/** {@inheritDoc} */ @Override @Nonnull @NotEmpty public String getName() { return authnResult.getAuthenticationFlowId(); }
/** {@inheritDoc} */ @Override public boolean equals(final Object obj) { if (obj == null) { return false; } if (this == obj) { return true; } if (obj instanceof AuthenticationResult) { return Objects.equals(getAuthenticationFlowId(), ((AuthenticationResult) obj).getAuthenticationFlowId()) && getAuthenticationInstant() == ((AuthenticationResult) obj).getAuthenticationInstant(); } return false; }
/** * Check if a result generated by this flow is still active. * * @param result {@link AuthenticationResult} to check * * @return true iff the result remains valid */ public boolean isResultActive(@Nonnull final AuthenticationResult result) { Constraint.isNotNull(result, "AuthenticationResult cannot be null"); Constraint.isTrue(result.getAuthenticationFlowId().equals(getId()), "AuthenticationResult was not produced by this flow"); final long now = System.currentTimeMillis(); if (getLifetime() > 0 && result.getAuthenticationInstant() + getLifetime() <= now) { return false; } else if (getInactivityTimeout() > 0 && result.getLastActivityInstant() + getInactivityTimeout() <= now) { return false; } return true; }
/** * Selects an active result and completes processing. * * @param profileRequestContext the current IdP profile request context * @param authenticationContext the current authentication context * @param result the result to reuse */ private void selectActiveResult(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext, @Nonnull final AuthenticationResult result) { log.debug("{} Reusing active result {}", getLogPrefix(), result.getAuthenticationFlowId()); result.setLastActivityInstantToNow(); authenticationContext.setAuthenticationResult(result); ActionSupport.buildProceedEvent(profileRequestContext); }
/** {@inheritDoc} */ @Nullable public AuthenticationResult apply(@Nullable final ProfileRequestContext input) { if (input != null) { final AuthenticationContext authnContext = input.getSubcontext(AuthenticationContext.class); if (authnContext != null) { final MultiFactorAuthenticationContext mfaContext = authnContext.getSubcontext(MultiFactorAuthenticationContext.class); if (mfaContext != null) { final Collection<AuthenticationResult> results = mfaContext.getActiveResults().values(); if (!results.isEmpty()) { final Subject subject = new Subject(); for (final AuthenticationResult result : results) { subject.getPrincipals().add(new AuthenticationResultPrincipal(result)); subject.getPrincipals().addAll(result.getSubject().getPrincipals()); subject.getPublicCredentials().addAll(result.getSubject().getPublicCredentials()); subject.getPrivateCredentials().addAll(result.getSubject().getPrivateCredentials()); } final AuthenticationResult merged = new AuthenticationResult( mfaContext.getAuthenticationFlowDescriptor().getId(), subject); return merged; } } } } return null; }
final StringWriter sink = new StringWriter(128); final JsonGenerator gen = generatorFactory.createGenerator(sink); gen.writeStartObject().write(FLOW_ID_FIELD, instance.getAuthenticationFlowId()) .write(AUTHN_INSTANT_FIELD, instance.getAuthenticationInstant()) .writeStartArray(PRINCIPAL_ARRAY_FIELD); for (final Principal p : instance.getSubject().getPrincipals()) { serializePrincipal(gen, p); final Set<Principal> publicCreds = instance.getSubject().getPublicCredentials(Principal.class); if (publicCreds != null && !publicCreds.isEmpty()) { gen.writeStartArray(PUB_CREDS_ARRAY_FIELD); final Set<Principal> privateCreds = instance.getSubject().getPrivateCredentials(Principal.class); if (privateCreds != null && !privateCreds.isEmpty()) { gen.writeStartArray(PRIV_CREDS_ARRAY_FIELD);
/** {@inheritDoc} */ @Override public void updateAuthenticationResultActivity(@Nonnull final AuthenticationResult result) throws SessionException { final String flowId = result.getAuthenticationFlowId(); final AuthenticationFlowDescriptor flow = sessionManager.getAuthenticationFlowDescriptor(flowId); if (flow != null) { try { if (!sessionManager.getStorageService().updateExpiration(getId(), result.getAuthenticationFlowId(), result.getLastActivityInstant() + flow.getInactivityTimeout() + AuthenticationFlowDescriptor.STORAGE_EXPIRATION_OFFSET)) { log.warn("Skipping update, AuthenticationResult for flow {} in session {} not found in storage", flowId, getId()); } } catch (final IOException e) { log.error("Exception updating AuthenticationResult expiration for session {} and flow {}", getId(), flowId, e); if (!sessionManager.isMaskStorageFailure()) { throw new SessionException("Exception updating AuthenticationResult expiration in storage", e); } } } else { log.warn("No flow descriptor installed for ID {}, unable to update result in storage", flowId); } }
/** * Compare the result's custom principal names to the string values of the attribute. * * @param result result to examine * * @return a match between the result's principal names and the attribute's string values, or null */ @Nullable private String getMatch(@Nonnull final AuthenticationResult result) { log.debug("{} Looking for match for active result of flow {} against values for attribute {}", getLogPrefix(), result.getAuthenticationFlowId(), attribute.getId()); for (final Principal p : result.getSupportedPrincipals(Principal.class)) { log.debug("{} Comparing principal {} against attribute values {}", getLogPrefix(), p.getName(), attribute.getValues()); for (final IdPAttributeValue val : attribute.getValues()) { if (val instanceof StringAttributeValue && Objects.equals(val.getValue(), p.getName())) { return p.getName(); } } } return null; }
