private Map<String, String> getParsedUsers() { val pattern = Pattern.compile("::"); val usersProperty = casProperties.getAuthn().getAccept().getUsers(); if (StringUtils.isNotBlank(usersProperty) && usersProperty.contains(pattern.pattern())) { return Stream.of(usersProperty.split(",")) .map(pattern::split) .collect(Collectors.toMap(userAndPassword -> userAndPassword[0], userAndPassword -> userAndPassword[1])); } return new HashMap<>(0); }
@ConditionalOnMissingBean(name = "samlIdPMetadataGenerator") @Bean(initMethod = "initialize") @SneakyThrows public SamlIdPMetadataGenerator samlIdPMetadataGenerator() { val idp = casProperties.getAuthn().getSamlIdp(); return new FileSystemSamlIdPMetadataGenerator(samlIdPMetadataLocator(), samlSelfSignedCertificateWriter(), idp.getEntityId(), this.resourceLoader, casProperties.getServer().getPrefix(), idp.getScope()); }
@ConditionalOnMissingBean(name = "casAuthenticationManager") @Autowired @Bean public AuthenticationManager casAuthenticationManager(@Qualifier("authenticationEventExecutionPlan") final AuthenticationEventExecutionPlan authenticationEventExecutionPlan) { return new PolicyBasedAuthenticationManager( authenticationEventExecutionPlan, casProperties.getPersonDirectory().isPrincipalResolutionFailureFatal(), applicationEventPublisher ); }
@Bean public UniqueTicketIdGenerator samlServiceTicketUniqueIdGenerator() { val gen = new SamlCompliantUniqueTicketIdGenerator(casProperties.getServer().getName()); gen.setSaml2compliant(casProperties.getSamlCore().isTicketidSaml2()); return gen; }
@ConditionalOnMissingBean(name = "casClientTicketValidator") @Bean public AbstractUrlBasedTicketValidator casClientTicketValidator() { val prefix = StringUtils.defaultString(casProperties.getClient().getPrefix(), casProperties.getServer().getPrefix()); val validator = buildCasClientTicketValidator(prefix); val factory = new HttpURLConnectionFactory() { private static final long serialVersionUID = 3692658214483917813L; @Override public HttpURLConnection buildHttpURLConnection(final URLConnection conn) { if (conn instanceof HttpsURLConnection) { val httpsConnection = (HttpsURLConnection) conn; httpsConnection.setSSLSocketFactory(sslContext.getIfAvailable().getSocketFactory()); httpsConnection.setHostnameVerifier(hostnameVerifier.getIfAvailable()); } return (HttpURLConnection) conn; } }; validator.setURLConnectionFactory(factory); return validator; }
@Bean @ConditionalOnMissingBean(name = "jaasPersonDirectoryPrincipalResolvers") public List<PrincipalResolver> jaasPersonDirectoryPrincipalResolvers() { val personDirectory = casProperties.getPersonDirectory(); return casProperties.getAuthn().getJaas() .stream() .filter(jaas -> StringUtils.isNotBlank(jaas.getRealm())) .map(jaas -> { val jaasPrincipal = jaas.getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(jaasPrincipal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new PersonDirectoryPrincipalResolver(attributeRepository.getIfAvailable(), jaasPrincipalFactory(), jaasPrincipal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, jaasPrincipal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }) .collect(Collectors.toList()); }
@Bean @ConditionalOnMissingBean(name = "v3ProxyValidateController") @ConditionalOnProperty(prefix = "cas.sso", name = "proxyAuthnEnabled", havingValue = "true", matchIfMissing = true) public V3ProxyValidateController v3ProxyValidateController() { return new V3ProxyValidateController( cas20ProtocolValidationSpecification.getIfAvailable(), authenticationSystemSupport.getIfAvailable(), servicesManager.getIfAvailable(), centralAuthenticationService.getIfAvailable(), proxy20Handler.getIfAvailable(), argumentExtractor.getIfAvailable(), requestedContextValidator.getIfAvailable(), cas3ServiceJsonView(), cas3ServiceSuccessView(), cas3ServiceFailureView.getIfAvailable(), casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), serviceValidationAuthorizers.getIfAvailable(), casProperties.getSso().isRenewAuthnEnabled() ); }
public UmaServerDiscoverySettings(final CasConfigurationProperties casProperties, final String issuer) { this.issuer = issuer; this.serverPrefix = casProperties.getServer().getPrefix(); this.casProperties = casProperties; }
