use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
val mappings = getAuthenticationContextMappings();
return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
val clazz = ref.getURI();
return mappings.containsKey(clazz);
}).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
});
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTrigger method supports.
@Override
public boolean supports(final HttpServletRequest request, final RegisteredService registeredService, final Authentication authentication, final Service service) {
if (!getAuthenticationContextMappings().isEmpty()) {
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
if (result.isPresent()) {
val authnRequest = (AuthnRequest) result.get().getLeft();
return authnRequest.getRequestedAuthnContext() != null && authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() != null && !authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().isEmpty();
}
}
return false;
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class DefaultDelegatedClientAuthenticationWebflowManager method storeDelegatedClientAuthenticationRequest.
/**
* Store delegated client authentication request.
*
* @param webContext the web context
* @return the transient session ticket
* @throws Exception the exception
*/
protected TransientSessionTicket storeDelegatedClientAuthenticationRequest(final JEEContext webContext) throws Exception {
val properties = buildTicketProperties(webContext);
val originalService = configContext.getArgumentExtractor().extractService(webContext.getNativeRequest());
val service = configContext.getAuthenticationRequestServiceSelectionStrategies().resolveService(originalService);
properties.put(CasProtocolConstants.PARAMETER_SERVICE, originalService);
properties.put(CasProtocolConstants.PARAMETER_TARGET_SERVICE, service);
val registeredService = configContext.getServicesManager().findServiceBy(service);
webContext.getRequestParameter(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN).or(() -> Optional.of(Boolean.toString(RegisteredServiceProperties.DELEGATED_AUTHN_FORCE_AUTHN.isAssignedTo(registeredService)))).filter(value -> StringUtils.equalsIgnoreCase(value, "true")).ifPresent(attr -> properties.put(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true));
webContext.getRequestParameter(RedirectionActionBuilder.ATTRIBUTE_PASSIVE).or(() -> Optional.of(Boolean.toString(RegisteredServiceProperties.DELEGATED_AUTHN_PASSIVE_AUTHN.isAssignedTo(registeredService)))).filter(value -> StringUtils.equalsIgnoreCase(value, "true")).ifPresent(attr -> properties.put(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true));
val transientFactory = (TransientSessionTicketFactory) configContext.getTicketFactory().get(TransientSessionTicket.class);
val ticket = transientFactory.create(originalService, properties);
LOGGER.debug("Storing delegated authentication request ticket [{}] for service [{}] with properties [{}]", ticket.getId(), ticket.getService(), ticket.getProperties());
configContext.getCentralAuthenticationService().addTicket(ticket);
webContext.setRequestAttribute(PARAMETER_CLIENT_ID, ticket.getId());
if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN)) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
}
if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_PASSIVE)) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
}
return ticket;
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class DelegatedClientAuthenticationActionTests method verifySaml2LogoutResponse.
@Test
public void verifySaml2LogoutResponse() throws Exception {
val client = builtClients.findClient("SAML2Client").get();
val request = new MockHttpServletRequest();
request.setParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER, client.getName());
val webContext = new JEEContext(request, new MockHttpServletResponse());
request.setMethod("POST");
val logoutResponse = getLogoutResponse();
request.setContent(EncodingUtils.encodeBase64(logoutResponse).getBytes(StandardCharsets.UTF_8));
val service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, service.getId());
val ticket = delegatedClientAuthenticationWebflowManager.store(webContext, client);
request.addParameter(DefaultDelegatedClientAuthenticationWebflowManager.PARAMETER_CLIENT_ID, ticket.getId());
request.addParameter(Pac4jConstants.LOGOUT_ENDPOINT_PARAMETER, "https://httpbin.org/post");
val context = new MockRequestContext();
val response = new MockHttpServletResponse();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
setRequestContext(context);
setExternalContext(context.getExternalContext());
val event = delegatedAuthenticationAction.execute(context);
assertEquals(CasWebflowConstants.TRANSITION_ID_ERROR, event.getId());
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class DelegatedClientAuthenticationActionTests method verifySsoAuthenticationWithInvalidTicketFails.
@Test
public void verifySsoAuthenticationWithInvalidTicketFails() throws Exception {
val context = new MockRequestContext();
val request = new MockHttpServletRequest();
request.addParameter("error_message", "Auth+failed");
val response = new MockHttpServletResponse();
val client = builtClients.findClient("FacebookClient").get();
val webContext = new JEEContext(request, new MockHttpServletResponse());
val ticket = delegatedClientAuthenticationWebflowManager.store(webContext, client);
request.addParameter(DefaultDelegatedClientAuthenticationWebflowManager.PARAMETER_CLIENT_ID, ticket.getId());
request.setParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER, "FacebookClient");
val service = CoreAuthenticationTestUtils.getService("https://delegated2.example.org");
servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, service.getId());
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
setRequestContext(context);
setExternalContext(context.getExternalContext());
val tgt = new MockTicketGrantingTicket("casuser");
centralAuthenticationService.addTicket(tgt);
WebUtils.putTicketGrantingTicketInScopes(context, new MockTicketGrantingTicket("otheruser"));
assertEquals(CasWebflowConstants.TRANSITION_ID_STOP, delegatedAuthenticationAction.execute(context).getId());
}
Aggregations