/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (!authenticationContext.isForceAuthn() && authenticationContext.getMaxAge() == 0) { log.debug("{} Request does not have forced authentication requirement, nothing to do", getLogPrefix()); return false; } return super.doPreExecute(profileRequestContext, authenticationContext); }
/** {@inheritDoc} */ @SuppressWarnings("deprecation") @Override protected void doStart(@Nonnull final HttpServletRequest request) throws ExternalAuthenticationException { final AuthenticationContext authnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (authnContext == null) { throw new ExternalAuthenticationException("No AuthenticationContext found"); } else if (authnContext.getAttemptedFlow() == null) { throw new ExternalAuthenticationException("No attempted authentication flow set"); } request.setAttribute(ProfileRequestContext.BINDING_KEY, profileRequestContext); request.setAttribute(EXTENDED_FLOW_PARAM, extendedFlow); request.setAttribute(PASSIVE_AUTHN_PARAM, authnContext.isPassive()); request.setAttribute(FORCE_AUTHN_PARAM, authnContext.isForceAuthn()); final Collection<Principal> principals = authnContext.getAttemptedFlow().getSupportedPrincipals(); if (!principals.isEmpty()) { request.setAttribute(AUTHN_METHOD_PARAM, principals.iterator().next().getName()); } final RelyingPartyContext rpCtx = relyingPartyContextLookupStrategy.apply(profileRequestContext); if (rpCtx != null) { request.setAttribute(RELYING_PARTY_PARAM, rpCtx.getRelyingPartyId()); } }
/** * Get whether one or more of the active results in this context satisfies the request. * * @return true iff at least one of the active results satisfies the request */ public boolean isAcceptable() { final AuthenticationContext authnContext = (AuthenticationContext) getParent(); if (authnContext != null) { for (final AuthenticationResult result : activeResults.values()) { // Only include Principals from fresh results or when forced authn is off. if (!(authnContext.isForceAuthn() && result.isPreviousResult())) { if (authnContext.isAcceptable(result)) { return true; } } } } return false; }
final AuthenticationResult mfaResult = ac.getActiveResults().get(ac.getAttemptedFlow().getId()); if (mfaResult != null) { if (ac.isForceAuthn()) { log.debug("{} Ignoring active result due to forced authentication requirement", getLogPrefix());
if (ac.isForceAuthn()) { log.debug("Authentication context requires force authN for {}", authorizationRequest.getClientId());
@Nonnull @Override protected Event doExecute(@Nonnull final RequestContext springRequestContext, @Nonnull final ProfileRequestContext profileRequestContext){ final AuthenticationContext ac = new AuthenticationContext(); ac.setForceAuthn(getCASRequest(profileRequestContext).isRenew()); ac.setIsPassive(false); if (!ac.isForceAuthn()) { final LoginConfiguration config = configLookupFunction.apply(profileRequestContext); if (config != null) { ac.setForceAuthn(config.getForceAuthnPredicate().apply(profileRequestContext)); } } final AuthenticationContext initialAuthnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (initialAuthnContext != null) { ac.setInitialAuthenticationResult(initialAuthnContext.getAuthenticationResult()); } profileRequestContext.addSubcontext(ac, true); profileRequestContext.setBrowserProfile(true); return null; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final AuthenticationContext authnCtx = new AuthenticationContext(); if (authnRequest != null) { authnCtx.setForceAuthn(authnRequest.isForceAuthn()); authnCtx.setIsPassive(authnRequest.isPassive()); } final AuthenticationContext initialAuthnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (initialAuthnContext != null) { authnCtx.setInitialAuthenticationResult(initialAuthnContext.getAuthenticationResult()); } if (!authnCtx.isForceAuthn()) { authnCtx.setForceAuthn(forceAuthnPredicate.apply(profileRequestContext)); } profileRequestContext.addSubcontext(authnCtx, true); log.debug("{} Created authentication context: {}", getLogPrefix(), authnCtx); }
authenticationContext.getInitialAuthenticationResult().getAuthenticationFlowId(), authenticationContext.getInitialAuthenticationResult())); } else if (authenticationContext.isForceAuthn()) { log.debug("{} Forced authentication requested, selecting an inactive flow", getLogPrefix()); selectRequestedInactiveFlow(profileRequestContext, authenticationContext);
if (authenticationContext.isForceAuthn()) { log.debug("{} Forced authentication requested, selecting an inactive flow", getLogPrefix()); final AuthenticationFlowDescriptor flow =
ActionSupport.buildEvent(profileRequestContext, AuthnEventIds.NO_PASSIVE); return; } else if ((authenticationContext.isForceAuthn() || authenticationContext.getMaxAge() > 0) && !flow.isForcedAuthenticationSupported()) { log.error("{} Targeted login flow '{}' does not support forced re-authentication",
if (!authenticationContext.isForceAuthn() && flow.getReuseCondition().apply(profileRequestContext)) { activeResult = authenticationContext.getActiveResults().get(flow.getId()); } else if (authenticationContext.getInitialAuthenticationResult() != null