use of org.jasig.cas.client.ssl.HttpsURLConnectionFactory in project pwm by pwm-project.
the class CASFilterAuthenticationProvider method authUserUsingCASClearPass.
private static boolean authUserUsingCASClearPass(final PwmRequest pwmRequest) throws UnsupportedEncodingException, PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final HttpSession session = pwmRequest.getHttpServletRequest().getSession();
// make sure user session isn't already authenticated
if (pwmSession.isAuthenticated()) {
return false;
}
// read CAS assertion out of the header (if it exists);
final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
if (assertion == null) {
LOGGER.trace(pwmSession, "no CAS assertion header present, skipping CAS authentication attempt");
return false;
}
final String username = assertion.getPrincipal().getName();
PasswordData password = null;
final AttributePrincipal attributePrincipal = assertion.getPrincipal();
final Map<String, Object> casAttributes = attributePrincipal.getAttributes();
final String encodedPsw = (String) casAttributes.get("credential");
if (encodedPsw == null) {
LOGGER.trace("No credential");
} else {
final Map<FileInformation, FileContent> privatekey = pwmRequest.getConfig().readSettingAsFile(PwmSetting.CAS_CLEARPASS_KEY);
final String alg = pwmRequest.getConfig().readSettingAsString(PwmSetting.CAS_CLEARPASS_ALGORITHM);
password = decryptPassword(alg, privatekey, encodedPsw);
}
// If using the old method
final String clearPassUrl = pwmRequest.getConfig().readSettingAsString(PwmSetting.CAS_CLEAR_PASS_URL);
if ((clearPassUrl != null && clearPassUrl.length() > 0) && (password == null || password.getStringValue().length() < 1)) {
LOGGER.trace(pwmSession, "Using CAS clearpass via proxy");
// read cas proxy ticket
final String proxyTicket = assertion.getPrincipal().getProxyTicketFor(clearPassUrl);
if (proxyTicket == null) {
LOGGER.trace(pwmSession, "no CAS proxy ticket available, skipping CAS authentication attempt");
return false;
}
final String clearPassRequestUrl = clearPassUrl + "?" + "ticket=" + proxyTicket + "&" + "service=" + StringUtil.urlEncode(clearPassUrl);
try {
final String response = CommonUtils.getResponseFromServer(new URL(clearPassRequestUrl), new HttpsURLConnectionFactory(), "UTF-8");
password = new PasswordData(XmlUtils.getTextForElement(response, "credentials"));
} catch (MalformedURLException e) {
LOGGER.error(pwmSession, "Invalid CAS clearPassUrl");
}
}
if (password == null || password.getStringValue().length() < 1) {
final String errorMsg = "CAS server did not return credentials for user '" + username + "'";
LOGGER.trace(pwmSession, errorMsg);
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
throw new PwmOperationalException(errorInformation);
}
// user isn't already authenticated and has CAS assertion and password, so try to auth them.
LOGGER.debug(pwmSession, "attempting to authenticate user '" + username + "' using CAS assertion and password");
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.CAS);
sessionAuthenticator.searchAndAuthenticateUser(username, password, null, null);
return true;
}
Aggregations