Search in sources :

Example 6 with TransientSessionTicket

use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.

the class BaseDelegatedAuthenticationController method configureWebContextForRegisteredService.

/**
 * Configure web context for registered service.
 *
 * @param webContext the web context
 * @param ticket     the ticket
 */
protected void configureWebContextForRegisteredService(final WebContext webContext, final TransientSessionTicket ticket) {
    val registeredService = configurationContext.getServicesManager().findServiceBy(ticket.getService());
    val audit = AuditableContext.builder().service(ticket.getService()).registeredService(registeredService).build();
    val result = configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(audit);
    result.throwExceptionIfNeeded();
    if (!registeredService.getProperties().isEmpty()) {
        val delegatedAuthnProperties = Arrays.stream(RegisteredServiceProperties.values()).filter(prop -> prop.isMemberOf(RegisteredServicePropertyGroups.DELEGATED_AUTHN)).collect(Collectors.toList());
        configureWebContextForRegisteredServiceProperties(registeredService, webContext, delegatedAuthnProperties);
        val saml2ServiceProperties = Arrays.stream(RegisteredServiceProperties.values()).filter(prop -> prop.isMemberOf(RegisteredServicePropertyGroups.DELEGATED_AUTHN_SAML2)).collect(Collectors.toList());
        configureWebContextForRegisteredServiceProperties(registeredService, webContext, saml2ServiceProperties);
        val oidcProperties = Arrays.stream(RegisteredServiceProperties.values()).filter(prop -> prop.isMemberOf(RegisteredServicePropertyGroups.DELEGATED_AUTHN_OIDC)).collect(Collectors.toList());
        configureWebContextForRegisteredServiceProperties(registeredService, webContext, oidcProperties);
    }
}
Also used : lombok.val(lombok.val) Arrays(java.util.Arrays) Getter(lombok.Getter) RegisteredServiceProperties(org.apereo.cas.services.RegisteredServiceProperty.RegisteredServiceProperties) RegisteredServicePropertyGroups(org.apereo.cas.services.RegisteredServiceProperty.RegisteredServicePropertyGroups) RequiredArgsConstructor(lombok.RequiredArgsConstructor) Controller(org.springframework.stereotype.Controller) Pac4jConstants(org.pac4j.core.util.Pac4jConstants) WebContext(org.pac4j.core.context.WebContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) AccessLevel(lombok.AccessLevel) DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView) RedirectView(org.springframework.web.servlet.view.RedirectView) IndirectClient(org.pac4j.core.client.IndirectClient) RedirectionActionBuilder(org.pac4j.core.redirect.RedirectionActionBuilder) TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket) AuditableContext(org.apereo.cas.audit.AuditableContext) URIBuilder(org.apache.http.client.utils.URIBuilder) lombok.val(lombok.val) WithLocationAction(org.pac4j.core.exception.http.WithLocationAction) Collectors(java.util.stream.Collectors) RegisteredService(org.apereo.cas.services.RegisteredService) Slf4j(lombok.extern.slf4j.Slf4j) View(org.springframework.web.servlet.View) List(java.util.List) DelegatedClientAuthenticationConfigurationContext(org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext) Optional(java.util.Optional) RedirectionAction(org.pac4j.core.exception.http.RedirectionAction) WithContentAction(org.pac4j.core.exception.http.WithContentAction) AnnotationAwareOrderComparator(org.springframework.core.annotation.AnnotationAwareOrderComparator)

Example 7 with TransientSessionTicket

use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.

the class BaseDelegatedAuthenticationController method getRedirectionAction.

