@ConditionalOnMissingBean(name = "authenticationCredentialTypeMetaDataPopulator") @Bean public AuthenticationMetaDataPopulator authenticationCredentialTypeMetaDataPopulator() { return new AuthenticationCredentialTypeMetaDataPopulator(); }
@ConditionalOnMissingBean(name = "successfulHandlerMetaDataPopulator") @Bean public AuthenticationMetaDataPopulator successfulHandlerMetaDataPopulator() { return new SuccessfulHandlerMetaDataPopulator(); }
@ConditionalOnMissingBean(name = "rememberMeAuthenticationMetaDataPopulator") @Bean public AuthenticationMetaDataPopulator rememberMeAuthenticationMetaDataPopulator() { return new RememberMeAuthenticationMetaDataPopulator(); }
/** * Helper method to construct a handler result * on successful authentication events. * * @param credential the credential on which the authentication was successfully performed. * Note that this credential instance may be different from what was originally provided * as transformation of the username may have occurred, if one is in fact defined. * @param principal the resolved principal * @param warnings the warnings * @return the constructed handler result */ protected AuthenticationHandlerExecutionResult createHandlerResult(final @NonNull Credential credential, final @NonNull Principal principal, final List<MessageDescriptor> warnings) { return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), principal, warnings); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "yubikeyAuthenticationMetaDataPopulator") public AuthenticationMetaDataPopulator yubikeyAuthenticationMetaDataPopulator() { val authenticationContextAttribute = casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(); return new AuthenticationContextAttributeMetaDataPopulator( authenticationContextAttribute, yubikeyAuthenticationHandler(), yubikeyMultifactorAuthenticationProvider().getId() ); }
@ConditionalOnMissingBean(name = "casCoreAuthenticationMetadataAuthenticationEventExecutionPlanConfigurer") @Bean public AuthenticationEventExecutionPlanConfigurer casCoreAuthenticationMetadataAuthenticationEventExecutionPlanConfigurer() { return plan -> { plan.registerAuthenticationMetadataPopulator(successfulHandlerMetaDataPopulator()); plan.registerAuthenticationMetadataPopulator(rememberMeAuthenticationMetaDataPopulator()); plan.registerAuthenticationMetadataPopulator(authenticationCredentialTypeMetaDataPopulator()); val cp = casProperties.getClearpass(); if (cp.isCacheCredential()) { LOGGER.warn("Cas is configured to capture and cache credentials via Clearpass. Sharing the user credential with other applications " + "is generally NOT recommended, may lead to security vulnerabilities and MUST only be used as a last resort ."); plan.registerAuthenticationMetadataPopulator(new CacheCredentialsMetaDataPopulator(cacheCredentialsCipherExecutor())); } }; } }
@ConditionalOnMissingBean(name = "cacheCredentialsCipherExecutor") @Bean public CipherExecutor cacheCredentialsCipherExecutor() { val cp = casProperties.getClearpass(); if (cp.isCacheCredential()) { val crypto = cp.getCrypto(); if (crypto.isEnabled()) { return new CacheCredentialsCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize()); } LOGGER.warn("Cas is configured to capture and cache credentials via Clearpass yet crypto operations for the cached password are " + "turned off. Consider enabling the crypto configuration in CAS settings that allow the system to sign & encrypt the captured credential."); } return CipherExecutor.noOp(); }
/** * Helper method to construct a handler result * on successful authentication events. * * @param credential the credential on which the authentication was successfully performed. * Note that this credential instance may be different from what was originally provided * as transformation of the username may have occurred, if one is in fact defined. * @param principal the resolved principal * @return the constructed handler result */ protected AuthenticationHandlerExecutionResult createHandlerResult(final @NonNull Credential credential, final @NonNull Principal principal) { return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), principal, new ArrayList<>(0)); } }
@Override public AuthenticationHandlerExecutionResult authenticate(final Credential credential) throws GeneralSecurityException { val c = (OpenIdCredential) credential; val t = this.ticketRegistry.getTicket(c.getTicketGrantingTicketId(), TicketGrantingTicket.class); if (t == null || t.isExpired()) { throw new FailedLoginException("Ticket-granting ticket is null or expired."); } val principal = t.getAuthentication().getPrincipal(); if (!principal.getId().equals(c.getUsername())) { throw new FailedLoginException("Principal ID mismatch"); } return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(c), principal); }
throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed"); return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
credentials.forEach(cred -> builder.addCredential(new BasicCredentialMetaData(cred)));
val metadata = new BasicCredentialMetaData(new BasicIdentifiableCredential(profile.getId())); val handlerResult = new DefaultAuthenticationHandlerExecutionResult(authenticator, metadata, newPrincipal, new ArrayList<>()); val scopes = CollectionUtils.toCollection(context.getRequest().getParameterValues(OAuth20Constants.SCOPE));
throw new FailedLoginException(); return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(ntlmCredential), ntlmCredential.getPrincipal());