/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { subject.getPrincipals().add(new UsernamePrincipal(upContext.getUsername())); if (savePasswordToCredentialSet) { subject.getPrivateCredentials().add(new PasswordPrincipal(upContext.getPassword())); } if (removeContextAfterValidation) { upContext.getParent().removeSubcontext(upContext); upContext.setPassword(null); upContext = null; } return subject; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final Pair<String, String> usernamePassword = extractUsernamePassword(inboundMessage); if (usernamePassword == null) { log.debug("{} inbound message does not contain a username and password", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_CREDENTIALS); return; } authenticationContext.getSubcontext(UsernamePasswordContext.class, true) .setUsername(usernamePassword.getFirst()).setPassword(usernamePassword.getSecond()); }
/** * Handle a callback. * * @param callbacks The list of callbacks to process. * * @throws UnsupportedCallbackException If callbacks has a callback other than {@link NameCallback} or * {@link PasswordCallback}. */ public void handle(final Callback[] callbacks) throws UnsupportedCallbackException { if (callbacks == null || callbacks.length == 0) { return; } for (final Callback cb : callbacks) { if (cb instanceof NameCallback) { final NameCallback ncb = (NameCallback) cb; ncb.setName(getUsernamePasswordContext().getUsername()); } else if (cb instanceof PasswordCallback) { final PasswordCallback pcb = (PasswordCallback) cb; pcb.setPassword(getUsernamePasswordContext().getPassword().toCharArray()); } } } }
/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { subject.getPrincipals().add( new LdapPrincipal(getUsernamePasswordContext().getUsername(), response.getLdapEntry())); return super.populateSubject(subject); }
/** * Handle a callback. * * @param callbacks The list of callbacks to process. * * @throws UnsupportedCallbackException If callbacks has a callback other than {@link NameCallback} or * {@link PasswordCallback}. */ public void handle(final Callback[] callbacks) throws UnsupportedCallbackException { if (callbacks == null || callbacks.length == 0) { return; } for (final Callback cb : callbacks) { if (cb instanceof NameCallback) { final NameCallback ncb = (NameCallback) cb; ncb.setName(getUsernamePasswordContext().getUsername()); } else if (cb instanceof PasswordCallback) { final PasswordCallback pcb = (PasswordCallback) cb; pcb.setPassword(getUsernamePasswordContext().getPassword().toCharArray()); } } } }
final String username = upContext.getUsername(); final String ipAddr = httpRequest.getRemoteAddr(); if (username == null || username.isEmpty() || ipAddr == null || ipAddr.isEmpty()) {
recordFailure(); return false; } else if (upContext.getUsername() == null) { log.info("{} No username available within UsernamePasswordContext", getLogPrefix()); handleError(profileRequestContext, authenticationContext, "NoCredentials", AuthnEventIds.NO_CREDENTIALS); recordFailure(); return false; } else if (upContext.getPassword() == null) { log.info("{} No password available within UsernamePasswordContext", getLogPrefix()); handleError(profileRequestContext, authenticationContext, AuthnEventIds.INVALID_CREDENTIALS, if (matchExpression != null && !matchExpression.matcher(upContext.getUsername()).matches()) { log.debug("{} Username '{}' did not match expression", getLogPrefix(), upContext.getUsername()); handleError(profileRequestContext, authenticationContext, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS); upContext.getUsername()); handleError(profileRequestContext, authenticationContext, AuthnEventIds.ACCOUNT_LOCKED, AuthnEventIds.ACCOUNT_LOCKED);
