public String getLoginUrl() { return getPrefix().concat(CasProtocolConstants.ENDPOINT_LOGIN); }
public String getLogoutUrl() { return getPrefix().concat(CasProtocolConstants.ENDPOINT_LOGOUT); }
public UmaServerDiscoverySettings(final CasConfigurationProperties casProperties, final String issuer) { this.issuer = issuer; this.serverPrefix = casProperties.getServer().getPrefix(); this.casProperties = casProperties; }
@ConditionalOnMissingBean(name = "samlIdPEntityIdValidationServiceSelectionStrategy") @Bean public AuthenticationServiceSelectionStrategy samlIdPEntityIdValidationServiceSelectionStrategy() { return new SamlIdPEntityIdAuthenticationServiceSelectionStrategy(webApplicationServiceFactory, casProperties.getServer().getPrefix()); }
/** * Handle request internal model and view. * * @param request the request * @param response the response * @return the model and view */ @GetMapping("/openid/*") protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) { return new ModelAndView("openIdProviderView", CollectionUtils.wrap("openid_server", casProperties.getServer().getPrefix())); } }
/** * Utility method to generate a password reset URL. * * @param username username * @param passwordManagementService passwordManagementService * @param casProperties casProperties * @return URL a user can use to start the password reset process */ public static String buildPasswordResetUrl(final String username, final PasswordManagementService passwordManagementService, final CasConfigurationProperties casProperties) { val token = passwordManagementService.createToken(username); if (StringUtils.isNotBlank(token)) { return casProperties.getServer().getPrefix() .concat('/' + CasWebflowConfigurer.FLOW_ID_LOGIN + '?' + PARAMETER_NAME_TOKEN + '=').concat(token); } LOGGER.error("Could not create password reset url since no reset token could be generated"); return null; }
@ConditionalOnMissingBean(name = "samlSelfSignedCertificateWriter") @Bean @SneakyThrows public SamlIdPCertificateAndKeyWriter samlSelfSignedCertificateWriter() { val url = new URL(casProperties.getServer().getPrefix()); val generator = new DefaultSamlIdPCertificateAndKeyWriter(); generator.setHostname(url.getHost()); generator.setUriSubjectAltNames(CollectionUtils.wrap(url.getHost().concat("/idp/metadata"))); return generator; }
@Bean @RefreshScope public OpenIdServiceFactory openIdServiceFactory() { return new OpenIdServiceFactory(casProperties.getServer().getPrefix().concat("/openid")); }
@Bean public Service samlIdPCallbackService() { val service = casProperties.getServer().getPrefix().concat(SamlIdPConstants.ENDPOINT_SAML2_SSO_PROFILE_POST_CALLBACK); return this.webApplicationServiceFactory.getIfAvailable().createService(service); }
@Bean public Service oauthCallbackService() { val oAuthCallbackUrl = casProperties.getServer().getPrefix() + OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.CALLBACK_AUTHORIZE_URL_DEFINITION; return webApplicationServiceFactory.getIfAvailable().createService(oAuthCallbackUrl); }
@Bean public UrlResolver casCallbackUrlResolver() { return new OAuth20CasCallbackUrlResolver(OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix())); }
/** * Gets device token response model. * * @param result the result * @return the device token response model */ protected Map getDeviceTokenResponseModel(final OAuth20AccessTokenResponseResult result) { val model = new LinkedHashMap<String, Object>(); val uri = result.getCasProperties().getServer().getPrefix() .concat(OAuth20Constants.BASE_OAUTH20_URL) .concat("/") .concat(OAuth20Constants.DEVICE_AUTHZ_URL); model.put(OAuth20Constants.DEVICE_VERIFICATION_URI, uri); model.put(OAuth20Constants.EXPIRES_IN, result.getDeviceTokenTimeout()); result.getGeneratedToken().getUserCode().ifPresent(c -> model.put(OAuth20Constants.DEVICE_USER_CODE, c)); result.getGeneratedToken().getDeviceCode().ifPresent(c -> model.put(OAuth20Constants.DEVICE_CODE, c)); model.put(OAuth20Constants.DEVICE_INTERVAL, result.getDeviceRefreshInterval()); return model; }
@ConditionalOnMissingBean(name = "openIdServiceResponseBuilder") @Bean public ResponseBuilder openIdServiceResponseBuilder() { val openIdPrefixUrl = casProperties.getServer().getPrefix().concat("/openid"); return new OpenIdServiceResponseBuilder(openIdPrefixUrl, serverManager(), centralAuthenticationService.getIfAvailable(), servicesManager.getIfAvailable()); }