/**
 * Gets redirection action.
 *
 * @param client     the client
 * @param webContext the web context
 * @param ticket     the ticket
 * @return the redirection action
 */
protected Optional<RedirectionAction> getRedirectionAction(final IndirectClient client, final WebContext webContext, final TransientSessionTicket ticket) {
    val properties = ticket.getProperties();
    if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN)) {
        webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
    }
    if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_PASSIVE)) {
        webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
    }
    if (ticket.getService() != null) {
        configureWebContextForRegisteredService(webContext, ticket);
    }
    configurationContext.getDelegatedClientAuthenticationRequestCustomizers().stream().sorted(AnnotationAwareOrderComparator.INSTANCE).filter(c -> c.supports(client, webContext)).forEach(c -> c.customize(client, webContext));
    return client.getRedirectionActionBuilder().getRedirectionAction(webContext, configurationContext.getSessionStore());
}
Also used : lombok.val(lombok.val) Arrays(java.util.Arrays) Getter(lombok.Getter) RegisteredServiceProperties(org.apereo.cas.services.RegisteredServiceProperty.RegisteredServiceProperties) RegisteredServicePropertyGroups(org.apereo.cas.services.RegisteredServiceProperty.RegisteredServicePropertyGroups) RequiredArgsConstructor(lombok.RequiredArgsConstructor) Controller(org.springframework.stereotype.Controller) Pac4jConstants(org.pac4j.core.util.Pac4jConstants) WebContext(org.pac4j.core.context.WebContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) AccessLevel(lombok.AccessLevel) DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView) RedirectView(org.springframework.web.servlet.view.RedirectView) IndirectClient(org.pac4j.core.client.IndirectClient) RedirectionActionBuilder(org.pac4j.core.redirect.RedirectionActionBuilder) TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket) AuditableContext(org.apereo.cas.audit.AuditableContext) URIBuilder(org.apache.http.client.utils.URIBuilder) lombok.val(lombok.val) WithLocationAction(org.pac4j.core.exception.http.WithLocationAction) Collectors(java.util.stream.Collectors) RegisteredService(org.apereo.cas.services.RegisteredService) Slf4j(lombok.extern.slf4j.Slf4j) View(org.springframework.web.servlet.View) List(java.util.List) DelegatedClientAuthenticationConfigurationContext(org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext) Optional(java.util.Optional) RedirectionAction(org.pac4j.core.exception.http.RedirectionAction) WithContentAction(org.pac4j.core.exception.http.WithContentAction) AnnotationAwareOrderComparator(org.springframework.core.annotation.AnnotationAwareOrderComparator)

Example 8 with TransientSessionTicket

use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.

the class DuoSecurityUniversalPromptValidateLoginAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    val requestParameters = requestContext.getRequestParameters();
    if (requestParameters.contains(REQUEST_PARAMETER_CODE) && requestParameters.contains(REQUEST_PARAMETER_STATE)) {
        val duoState = requestParameters.get(REQUEST_PARAMETER_STATE, String.class);
        LOGGER.trace("Received Duo Security state [{}]", duoState);
        var ticket = (TransientSessionTicket) null;
        try {
            ticket = centralAuthenticationService.getTicket(duoState, TransientSessionTicket.class);
            val authentication = ticket.getProperty(Authentication.class.getSimpleName(), Authentication.class);
            populateContextWithCredential(requestContext, ticket, authentication);
            populateContextWithAuthentication(requestContext, ticket);
            populateContextWithService(requestContext, ticket);
            return super.doExecute(requestContext);
        } catch (final Exception e) {
            LoggingUtils.warn(LOGGER, e);
            return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_ERROR);
        } finally {
            if (ticket != null) {
                val flowScope = ticket.getProperty(MutableAttributeMap.class.getSimpleName(), Map.class);
                flowScope.forEach((key, value) -> requestContext.getFlowScope().put(key.toString(), value));
                val credential = ticket.getProperty(Credential.class.getSimpleName(), Credential.class);
                WebUtils.putCredential(requestContext, credential);
            }
            centralAuthenticationService.deleteTicket(duoState);
        }
    }
    return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_SKIP);
}
Also used : lombok.val(lombok.val) TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket) DuoSecurityUniversalPromptCredential(org.apereo.cas.adaptors.duo.authn.DuoSecurityUniversalPromptCredential) Credential(org.apereo.cas.authentication.Credential) Authentication(org.apereo.cas.authentication.Authentication) MutableAttributeMap(org.springframework.webflow.core.collection.MutableAttributeMap) EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)

Example 9 with TransientSessionTicket

use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.

the class DuoSecurityUniversalPromptValidateLoginActionTests method verifyPass.