log.info("{} Login by '{}' succeeded", getLogPrefix(), getUsernamePasswordContext().getUsername()); recordSuccess(profileRequestContext); buildAuthenticationResult(profileRequestContext, authenticationContext); recordFailure(profileRequestContext, false); } catch (final LoginException e) { log.info("{} Login by {} failed", getLogPrefix(), getUsernamePasswordContext().getUsername(), e); handleError(profileRequestContext, authenticationContext, e, AuthnEventIds.INVALID_CREDENTIALS); recordFailure(profileRequestContext, true); } catch(final GSSException e) { log.warn("{} Login by {} failed during GSS context establishment to verify KDC", getLogPrefix(), getUsernamePasswordContext().getUsername(), e); handleError(profileRequestContext, authenticationContext, e, AuthnEventIds.INVALID_CREDENTIALS); recordFailure(profileRequestContext, false); } catch (final Exception e) { log.warn("{} Login by {} produced unknown exception", getLogPrefix(), getUsernamePasswordContext().getUsername(), e); handleError(profileRequestContext, authenticationContext, e, AuthnEventIds.AUTHN_EXCEPTION); recordFailure(profileRequestContext, false);
upCtx.setUsername(null); upCtx.setPassword(null); upCtx.setUsername(applyTransforms(username)); upCtx.setPassword(password);
try { log.debug("{} Attempting to authenticate user {}", getLogPrefix(), getUsernamePasswordContext() .getUsername()); final VelocityContext context = new VelocityContext(); context.put("usernamePasswordContext", getUsernamePasswordContext()); final AuthenticationRequest request = new AuthenticationRequest(new User(getUsernamePasswordContext().getUsername(), context), new Credential(getUsernamePasswordContext().getPassword()), returnAttributes); response = authenticator.authenticate(request); log.trace("{} Authentication response {}", getLogPrefix(), response); if (response.getResult()) { log.info("{} Login by '{}' succeeded", getLogPrefix(), getUsernamePasswordContext().getUsername()); recordSuccess(profileRequestContext); authenticationContext.getSubcontext(LDAPResponseContext.class, true) log.info("{} Login by '{}' failed", getLogPrefix(), getUsernamePasswordContext().getUsername()); authenticationContext.getSubcontext(LDAPResponseContext.class, true) .setAuthenticationResponse(response); log.warn("{} Login by {} produced exception", getLogPrefix(), getUsernamePasswordContext().getUsername(), e); recordFailure(profileRequestContext, false);
getLogPrefix(), getUsernamePasswordContext().getUsername(), servicePrincipal);
upCtx.setUsername(null); upCtx.setPassword(null); upCtx.setUsername(applyTransforms(decodedCredentials.getFirst())).setPassword(decodedCredentials.getSecond());
private static Object getAuthenticationTokenCredentials(final ProfileRequestContext profileRequestContext) { final AuthenticationContext ctx = profileRequestContext.getSubcontext(AuthenticationContext.class); if (ctx != null && ctx.containsSubcontext(UsernamePasswordContext.class)) { final UsernamePasswordContext subcontext = ctx.getSubcontext(UsernamePasswordContext.class); return subcontext.getUsername(); } final SubjectContext sub = profileRequestContext.getSubcontext(SubjectContext.class); if (sub == null) { throw new OIDCException("Could not locate SubjectContext in the ProfileRequestContext"); } return sub.getPrincipalName(); }
currentLoginConfigName = loginConfig.getFirst(); log.debug("{} Attempting to authenticate user '{}' via '{}'", getLogPrefix(), getUsernamePasswordContext().getUsername(), currentLoginConfigName); authenticate(currentLoginConfigName); log.info("{} Login by '{}' via '{}' succeeded", getLogPrefix(), getUsernamePasswordContext().getUsername(), currentLoginConfigName); recordSuccess(profileRequestContext); derivedSubject = loginConfig.getSecond(); return; } catch (final LoginException e){ log.info("{} Login by '{}' via '{}' failed", getLogPrefix(), getUsernamePasswordContext().getUsername(), currentLoginConfigName, e); handleError(profileRequestContext, authenticationContext, e, AuthnEventIds.INVALID_CREDENTIALS); } catch (final Exception e) { log.warn("{} Login by '{}' via '{}' produced exception", getLogPrefix(), getUsernamePasswordContext().getUsername(), currentLoginConfigName, e); handleError(profileRequestContext, authenticationContext, e, AuthnEventIds.AUTHN_EXCEPTION); recordFailure(profileRequestContext, false);