public UmaServerDiscoverySettings(final CasConfigurationProperties casProperties, final String issuer) { this.issuer = issuer; this.serverPrefix = casProperties.getServer().getPrefix(); this.casProperties = casProperties; }
@ConditionalOnMissingBean(name = "samlIdPEntityIdValidationServiceSelectionStrategy") @Bean public AuthenticationServiceSelectionStrategy samlIdPEntityIdValidationServiceSelectionStrategy() { return new SamlIdPEntityIdAuthenticationServiceSelectionStrategy(webApplicationServiceFactory, casProperties.getServer().getPrefix()); }
/** * Handle request internal model and view. * * @param request the request * @param response the response * @return the model and view */ @GetMapping("/openid/*") protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) { return new ModelAndView("openIdProviderView", CollectionUtils.wrap("openid_server", casProperties.getServer().getPrefix())); } }
@RefreshScope @Bean public Clients builtClients() { val clients = pac4jDelegatedClientFactory().build(); LOGGER.debug("The following clients are built: [{}]", clients); if (clients.isEmpty()) { LOGGER.warn("No delegated authentication clients are defined and/or configured"); } else { LOGGER.info("Located and prepared [{}] delegated authentication client(s)", clients.size()); } return new Clients(casProperties.getServer().getLoginUrl(), new ArrayList<>(clients)); }
/** * Gets default callback url. * * @param casProperties the cas properties * @param serverProperties the server properties * @return the default callback url */ public String getDefaultCallbackUrl(final CasConfigurationProperties casProperties, final ServerProperties serverProperties) { try { return casProperties.getServer().getName().concat(serverProperties.getServlet().getContextPath()).concat("management/index.html"); } catch (final Exception e) { throw new BeanCreationException(e.getMessage(), e); } }
@ConditionalOnMissingBean(name = "samlSelfSignedCertificateWriter") @Bean @SneakyThrows public SamlIdPCertificateAndKeyWriter samlSelfSignedCertificateWriter() { val url = new URL(casProperties.getServer().getPrefix()); val generator = new DefaultSamlIdPCertificateAndKeyWriter(); generator.setHostname(url.getHost()); generator.setUriSubjectAltNames(CollectionUtils.wrap(url.getHost().concat("/idp/metadata"))); return generator; }
/** * Utility method to generate a password reset URL. * * @param username username * @param passwordManagementService passwordManagementService * @param casProperties casProperties * @return URL a user can use to start the password reset process */ public static String buildPasswordResetUrl(final String username, final PasswordManagementService passwordManagementService, final CasConfigurationProperties casProperties) { val token = passwordManagementService.createToken(username); if (StringUtils.isNotBlank(token)) { return casProperties.getServer().getPrefix() .concat('/' + CasWebflowConfigurer.FLOW_ID_LOGIN + '?' + PARAMETER_NAME_TOKEN + '=').concat(token); } LOGGER.error("Could not create password reset url since no reset token could be generated"); return null; }
@Bean public Service samlIdPCallbackService() { val service = casProperties.getServer().getPrefix().concat(SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK); return this.webApplicationServiceFactory.getIfAvailable().createService(service); }
@Bean @RefreshScope public OpenIdServiceFactory openIdServiceFactory() { return new OpenIdServiceFactory(casProperties.getServer().getPrefix().concat("/openid")); }
@Bean public Service oauthCallbackService() { val oAuthCallbackUrl = casProperties.getServer().getPrefix() + OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.CALLBACK_AUTHORIZE_URL_DEFINITION; return webApplicationServiceFactory.getIfAvailable().createService(oAuthCallbackUrl); }
@Bean public UrlResolver casCallbackUrlResolver() { return new OAuth20CasCallbackUrlResolver(OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix())); }
