Examples with OpenIdCredential org.apereo.cas.support.openid.authentication.principal.OpenIdCredential used on opensource projects

Example 1 with OpenIdCredential

use of org.apereo.cas.support.openid.authentication.principal.OpenIdCredential in project cas by apereo.

the class OpenIdSingleSignOnAction method constructCredentialsFromRequest.

@Override
protected Credential constructCredentialsFromRequest(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String openidIdentityParameter = context.getRequestParameters().get(OpenIdProtocolConstants.OPENID_IDENTITY);
    final String userName = getOpenIdSelectedIdentifier(context, ticketGrantingTicketId, openidIdentityParameter);
    final Service service = WebUtils.getService(context);
    // clear the service because otherwise we can fake the username
    if (service instanceof OpenIdService && StringUtils.isBlank(userName)) {
        context.getFlowScope().remove(CasProtocolConstants.PARAMETER_SERVICE);
    }
    if (StringUtils.isBlank(ticketGrantingTicketId) || StringUtils.isBlank(userName)) {
        return null;
    }
    return new OpenIdCredential(ticketGrantingTicketId, userName);
}

Example 2 with OpenIdCredential

use of org.apereo.cas.support.openid.authentication.principal.OpenIdCredential in project cas by apereo.

the class OpenIdCredentialsAuthenticationHandlerTests method verifyTGTThatIsExpired.

@Test
public void verifyTGTThatIsExpired() throws Exception {
    final OpenIdCredential c = new OpenIdCredential(TGT_ID, USERNAME);
    final TicketGrantingTicket t = getTicketGrantingTicket();
    this.ticketRegistry.addTicket(t);
    t.markTicketExpired();
    this.thrown.expect(FailedLoginException.class);
    this.thrown.expectMessage("TGT is null or expired.");
    this.openIdCredentialsAuthenticationHandler.authenticate(c);
}

Example 3 with OpenIdCredential

use of org.apereo.cas.support.openid.authentication.principal.OpenIdCredential in project cas by apereo.

the class OpenIdCredentialsAuthenticationHandler method authenticate.

@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException {
    final OpenIdCredential c = (OpenIdCredential) credential;
    final TicketGrantingTicket t = this.ticketRegistry.getTicket(c.getTicketGrantingTicketId(), TicketGrantingTicket.class);
    if (t == null || t.isExpired()) {
        throw new FailedLoginException("TGT is null or expired.");
    }
    final Principal principal = t.getAuthentication().getPrincipal();
    if (!principal.getId().equals(c.getUsername())) {
        throw new FailedLoginException("Principal ID mismatch");
    }
    return new DefaultHandlerResult(this, new BasicCredentialMetaData(c), principal);
}

Example 4 with OpenIdCredential

use of org.apereo.cas.support.openid.authentication.principal.OpenIdCredential in project cas by apereo.

the class OpenIdCredentialsAuthenticationHandlerTests method verifyTGTWithSameId.

@Test
public void verifyTGTWithSameId() throws Exception {
    final OpenIdCredential c = new OpenIdCredential(TGT_ID, USERNAME);
    final TicketGrantingTicket t = getTicketGrantingTicket();
    this.ticketRegistry.addTicket(t);
    assertEquals(TGT_ID, this.openIdCredentialsAuthenticationHandler.authenticate(c).getPrincipal().getId());
}

Example 5 with OpenIdCredential

use of org.apereo.cas.support.openid.authentication.principal.OpenIdCredential in project cas by apereo.

the class OpenIdCredentialsAuthenticationHandlerTests method verifyTGTWithDifferentId.

@Test
public void verifyTGTWithDifferentId() throws Exception {
    final OpenIdCredential c = new OpenIdCredential(TGT_ID, "test1");
    final TicketGrantingTicket t = getTicketGrantingTicket();
    this.ticketRegistry.addTicket(t);
    this.thrown.expect(FailedLoginException.class);
    this.thrown.expectMessage("Principal ID mismatch");
    this.openIdCredentialsAuthenticationHandler.authenticate(c);
}