requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); requestedAuthnContext.getAuthnContextClassRefs().add(passwordAuthnCtxRef);
@SuppressWarnings("unchecked") public static RequestedAuthnContext createRequestedAuthnCtxPolicy( AuthnContextComparisonTypeEnumeration comparison, List<AuthnContextClassRef> authnCtxClassRefList, List<AuthnContextDeclRef> authnCtxDeclRefList ) { if (requestedAuthnCtxBuilder == null) { requestedAuthnCtxBuilder = (SAMLObjectBuilder<RequestedAuthnContext>) builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME); } RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject(); authnCtx.setComparison(comparison); if (authnCtxClassRefList != null) { List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs(); classRefList.addAll(authnCtxClassRefList); } if (authnCtxDeclRefList != null) { List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs(); declRefList.addAll(authnCtxDeclRefList); } return authnCtx; }
protected AuthenticationContextClassReference getAuthenticationContextClassReference(AuthnRequest request) { AuthenticationContextClassReference result = null; final RequestedAuthnContext context = request.getRequestedAuthnContext(); if (context != null && !CollectionUtils.isEmpty(context.getAuthnContextClassRefs())) { final String urn = context.getAuthnContextClassRefs().get(0).getAuthnContextClassRef(); result = AuthenticationContextClassReference.fromUrn(urn); } return result; }
if (!requestedCtx.getAuthnContextClassRefs().isEmpty()) { for (final AuthnContextClassRef ref : requestedCtx.getAuthnContextClassRefs()) { if (ref.getAuthnContextClassRef() != null) { if (!ignoredContexts.contains(ref.getAuthnContextClassRef())) { } else if (!requestedCtx.getAuthnContextDeclRefs().isEmpty()) { for (final AuthnContextDeclRef ref : requestedCtx.getAuthnContextDeclRefs()) { if (ref.getAuthnContextDeclRef() != null) { if (!ignoredContexts.contains(ref.getAuthnContextDeclRef())) { if (requestedCtx.getComparison() != null) { rpCtx.setOperator(requestedCtx.getComparison().toString()); } else { rpCtx.setOperator(AuthnContextComparisonTypeEnumeration.EXACT.toString());
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { RequestedAuthnContext rac = (RequestedAuthnContext) parentSAMLObject; if (childSAMLObject instanceof AuthnContextClassRef) { rac.getAuthnContextClassRefs().add((AuthnContextClassRef) childSAMLObject); } else if (childSAMLObject instanceof AuthnContextDeclRef) { rac.getAuthnContextDeclRefs().add((AuthnContextDeclRef) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } } }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { RequestedAuthnContext rac = (RequestedAuthnContext) samlObject; if (attribute.getLocalName().equals(RequestedAuthnContext.COMPARISON_ATTRIB_NAME)) { if ("exact".equals(attribute.getValue())) { rac.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); } else if ("minimum".equals(attribute.getValue())) { rac.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); } else if ("maximum".equals(attribute.getValue())) { rac.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); } else if ("better".equals(attribute.getValue())) { rac.setComparison(AuthnContextComparisonTypeEnumeration.BETTER); } else { throw new UnmarshallingException("Saw an invalid value for Comparison attribute: " + attribute.getValue()); } } else { super.processAttribute(samlObject, attribute); } }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { RequestedAuthnContext rac = (RequestedAuthnContext) samlObject; if (rac.getComparison() != null) { domElement.setAttributeNS(null, RequestedAuthnContext.COMPARISON_ATTRIB_NAME, rac.getComparison() .toString()); } } }
@Override public String build(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) { if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) { LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", service.getRequiredAuthenticationContextClass(), service.getName()); return service.getRequiredAuthenticationContextClass(); } val defClass = StringUtils.defaultIfBlank( casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX); val requestedAuthnContext = authnRequest instanceof AuthnRequest ? AuthnRequest.class.cast(authnRequest).getRequestedAuthnContext() : null; if (requestedAuthnContext == null) { LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass); return defClass; } val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs(); if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) { LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass); return defClass; } val finalCtx = StringUtils.defaultIfBlank(getAuthenticationContextByAssertion(assertion, requestedAuthnContext, authnContextClassRefs), defClass); LOGGER.debug("Returning authN context [{}]", finalCtx); return finalCtx; }