@ConditionalOnMissingBean(name = "openIdServiceResponseBuilder") @Bean public ResponseBuilder openIdServiceResponseBuilder() { val openIdPrefixUrl = casProperties.getServer().getPrefix().concat("/openid"); return new OpenIdServiceResponseBuilder(openIdPrefixUrl, serverManager(), centralAuthenticationService.getIfAvailable(), servicesManager.getIfAvailable()); }
/** * Gets device token response model. * * @param result the result * @return the device token response model */ protected Map getDeviceTokenResponseModel(final OAuth20AccessTokenResponseResult result) { val model = new LinkedHashMap<String, Object>(); val uri = result.getCasProperties().getServer().getPrefix() .concat(OAuth20Constants.BASE_OAUTH20_URL) .concat("/") .concat(OAuth20Constants.DEVICE_AUTHZ_URL); model.put(OAuth20Constants.DEVICE_VERIFICATION_URI, uri); model.put(OAuth20Constants.EXPIRES_IN, result.getDeviceTokenTimeout()); result.getGeneratedToken().getUserCode().ifPresent(c -> model.put(OAuth20Constants.DEVICE_USER_CODE, c)); result.getGeneratedToken().getDeviceCode().ifPresent(c -> model.put(OAuth20Constants.DEVICE_CODE, c)); model.put(OAuth20Constants.DEVICE_INTERVAL, result.getDeviceRefreshInterval()); return model; }
@Bean @ConditionalOnMissingBean(name = "oauth20AuthenticationRequestServiceSelectionStrategy") @RefreshScope public AuthenticationServiceSelectionStrategy oauth20AuthenticationRequestServiceSelectionStrategy() { return new OAuth20AuthenticationServiceSelectionStrategy(servicesManager.getIfAvailable(), webApplicationServiceFactory, OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix())); }
@ConditionalOnMissingBean(name = "casClientTicketValidator") @Bean public AbstractUrlBasedTicketValidator casClientTicketValidator() { val prefix = StringUtils.defaultString(casProperties.getClient().getPrefix(), casProperties.getServer().getPrefix()); val validator = buildCasClientTicketValidator(prefix); val factory = new HttpURLConnectionFactory() { private static final long serialVersionUID = 3692658214483917813L; @Override public HttpURLConnection buildHttpURLConnection(final URLConnection conn) { if (conn instanceof HttpsURLConnection) { val httpsConnection = (HttpsURLConnection) conn; httpsConnection.setSSLSocketFactory(sslContext.getIfAvailable().getSocketFactory()); httpsConnection.setHostnameVerifier(hostnameVerifier.getIfAvailable()); } return (HttpURLConnection) conn; } }; validator.setURLConnectionFactory(factory); return validator; }
@Bean public UniqueTicketIdGenerator samlServiceTicketUniqueIdGenerator() { val gen = new SamlCompliantUniqueTicketIdGenerator(casProperties.getServer().getName()); gen.setSaml2compliant(casProperties.getSamlCore().isTicketidSaml2()); return gen; }
@ConditionalOnMissingBean(name = "samlIdPMetadataGenerator") @Bean(initMethod = "initialize") @SneakyThrows public SamlIdPMetadataGenerator samlIdPMetadataGenerator() { val idp = casProperties.getAuthn().getSamlIdp(); return new FileSystemSamlIdPMetadataGenerator(samlIdPMetadataLocator(), samlSelfSignedCertificateWriter(), idp.getEntityId(), this.resourceLoader, casProperties.getServer().getPrefix(), idp.getScope()); }
@RefreshScope @Bean @ConditionalOnMissingBean(name = "tokenTicketBuilder") public TokenTicketBuilder tokenTicketBuilder() { return new JWTTokenTicketBuilder(casClientTicketValidator.getIfAvailable(), casProperties.getServer().getPrefix(), tokenCipherExecutor(), grantingTicketExpirationPolicy.getIfAvailable(), servicesManager.getIfAvailable()); } }
@RefreshScope @Bean public ServerManager serverManager() { val manager = new ServerManager(); manager.setOPEndpointUrl(casProperties.getServer().getLoginUrl()); manager.setEnforceRpId(casProperties.getAuthn().getOpenid().isEnforceRpId()); manager.setSharedAssociations(new InMemoryServerAssociationStore()); LOGGER.info("Creating openid server manager with OP endpoint [{}]", casProperties.getServer().getLoginUrl()); return manager; }
@Bean public WsFederationNavigationController wsFederationNavigationController() { return new WsFederationNavigationController(wsFederationCookieManager(), wsFederationHelper(), wsFederationConfigurations, authenticationRequestServiceSelectionStrategies.getIfAvailable(), webApplicationServiceFactory.getIfAvailable(), casProperties.getServer().getLoginUrl()); } }