@Bean @ConditionalOnMissingBean(name = "checkWebAuthenticationRequestAction") @RefreshScope public Action checkWebAuthenticationRequestAction() { return new CheckWebAuthenticationRequestAction(casProperties.getAuthn().getMfa().getContentType()); }
@ConditionalOnMissingBean(name = "mfaTrustStorageCleaner") @Bean public MultifactorAuthenticationTrustStorageCleaner mfaTrustStorageCleaner() { return new MultifactorAuthenticationTrustStorageCleaner( casProperties.getAuthn().getMfa().getTrusted(), mfaTrustEngine()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyBypassEvaluator") public MultifactorAuthenticationProviderBypass yubikeyBypassEvaluator() { return MultifactorAuthenticationUtils.newMultifactorAuthenticationProviderBypass(casProperties.getAuthn().getMfa().getYubikey().getBypass()); }
@ConditionalOnMissingBean(name = "multifactorAuthenticationProviderSelector") @Bean @RefreshScope public MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector() { val script = casProperties.getAuthn().getMfa().getProviderSelectorGroovyScript(); if (script != null) { return new GroovyScriptMultifactorAuthenticationProviderSelector(script); } return new RankedMultifactorAuthenticationProviderSelector(); }
public GroovyScriptMultifactorAuthenticationTrigger(final CasConfigurationProperties casProperties) { this.casProperties = casProperties; val groovyScript = casProperties.getAuthn().getMfa().getGroovyScript(); this.watchableScript = new WatchableGroovyScriptResource(groovyScript); }
@ConditionalOnMissingBean(name = BEAN_DEVICE_FINGERPRINT_STRATEGY) @Bean(BEAN_DEVICE_FINGERPRINT_STRATEGY) @RefreshScope public DeviceFingerprintStrategy deviceFingerprintStrategy(final List<DeviceFingerprintComponentExtractor> extractors) { val properties = casProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint(); return new DefaultDeviceFingerprintStrategy(extractors, properties.getComponentSeparator()); }
@ConditionalOnMissingBean(name = "yubiMultifactorTrustWebflowConfigurer") @Bean @DependsOn("defaultWebflowConfigurer") public CasWebflowConfigurer yubiMultifactorTrustWebflowConfigurer() { val deviceRegistrationEnabled = casProperties.getAuthn().getMfa().getTrusted().isDeviceRegistrationEnabled(); return new YubiKeyMultifactorTrustWebflowConfigurer(flowBuilderServices, deviceRegistrationEnabled, loginFlowDefinitionRegistry.getIfAvailable(), applicationContext, casProperties); }
@Bean public Action mfaVerifyTrustAction() { return new MultifactorAuthenticationVerifyTrustAction(mfaTrustEngine.getIfAvailable(), deviceFingerprintStrategy.getIfAvailable(), casProperties.getAuthn().getMfa().getTrusted()); } }
@Bean @ConditionalOnEnabledEndpoint public MultifactorTrustedDevicesReportEndpoint mfaTrustedDevicesReportEndpoint() { return new MultifactorTrustedDevicesReportEndpoint(mfaTrustEngine(), casProperties.getAuthn().getMfa().getTrusted()); }
@Bean public Action mfaSetTrustAction() { return new MultifactorAuthenticationSetTrustAction(mfaTrustEngine.getIfAvailable(), deviceFingerprintStrategy.getIfAvailable(), casProperties.getAuthn().getMfa().getTrusted()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyAuthenticationMetaDataPopulator") public AuthenticationMetaDataPopulator yubikeyAuthenticationMetaDataPopulator() { val authenticationContextAttribute = casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(); return new AuthenticationContextAttributeMetaDataPopulator( authenticationContextAttribute, yubikeyAuthenticationHandler(), yubikeyMultifactorAuthenticationProvider().getId() ); }
