@JsonIgnore @Override public FailureModes getFailureMode() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.getFailureMode(); }
@JsonIgnore @Override public Set<String> getMultifactorAuthenticationProviders() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.getMultifactorAuthenticationProviders(); }
@JsonIgnore @Override public String getPrincipalAttributeNameTrigger() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.getPrincipalAttributeNameTrigger(); }
if (policy == null || policy.getMultifactorAuthenticationProviders().isEmpty()) { LOGGER.debug("Authentication policy does not contain any multifactor authentication providers"); return Optional.empty(); if (StringUtils.isNotBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isNotBlank(policy.getPrincipalAttributeValueToMatch())) { LOGGER.debug("Authentication policy for [{}] has defined principal attribute triggers. Skipping...", registeredService.getServiceId()); return Optional.empty();
@JsonIgnore @Override public boolean isBypassEnabled() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.isBypassEnabled(); }
@JsonIgnore @Override public String getPrincipalAttributeValueToMatch() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.getPrincipalAttributeValueToMatch(); }
if (policy == null || registeredService.getMultifactorPolicy().getMultifactorAuthenticationProviders().isEmpty()) { LOGGER.debug("Authentication policy is absent or does not contain any multifactor authentication providers"); return Optional.empty(); if (StringUtils.isBlank(policy.getPrincipalAttributeNameTrigger()) || StringUtils.isBlank(policy.getPrincipalAttributeValueToMatch())) { LOGGER.debug("Authentication policy does not define a principal attribute and/or value to trigger multifactor authentication"); return Optional.empty(); val providers = MultifactorAuthenticationUtils.getAuthenticationProviderForService(registeredService); val result = multifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, org.springframework.util.StringUtils.commaDelimitedListToSet(policy.getPrincipalAttributeNameTrigger()), registeredService, Optional.empty(), providers, Pattern.compile(policy.getPrincipalAttributeValueToMatch()).asPredicate());
/** * Locate matching registered service property boolean. * * @param authentication the authentication * @param registeredService the registered service * @return true/false */ protected boolean locateMatchingRegisteredServiceForBypass(final Authentication authentication, final RegisteredService registeredService) { if (registeredService != null && registeredService.getMultifactorPolicy() != null) { return registeredService.getMultifactorPolicy().isBypassEnabled(); } return false; }
/** * Gets authentication provider for service. * * @param service the service * @return the authentication provider for service */ public Collection<MultifactorAuthenticationProvider> getAuthenticationProviderForService(final RegisteredService service) { val policy = service.getMultifactorPolicy(); if (policy != null) { return policy.getMultifactorAuthenticationProviders().stream() .map(MultifactorAuthenticationUtils::getMultifactorAuthenticationProviderFromApplicationContext) .filter(Optional::isPresent) .map(Optional::get) .collect(Collectors.toSet()); } return null; }
@Override protected Event doExecute(final RequestContext requestContext) { val service = WebUtils.getRegisteredService(requestContext); var failureMode = FailureModes.valueOf(casProperties.getAuthn().getMfa().getGlobalFailureMode()); LOGGER.debug("Setting failure mode to [{}] based on Global Policy", failureMode); if (provider.failureMode() != FailureModes.UNDEFINED) { LOGGER.debug("Provider failure mode [{}] overriding Global mode [{}]", provider.failureMode(), failureMode); failureMode = provider.failureMode(); } if (service != null) { val policy = service.getMultifactorPolicy(); if (policy != null && policy.getFailureMode() != FailureModes.UNDEFINED) { LOGGER.debug("Service failure mode [{}] overriding current failure mode [{}]", policy.getFailureMode(), failureMode); failureMode = policy.getFailureMode(); } } LOGGER.debug("Final failure mode has been determined to be [{}]", failureMode); if (failureMode == FailureModes.OPEN) { return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_BYPASS); } return new EventFactorySupport().event(this, CasWebflowConstants.TRANSITION_ID_UNAVAILABLE); }