passwordAuthnCtxRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
/** {@inheritDoc} */ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException { AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) samlObject; ElementSupport.appendTextContent(domElement, authnContextClassRef.getAuthnContextClassRef()); } }
/** * Gets authentication context by assertion. * This is more of a template method for the time being, * and may be enhanced later to support more advanced parsing of classes * from the assertion. * * @param assertion the assertion * @param requestedAuthnContext the requested authn context * @param authnContextClassRefs the authn context class refs * @return the authentication context by assertion */ protected String getAuthenticationContextByAssertion(final Object assertion, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) { LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison()); authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getAuthnContextClassRef())); return null; } }
/** {@inheritDoc} */ protected void processElementContent(XMLObject samlObject, String elementContent) { AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) samlObject; authnContextClassRef.setAuthnContextClassRef(elementContent); } }
protected AuthenticationContextClassReference getAuthenticationContextClassReference(AuthnRequest request) { AuthenticationContextClassReference result = null; final RequestedAuthnContext context = request.getRequestedAuthnContext(); if (context != null && !CollectionUtils.isEmpty(context.getAuthnContextClassRefs())) { final String urn = context.getAuthnContextClassRefs().get(0).getAuthnContextClassRef(); result = AuthenticationContextClassReference.fromUrn(urn); } return result; }
@SuppressWarnings("unchecked") public static AuthnContextClassRef createAuthnCtxClassRef( String authnCtxClassRefValue ) { if (requestedAuthnCtxClassRefBuilder == null) { requestedAuthnCtxClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); } AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject(); authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue); return authnCtxClassRef; }
/** * Build redirect url by requested authn context. * * @param initialUrl the initial url * @param authnRequest the authn request * @param request the request * @return the redirect url */ protected String buildRedirectUrlByRequestedAuthnContext(final String initialUrl, final AuthnRequest authnRequest, final HttpServletRequest request) { val authenticationContextClassMappings = this.casProperties.getAuthn().getSamlIdp().getAuthenticationContextClassMappings(); if (authnRequest.getRequestedAuthnContext() == null || authenticationContextClassMappings == null || authenticationContextClassMappings.isEmpty()) { return initialUrl; } val mappings = getAuthenticationContextMappings(); val p = authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() .stream() .filter(ref -> { val clazz = ref.getAuthnContextClassRef(); return mappings.containsKey(clazz); }) .findFirst(); if (p.isPresent()) { val mappedClazz = mappings.get(p.get().getAuthnContextClassRef()); return initialUrl + '&' + casProperties.getAuthn().getMfa().getRequestParameter() + '=' + mappedClazz; } return initialUrl; }
@Override public RequestedAuthnContext provide() { AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject(); authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX); RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject(); requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT); requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef); return requestedAuthnContext; } }
protected List<AuthenticationStatement> getAuthenticationStatements( List<AuthnStatement> authnStatements ) { List<AuthenticationStatement> result = new LinkedList<>(); for (AuthnStatement s : ofNullable(authnStatements).orElse(emptyList())) { AuthnContext authnContext = s.getAuthnContext(); AuthnContextClassRef authnContextClassRef = authnContext.getAuthnContextClassRef(); String ref = null; if (authnContextClassRef.getAuthnContextClassRef() != null) { ref = authnContextClassRef.getAuthnContextClassRef(); } result.add( new AuthenticationStatement() .setSessionIndex(s.getSessionIndex()) .setAuthInstant(s.getAuthnInstant()) .setSessionNotOnOrAfter(s.getSessionNotOnOrAfter()) .setAuthenticationContext( authnContext != null ? new AuthenticationContext() .setClassReference(AuthenticationContextClassReference.fromUrn(ref)) : null ) ); } return result; }
/** * New authn statement. * * @param contextClassRef the context class ref such as {@link AuthnContext#PASSWORD_AUTHN_CTX} * @param authnInstant the authn instant * @return the authn statement */ public AuthnStatement newAuthnStatement(final String contextClassRef, final DateTime authnInstant) { final AuthnStatement stmt = newSamlObject(AuthnStatement.class); final AuthnContext ctx = newSamlObject(AuthnContext.class); final AuthnContextClassRef classRef = newSamlObject(AuthnContextClassRef.class); classRef.setAuthnContextClassRef(contextClassRef); ctx.setAuthnContextClassRef(classRef); stmt.setAuthnContext(ctx); stmt.setAuthnInstant(authnInstant); return stmt; }
if (ref.getAuthnContextClassRef() != null) { if (!ignoredContexts.contains(ref.getAuthnContextClassRef())) { principals.add(new AuthnContextClassRefPrincipal(ref.getAuthnContextClassRef())); } else { log.info("{} Ignoring AuthnContextClassRef: {}", getLogPrefix(), ref.getAuthnContextClassRef());
protected RequestedAuthnContext getRequestedAuthenticationContext(AuthenticationRequest request) { RequestedAuthnContext result = null; if (request.getRequestedAuthenticationContext() != null) { result = buildSAMLObject(RequestedAuthnContext.class); switch (request.getRequestedAuthenticationContext()) { case exact: result.setComparison(EXACT); break; case better: result.setComparison(AuthnContextComparisonTypeEnumeration.BETTER); break; case maximum: result.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); break; case minimum: result.setComparison(AuthnContextComparisonTypeEnumeration.MAXIMUM); break; default: result.setComparison(EXACT); break; } if (request.getAuthenticationContextClassReference() != null) { final AuthnContextClassRef authnContextClassRef = buildSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(request.getAuthenticationContextClassReference() .toString()); result.getAuthnContextClassRefs().add(authnContextClassRef); } } return result; }
for (AuthnContextClassRef authnContextClassRef : authnContextClassRefs) { List<Assertion> collectedAssertions = finder.findBySubjectAndAuthnContextClassRef(user, authnContextClassRef.getAuthnContextClassRef()); if(collectedAssertions != null || collectedAssertions.size() > 0) { assertions.addAll(collectedAssertions);
setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
for (final AuthnStatement authnStatement : authnStatements) { if(authnStatement.getAuthnContext().getAuthnContextClassRef() != null) { authnContexts.add(authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
passwordAuthnCtxRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
final AuthnContext ac = statement.getAuthnContext(); if (ac.getAuthnContextClassRef() != null) { return ac.getAuthnContextClassRef().getAuthnContextClassRef(); } else if (ac.getAuthnContextDeclRef() != null) { return ac.getAuthnContextDeclRef().getAuthnContextDeclRef();
authnContextClassRef.setAuthnContextClassRef( transformAuthenticationMethod(statementBean.getAuthenticationMethod()) );
authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX); authContext.setAuthnContextClassRef(authCtxClassRef); authStmt.setAuthnContext(authContext);
authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX); authContext.setAuthnContextClassRef(authCtxClassRef); authStmt.setAuthnContext(authContext);