Example 1 with PasswordExpirationAuthenticationResponseHandler
use of org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler in project cas by apereo.
the class LdapAuthenticationConfiguration method createLdapPasswordPolicyConfiguration.
private static LdapPasswordPolicyConfiguration createLdapPasswordPolicyConfiguration(final LdapAuthenticationProperties l, final Authenticator authenticator) {
final LdapPasswordPolicyConfiguration cfg = new LdapPasswordPolicyConfiguration(l.getPasswordPolicy());
final Set<AuthenticationResponseHandler> handlers = new HashSet<>();
if (cfg.getPasswordWarningNumberOfDays() > 0) {
LOGGER.debug("Password policy authentication response handler is set to accommodate directory type: [{}]", l.getPasswordPolicy().getType());
switch(l.getPasswordPolicy().getType()) {
case AD:
handlers.add(new ActiveDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
break;
case FreeIPA:
handlers.add(new FreeIPAAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays()), cfg.getLoginFailures()));
break;
case EDirectory:
handlers.add(new EDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
break;
default:
handlers.add(new PasswordPolicyAuthenticationResponseHandler());
handlers.add(new PasswordExpirationAuthenticationResponseHandler());
break;
}
} else {
LOGGER.debug("Password warning number of days is undefined; LDAP authentication may NOT support " + "EDirectory, AD and FreeIPA to handle password policy authentication responses");
}
authenticator.setAuthenticationResponseHandlers((AuthenticationResponseHandler[]) handlers.toArray(new AuthenticationResponseHandler[handlers.size()]));
LOGGER.debug("LDAP authentication response handlers configured are: [{}]", handlers);
if (StringUtils.isNotBlank(l.getPasswordPolicy().getWarningAttributeName()) && StringUtils.isNotBlank(l.getPasswordPolicy().getWarningAttributeValue())) {
LOGGER.debug("Configuring an warning account state handler for LDAP authentication for warning attribute [{}] and value [{}]", l.getPasswordPolicy().getWarningAttributeName(), l.getPasswordPolicy().getWarningAttributeValue());
final OptionalWarningAccountStateHandler accountHandler = new OptionalWarningAccountStateHandler();
accountHandler.setDisplayWarningOnMatch(l.getPasswordPolicy().isDisplayWarningOnMatch());
accountHandler.setWarnAttributeName(l.getPasswordPolicy().getWarningAttributeName());
accountHandler.setWarningAttributeValue(l.getPasswordPolicy().getWarningAttributeValue());
accountHandler.setAttributesToErrorMap(l.getPasswordPolicy().getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
} else {
final DefaultAccountStateHandler accountHandler = new DefaultAccountStateHandler();
accountHandler.setAttributesToErrorMap(l.getPasswordPolicy().getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
LOGGER.debug("Configuring the default account state handler for LDAP authentication");
}
return cfg;
}
Also used :
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
AuthenticationResponseHandler(org.ldaptive.auth.AuthenticationResponseHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
LdapPasswordPolicyConfiguration(org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
DefaultAccountStateHandler(org.apereo.cas.authentication.support.DefaultAccountStateHandler)
HashSet(java.util.HashSet)
OptionalWarningAccountStateHandler(org.apereo.cas.authentication.support.OptionalWarningAccountStateHandler)
Example 2 with PasswordExpirationAuthenticationResponseHandler
use of org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler in project cas by apereo.
the class LdapAuthenticationConfiguration method createLdapPasswordPolicyConfiguration.
