Search in sources :

Example 1 with WsFederationCookieCipherExecutor

use of org.apereo.cas.support.wsfederation.web.WsFederationCookieCipherExecutor in project cas by apereo.

the class WsFedAuthenticationEventExecutionPlanConfiguration method getWsFederationConfiguration.

private WsFederationConfiguration getWsFederationConfiguration(final WsFederationDelegationProperties wsfed) {
    final WsFederationConfiguration config = new WsFederationConfiguration();
    config.setAttributesType(WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.valueOf(wsfed.getAttributesType()));
    config.setIdentityAttribute(wsfed.getIdentityAttribute());
    config.setIdentityProviderIdentifier(wsfed.getIdentityProviderIdentifier());
    config.setIdentityProviderUrl(wsfed.getIdentityProviderUrl());
    config.setTolerance(Beans.newDuration(wsfed.getTolerance()).toMillis());
    config.setRelyingPartyIdentifier(wsfed.getRelyingPartyIdentifier());
    org.springframework.util.StringUtils.commaDelimitedListToSet(wsfed.getSigningCertificateResources()).forEach(s -> config.getSigningCertificateResources().add(this.resourceLoader.getResource(s)));
    org.springframework.util.StringUtils.commaDelimitedListToSet(wsfed.getEncryptionPrivateKey()).forEach(s -> config.setEncryptionPrivateKey(this.resourceLoader.getResource(s)));
    org.springframework.util.StringUtils.commaDelimitedListToSet(wsfed.getEncryptionCertificate()).forEach(s -> config.setEncryptionCertificate(this.resourceLoader.getResource(s)));
    config.setEncryptionPrivateKeyPassword(wsfed.getEncryptionPrivateKeyPassword());
    config.setAttributeMutator(this.attributeMutator);
    config.setAutoRedirect(wsfed.isAutoRedirect());
    config.setName(wsfed.getName());
    final WsFederationDelegatedCookieProperties cookie = wsfed.getCookie();
    final EncryptionJwtSigningJwtCryptographyProperties crypto = cookie.getCrypto();
    final CipherExecutor cipher;
    if (crypto.isEnabled()) {
        cipher = new WsFederationCookieCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg());
    } else {
        LOGGER.info("WsFederation delegated authentication cookie encryption/signing is turned off and " + "MAY NOT be safe in a production environment. " + "Consider using other choices to handle encryption, signing and verification of " + "delegated authentication cookie.");
        cipher = CipherExecutor.noOp();
    }
    config.setCookieGenerator(new WsFederationCookieGenerator(new DefaultCasCookieValueManager(cipher), cookie.getName(), cookie.getPath(), cookie.getMaxAge(), cookie.isSecure(), cookie.getDomain(), cookie.isHttpOnly()));
    config.initialize();
    return config;
}
Also used : WsFederationCookieCipherExecutor(org.apereo.cas.support.wsfederation.web.WsFederationCookieCipherExecutor) CipherExecutor(org.apereo.cas.CipherExecutor) WsFederationConfiguration(org.apereo.cas.support.wsfederation.WsFederationConfiguration) WsFederationCookieCipherExecutor(org.apereo.cas.support.wsfederation.web.WsFederationCookieCipherExecutor) WsFederationCookieGenerator(org.apereo.cas.support.wsfederation.web.WsFederationCookieGenerator) EncryptionJwtSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties) DefaultCasCookieValueManager(org.apereo.cas.web.support.DefaultCasCookieValueManager) WsFederationDelegatedCookieProperties(org.apereo.cas.configuration.model.support.wsfed.WsFederationDelegatedCookieProperties)

Aggregations

CipherExecutor (org.apereo.cas.CipherExecutor)1 EncryptionJwtSigningJwtCryptographyProperties (org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)1 WsFederationDelegatedCookieProperties (org.apereo.cas.configuration.model.support.wsfed.WsFederationDelegatedCookieProperties)1 WsFederationConfiguration (org.apereo.cas.support.wsfederation.WsFederationConfiguration)1 WsFederationCookieCipherExecutor (org.apereo.cas.support.wsfederation.web.WsFederationCookieCipherExecutor)1 WsFederationCookieGenerator (org.apereo.cas.support.wsfederation.web.WsFederationCookieGenerator)1 DefaultCasCookieValueManager (org.apereo.cas.web.support.DefaultCasCookieValueManager)1