/** * Gets authentication context by assertion. * This is more of a template method for the time being, * and may be enhanced later to support more advanced parsing of classes * from the assertion. * * @param assertion the assertion * @param requestedAuthnContext the requested authn context * @param authnContextClassRefs the authn context class refs * @return the authentication context by assertion */ protected String getAuthenticationContextByAssertion(final Object assertion, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) { LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison()); authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getAuthnContextClassRef())); return null; } }
protected RequestedAuthnContext getRequestedAuthenticationContext(AuthenticationRequest request) { RequestedAuthnContext result = null; if (request.getRequestedAuthenticationContext() != null) { result = buildSAMLObject(RequestedAuthnContext.class); switch (request.getRequestedAuthenticationContext()) { case exact: result.setComparison(EXACT); break; case better: result.setComparison(AuthnContextComparisonTypeEnumeration.BETTER); break; case maximum: result.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); break; case minimum: result.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); break; default: result.setComparison(EXACT); break; } if (request.getAuthenticationContextClassReference() != null) { final AuthnContextClassRef authnContextClassRef = buildSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(request.getAuthenticationContextClassReference() .toString()); result.getAuthnContextClassRefs().add(authnContextClassRef); } } return result; }
sessionIndexPresent = true; if (authnQuery.getRequestedAuthnContext().getAuthnContextClassRefs().size() > 0) { authnContextClassRefPresent = true;
protected RequestedAuthenticationContext getRequestedAuthenticationContext(AuthnRequest request) { RequestedAuthenticationContext result = null; if (request.getRequestedAuthnContext() != null) { AuthnContextComparisonTypeEnumeration comparison = request.getRequestedAuthnContext().getComparison(); if (null != comparison) { result = RequestedAuthenticationContext.valueOf(comparison.toString()); } } return result; }
@Override public RequestedAuthnContext provide() { AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject(); authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX); RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject(); requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef); return requestedAuthnContext; } }
/** * Build redirect url by requested authn context. * * @param initialUrl the initial url * @param authnRequest the authn request * @param request the request * @return the redirect url */ protected String buildRedirectUrlByRequestedAuthnContext(final String initialUrl, final AuthnRequest authnRequest, final HttpServletRequest request) { val authenticationContextClassMappings = this.casProperties.getAuthn().getSamlIdp().getAuthenticationContextClassMappings(); if (authnRequest.getRequestedAuthnContext() == null || authenticationContextClassMappings == null || authenticationContextClassMappings.isEmpty()) { return initialUrl; } val mappings = getAuthenticationContextMappings(); val p = authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() .stream() .filter(ref -> { val clazz = ref.getAuthnContextClassRef(); return mappings.containsKey(clazz); }) .findFirst(); if (p.isPresent()) { val mappedClazz = mappings.get(p.get().getAuthnContextClassRef()); return initialUrl + '&' + casProperties.getAuthn().getMfa().getRequestParameter() + '=' + mappedClazz; } return initialUrl; }
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
String requestedSessionIndex = authnQuery.getSessionIndex(); RequestedAuthnContext requestedAuthnContext = authnQuery.getRequestedAuthnContext(); List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs(); List<Assertion> assertions = new ArrayList<Assertion>(); List<SAMLAssertionFinder> finders = getFinders();
requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); requestedAuthnContext.getAuthnContextClassRefs().add(passwordAuthnCtxRef);
if (comparisonType != null) { final RequestedAuthnContext authnContext = new RequestedAuthnContextBuilder().buildObject(); authnContext.setComparison(comparisonType); authnContext.getAuthnContextClassRefs().add(classRef);