Example 1 with UnsatisfiedAuthenticationContextTicketValidationException
use of org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException in project cas by apereo.
the class AbstractServiceValidateController method handleTicketValidation.
/**
* Handle ticket validation model and view.
*
* @param request the request
* @param service the service
* @param serviceTicketId the service ticket id
* @return the model and view
*/
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final WebApplicationService service, final String serviceTicketId) {
TicketGrantingTicket proxyGrantingTicketId = null;
final Credential serviceCredential = getServiceCredentialsFromRequest(service, request);
if (serviceCredential != null) {
try {
proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
} catch (final AuthenticationException e) {
LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
} catch (final InvalidTicketException e) {
LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential, e);
return generateErrorView(e.getCode(), new Object[] { serviceTicketId }, request, service);
} catch (final AbstractTicketException e) {
LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential, e);
return generateErrorView(e.getCode(), new Object[] { serviceCredential.getId() }, request, service);
}
}
final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
if (!validateAssertion(request, serviceTicketId, assertion, service)) {
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request, service);
}
final Pair<Boolean, Optional<MultifactorAuthenticationProvider>> ctxResult = validateAuthenticationContext(assertion, request);
if (!ctxResult.getKey()) {
throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
}
String proxyIou = null;
if (serviceCredential != null && this.proxyHandler != null && this.proxyHandler.canHandle(serviceCredential)) {
proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
if (StringUtils.isEmpty(proxyIou)) {
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
}
} else {
LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", this.proxyHandler);
}
onSuccessfulValidation(serviceTicketId, assertion);
LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getValue(), proxyGrantingTicketId);
}
Also used :
Credential(org.apereo.cas.authentication.Credential)
HttpBasedServiceCredential(org.apereo.cas.authentication.HttpBasedServiceCredential)
Optional(java.util.Optional)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
Assertion(org.apereo.cas.validation.Assertion)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)
Example 2 with UnsatisfiedAuthenticationContextTicketValidationException
use of org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException in project cas by apereo.
the class DefaultMultifactorAuthenticationProviderResolverTests method verifyMultipleProvidersWithPrincipalAttributes.
@Test
public void verifyMultipleProvidersWithPrincipalAttributes() {
val applicationContext = new StaticApplicationContext();
applicationContext.refresh();
val casProperties = new CasConfigurationProperties();
casProperties.getAuthn().getMfa().getTriggers().getPrincipal().setGlobalPrincipalAttributeNameTriggers("mfa-principal");
val resolver = new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical());
val trigger = new PrincipalAttributeMultifactorAuthenticationTrigger(casProperties, resolver, applicationContext);
assertProviderResolutionFromManyProviders(trigger, applicationContext, true);
assertThrows(UnsatisfiedAuthenticationContextTicketValidationException.class, () -> {
throw new UnsatisfiedAuthenticationContextTicketValidationException(MultifactorAuthenticationTestUtils.getService("id"));
});
}
Also used :
lombok.val(lombok.val)
StaticApplicationContext(org.springframework.context.support.StaticApplicationContext)
PrincipalAttributeMultifactorAuthenticationTrigger(org.apereo.cas.authentication.mfa.trigger.PrincipalAttributeMultifactorAuthenticationTrigger)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)
Test(org.junit.jupiter.api.Test)
Example 3 with UnsatisfiedAuthenticationContextTicketValidationException
use of org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException in project cas by apereo.
the class AbstractServiceValidateController method handleTicketValidation.
/**
* Handle ticket validation model and view.
*
* @param request the request
* @param response the response
* @param service the service
* @param serviceTicketId the service ticket id
* @return the model and view
*/
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final HttpServletResponse response, final WebApplicationService service, final String serviceTicketId) {
var proxyGrantingTicketId = (ProxyGrantingTicket) null;
val serviceCredential = getServiceCredentialsFromRequest(service, request);
if (serviceCredential != null) {
try {
proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
} catch (final AuthenticationException e) {
LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, description, request, service);
} catch (final InvalidTicketException e) {
LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential);
LoggingUtils.error(LOGGER, e);
val description = getTicketValidationErrorDescription(e.getCode(), new Object[] { serviceTicketId }, request);
return generateErrorView(e.getCode(), description, request, service);
} catch (final AbstractTicketException e) {
LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential);
LoggingUtils.error(LOGGER, e);
val description = getTicketValidationErrorDescription(e.getCode(), new Object[] { serviceCredential.getId() }, request);
return generateErrorView(e.getCode(), description, request, service);
}
}
val assertion = validateServiceTicket(service, serviceTicketId);
if (!validateAssertion(request, serviceTicketId, assertion, service)) {
val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, description, request, service);
}
val ctxResult = serviceValidateConfigurationContext.getRequestedContextValidator().validateAuthenticationContext(assertion, request, response);
if (!ctxResult.isSuccess()) {
throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
}
var proxyIou = StringUtils.EMPTY;
val proxyHandler = serviceValidateConfigurationContext.getProxyHandler();
if (serviceCredential != null && proxyHandler != null && proxyHandler.canHandle(serviceCredential)) {
val registeredService = ((HttpBasedServiceCredential) serviceCredential).getService();
val authorizedToReleaseProxyGrantingTicket = registeredService.getAttributeReleasePolicy().isAuthorizedToReleaseProxyGrantingTicket();
if (!authorizedToReleaseProxyGrantingTicket) {
LOGGER.debug("Service [{}] is not authorized to release the PGT directly, make a proxy callback", registeredService);
proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
if (StringUtils.isEmpty(proxyIou)) {
val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, description, request, service);
}
} else {
LOGGER.debug("Service [{}] is authorized to release the PGT directly, skip the proxy callback", registeredService);
}
} else {
LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", proxyHandler);
}
onSuccessfulValidation(serviceTicketId, assertion);
LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getContextId(), proxyGrantingTicketId);
}
Also used :
lombok.val(lombok.val)
HttpBasedServiceCredential(org.apereo.cas.authentication.credential.HttpBasedServiceCredential)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)
Aggregations
UnsatisfiedAuthenticationContextTicketValidationException (org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)3
lombok.val (lombok.val)2
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)2
AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)2
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)2
Optional (java.util.Optional)1
Credential (org.apereo.cas.authentication.Credential)1
HttpBasedServiceCredential (org.apereo.cas.authentication.HttpBasedServiceCredential)1
HttpBasedServiceCredential (org.apereo.cas.authentication.credential.HttpBasedServiceCredential)1
PrincipalAttributeMultifactorAuthenticationTrigger (org.apereo.cas.authentication.mfa.trigger.PrincipalAttributeMultifactorAuthenticationTrigger)1
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)1
ProxyGrantingTicket (org.apereo.cas.ticket.proxy.ProxyGrantingTicket)1
Assertion (org.apereo.cas.validation.Assertion)1
Test (org.junit.jupiter.api.Test)1
StaticApplicationContext (org.springframework.context.support.StaticApplicationContext)1
