requestedAuthnContext.getAuthnContextClassRefs().add(passwordAuthnCtxRef);
protected AuthenticationContextClassReference getAuthenticationContextClassReference(AuthnRequest request) { AuthenticationContextClassReference result = null; final RequestedAuthnContext context = request.getRequestedAuthnContext(); if (context != null && !CollectionUtils.isEmpty(context.getAuthnContextClassRefs())) { final String urn = context.getAuthnContextClassRefs().get(0).getAuthnContextClassRef(); result = AuthenticationContextClassReference.fromUrn(urn); } return result; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { RequestedAuthnContext rac = (RequestedAuthnContext) parentSAMLObject; if (childSAMLObject instanceof AuthnContextClassRef) { rac.getAuthnContextClassRefs().add((AuthnContextClassRef) childSAMLObject); } else if (childSAMLObject instanceof AuthnContextDeclRef) { rac.getAuthnContextDeclRefs().add((AuthnContextDeclRef) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } } }
@SuppressWarnings("unchecked") public static RequestedAuthnContext createRequestedAuthnCtxPolicy( AuthnContextComparisonTypeEnumeration comparison, List<AuthnContextClassRef> authnCtxClassRefList, List<AuthnContextDeclRef> authnCtxDeclRefList ) { if (requestedAuthnCtxBuilder == null) { requestedAuthnCtxBuilder = (SAMLObjectBuilder<RequestedAuthnContext>) builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME); } RequestedAuthnContext authnCtx = requestedAuthnCtxBuilder.buildObject(); authnCtx.setComparison(comparison); if (authnCtxClassRefList != null) { List<AuthnContextClassRef> classRefList = authnCtx.getAuthnContextClassRefs(); classRefList.addAll(authnCtxClassRefList); } if (authnCtxDeclRefList != null) { List<AuthnContextDeclRef> declRefList = authnCtx.getAuthnContextDeclRefs(); declRefList.addAll(authnCtxDeclRefList); } return authnCtx; }
@Override public String build(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) { if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) { LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", service.getRequiredAuthenticationContextClass(), service.getName()); return service.getRequiredAuthenticationContextClass(); } val defClass = StringUtils.defaultIfBlank( casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX); val requestedAuthnContext = authnRequest instanceof AuthnRequest ? AuthnRequest.class.cast(authnRequest).getRequestedAuthnContext() : null; if (requestedAuthnContext == null) { LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass); return defClass; } val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs(); if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) { LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass); return defClass; } val finalCtx = StringUtils.defaultIfBlank(getAuthenticationContextByAssertion(assertion, requestedAuthnContext, authnContextClassRefs), defClass); LOGGER.debug("Returning authN context [{}]", finalCtx); return finalCtx; }
sessionIndexPresent = true; if (authnQuery.getRequestedAuthnContext().getAuthnContextClassRefs().size() > 0) { authnContextClassRefPresent = true;
@Override public RequestedAuthnContext provide() { AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject(); authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX); RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject(); requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef); return requestedAuthnContext; } }
/** * Build redirect url by requested authn context. * * @param initialUrl the initial url * @param authnRequest the authn request * @param request the request * @return the redirect url */ protected String buildRedirectUrlByRequestedAuthnContext(final String initialUrl, final AuthnRequest authnRequest, final HttpServletRequest request) { val authenticationContextClassMappings = this.casProperties.getAuthn().getSamlIdp().getAuthenticationContextClassMappings(); if (authnRequest.getRequestedAuthnContext() == null || authenticationContextClassMappings == null || authenticationContextClassMappings.isEmpty()) { return initialUrl; } val mappings = getAuthenticationContextMappings(); val p = authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() .stream() .filter(ref -> { val clazz = ref.getAuthnContextClassRef(); return mappings.containsKey(clazz); }) .findFirst(); if (p.isPresent()) { val mappedClazz = mappings.get(p.get().getAuthnContextClassRef()); return initialUrl + '&' + casProperties.getAuthn().getMfa().getRequestParameter() + '=' + mappedClazz; } return initialUrl; }
String requestedSessionIndex = authnQuery.getSessionIndex(); RequestedAuthnContext requestedAuthnContext = authnQuery.getRequestedAuthnContext(); List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs(); List<Assertion> assertions = new ArrayList<Assertion>(); List<SAMLAssertionFinder> finders = getFinders();
if (!requestedCtx.getAuthnContextClassRefs().isEmpty()) { for (final AuthnContextClassRef ref : requestedCtx.getAuthnContextClassRefs()) { if (ref.getAuthnContextClassRef() != null) { if (!ignoredContexts.contains(ref.getAuthnContextClassRef())) {
protected RequestedAuthnContext getRequestedAuthenticationContext(AuthenticationRequest request) { RequestedAuthnContext result = null; if (request.getRequestedAuthenticationContext() != null) { result = buildSAMLObject(RequestedAuthnContext.class); switch (request.getRequestedAuthenticationContext()) { case exact: result.setComparison(EXACT); break; case better: result.setComparison(AuthnContextComparisonTypeEnumeration.BETTER); break; case maximum: result.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); break; case minimum: result.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); break; default: result.setComparison(EXACT); break; } if (request.getAuthenticationContextClassReference() != null) { final AuthnContextClassRef authnContextClassRef = buildSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(request.getAuthenticationContextClassReference() .toString()); result.getAuthnContextClassRefs().add(authnContextClassRef); } } return result; }
requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
requestedAuthnContext.getAuthnContextClassRefs().add(passwordAuthnCtxRef);
final AuthnContextClassRef classRef = new AuthnContextClassRefBuilder().buildObject(); classRef.setAuthnContextClassRef(authnContextClassRef); authnContext.getAuthnContextClassRefs().add(classRef);