingUtils.getObjectInstanceFromGroovyResource(predicateResource, PREDICATE_CTOR_PARAMETERS, args, Predicate.class);
LOGGER.debug("Created predicate instance [{}] from [{}] to filter multifactor authentication providers [{}]", predicate.getClass().getSimpleName(), predicateResource, providers);
if (providers == null || providers.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final MultifactorAuthenticationProvider provider = providers.stream().filter(predicate).sorted(Comparator.comparingInt(MultifactorAuthenticationProvider::getOrder)).findFirst().orElse(null);
LOGGER.debug("Predicate instance [{}] returned multifactor authentication provider [{}]", predicate.getClass().getSimpleName(), provider);
return evaluateEventForProviderInContext(principal, service, context, provider);
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null || service == null) {
LOGGER.debug("No authentication or service is available to determine event for principal");
return null;
}
final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
if (policy == null || service.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) {
LOGGER.debug("Authentication policy is absent or does not contain any multifactor authentication providers");
return null;
}
if (StringUtils.isBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(policy.getPrincipalAttributeValueToMatch())) {
LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication");
return null;
}
final Principal principal = authentication.getPrincipal();
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
return resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(policy.getPrincipalAttributeNameTrigger()), service, context, providers, Pattern.compile(policy.getPrincipalAttributeValueToMatch()).asPredicate());
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class TimedMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (timedMultifactor == null || timedMultifactor.isEmpty()) {
LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication by time");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final Set<Event> providerFound = checkTimedMultifactorProvidersForRequest(context, service, authentication);
if (providerFound != null && !providerFound.isEmpty()) {
LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
return providerFound;
}
return null;
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class MultifactorAuthenticationContingencyPlan method executeInternal.
@Override
protected AuthenticationRiskContingencyResponse executeInternal(final Authentication authentication, final RegisteredService service, final AuthenticationRiskScore score, final HttpServletRequest request) {
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.warn("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
String id = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getMfaProvider();
if (StringUtils.isBlank(id)) {
if (providerMap.size() == 1) {
id = providerMap.values().iterator().next().getId();
} else {
LOGGER.warn("No multifactor authentication providers are specified to handle risk-based authentication");
throw new AuthenticationException();
}
}
final String attributeName = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getRiskyAuthenticationAttribute();
final Authentication newAuthn = DefaultAuthenticationBuilder.newInstance(authentication).addAttribute(attributeName, Boolean.TRUE).build();
LOGGER.debug("Updated authentication to remember risk-based authn via [{}]", attributeName);
authentication.update(newAuthn);
return new AuthenticationRiskContingencyResponse(new Event(this, id));
}
use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.
the class InterruptWebflowConfigurer method createTransitionStateForMultifactorSubflows.
private void createTransitionStateForMultifactorSubflows(final Flow flow) {
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
providerMap.forEach((k, v) -> {
if (containsSubflowState(flow, v.getId())) {
final SubflowState state = getState(flow, v.getId(), SubflowState.class);
createTransitionForState(state, CasWebflowConstants.TRANSITION_ID_SUCCESS, STATE_ID_INQUIRE_INTERRUPT_ACTION, true);
}
});
}
Aggregations