use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method build.
@Override
public String build(final SamlProfileBuilderContext context) {
if (StringUtils.isNotBlank(context.getRegisteredService().getRequiredAuthenticationContextClass())) {
LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", context.getRegisteredService().getRequiredAuthenticationContextClass(), context.getRegisteredService().getName());
return context.getRegisteredService().getRequiredAuthenticationContextClass();
}
val defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
val requestedAuthnContext = context.getSamlRequest() instanceof AuthnRequest ? AuthnRequest.class.cast(context.getSamlRequest()).getRequestedAuthnContext() : null;
if (requestedAuthnContext == null) {
LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
return defClass;
}
val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
return defClass;
}
val contextInAssertion = getAuthenticationContextByAssertion(context, requestedAuthnContext, authnContextClassRefs);
val finalCtx = StringUtils.defaultIfBlank(contextInAssertion, defClass);
LOGGER.debug("Returning authN context [{}]", finalCtx);
return finalCtx;
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTriggerTests method verifyContextMapping.
@Test
public void verifyContextMapping() throws Exception {
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
val service = RegisteredServiceTestUtils.getService(registeredService.getServiceId());
val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, registeredService);
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
classRef.setURI("context1");
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
reqCtx.getAuthnContextClassRefs().add(classRef);
authnRequest.setRequestedAuthnContext(reqCtx);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val context = Pair.of(authnRequest, messageContext);
SamlIdPUtils.storeSamlRequest(new JEEContext(request, response), openSamlConfigBean, samlIdPDistributedSessionStore, context);
assertTrue(samlIdPMultifactorAuthenticationTrigger.supports(request, registeredService, RegisteredServiceTestUtils.getAuthentication(), service));
val result = samlIdPMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), registeredService, request, response, service);
assertTrue(result.isPresent());
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class SamlIdPDelegatedClientAuthenticationRequestCustomizer method customize.
@Override
public void customize(final IndirectClient client, final WebContext webContext) {
val authnRequestResult = SamlIdPUtils.retrieveSamlRequest(webContext, sessionStore, openSamlConfigBean, AuthnRequest.class).map(Pair::getLeft).map(AuthnRequest.class::cast);
authnRequestResult.ifPresent(authnRequest -> {
LOGGER.debug("Retrieved the SAML2 authentication request from [{}]", SamlIdPUtils.getIssuerFromSamlObject(authnRequest));
if (authnRequest.isForceAuthn()) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
}
if (authnRequest.isPassive()) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
}
val requestedAuthnContext = authnRequest.getRequestedAuthnContext();
if (requestedAuthnContext != null && requestedAuthnContext.getAuthnContextClassRefs() != null && !requestedAuthnContext.getAuthnContextClassRefs().isEmpty()) {
val refs = requestedAuthnContext.getAuthnContextClassRefs().stream().map(XSURI::getURI).collect(Collectors.toList());
webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_AUTHN_CONTEXT_CLASS_REFS, refs);
webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_COMPARISON_TYPE, requestedAuthnContext.getComparison().name());
}
});
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldMaintainTheAuthnContextsInPreferenceOrder.
@Test
public void shouldMaintainTheAuthnContextsInPreferenceOrder() {
IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2)).buildFromHub();
AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
List<String> authnContexts = authnContextClassRefs.stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
assertThat(authnContexts).containsSequence(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
}
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldCorrectlyMapLevelsOfAssurance.
@Test
public void shouldCorrectlyMapLevelsOfAssurance() {
List<AuthnContext> levelsOfAssurance = Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2);
List<String> expected = Arrays.asList(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(levelsOfAssurance).buildFromHub();
AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
List<String> actual = requestedAuthnContext.getAuthnContextClassRefs().stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
assertThat(actual).containsAll(expected);
}
Aggregations