private Map<String, String> getParsedUsers() { val pattern = Pattern.compile("::"); val usersProperty = casProperties.getAuthn().getAccept().getUsers(); if (StringUtils.isNotBlank(usersProperty) && usersProperty.contains(pattern.pattern())) { return Stream.of(usersProperty.split(",")) .map(pattern::split) .collect(Collectors.toMap(userAndPassword -> userAndPassword[0], userAndPassword -> userAndPassword[1])); } return new HashMap<>(0); }
@ConditionalOnMissingBean(name = "stubAttributeRepositories") @Bean @RefreshScope public List<IPersonAttributeDao> stubAttributeRepositories() { val list = new ArrayList<IPersonAttributeDao>(); val attrs = casProperties.getAuthn().getAttributeRepository().getStub().getAttributes(); if (!attrs.isEmpty()) { LOGGER.info("Found and added static attributes [{}] to the list of candidate attribute repositories", attrs.keySet()); list.add(Beans.newStubAttributeRepository(casProperties.getAuthn().getAttributeRepository())); } return list; }
@RefreshScope @Bean public Collection<BaseOidcScopeAttributeReleasePolicy> userDefinedScopeBasedAttributeReleasePolicies() { val oidc = casProperties.getAuthn().getOidc(); return oidc.getUserDefinedScopes().entrySet() .stream() .map(k -> new OidcCustomScopeAttributeReleasePolicy(k.getKey(), CollectionUtils.wrapList(k.getValue().split(",")))) .collect(Collectors.toSet()); }
@ConditionalOnMissingBean(name = "oauthUserProfileViewRenderer") @Bean @RefreshScope public OAuth20UserProfileViewRenderer oauthUserProfileViewRenderer() { return new OAuth20DefaultUserProfileViewRenderer(casProperties.getAuthn().getOauth()); }
@Override public Map<String, Object> getAttributesForUser(final String uid) { val finalAttributes = new HashMap<String, Object>(); casProperties.getAuthn().getAttributeRepository().getGroovy() .forEach(groovy -> { val args = new Object[] {uid, LOGGER, casProperties, applicationContext}; val personAttributesMap = ScriptingUtils.executeGroovyScript(groovy.getLocation(), args, Map.class, true); finalAttributes.putAll(personAttributesMap); }); return finalAttributes; } }
@ConditionalOnMissingBean(name = "jsonResourceAuthenticationEventExecutionPlanConfigurer") @Bean public AuthenticationEventExecutionPlanConfigurer jsonResourceAuthenticationEventExecutionPlanConfigurer() { return plan -> { val file = casProperties.getAuthn().getJson().getLocation(); if (file != null) { LOGGER.debug("Added JSON resource authentication handler for the target file [{}]", file.getFilename()); plan.registerAuthenticationHandlerWithPrincipalResolver(jsonResourceAuthenticationHandler(), defaultPrincipalResolver.getIfAvailable()); } }; } }
@ConditionalOnMissingBean(name = "rejectUsersAuthenticationEventExecutionPlanConfigurer") @Bean public AuthenticationEventExecutionPlanConfigurer rejectUsersAuthenticationEventExecutionPlanConfigurer() { return plan -> { val users = casProperties.getAuthn().getReject().getUsers(); if (StringUtils.isNotBlank(users)) { plan.registerAuthenticationHandlerWithPrincipalResolver(rejectUsersAuthenticationHandler(), defaultPrincipalResolver.getIfAvailable()); LOGGER.debug("Added rejecting authentication handler with the following users [{}]", users); } }; }
@Bean @ConditionalOnMissingBean(name = "checkWebAuthenticationRequestAction") @RefreshScope public Action checkWebAuthenticationRequestAction() { return new CheckWebAuthenticationRequestAction(casProperties.getAuthn().getMfa().getContentType()); }
@ConditionalOnMissingBean(name = "mfaTrustStorageCleaner") @Bean public MultifactorAuthenticationTrustStorageCleaner mfaTrustStorageCleaner() { return new MultifactorAuthenticationTrustStorageCleaner( casProperties.getAuthn().getMfa().getTrusted(), mfaTrustEngine()); }