@ConditionalOnMissingBean(name = "yubikeyAuthenticationEventExecutionPlanConfigurer") @Bean public AuthenticationEventExecutionPlanConfigurer yubikeyAuthenticationEventExecutionPlanConfigurer() { return plan -> { val yubi = casProperties.getAuthn().getMfa().getYubikey(); if (yubi.getClientId() > 0 && StringUtils.isNotBlank(yubi.getSecretKey())) { plan.registerAuthenticationHandler(yubikeyAuthenticationHandler()); plan.registerAuthenticationMetadataPopulator(yubikeyAuthenticationMetaDataPopulator()); plan.registerAuthenticationHandlerResolver(new ByCredentialTypeAuthenticationHandlerResolver(YubiKeyCredential.class)); } }; } }
@Override protected void doInitialize() { registerMultifactorProviderAuthenticationWebflow(getLoginFlow(), MFA_YUBIKEY_EVENT_ID, this.yubikeyFlowRegistry, casProperties.getAuthn().getMfa().getYubikey().getId()); } }
@Override protected void doInitialize() { registerMultifactorProviderAuthenticationWebflow(getLoginFlow(), MFA_GAUTH_EVENT_ID, this.flowDefinitionRegistry, casProperties.getAuthn().getMfa().getGauth().getId()); } }
@Bean @RefreshScope public DeviceFingerprintComponentExtractor deviceFingerprintClientIpComponent() { val properties = casProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getClientIp(); if (properties.isEnabled()) { val component = new ClientIpDeviceFingerprintComponentExtractor(); component.setOrder(properties.getOrder()); return component; } LOGGER.info("The client ip is not being included when creating MFA Trusted Device Fingerprints"); return DeviceFingerprintComponentExtractor.noOp(); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyAuthenticationHandler") public AuthenticationHandler yubikeyAuthenticationHandler() { val yubi = this.casProperties.getAuthn().getMfa().getYubikey(); return new YubiKeyAuthenticationHandler(yubi.getName(), servicesManager.getIfAvailable(), yubikeyPrincipalFactory(), yubicoClient(), yubiKeyAccountRegistry(), yubi.getOrder()); }
@Bean @RefreshScope public DeviceFingerprintComponentExtractor deviceFingerprintUserAgentComponent() { val properties = casProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getUserAgent(); if (properties.isEnabled()) { val component = new UserAgentDeviceFingerprintComponentExtractor(); component.setOrder(properties.getOrder()); return component; } LOGGER.info("User-Agent is not being included when creating MFA Trusted Device Fingerprints"); return DeviceFingerprintComponentExtractor.noOp(); }
@Bean @RefreshScope public DeviceFingerprintComponentExtractor deviceFingerprintCookieComponent() { val properties = casProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getCookie(); if (properties.isEnabled()) { val component = new CookieDeviceFingerprintComponentExtractor( deviceFingerprintCookieGenerator(), deviceFingerprintCookieRandomStringGenerator()); component.setOrder(properties.getOrder()); return component; } LOGGER.info("A persistent cookie is not being generated when creating MFA Trusted Device Fingerprints"); return DeviceFingerprintComponentExtractor.noOp(); }
@ConditionalOnMissingBean(name = BEAN_DEVICE_FINGERPRINT_COOKIE_GENERATOR) @Bean(BEAN_DEVICE_FINGERPRINT_COOKIE_GENERATOR) @RefreshScope public CookieRetrievingCookieGenerator deviceFingerprintCookieGenerator() { val cookie = casProperties.getAuthn().getMfa().getTrusted().getDeviceFingerprint().getCookie(); return new TrustedDeviceCookieRetrievingCookieGenerator( cookie.getName(), cookie.getPath(), cookie.getMaxAge(), cookie.isSecure(), cookie.getDomain(), cookie.isHttpOnly(), deviceFingerprintCookieValueManager() ); }
@Bean @RefreshScope public MultifactorAuthenticationProvider yubikeyMultifactorAuthenticationProvider() { val yubi = casProperties.getAuthn().getMfa().getYubikey(); val p = new YubiKeyMultifactorAuthenticationProvider(yubicoClient(), httpClient.getIfAvailable()); p.setBypassEvaluator(yubikeyBypassEvaluator()); p.setFailureMode(yubi.getFailureMode()); p.setOrder(yubi.getRank()); p.setId(yubi.getId()); return p; }