Search in sources :

Example 1 with HttpsURLConnectionFactory

use of org.jasig.cas.client.ssl.HttpsURLConnectionFactory in project pwm by pwm-project.

the class CASFilterAuthenticationProvider method authUserUsingCASClearPass.

private static boolean authUserUsingCASClearPass(final PwmRequest pwmRequest) throws UnsupportedEncodingException, PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final HttpSession session = pwmRequest.getHttpServletRequest().getSession();
    // make sure user session isn't already authenticated
    if (pwmSession.isAuthenticated()) {
        return false;
    }
    // read CAS assertion out of the header (if it exists);
    final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
    if (assertion == null) {
        LOGGER.trace(pwmSession, "no CAS assertion header present, skipping CAS authentication attempt");
        return false;
    }
    final String username = assertion.getPrincipal().getName();
    PasswordData password = null;
    final AttributePrincipal attributePrincipal = assertion.getPrincipal();
    final Map<String, Object> casAttributes = attributePrincipal.getAttributes();
    final String encodedPsw = (String) casAttributes.get("credential");
    if (encodedPsw == null) {
        LOGGER.trace("No credential");
    } else {
        final Map<FileInformation, FileContent> privatekey = pwmRequest.getConfig().readSettingAsFile(PwmSetting.CAS_CLEARPASS_KEY);
        final String alg = pwmRequest.getConfig().readSettingAsString(PwmSetting.CAS_CLEARPASS_ALGORITHM);
        password = decryptPassword(alg, privatekey, encodedPsw);
    }
    // If using the old method
    final String clearPassUrl = pwmRequest.getConfig().readSettingAsString(PwmSetting.CAS_CLEAR_PASS_URL);
    if ((clearPassUrl != null && clearPassUrl.length() > 0) && (password == null || password.getStringValue().length() < 1)) {
        LOGGER.trace(pwmSession, "Using CAS clearpass via proxy");
        // read cas proxy ticket
        final String proxyTicket = assertion.getPrincipal().getProxyTicketFor(clearPassUrl);
        if (proxyTicket == null) {
            LOGGER.trace(pwmSession, "no CAS proxy ticket available, skipping CAS authentication attempt");
            return false;
        }
        final String clearPassRequestUrl = clearPassUrl + "?" + "ticket=" + proxyTicket + "&" + "service=" + StringUtil.urlEncode(clearPassUrl);
        try {
            final String response = CommonUtils.getResponseFromServer(new URL(clearPassRequestUrl), new HttpsURLConnectionFactory(), "UTF-8");
            password = new PasswordData(XmlUtils.getTextForElement(response, "credentials"));
        } catch (MalformedURLException e) {
            LOGGER.error(pwmSession, "Invalid CAS clearPassUrl");
        }
    }
    if (password == null || password.getStringValue().length() < 1) {
        final String errorMsg = "CAS server did not return credentials for user '" + username + "'";
        LOGGER.trace(pwmSession, errorMsg);
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // user isn't already authenticated and has CAS assertion and password, so try to auth them.
    LOGGER.debug(pwmSession, "attempting to authenticate user '" + username + "' using CAS assertion and password");
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.CAS);
    sessionAuthenticator.searchAndAuthenticateUser(username, password, null, null);
    return true;
}
Also used : PwmApplication(password.pwm.PwmApplication) MalformedURLException(java.net.MalformedURLException) FileInformation(password.pwm.config.value.FileValue.FileInformation) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) HttpSession(javax.servlet.http.HttpSession) Assertion(org.jasig.cas.client.validation.Assertion) URL(java.net.URL) PwmOperationalException(password.pwm.error.PwmOperationalException) FileContent(password.pwm.config.value.FileValue.FileContent) HttpsURLConnectionFactory(org.jasig.cas.client.ssl.HttpsURLConnectionFactory) ErrorInformation(password.pwm.error.ErrorInformation) PwmSession(password.pwm.http.PwmSession) AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)

Aggregations

MalformedURLException (java.net.MalformedURLException)1 URL (java.net.URL)1 HttpSession (javax.servlet.http.HttpSession)1 AttributePrincipal (org.jasig.cas.client.authentication.AttributePrincipal)1 HttpsURLConnectionFactory (org.jasig.cas.client.ssl.HttpsURLConnectionFactory)1 Assertion (org.jasig.cas.client.validation.Assertion)1 PwmApplication (password.pwm.PwmApplication)1 FileContent (password.pwm.config.value.FileValue.FileContent)1 FileInformation (password.pwm.config.value.FileValue.FileInformation)1 ErrorInformation (password.pwm.error.ErrorInformation)1 PwmOperationalException (password.pwm.error.PwmOperationalException)1 PwmSession (password.pwm.http.PwmSession)1 SessionAuthenticator (password.pwm.ldap.auth.SessionAuthenticator)1