private LdapPasswordPolicyConfiguration createLdapPasswordPolicyConfiguration(final LdapAuthenticationProperties l, final Authenticator authenticator, final Multimap<String, Object> attributes) {
final LdapPasswordPolicyConfiguration cfg = new LdapPasswordPolicyConfiguration(l.getPasswordPolicy());
final Set<AuthenticationResponseHandler> handlers = new HashSet<>();
final String customPolicyClass = l.getPasswordPolicy().getCustomPolicyClass();
if (StringUtils.isNotBlank(customPolicyClass)) {
try {
LOGGER.debug("Configuration indicates use of a custom password policy handler [{}]", customPolicyClass);
final Class<AuthenticationResponseHandler> clazz = (Class<AuthenticationResponseHandler>) Class.forName(customPolicyClass);
handlers.add(clazz.getDeclaredConstructor().newInstance());
} catch (final Exception e) {
LOGGER.warn("Unable to construct an instance of the password policy handler", e);
}
}
LOGGER.debug("Password policy authentication response handler is set to accommodate directory type: [{}]", l.getPasswordPolicy().getType());
switch(l.getPasswordPolicy().getType()) {
case AD:
handlers.add(new ActiveDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
Arrays.stream(ActiveDirectoryAuthenticationResponseHandler.ATTRIBUTES).forEach(a -> {
LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", a);
attributes.put(a, a);
});
break;
case FreeIPA:
Arrays.stream(FreeIPAAuthenticationResponseHandler.ATTRIBUTES).forEach(a -> {
LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", a);
attributes.put(a, a);
});
handlers.add(new FreeIPAAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays()), cfg.getLoginFailures()));
break;
case EDirectory:
Arrays.stream(EDirectoryAuthenticationResponseHandler.ATTRIBUTES).forEach(a -> {
LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", a);
attributes.put(a, a);
});
handlers.add(new EDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
break;
default:
handlers.add(new PasswordPolicyAuthenticationResponseHandler());
handlers.add(new PasswordExpirationAuthenticationResponseHandler());
break;
}
authenticator.setAuthenticationResponseHandlers((AuthenticationResponseHandler[]) handlers.toArray(new AuthenticationResponseHandler[handlers.size()]));
LOGGER.debug("LDAP authentication response handlers configured are: [{}]", handlers);
if (StringUtils.isNotBlank(l.getPasswordPolicy().getWarningAttributeName()) && StringUtils.isNotBlank(l.getPasswordPolicy().getWarningAttributeValue())) {
final OptionalWarningLdapLdapAccountStateHandler accountHandler = new OptionalWarningLdapLdapAccountStateHandler();
accountHandler.setDisplayWarningOnMatch(l.getPasswordPolicy().isDisplayWarningOnMatch());
accountHandler.setWarnAttributeName(l.getPasswordPolicy().getWarningAttributeName());
accountHandler.setWarningAttributeValue(l.getPasswordPolicy().getWarningAttributeValue());
accountHandler.setAttributesToErrorMap(l.getPasswordPolicy().getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
LOGGER.debug("Configuring an warning account state handler for LDAP authentication for warning attribute [{}] and value [{}]", l.getPasswordPolicy().getWarningAttributeName(), l.getPasswordPolicy().getWarningAttributeValue());
} else {
final DefaultLdapLdapAccountStateHandler accountHandler = new DefaultLdapLdapAccountStateHandler();
accountHandler.setAttributesToErrorMap(l.getPasswordPolicy().getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
LOGGER.debug("Configuring the default account state handler for LDAP authentication");
}
return cfg;
}
Also used :
DefaultLdapLdapAccountStateHandler(org.apereo.cas.authentication.support.DefaultLdapLdapAccountStateHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
OptionalWarningLdapLdapAccountStateHandler(org.apereo.cas.authentication.support.OptionalWarningLdapLdapAccountStateHandler)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
AuthenticationResponseHandler(org.ldaptive.auth.AuthenticationResponseHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
LdapPasswordPolicyConfiguration(org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)
HashSet(java.util.HashSet)
Example 3 with PasswordExpirationAuthenticationResponseHandler
use of org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler in project cas by apereo.
the class LdapUtils method createLdapPasswordPolicyConfiguration.
/**
* Create ldap password policy configuration.
*
* @param passwordPolicy the password policy
* @param authenticator the authenticator
* @param attributes the attributes
* @return the password policy context
*/
public static PasswordPolicyContext createLdapPasswordPolicyConfiguration(final LdapPasswordPolicyProperties passwordPolicy, final Authenticator authenticator, final Multimap<String, Object> attributes) {
val cfg = new PasswordPolicyContext(passwordPolicy);
val requestHandlers = new HashSet<>();
val responseHandlers = new HashSet<>();
val customPolicyClass = passwordPolicy.getCustomPolicyClass();
if (StringUtils.isNotBlank(customPolicyClass)) {
try {
LOGGER.debug("Configuration indicates use of a custom password policy handler [{}]", customPolicyClass);
val clazz = (Class<AuthenticationResponseHandler>) Class.forName(customPolicyClass);
responseHandlers.add(clazz.getDeclaredConstructor().newInstance());
} catch (final Exception e) {
LoggingUtils.warn(LOGGER, "Unable to construct an instance of the password policy handler", e);
}
}
LOGGER.debug("Password policy authentication response handler is set to accommodate directory type: [{}]", passwordPolicy.getType());
switch(passwordPolicy.getType()) {
case AD:
responseHandlers.add(new ActiveDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
Arrays.stream(ActiveDirectoryAuthenticationResponseHandler.ATTRIBUTES).forEach(a -> {
LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", a);
attributes.put(a, a);
});
break;
case FreeIPA:
Arrays.stream(FreeIPAAuthenticationResponseHandler.ATTRIBUTES).forEach(a -> {
LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", a);
attributes.put(a, a);
});
responseHandlers.add(new FreeIPAAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays()), cfg.getLoginFailures()));
break;
case EDirectory:
Arrays.stream(EDirectoryAuthenticationResponseHandler.ATTRIBUTES).forEach(a -> {
LOGGER.debug("Configuring authentication to retrieve password policy attribute [{}]", a);
attributes.put(a, a);
});
responseHandlers.add(new EDirectoryAuthenticationResponseHandler(Period.ofDays(cfg.getPasswordWarningNumberOfDays())));
break;
default:
requestHandlers.add(new PasswordPolicyAuthenticationRequestHandler());
responseHandlers.add(new PasswordPolicyAuthenticationResponseHandler());
responseHandlers.add(new PasswordExpirationAuthenticationResponseHandler());
break;
}
if (!requestHandlers.isEmpty()) {
authenticator.setRequestHandlers(requestHandlers.toArray(AuthenticationRequestHandler[]::new));
}
authenticator.setResponseHandlers(responseHandlers.toArray(AuthenticationResponseHandler[]::new));
LOGGER.debug("LDAP authentication response handlers configured are: [{}]", responseHandlers);
if (!passwordPolicy.isAccountStateHandlingEnabled()) {
cfg.setAccountStateHandler((response, configuration) -> new ArrayList<>(0));
LOGGER.trace("Handling LDAP account states is disabled via CAS configuration");
} else if (StringUtils.isNotBlank(passwordPolicy.getWarningAttributeName()) && StringUtils.isNotBlank(passwordPolicy.getWarningAttributeValue())) {
val accountHandler = new OptionalWarningLdapAccountStateHandler();
accountHandler.setDisplayWarningOnMatch(passwordPolicy.isDisplayWarningOnMatch());
accountHandler.setWarnAttributeName(passwordPolicy.getWarningAttributeName());
accountHandler.setWarningAttributeValue(passwordPolicy.getWarningAttributeValue());
accountHandler.setAttributesToErrorMap(passwordPolicy.getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
LOGGER.debug("Configuring an warning account state handler for LDAP authentication for warning attribute [{}] and value [{}]", passwordPolicy.getWarningAttributeName(), passwordPolicy.getWarningAttributeValue());
} else {
val accountHandler = new DefaultLdapAccountStateHandler();
accountHandler.setAttributesToErrorMap(passwordPolicy.getPolicyAttributes());
cfg.setAccountStateHandler(accountHandler);
LOGGER.debug("Configuring the default account state handler for LDAP authentication");
}
return cfg;
}
Also used :
lombok.val(lombok.val)
OptionalWarningLdapAccountStateHandler(org.apereo.cas.authentication.support.OptionalWarningLdapAccountStateHandler)
DefaultLdapAccountStateHandler(org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler)
PasswordPolicyAuthenticationRequestHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationRequestHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
PasswordPolicyContext(org.apereo.cas.authentication.support.password.PasswordPolicyContext)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
LdapException(org.ldaptive.LdapException)
PasswordPolicyAuthenticationRequestHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationRequestHandler)
AuthenticationRequestHandler(org.ldaptive.auth.AuthenticationRequestHandler)
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
FreeIPAAuthenticationResponseHandler(org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)
ActiveDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)
PasswordExpirationAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)
EDirectoryAuthenticationResponseHandler(org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)
AuthenticationResponseHandler(org.ldaptive.auth.AuthenticationResponseHandler)
PasswordPolicyAuthenticationResponseHandler(org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)
UtilityClass(lombok.experimental.UtilityClass)
HashSet(java.util.HashSet)
Aggregations
HashSet (java.util.HashSet)3
AuthenticationResponseHandler (org.ldaptive.auth.AuthenticationResponseHandler)3
ActiveDirectoryAuthenticationResponseHandler (org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)3
EDirectoryAuthenticationResponseHandler (org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)3
FreeIPAAuthenticationResponseHandler (org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler)3
PasswordExpirationAuthenticationResponseHandler (org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler)3
PasswordPolicyAuthenticationResponseHandler (org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler)3
LdapPasswordPolicyConfiguration (org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)2
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
UtilityClass (lombok.experimental.UtilityClass)1
lombok.val (lombok.val)1
DefaultAccountStateHandler (org.apereo.cas.authentication.support.DefaultAccountStateHandler)1
DefaultLdapAccountStateHandler (org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler)1
DefaultLdapLdapAccountStateHandler (org.apereo.cas.authentication.support.DefaultLdapLdapAccountStateHandler)1
OptionalWarningAccountStateHandler (org.apereo.cas.authentication.support.OptionalWarningAccountStateHandler)1
OptionalWarningLdapAccountStateHandler (org.apereo.cas.authentication.support.OptionalWarningLdapAccountStateHandler)1
OptionalWarningLdapLdapAccountStateHandler (org.apereo.cas.authentication.support.OptionalWarningLdapLdapAccountStateHandler)1
PasswordPolicyContext (org.apereo.cas.authentication.support.password.PasswordPolicyContext)1
LdapException (org.ldaptive.LdapException)1
AuthenticationRequestHandler (org.ldaptive.auth.AuthenticationRequestHandler)1