@Bean @ConditionalOnMissingBean(name = "authenticationPolicyFactory") public ContextualAuthenticationPolicyFactory<ServiceContext> authenticationPolicyFactory() { if (casProperties.getAuthn().getPolicy().isRequiredHandlerAuthenticationPolicyEnabled()) { return new RequiredHandlerAuthenticationPolicyFactory(); } return new AcceptAnyAuthenticationPolicyFactory(); }
@ConditionalOnMissingBean(name = "passwordValidationService") @RefreshScope @Bean public PasswordValidationService passwordValidationService() { val policyPattern = casProperties.getAuthn().getPm().getPolicyPattern(); return new DefaultPasswordValidationService(policyPattern); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyBypassEvaluator") public MultifactorAuthenticationProviderBypass yubikeyBypassEvaluator() { return MultifactorAuthenticationUtils.newMultifactorAuthenticationProviderBypass(casProperties.getAuthn().getMfa().getYubikey().getBypass()); }
@ConditionalOnMissingBean(name = "multifactorAuthenticationProviderSelector") @Bean @RefreshScope public MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector() { val script = casProperties.getAuthn().getMfa().getProviderSelectorGroovyScript(); if (script != null) { return new GroovyScriptMultifactorAuthenticationProviderSelector(script); } return new RankedMultifactorAuthenticationProviderSelector(); }
@ConditionalOnMissingBean(name = "samlLogoutBuilder") @Bean public SingleLogoutMessageCreator samlLogoutBuilder() { return new SamlProfileSingleLogoutMessageCreator( openSamlConfigBean.getObject(), servicesManager.getObject(), defaultSamlRegisteredServiceCachingMetadataResolver.getObject(), casProperties.getAuthn().getSamlIdp(), samlObjectSigner()); }
@ConditionalOnMissingBean(name = "samlProfileSamlAttributeStatementBuilder") @Bean @RefreshScope public SamlProfileObjectBuilder<AttributeStatement> samlProfileSamlAttributeStatementBuilder() { return new SamlProfileSamlAttributeStatementBuilder( openSamlConfigBean.getIfAvailable(), samlAttributeEncoder(), casProperties.getAuthn().getSamlIdp(), samlObjectEncrypter()); }
@Bean public Action mfaVerifyTrustAction() { return new MultifactorAuthenticationVerifyTrustAction(mfaTrustEngine.getIfAvailable(), deviceFingerprintStrategy.getIfAvailable(), casProperties.getAuthn().getMfa().getTrusted()); } }
@ConditionalOnMissingBean(name = "samlIdPMetadataGenerator") @Bean(initMethod = "initialize") @SneakyThrows public SamlIdPMetadataGenerator samlIdPMetadataGenerator() { val idp = casProperties.getAuthn().getSamlIdp(); return new FileSystemSamlIdPMetadataGenerator(samlIdPMetadataLocator(), samlSelfSignedCertificateWriter(), idp.getEntityId(), this.resourceLoader, casProperties.getServer().getPrefix(), idp.getScope()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyAuthenticationMetaDataPopulator") public AuthenticationMetaDataPopulator yubikeyAuthenticationMetaDataPopulator() { val authenticationContextAttribute = casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(); return new AuthenticationContextAttributeMetaDataPopulator( authenticationContextAttribute, yubikeyAuthenticationHandler(), yubikeyMultifactorAuthenticationProvider().getId() ); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyAuthenticationHandler") public AuthenticationHandler yubikeyAuthenticationHandler() { val yubi = this.casProperties.getAuthn().getMfa().getYubikey(); return new YubiKeyAuthenticationHandler(yubi.getName(), servicesManager.getIfAvailable(), yubikeyPrincipalFactory(), yubicoClient(), yubiKeyAccountRegistry(), yubi.getOrder()); }
protected void buildAndRegisterSamlAttributeQueryDefinition(final TicketCatalog plan, final TicketDefinition metadata) { metadata.getProperties().setStorageName(casProperties.getAuthn().getSamlIdp().getTicket().getSamlAttributeQueryCacheStorageName()); metadata.getProperties().setStorageTimeout(casProperties.getTicket().getSt().getTimeToKillInSeconds()); registerTicketDefinition(plan, metadata); } }