protected void buildAndRegisterSamlAttributeQueryDefinition(final TicketCatalog plan, final TicketDefinition metadata) { metadata.getProperties().setStorageName(casProperties.getAuthn().getSamlIdp().getTicket().getSamlAttributeQueryCacheStorageName()); metadata.getProperties().setStorageTimeout(casProperties.getTicket().getSt().getTimeToKillInSeconds()); registerTicketDefinition(plan, metadata); } }
@ConditionalOnMissingBean(name = "samlAttributeQueryTicketExpirationPolicy") @Bean public ExpirationPolicy samlAttributeQueryTicketExpirationPolicy() { return new SamlAttributeQueryTicketExpirationPolicy(casProperties.getTicket().getSt().getTimeToKillInSeconds()); }
@Bean @ConditionalOnMissingBean(name = "singleSignOnParticipationStrategy") @RefreshScope public SingleSignOnParticipationStrategy singleSignOnParticipationStrategy() { val sso = casProperties.getSso(); return new DefaultSingleSignOnParticipationStrategy(servicesManager.getIfAvailable(), sso.isCreateSsoCookieOnRenewAuthn(), sso.isRenewAuthnEnabled()); }
@Bean public OpenIdPrincipalResolver openIdPrincipalResolver() { val personDirectory = casProperties.getPersonDirectory(); val principal = casProperties.getAuthn().getOpenid().getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(principal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new OpenIdPrincipalResolver(attributeRepository.getIfAvailable(), openidPrincipalFactory(), principal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, principal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }
@Bean @ConditionalOnMissingBean(name = "v3ServiceValidateController") public V3ServiceValidateController v3ServiceValidateController() { return new V3ServiceValidateController( cas20WithoutProxyProtocolValidationSpecification.getIfAvailable(), authenticationSystemSupport.getIfAvailable(), servicesManager.getIfAvailable(), centralAuthenticationService.getIfAvailable(), proxy20Handler.getIfAvailable(), argumentExtractor.getIfAvailable(), requestedContextValidator.getIfAvailable(), cas3ServiceJsonView(), cas3ServiceSuccessView(), cas3ServiceFailureView.getIfAvailable(), casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), serviceValidationAuthorizers.getIfAvailable(), casProperties.getSso().isRenewAuthnEnabled() ); }
@ConditionalOnMissingBean(name = "samlIdPEntityIdValidationServiceSelectionStrategy") @Bean public AuthenticationServiceSelectionStrategy samlIdPEntityIdValidationServiceSelectionStrategy() { return new SamlIdPEntityIdAuthenticationServiceSelectionStrategy(webApplicationServiceFactory, casProperties.getServer().getPrefix()); }
protected void buildAndRegisterSamlArtifactDefinition(final TicketCatalog plan, final TicketDefinition metadata) { metadata.getProperties().setStorageName(casProperties.getAuthn().getSamlIdp().getTicket().getSamlArtifactsCacheStorageName()); metadata.getProperties().setStorageTimeout(casProperties.getTicket().getSt().getTimeToKillInSeconds()); registerTicketDefinition(plan, metadata); }
@ConditionalOnMissingBean(name = "transientSessionTicketExpirationPolicy") @Bean public ExpirationPolicy transientSessionTicketExpirationPolicy() { return new HardTimeoutExpirationPolicy(casProperties.getTicket().getTst().getTimeToKillInSeconds()); }
/** * Create renew check decision state. * * @param flow the flow */ protected void createRenewCheckDecisionState(final Flow flow) { val renewTestCondition = FunctionUtils.doIf(casProperties.getSso().isRenewAuthnEnabled(), () -> { val renewParam = "requestParameters." + CasProtocolConstants.PARAMETER_RENEW; return renewParam + " != '' and " + renewParam + " != null"; }, () -> "true").get(); createDecisionState(flow, CasWebflowConstants.STATE_ID_RENEW_REQUEST_CHECK, renewTestCondition, CasWebflowConstants.STATE_ID_SERVICE_AUTHZ_CHECK, CasWebflowConstants.STATE_ID_GENERATE_SERVICE_TICKET); } }
@ConditionalOnMissingBean(name = "stubAttributeRepositories") @Bean @RefreshScope public List<IPersonAttributeDao> stubAttributeRepositories() { val list = new ArrayList<IPersonAttributeDao>(); val attrs = casProperties.getAuthn().getAttributeRepository().getStub().getAttributes(); if (!attrs.isEmpty()) { LOGGER.info("Found and added static attributes [{}] to the list of candidate attribute repositories", attrs.keySet()); list.add(Beans.newStubAttributeRepository(casProperties.getAuthn().getAttributeRepository())); } return list; }