Examples with AuthenticationMethod org.forgerock.oauth2.core.AuthenticationMethod used on opensource projects

Example 1 with AuthenticationMethod

use of org.forgerock.oauth2.core.AuthenticationMethod in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method setCurrentAcr.

/**
     * If the user is already logged in when the OAuth2 request comes in with an acr_values parameter, we
     * look to see if they've already matched one. If they have, we set the acr value on the request.
     */
private void setCurrentAcr(SSOToken token, OAuth2Request request, String acrValuesStr) throws NotFoundException, ServerException, SSOException, AccessDeniedException, UnsupportedEncodingException, URISyntaxException, ResourceOwnerAuthenticationRequired {
    String serviceUsed = token.getProperty(ISAuthConstants.SERVICE);
    Set<String> acrValues = new HashSet<>(Arrays.asList(acrValuesStr.split("\\s+")));
    OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    Map<String, AuthenticationMethod> acrMap = settings.getAcrMapping();
    boolean matched = false;
    for (String acr : acrValues) {
        if (acrMap.containsKey(acr)) {
            if (serviceUsed.equals(acrMap.get(acr).getName())) {
                final Request req = request.getRequest();
                req.getResourceRef().addQueryParameter(OAuth2Constants.JWTTokenParams.ACR, acr);
                matched = true;
            }
        }
    }
    if (!matched) {
        throw authenticationRequired(request, token);
    }
}

Example 2 with AuthenticationMethod

use of org.forgerock.oauth2.core.AuthenticationMethod in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidator method chooseBestAcrValue.

/**
     * Searches through the supplied 'acr' values to find a matching authentication context configuration service for
     * this OpenID Connect client. If the client is not an OIDC client, or if no match is found, then {@code null} is
     * returned and the default login configuration for the realm will be used. Values will be tried in the order
     * passed, and the first matching value will be chosen.
     *
     * @param request the OAuth2 request that requires authentication.
     * @param acrValues the values of the acr_values parameter, in preference order.
     * @return the matching ACR value, or {@code null} if no match was found.
     */
private ACRValue chooseBestAcrValue(final OAuth2Request request, final String... acrValues) throws ServerException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final Map<String, AuthenticationMethod> mapping = settings.getAcrMapping();
    if (mapping != null) {
        for (String acrValue : acrValues) {
            final AuthenticationMethod method = mapping.get(acrValue);
            if (method instanceof OpenAMAuthenticationMethod) {
                if (logger.messageEnabled()) {
                    logger.message("Picked ACR value [" + acrValue + "] -> " + method);
                }
                return new ACRValue(acrValue, (OpenAMAuthenticationMethod) method);
            }
        }
    }
    if (logger.messageEnabled()) {
        logger.message("No ACR value matched - using default login configuration");
    }
    return null;
}

Example 3 with AuthenticationMethod

use of org.forgerock.oauth2.core.AuthenticationMethod in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidatorTest method shouldUseDefaultAuthChainWhenNoSupportedAcrValue.

@Test
public void shouldUseDefaultAuthChainWhenNoSupportedAcrValue() throws Exception {
    // Given
    mockPrompt("login");
    mockSSOToken(NO_SESSION_TOKEN);
    mockRequestAcrValues("not_supported");
    mockAcrValuesMap(Collections.<String, AuthenticationMethod>emptyMap());
    // When
    URI loginUri = null;
    try {
        resourceOwnerSessionValidator.validate(mockOAuth2Request);
        fail();
    } catch (ResourceOwnerAuthenticationRequired ex) {
        loginUri = ex.getRedirectUri();
    }
    // Then
    assertFalse(loginUri.getQuery().contains("service="));
}

Example 4 with AuthenticationMethod

use of org.forgerock.oauth2.core.AuthenticationMethod in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidatorTest method shouldUseAcrValuesIfSpecified.

@Test
public void shouldUseAcrValuesIfSpecified() throws Exception {
    // Given
    String acrValues = "1 2 3";
    String service = "myAuthService";
    mockPrompt("login");
    mockSSOToken(NO_SESSION_TOKEN);
    mockRequestAcrValues(acrValues);
    mockAcrValuesMap(Collections.<String, AuthenticationMethod>singletonMap("2", new OpenAMAuthenticationMethod(service, AuthContext.IndexType.SERVICE)));
    // When
    URI loginUri = null;
    try {
        resourceOwnerSessionValidator.validate(mockOAuth2Request);
        fail();
    } catch (ResourceOwnerAuthenticationRequired ex) {
        loginUri = ex.getRedirectUri();
    }
    // Then
    assertTrue(loginUri.getQuery().contains("service=" + service));
}

Example 5 with AuthenticationMethod

use of org.forgerock.oauth2.core.AuthenticationMethod in project OpenAM by OpenRock.

the class OpenAMResourceOwnerSessionValidatorTest method mockAcrValuesMap.

private void mockAcrValuesMap(Map<String, AuthenticationMethod> mapping) throws Exception {
    final OAuth2ProviderSettings mockSettings = mock(OAuth2ProviderSettings.class);
    given(mockProviderSettingsFactory.get(mockOAuth2Request)).willReturn(mockSettings);
    given(mockSettings.getAcrMapping()).willReturn(mapping);
}