use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.
the class BaseDelegatedAuthenticationController method configureWebContextForRegisteredService.
/**
* Configure web context for registered service.
*
* @param webContext the web context
* @param ticket the ticket
*/
protected void configureWebContextForRegisteredService(final WebContext webContext, final TransientSessionTicket ticket) {
val registeredService = configurationContext.getServicesManager().findServiceBy(ticket.getService());
val audit = AuditableContext.builder().service(ticket.getService()).registeredService(registeredService).build();
val result = configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(audit);
result.throwExceptionIfNeeded();
if (!registeredService.getProperties().isEmpty()) {
val delegatedAuthnProperties = Arrays.stream(RegisteredServiceProperties.values()).filter(prop -> prop.isMemberOf(RegisteredServicePropertyGroups.DELEGATED_AUTHN)).collect(Collectors.toList());
configureWebContextForRegisteredServiceProperties(registeredService, webContext, delegatedAuthnProperties);
val saml2ServiceProperties = Arrays.stream(RegisteredServiceProperties.values()).filter(prop -> prop.isMemberOf(RegisteredServicePropertyGroups.DELEGATED_AUTHN_SAML2)).collect(Collectors.toList());
configureWebContextForRegisteredServiceProperties(registeredService, webContext, saml2ServiceProperties);
val oidcProperties = Arrays.stream(RegisteredServiceProperties.values()).filter(prop -> prop.isMemberOf(RegisteredServicePropertyGroups.DELEGATED_AUTHN_OIDC)).collect(Collectors.toList());
configureWebContextForRegisteredServiceProperties(registeredService, webContext, oidcProperties);
}
}
use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.
the class BaseDelegatedAuthenticationController method getRedirectionAction.
/**
* Gets redirection action.
*
* @param client the client
* @param webContext the web context
* @param ticket the ticket
* @return the redirection action
*/
protected Optional<RedirectionAction> getRedirectionAction(final IndirectClient client, final WebContext webContext, final TransientSessionTicket ticket) {
val properties = ticket.getProperties();
if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN)) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
}
if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_PASSIVE)) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
}
if (ticket.getService() != null) {
configureWebContextForRegisteredService(webContext, ticket);
}
configurationContext.getDelegatedClientAuthenticationRequestCustomizers().stream().sorted(AnnotationAwareOrderComparator.INSTANCE).filter(c -> c.supports(client, webContext)).forEach(c -> c.customize(client, webContext));
return client.getRedirectionActionBuilder().getRedirectionAction(webContext, configurationContext.getSessionStore());
}
use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.
the class DuoSecurityUniversalPromptValidateLoginAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
val requestParameters = requestContext.getRequestParameters();
if (requestParameters.contains(REQUEST_PARAMETER_CODE) && requestParameters.contains(REQUEST_PARAMETER_STATE)) {
val duoState = requestParameters.get(REQUEST_PARAMETER_STATE, String.class);
LOGGER.trace("Received Duo Security state [{}]", duoState);
var ticket = (TransientSessionTicket) null;
try {
ticket = centralAuthenticationService.getTicket(duoState, TransientSessionTicket.class);
val authentication = ticket.getProperty(Authentication.class.getSimpleName(), Authentication.class);
populateContextWithCredential(requestContext, ticket, authentication);
populateContextWithAuthentication(requestContext, ticket);
populateContextWithService(requestContext, ticket);
return super.doExecute(requestContext);
} catch (final Exception e) {
LoggingUtils.warn(LOGGER, e);
return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_ERROR);
} finally {
if (ticket != null) {
val flowScope = ticket.getProperty(MutableAttributeMap.class.getSimpleName(), Map.class);
flowScope.forEach((key, value) -> requestContext.getFlowScope().put(key.toString(), value));
val credential = ticket.getProperty(Credential.class.getSimpleName(), Credential.class);
WebUtils.putCredential(requestContext, credential);
}
centralAuthenticationService.deleteTicket(duoState);
}
}
return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_SKIP);
}
use of org.apereo.cas.ticket.TransientSessionTicket in project cas by apereo.
the class DuoSecurityUniversalPromptValidateLoginActionTests method verifyPass.
@Test
public void verifyPass() throws Exception {
val context = new MockRequestContext();
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
RequestContextHolder.setRequestContext(context);
ExternalContextHolder.setExternalContext(context.getExternalContext());
val identifier = casProperties.getAuthn().getMfa().getDuo().get(0).getId();
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext, new TestMultifactorAuthenticationProvider(identifier));
configurableApplicationContext.getBeansOfType(MultifactorAuthenticationPrincipalResolver.class).forEach((key, value) -> ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, value, key));
val authentication = RegisteredServiceTestUtils.getAuthentication();
WebUtils.putAuthentication(authentication, context);
WebUtils.putRegisteredService(context, RegisteredServiceTestUtils.getRegisteredService());
WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(context, provider);
val builder = mock(AuthenticationResultBuilder.class);
when(builder.getInitialAuthentication()).thenReturn(Optional.of(authentication));
when(builder.collect(any(Authentication.class))).thenReturn(builder);
val authnResult = mock(AuthenticationResult.class);
when(authnResult.getAuthentication()).thenReturn(authentication);
when(builder.build(any(PrincipalElectionStrategy.class))).thenReturn(authnResult);
WebUtils.putAuthenticationResultBuilder(builder, context);
val prepResult = duoUniversalPromptPrepareLoginAction.execute(context);
val ticket = (TransientSessionTicket) prepResult.getAttributes().get("result");
val code = UUID.randomUUID().toString();
request.addParameter(DuoSecurityUniversalPromptValidateLoginAction.REQUEST_PARAMETER_CODE, code);
request.addParameter(DuoSecurityUniversalPromptValidateLoginAction.REQUEST_PARAMETER_STATE, ticket.getId());
val result = duoUniversalPromptValidateLoginAction.execute(context);
assertNotNull(result);
assertEquals(CasWebflowConstants.TRANSITION_ID_SUCCESS, result.getId());
assertNotNull(WebUtils.getAuthentication(context));
assertNotNull(WebUtils.getRegisteredService(context));
assertNotNull(WebUtils.getAuthenticationResult(context));
}
Aggregations