Search in sources :

Example 31 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveMultifactorProviderViaPredicate.

@Override
@SneakyThrows
protected Set<Event> resolveMultifactorProviderViaPredicate(final RequestContext context, final RegisteredService service, final Principal principal, final Collection<MultifactorAuthenticationProvider> providers) {
    if (predicateResource == null || !ResourceUtils.doesResourceExist(predicateResource)) {
        LOGGER.debug("No groovy script predicate is defined to decide which multifactor authentication provider should be chosen");
        return null;
    }
    final Object[] args = { service, principal, providers, LOGGER };
    final Predicate<MultifactorAuthenticationProvider> predicate = ScriptingUtils.getObjectInstanceFromGroovyResource(predicateResource, PREDICATE_CTOR_PARAMETERS, args, Predicate.class);
    LOGGER.debug("Created predicate instance [{}] from [{}] to filter multifactor authentication providers [{}]", predicate.getClass().getSimpleName(), predicateResource, providers);
    if (providers == null || providers.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final MultifactorAuthenticationProvider provider = providers.stream().filter(predicate).sorted(Comparator.comparingInt(MultifactorAuthenticationProvider::getOrder)).findFirst().orElse(null);
    LOGGER.debug("Predicate instance [{}] returned multifactor authentication provider [{}]", predicate.getClass().getSimpleName(), provider);
    return evaluateEventForProviderInContext(principal, service, context, provider);
}
Also used : MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) SneakyThrows(lombok.SneakyThrows)

Example 32 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null || service == null) {
        LOGGER.debug("No authentication or service is available to determine event for principal");
        return null;
    }
    final RegisteredServiceMultifactorPolicy policy = service.getMultifactorPolicy();
    if (policy == null || service.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) {
        LOGGER.debug("Authentication policy is absent or does not contain any multifactor authentication providers");
        return null;
    }
    if (StringUtils.isBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(policy.getPrincipalAttributeValueToMatch())) {
        LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication");
        return null;
    }
    final Principal principal = authentication.getPrincipal();
    final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(getAuthenticationProviderForService(service));
    return resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(policy.getPrincipalAttributeNameTrigger()), service, context, providers, Pattern.compile(policy.getPrincipalAttributeValueToMatch()).asPredicate());
}
Also used : RegisteredServiceMultifactorPolicy(org.apereo.cas.services.RegisteredServiceMultifactorPolicy) RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Principal(org.apereo.cas.authentication.principal.Principal)

Example 33 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class TimedMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (timedMultifactor == null || timedMultifactor.isEmpty()) {
        LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication by time");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    final Set<Event> providerFound = checkTimedMultifactorProvidersForRequest(context, service, authentication);
    if (providerFound != null && !providerFound.isEmpty()) {
        LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
        return providerFound;
    }
    return null;
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 34 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class MultifactorAuthenticationContingencyPlan method executeInternal.

@Override
protected AuthenticationRiskContingencyResponse executeInternal(final Authentication authentication, final RegisteredService service, final AuthenticationRiskScore score, final HttpServletRequest request) {
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.warn("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    String id = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getMfaProvider();
    if (StringUtils.isBlank(id)) {
        if (providerMap.size() == 1) {
            id = providerMap.values().iterator().next().getId();
        } else {
            LOGGER.warn("No multifactor authentication providers are specified to handle risk-based authentication");
            throw new AuthenticationException();
        }
    }
    final String attributeName = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getRiskyAuthenticationAttribute();
    final Authentication newAuthn = DefaultAuthenticationBuilder.newInstance(authentication).addAttribute(attributeName, Boolean.TRUE).build();
    LOGGER.debug("Updated authentication to remember risk-based authn via [{}]", attributeName);
    authentication.update(newAuthn);
    return new AuthenticationRiskContingencyResponse(new Event(this, id));
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) AuthenticationRiskContingencyResponse(org.apereo.cas.api.AuthenticationRiskContingencyResponse) Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 35 with MultifactorAuthenticationProvider

use of org.apereo.cas.services.MultifactorAuthenticationProvider in project cas by apereo.

the class InterruptWebflowConfigurer method createTransitionStateForMultifactorSubflows.

private void createTransitionStateForMultifactorSubflows(final Flow flow) {
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    providerMap.forEach((k, v) -> {
        if (containsSubflowState(flow, v.getId())) {
            final SubflowState state = getState(flow, v.getId(), SubflowState.class);
            createTransitionForState(state, CasWebflowConstants.TRANSITION_ID_SUCCESS, STATE_ID_INQUIRE_INTERRUPT_ACTION, true);
        }
    });
}
Also used : SubflowState(org.springframework.webflow.engine.SubflowState) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Aggregations

MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)35 Authentication (org.apereo.cas.authentication.Authentication)21 RegisteredService (org.apereo.cas.services.RegisteredService)20 Event (org.springframework.webflow.execution.Event)20 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)14 Map (java.util.Map)9 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)8 Principal (org.apereo.cas.authentication.principal.Principal)8 Set (java.util.Set)7 ServicesManager (org.apereo.cas.services.ServicesManager)7 RequestContext (org.springframework.webflow.execution.RequestContext)7 AuthenticationServiceSelectionPlan (org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)6 AuthenticationSystemSupport (org.apereo.cas.authentication.AuthenticationSystemSupport)6 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)6 MultifactorAuthenticationProviderSelector (org.apereo.cas.services.MultifactorAuthenticationProviderSelector)6 TicketRegistrySupport (org.apereo.cas.ticket.registry.TicketRegistrySupport)6 BaseMultifactorAuthenticationProviderEventResolver (org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)6 WebUtils (org.apereo.cas.web.support.WebUtils)6 CookieGenerator (org.springframework.web.util.CookieGenerator)6 Collection (java.util.Collection)5