mfaCtx.setAuthenticationFlowDescriptor(authenticationContext.getAttemptedFlow()); mfaCtx.setTransitionMap(transitionMap); mfaCtx.setNextFlowId(null); mfaCtx.getActiveResults().clear(); if (results != null) { for (final AuthenticationResult result : results) { mfaCtx.getActiveResults().put(result.getAuthenticationFlowId(), result);
/** {@inheritDoc} */ @Nullable public AuthenticationResult apply(@Nullable final ProfileRequestContext input) { if (input != null) { final AuthenticationContext authnContext = input.getSubcontext(AuthenticationContext.class); if (authnContext != null) { final MultiFactorAuthenticationContext mfaContext = authnContext.getSubcontext(MultiFactorAuthenticationContext.class); if (mfaContext != null) { final Collection<AuthenticationResult> results = mfaContext.getActiveResults().values(); if (!results.isEmpty()) { final Subject subject = new Subject(); for (final AuthenticationResult result : results) { subject.getPrincipals().add(new AuthenticationResultPrincipal(result)); subject.getPrincipals().addAll(result.getSubject().getPrincipals()); subject.getPublicCredentials().addAll(result.getSubject().getPublicCredentials()); subject.getPrivateCredentials().addAll(result.getSubject().getPrivateCredentials()); } final AuthenticationResult merged = new AuthenticationResult( mfaContext.getAuthenticationFlowDescriptor().getId(), subject); return merged; } } } } return null; }
/** * Get whether one or more of the active results in this context satisfies the request. * * @return true iff at least one of the active results satisfies the request */ public boolean isAcceptable() { final AuthenticationContext authnContext = (AuthenticationContext) getParent(); if (authnContext != null) { for (final AuthenticationResult result : activeResults.values()) { // Only include Principals from fresh results or when forced authn is off. if (!(authnContext.isForceAuthn() && result.isPreviousResult())) { if (authnContext.isAcceptable(result)) { return true; } } } } return false; }
authenticationContext.setAttemptedFlow(mfaContext.getAuthenticationFlowDescriptor()); log.debug("{} Preserving authentication result from '{}' flow", getLogPrefix(), result.getAuthenticationFlowId()); mfaContext.getActiveResults().put(result.getAuthenticationFlowId(), result); } else { log.debug("{} Discarding incomplete authentication result from '{}' flow", getLogPrefix(), final String prevFlowId = mfaContext.getNextFlowId(); mfaContext.setNextFlowId(null); if (prevFlowId == null) { log.debug("{} Applying MFA transition rule to determine initial state", getLogPrefix()); final MultiFactorAuthenticationTransition transition = mfaContext.getTransitionMap().get(prevFlowId); if (transition != null) { flowId = transition.getNextFlowStrategy(previousEvent).apply(profileRequestContext); mfaContext.setNextFlowId(flowId); doTransition(profileRequestContext, authenticationContext, transition); } else { final String event = mfaContext.getEvent() != null ? mfaContext.getEvent() : previousEvent; log.debug("{} MFA flow completing with event '{}'", getLogPrefix(), event); if (EventIds.PROCEED_EVENT_ID.equals(event)) {
final String flowId = mfaContext.getNextFlowId(); if (!flowId.startsWith("authn/")) { ActionSupport.buildProceedEvent(profileRequestContext); final AuthenticationResult activeResult = mfaContext.getActiveResults().get(flowId); if (activeResult != null) { if (flow.getReuseCondition().apply(profileRequestContext)) { } else { log.debug("{} Condition blocked reuse of active result for '{}' flow", getLogPrefix(), flowId); mfaContext.getActiveResults().remove(flowId);