use of org.pac4j.core.context.WebContext in project cas by apereo.
the class DefaultDelegatedClientAuthenticationWebflowManager method storeDelegatedClientAuthenticationRequest.
/**
* Store delegated client authentication request.
*
* @param webContext the web context
* @return the transient session ticket
* @throws Exception the exception
*/
protected TransientSessionTicket storeDelegatedClientAuthenticationRequest(final JEEContext webContext) throws Exception {
val properties = buildTicketProperties(webContext);
val originalService = configContext.getArgumentExtractor().extractService(webContext.getNativeRequest());
val service = configContext.getAuthenticationRequestServiceSelectionStrategies().resolveService(originalService);
properties.put(CasProtocolConstants.PARAMETER_SERVICE, originalService);
properties.put(CasProtocolConstants.PARAMETER_TARGET_SERVICE, service);
val registeredService = configContext.getServicesManager().findServiceBy(service);
webContext.getRequestParameter(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN).or(() -> Optional.of(Boolean.toString(RegisteredServiceProperties.DELEGATED_AUTHN_FORCE_AUTHN.isAssignedTo(registeredService)))).filter(value -> StringUtils.equalsIgnoreCase(value, "true")).ifPresent(attr -> properties.put(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true));
webContext.getRequestParameter(RedirectionActionBuilder.ATTRIBUTE_PASSIVE).or(() -> Optional.of(Boolean.toString(RegisteredServiceProperties.DELEGATED_AUTHN_PASSIVE_AUTHN.isAssignedTo(registeredService)))).filter(value -> StringUtils.equalsIgnoreCase(value, "true")).ifPresent(attr -> properties.put(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true));
val transientFactory = (TransientSessionTicketFactory) configContext.getTicketFactory().get(TransientSessionTicket.class);
val ticket = transientFactory.create(originalService, properties);
LOGGER.debug("Storing delegated authentication request ticket [{}] for service [{}] with properties [{}]", ticket.getId(), ticket.getService(), ticket.getProperties());
configContext.getCentralAuthenticationService().addTicket(ticket);
webContext.setRequestAttribute(PARAMETER_CLIENT_ID, ticket.getId());
if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN)) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
}
if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_PASSIVE)) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
}
return ticket;
}
use of org.pac4j.core.context.WebContext in project ddf by codice.
the class OidcRealmTest method getWebContext.
private WebContext getWebContext() {
WebContext context = mock(WebContext.class);
SessionStore sessionStore = mock(SessionStore.class);
when(sessionStore.get(context, NONCE_SESSION_ATTRIBUTE)).thenReturn(Optional.of("myNonce"));
when(context.getSessionStore()).thenReturn(sessionStore);
return context;
}
use of org.pac4j.core.context.WebContext in project ddf by codice.
the class OidcRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// token is guaranteed to be of type OidcAuthenticationToken by the supports() method
OidcAuthenticationToken oidcAuthenticationToken = (OidcAuthenticationToken) authenticationToken;
OidcCredentials credentials = (OidcCredentials) oidcAuthenticationToken.getCredentials();
OidcConfiguration oidcConfiguration = oidcHandlerConfiguration.getOidcConfiguration();
OIDCProviderMetadata oidcProviderMetadata = oidcConfiguration.findProviderMetadata();
WebContext webContext = (WebContext) oidcAuthenticationToken.getContext();
OidcClient<OidcConfiguration> oidcClient = oidcHandlerConfiguration.getOidcClient(webContext.getFullRequestURL());
int connectTimeout = oidcHandlerConfiguration.getConnectTimeout();
int readTimeout = oidcHandlerConfiguration.getReadTimeout();
try {
OidcCredentialsResolver oidcCredentialsResolver = new OidcCredentialsResolver(oidcConfiguration, oidcClient, oidcProviderMetadata, connectTimeout, readTimeout);
oidcCredentialsResolver.resolveIdToken(credentials, webContext);
} catch (TechnicalException e) {
throw new AuthenticationException(e);
}
// problem getting id token, invalidate credentials
if (credentials.getIdToken() == null) {
webContext.getSessionStore().destroySession(webContext);
String msg = String.format("Could not fetch id token with Oidc credentials (%s). " + "This may be due to the credentials expiring. " + "Invalidating session in order to acquire valid credentials.", credentials);
LOGGER.warn(msg);
throw new AuthenticationException(msg);
}
OidcProfileCreator oidcProfileCreator = new CustomOidcProfileCreator(oidcConfiguration, oidcClient);
Optional<UserProfile> userProfile = oidcProfileCreator.create(credentials, webContext);
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
simpleAuthenticationInfo.setCredentials(credentials);
if (userProfile.isPresent()) {
OidcProfile oidcProfile = (OidcProfile) userProfile.get();
simpleAuthenticationInfo.setPrincipals(createPrincipalCollectionFromCredentials(oidcProfile));
} else {
simpleAuthenticationInfo.setPrincipals(new SimplePrincipalCollection());
}
return simpleAuthenticationInfo;
}
use of org.pac4j.core.context.WebContext in project ddf by codice.
the class OidcRealm method supports.
/**
* Determine if the supplied token is supported by this realm.
*/
@Override
public boolean supports(AuthenticationToken token) {
if (!(token instanceof OidcAuthenticationToken)) {
LOGGER.debug("The supplied authentication token is not an instance of SessionToken or OidcAuthenticationToken. Sending back not supported.");
return false;
}
OidcAuthenticationToken oidcToken = (OidcAuthenticationToken) token;
OidcCredentials credentials = (OidcCredentials) oidcToken.getCredentials();
if (credentials == null || (credentials.getCode() == null && credentials.getAccessToken() == null && credentials.getIdToken() == null)) {
LOGGER.debug("The supplied authentication token has null/empty credentials. Sending back no supported.");
return false;
}
WebContext webContext = (WebContext) oidcToken.getContext();
if (webContext == null) {
LOGGER.debug("The supplied authentication token has null web context. Sending back not supported.");
return false;
}
LOGGER.debug("Token {} is supported by {}.", token.getClass(), OidcRealm.class.getName());
return true;
}
use of org.pac4j.core.context.WebContext in project ddf by codice.
the class OidcTokenValidatorTest method testValidateIdTokens.
@Test
public void testValidateIdTokens() throws Exception {
WebContext context = getWebContext();
String stringJwt = getIdTokenBuilder().withClaim("nonce", "myNonce").sign(validAlgorithm);
JWT jwt = SignedJWT.parse(stringJwt);
OidcTokenValidator.validateIdTokens(jwt, context, configuration, oidcClient);
}
Aggregations