/** * Gets the most recent authentication result from the IdP session. * * @param session IdP session to ask for authentication results. * * @return Latest authentication result. * * @throws IllegalStateException If no authentication results are found. */ private AuthenticationResult getLatestAuthenticationResult(final IdPSession session) { AuthenticationResult latest = null; for (final AuthenticationResult result : session.getAuthenticationResults()) { if (latest == null || result.getAuthenticationInstant() > latest.getAuthenticationInstant()) { latest = result; } } if (latest == null) { throw new IllegalStateException("Cannot find authentication results in IdP session"); } return latest; } }
statement.setAuthnInstant(new DateTime(getAuthenticationResult().getAuthenticationInstant())); getAuthenticationResult().getSubject().getPrincipals(ProxyAuthenticationPrincipal.class); if (proxyPrincipals != null && !proxyPrincipals.isEmpty()) { if (proxyPrincipals.size() == 1) {
final long authnInstant = obj.getJsonNumber(AUTHN_INSTANT_FIELD).longValueExact(); final AuthenticationResult result = new AuthenticationResult(flowId, new Subject()); result.setAuthenticationInstant(authnInstant); result.setLastActivityInstant(expiration != null ? expiration : authnInstant); result.setPreviousResult(true); final Principal principal = deserializePrincipal(val); if (principal != null) { result.getSubject().getPrincipals().add(principal); final Principal principal = deserializePrincipal(val); if (principal != null) { result.getSubject().getPublicCredentials().add(principal); final Principal principal = deserializePrincipal(val); if (principal != null) { result.getSubject().getPrivateCredentials().add(principal);
mfaResult.getSubject().getPrincipals(AuthenticationResultPrincipal.class); if (!resultPrincipals.isEmpty()) { final Collection<AuthenticationResult> results = new ArrayList<>(resultPrincipals.size()); resultPrincipal.getAuthenticationResult().setLastActivityInstant( mfaResult.getLastActivityInstant()); processActiveResult(input, ac, results, resultPrincipal.getAuthenticationResult());
/** * Get a suitable principal name for logging/debugging use. * * @return a principal name for logging/debugging */ @Nullable private String getSubjectName() { final Set<UsernamePrincipal> usernames = getSubject().getPrincipals(UsernamePrincipal.class); if (!usernames.isEmpty()) { return usernames.iterator().next().getName(); } for (final Principal p : getSubject().getPrincipals()) { return p.getName(); } return null; }
/** {@inheritDoc} */ @Override @Nullable public T apply(@Nullable final ProfileRequestContext input) { final AuthenticationContext ac = authnContextLookupStrategy.apply(input); if (ac == null || ac.getAuthenticationResult() == null) { return defaultPrincipal; } final Set<T> principals = ac.getAuthenticationResult().getSupportedPrincipals(principalType); if (principals.isEmpty()) { return defaultPrincipal; } else if (principals.size() == 1 || weightMap.isEmpty()) { return principals.iterator().next(); } final Object[] principalArray = principals.toArray(); Arrays.sort(principalArray, new WeightedComparator()); return (T) principalArray[principalArray.length - 1]; }
final String flowId = result.getAuthenticationFlowId(); log.debug("Saving AuthenticationResult for flow {} in session {}", flowId, getId()); do { success = sessionManager.getStorageService().create(getId(), flowId, result, flow, result.getLastActivityInstant() + flow.getInactivityTimeout() + AuthenticationFlowDescriptor.STORAGE_EXPIRATION_OFFSET); if (!success) { result.getLastActivityInstant() + flow.getInactivityTimeout() + AuthenticationFlowDescriptor.STORAGE_EXPIRATION_OFFSET);
if (!latest.getSupportedPrincipals(match.getClass()).contains(match)) { log.debug("{} Authentication result lacks originally projected matching principal '{}'," + " reevaluating", getLogPrefix(), match.getName()); latest.getAuthenticationFlowId()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.REQUEST_UNSUPPORTED); return false;
/** * Gets authentication date time. * * @return the authentication date time */ private static DateTime getAuthenticationDateTime(final ProfileRequestContext profileRequestContext) { final AuthenticationContext ctx = profileRequestContext.getSubcontext(AuthenticationContext.class); if (ctx != null && ctx.getAuthenticationResult() != null) { return new DateTime(ctx.getAuthenticationResult().getAuthenticationInstant()); } final SessionContext ctxSession = profileRequestContext.getSubcontext(SessionContext.class); if (ctxSession != null && ctxSession.getIdPSession() != null) { return new DateTime(ctxSession.getIdPSession().getCreationInstant()); } throw new OIDCException("Could not determine authentication time based on authentication or session context"); } }
final AuthenticationResult result = new AuthenticationResult(authenticationContext.getAttemptedFlow().getId(), populateSubject(getSubject())); authenticationContext.setAuthenticationResult(result); c14n.setSubject(result.getSubject()); if (requesterLookupStrategy != null) { c14n.setRequesterId(requesterLookupStrategy.apply(profileRequestContext));
/** * Get an immutable list of Subjects extracted from every AuthenticationResult * associated with the context. * * @return immutable list of Subjects */ @Nonnull @NonnullElements @Unmodifiable @NotLive public List<Subject> getSubjects() { final List<Subject> composite = new ArrayList<>(); for (final AuthenticationResult e : getAuthenticationResults().values()) { composite.add(e.getSubject()); } return ImmutableList.copyOf(composite); }
: authenticationContext.getAuthenticationResult().getSupportedPrincipals(p.getClass())) { if (predicate.apply(new PrincipalSupportingComponent() { public <T extends Principal> Set<T> getSupportedPrincipals(final Class<T> c) {