@Test
public void verifyPass() throws Exception {
    val context = new MockRequestContext();
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    RequestContextHolder.setRequestContext(context);
    ExternalContextHolder.setExternalContext(context.getExternalContext());
    val identifier = casProperties.getAuthn().getMfa().getDuo().get(0).getId();
    val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext, new TestMultifactorAuthenticationProvider(identifier));
    configurableApplicationContext.getBeansOfType(MultifactorAuthenticationPrincipalResolver.class).forEach((key, value) -> ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, value, key));
    val authentication = RegisteredServiceTestUtils.getAuthentication();
    WebUtils.putAuthentication(authentication, context);
    WebUtils.putRegisteredService(context, RegisteredServiceTestUtils.getRegisteredService());
    WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(context, provider);
    val builder = mock(AuthenticationResultBuilder.class);
    when(builder.getInitialAuthentication()).thenReturn(Optional.of(authentication));
    when(builder.collect(any(Authentication.class))).thenReturn(builder);
    val authnResult = mock(AuthenticationResult.class);
    when(authnResult.getAuthentication()).thenReturn(authentication);
    when(builder.build(any(PrincipalElectionStrategy.class))).thenReturn(authnResult);
    WebUtils.putAuthenticationResultBuilder(builder, context);
    val prepResult = duoUniversalPromptPrepareLoginAction.execute(context);
    val ticket = (TransientSessionTicket) prepResult.getAttributes().get("result");
    val code = UUID.randomUUID().toString();
    request.addParameter(DuoSecurityUniversalPromptValidateLoginAction.REQUEST_PARAMETER_CODE, code);
    request.addParameter(DuoSecurityUniversalPromptValidateLoginAction.REQUEST_PARAMETER_STATE, ticket.getId());
    val result = duoUniversalPromptValidateLoginAction.execute(context);
    assertNotNull(result);
    assertEquals(CasWebflowConstants.TRANSITION_ID_SUCCESS, result.getId());
    assertNotNull(WebUtils.getAuthentication(context));
    assertNotNull(WebUtils.getRegisteredService(context));
    assertNotNull(WebUtils.getAuthenticationResult(context));
}
Also used : lombok.val(lombok.val) TestMultifactorAuthenticationProvider(org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider) TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket) PrincipalElectionStrategy(org.apereo.cas.authentication.PrincipalElectionStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) Authentication(org.apereo.cas.authentication.Authentication) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.springframework.mock.web.MockServletContext) MultifactorAuthenticationPrincipalResolver(org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

TransientSessionTicket (org.apereo.cas.ticket.TransientSessionTicket)9 lombok.val (lombok.val)7 Optional (java.util.Optional)3 Getter (lombok.Getter)3 RequiredArgsConstructor (lombok.RequiredArgsConstructor)3 Slf4j (lombok.extern.slf4j.Slf4j)3 RegisteredServiceProperties (org.apereo.cas.services.RegisteredServiceProperty.RegisteredServiceProperties)3 DelegatedClientAuthenticationConfigurationContext (org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext)3 WebContext (org.pac4j.core.context.WebContext)3 RedirectionActionBuilder (org.pac4j.core.redirect.RedirectionActionBuilder)3 Serializable (java.io.Serializable)2 Arrays (java.util.Arrays)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 AccessLevel (lombok.AccessLevel)2 URIBuilder (org.apache.http.client.utils.URIBuilder)2 AuditableContext (org.apereo.cas.audit.AuditableContext)2 Authentication (org.apereo.cas.authentication.Authentication)2 Service (org.apereo.cas.authentication.principal.Service)2