Example 1 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class SecurityTokenServiceAuthenticationMetaDataPopulator method populateAttributes.
@Override
public void populateAttributes(final AuthenticationBuilder builder, final AuthenticationTransaction transaction) {
if (!this.selectionStrategy.supports(transaction.getService())) {
return;
}
final Service service = this.selectionStrategy.resolveServiceFrom(transaction.getService());
if (service != null) {
final WSFederationRegisteredService rp = this.servicesManager.findServiceBy(service, WSFederationRegisteredService.class);
if (rp == null || !rp.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.warn("Service [{}] is not allowed to use SSO.", rp);
throw new UnauthorizedSsoServiceException();
}
final SecurityTokenServiceClient sts = clientBuilder.buildClientForSecurityTokenRequests(rp);
invokeSecurityTokenServiceForToken(transaction, builder, rp, sts);
}
}
Also used :
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
WSFederationRegisteredService(org.apereo.cas.ws.idp.services.WSFederationRegisteredService)
WSFederationRegisteredService(org.apereo.cas.ws.idp.services.WSFederationRegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
Example 2 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class DefaultCentralAuthenticationService method grantProxyTicket.
@Audit(action = AuditableActions.PROXY_TICKET, actionResolverName = AuditActionResolvers.GRANT_PROXY_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.GRANT_PROXY_TICKET_RESOURCE_RESOLVER)
@Override
public ProxyTicket grantProxyTicket(final String proxyGrantingTicket, final Service service) throws AbstractTicketException {
val proxyGrantingTicketObject = getTicket(proxyGrantingTicket, ProxyGrantingTicket.class);
val registeredService = configurationContext.getServicesManager().findServiceBy(service);
try {
enforceRegisteredServiceAccess(service, proxyGrantingTicketObject, registeredService);
RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, service, proxyGrantingTicketObject);
} catch (final Exception e) {
LoggingUtils.warn(LOGGER, e);
throw new UnauthorizedSsoServiceException();
}
evaluateProxiedServiceIfNeeded(service, proxyGrantingTicketObject, registeredService);
getAuthenticationSatisfiedByPolicy(proxyGrantingTicketObject.getRoot().getAuthentication(), new ServiceContext(service, registeredService));
val authentication = proxyGrantingTicketObject.getRoot().getAuthentication();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
return configurationContext.getLockRepository().execute(proxyGrantingTicketObject.getId(), Unchecked.supplier(new CheckedSupplier<ProxyTicket>() {
@Override
public ProxyTicket get() throws Throwable {
val principal = authentication.getPrincipal();
val factory = (ProxyTicketFactory) configurationContext.getTicketFactory().get(ProxyTicket.class);
val proxyTicket = factory.create(proxyGrantingTicketObject, service, ProxyTicket.class);
configurationContext.getTicketRegistry().updateTicket(proxyGrantingTicketObject);
configurationContext.getTicketRegistry().addTicket(proxyTicket);
LOGGER.info("Granted proxy ticket [{}] for service [{}] for user [{}]", proxyTicket.getId(), service.getId(), principal.getId());
doPublishEvent(new CasProxyTicketGrantedEvent(this, proxyGrantingTicketObject, proxyTicket));
return proxyTicket;
}
})).orElseThrow(UnauthorizedProxyingException::new);
}
Also used :
lombok.val(lombok.val)
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
ServiceContext(org.apereo.cas.services.ServiceContext)
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException)
MixedPrincipalException(org.apereo.cas.authentication.exceptions.MixedPrincipalException)
UnrecognizableServiceForServiceTicketValidationException(org.apereo.cas.ticket.UnrecognizableServiceForServiceTicketValidationException)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
ProxyTicket(org.apereo.cas.ticket.proxy.ProxyTicket)
UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException)
CasProxyTicketGrantedEvent(org.apereo.cas.support.events.ticket.CasProxyTicketGrantedEvent)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 3 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class RegisteredServiceAuthenticationHandlerResolver method supports.
@Override
public boolean supports(final Set<AuthenticationHandler> handlers, final AuthenticationTransaction transaction) {
val service = authenticationServiceSelectionPlan.resolveService(transaction.getService());
if (service != null) {
val registeredService = this.servicesManager.findServiceBy(service);
LOGGER.trace("Located registered service definition [{}] for this authentication transaction", registeredService);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.warn("Service [{}] is not allowed to use SSO.", service);
throw new UnauthorizedSsoServiceException();
}
val authenticationPolicy = registeredService.getAuthenticationPolicy();
return !authenticationPolicy.getRequiredAuthenticationHandlers().isEmpty() || !authenticationPolicy.getExcludedAuthenticationHandlers().isEmpty();
}
return false;
}
Also used :
lombok.val(lombok.val)
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
Example 4 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class SecurityTokenServiceAuthenticationPostProcessor method process.
@Override
public void process(final AuthenticationTransaction transaction, final AuthenticationBuilder builder) {
if (!this.selectionStrategy.supports(transaction.getService())) {
return;
}
final Service service = this.selectionStrategy.resolveServiceFrom(transaction.getService());
if (service != null) {
final WSFederationRegisteredService rp = this.servicesManager.findServiceBy(service, WSFederationRegisteredService.class);
if (rp == null || !rp.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.warn("Service [{}] is not allowed to use SSO.", rp);
throw new UnauthorizedSsoServiceException();
}
final SecurityTokenServiceClient sts = clientBuilder.buildClientForSecurityTokenRequests(rp);
invokeSecurityTokenServiceForToken(transaction, builder, rp, sts);
}
}
Also used :
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
WSFederationRegisteredService(org.apereo.cas.ws.idp.services.WSFederationRegisteredService)
WSFederationRegisteredService(org.apereo.cas.ws.idp.services.WSFederationRegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
Example 5 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class RegisteredServiceAuthenticationHandlerResolver method supports.
@Override
public boolean supports(final Set<AuthenticationHandler> handlers, final AuthenticationTransaction transaction) {
final Service service = transaction.getService();
if (service != null) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
LOGGER.debug("Located registered service definition [{}] for this authentication transaction", registeredService);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.warn("Service [{}] is not allowed to use SSO.", registeredService);
throw new UnauthorizedSsoServiceException();
}
return !registeredService.getRequiredHandlers().isEmpty();
}
return false;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
Service(org.apereo.cas.authentication.principal.Service)
RegisteredService(org.apereo.cas.services.RegisteredService)
Aggregations
UnauthorizedSsoServiceException (org.apereo.cas.services.UnauthorizedSsoServiceException)7
lombok.val (lombok.val)4
Service (org.apereo.cas.authentication.principal.Service)3
WSFederationRegisteredService (org.apereo.cas.ws.idp.services.WSFederationRegisteredService)2
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)1
MixedPrincipalException (org.apereo.cas.authentication.exceptions.MixedPrincipalException)1
RegisteredService (org.apereo.cas.services.RegisteredService)1
ServiceContext (org.apereo.cas.services.ServiceContext)1
UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)1
CasProxyTicketGrantedEvent (org.apereo.cas.support.events.ticket.CasProxyTicketGrantedEvent)1
AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)1
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)1
UnrecognizableServiceForServiceTicketValidationException (org.apereo.cas.ticket.UnrecognizableServiceForServiceTicketValidationException)1
ProxyTicket (org.apereo.cas.ticket.proxy.ProxyTicket)1
Audit (org.apereo.inspektr.audit.annotation.Audit)1