@Bean @ConditionalOnMissingBean(name = "oauth20AuthenticationRequestServiceSelectionStrategy") @RefreshScope public AuthenticationServiceSelectionStrategy oauth20AuthenticationRequestServiceSelectionStrategy() { return new OAuth20AuthenticationServiceSelectionStrategy(servicesManager.getIfAvailable(), webApplicationServiceFactory, OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix())); }
@ConditionalOnMissingBean(name = "casClientTicketValidator") @Bean public AbstractUrlBasedTicketValidator casClientTicketValidator() { val prefix = StringUtils.defaultString(casProperties.getClient().getPrefix(), casProperties.getServer().getPrefix()); val validator = buildCasClientTicketValidator(prefix); val factory = new HttpURLConnectionFactory() { private static final long serialVersionUID = 3692658214483917813L; @Override public HttpURLConnection buildHttpURLConnection(final URLConnection conn) { if (conn instanceof HttpsURLConnection) { val httpsConnection = (HttpsURLConnection) conn; httpsConnection.setSSLSocketFactory(sslContext.getIfAvailable().getSocketFactory()); httpsConnection.setHostnameVerifier(hostnameVerifier.getIfAvailable()); } return (HttpURLConnection) conn; } }; validator.setURLConnectionFactory(factory); return validator; }
@ConditionalOnMissingBean(name = "samlIdPMetadataGenerator") @Bean(initMethod = "initialize") @SneakyThrows public SamlIdPMetadataGenerator samlIdPMetadataGenerator() { val idp = casProperties.getAuthn().getSamlIdp(); return new FileSystemSamlIdPMetadataGenerator(samlIdPMetadataLocator(), samlSelfSignedCertificateWriter(), idp.getEntityId(), this.resourceLoader, casProperties.getServer().getPrefix(), idp.getScope()); }
@RefreshScope @Bean @ConditionalOnMissingBean(name = "tokenTicketBuilder") public TokenTicketBuilder tokenTicketBuilder() { return new JWTTokenTicketBuilder(casClientTicketValidator.getIfAvailable(), casProperties.getServer().getPrefix(), tokenCipherExecutor(), grantingTicketExpirationPolicy.getIfAvailable(), servicesManager.getIfAvailable()); } }
LOGGER.debug("Configuring password management based on JSON resource [{}]", location); return new JsonResourcePasswordManagementService(passwordManagementCipherExecutor(), casProperties.getServer().getPrefix(), casProperties.getAuthn().getPm(), location); LOGGER.debug("Configuring password management based on Groovy resource [{}]", groovyScript); return new GroovyResourcePasswordManagementService(passwordManagementCipherExecutor(), casProperties.getServer().getPrefix(), casProperties.getAuthn().getPm(), groovyScript); casProperties.getServer().getPrefix(), casProperties.getAuthn().getPm());
try { final String ticketId = parameters.get(CasProtocolConstants.PARAMETER_TICKET); final Cas30ServiceTicketValidator validator = new Cas30ServiceTicketValidator(casProperties.getServer().getPrefix()); final Assertion assertion = validator.validate(ticketId, service.getId()); final JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder() .audience(service.getId()) .issuer(casProperties.getServer().getPrefix()) .jwtID(ticketId) .issueTime(assertion.getAuthenticationDate())
@Bean public Config oauthSecConfig() { val cfg = new CasConfiguration(casProperties.getServer().getLoginUrl()); val oauthCasClient = new CasClient(cfg); oauthCasClient.setRedirectActionBuilder(webContext -> oauthCasClientRedirectActionBuilder().build(oauthCasClient, webContext)); oauthCasClient.setName(Authenticators.CAS_OAUTH_CLIENT); oauthCasClient.setUrlResolver(casCallbackUrlResolver()); val authenticator = oAuthClientAuthenticator(); val basicAuthClient = new DirectBasicAuthClient(authenticator); basicAuthClient.setName(Authenticators.CAS_OAUTH_CLIENT_BASIC_AUTHN); val directFormClient = new DirectFormClient(authenticator); directFormClient.setName(Authenticators.CAS_OAUTH_CLIENT_DIRECT_FORM); directFormClient.setUsernameParameter(OAuth20Constants.CLIENT_ID); directFormClient.setPasswordParameter(OAuth20Constants.CLIENT_SECRET); val pkceAuthnClient = new DirectFormClient(oAuthProofKeyCodeExchangeAuthenticator()); pkceAuthnClient.setName(Authenticators.CAS_OAUTH_CLIENT_PROOF_KEY_CODE_EXCHANGE_AUTHN); pkceAuthnClient.setUsernameParameter(OAuth20Constants.CLIENT_ID); pkceAuthnClient.setPasswordParameter(OAuth20Constants.CODE_VERIFIER); val userFormClient = new DirectFormClient(oAuthUserAuthenticator()); userFormClient.setName(Authenticators.CAS_OAUTH_CLIENT_USER_FORM); val config = new Config(OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix()), oauthCasClient, basicAuthClient, pkceAuthnClient, directFormClient, userFormClient); config.setSessionStore(new J2ESessionStore()); return config; }