/** * Gets an authentication attribute from the primary authentication object. * * @param model the model * @param attributeName the attribute name * @return the authentication attribute */ protected final String getAuthenticationAttribute(final Map<String, Object> model, final String attributeName) { final Authentication authn = getPrimaryAuthenticationFrom(model); return (String) authn.getAttributes().get(attributeName); } /**
/** * Retrieves the collection of authentication methods available in the list * of authentication attributes. The authentication attribute that refers to the set of methods satisfied is * by the name of {@link MultiFactorAuthenticationSupportingWebApplicationService#CONST_PARAM_AUTHN_METHOD}. * * @param authentication the authentication that houses the methods. * @return collection of fulfilled authentication methods */ public static Set<String> getSatisfiedAuthenticationMethods(final Authentication authentication) { if (authentication.getAttributes().containsKey(MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD)) { final Object methods = authentication.getAttributes().get( MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD); if (methods != null) { final Set<Object> valuesAsACollection = convertValueToCollection(methods); return new HashSet<>(Arrays.asList(valuesAsACollection.toArray(new String[]{}))); } } return Collections.emptySet(); }
@Override public boolean isExpired(final TicketState ticketState) { if (this.rememberMeExpirationPolicy != null && this.sessionExpirationPolicy != null) { final Boolean b = (Boolean) ticketState.getAuthentication().getAttributes(). get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME); if (b == null || b.equals(Boolean.FALSE)) { LOGGER.debug("Ticket is not associated with a remember-me authentication. Invoking {}", sessionExpirationPolicy); return this.sessionExpirationPolicy.isExpired(ticketState); } LOGGER.debug("Ticket is associated with a remember-me authentication. Invoking {}", rememberMeExpirationPolicy); return this.rememberMeExpirationPolicy.isExpired(ticketState); } LOGGER.warn("No expiration policy settings are defined"); return false; }
/** * Gets authentication attributes. * Single-valued attributes are converted to a collection * so the review can easily loop through all. * @param model the model * @return the attributes * @see #convertAttributeValuesToMultiValuedObjects(java.util.Map) * @since 4.1.0 */ protected final Map<String, Object> getAuthenticationAttributesAsMultiValuedAttributes(final Map<String, Object> model) { return convertAttributeValuesToMultiValuedObjects(getPrimaryAuthenticationFrom(model).getAttributes()); }
@Override public boolean equals(final Object obj) { if (!(obj instanceof Authentication)) { return false; } if (obj == this) { return true; } final Authentication other = (Authentication) obj; final EqualsBuilder builder = new EqualsBuilder(); builder.append(this.principal, other.getPrincipal()); builder.append(this.credentials, other.getCredentials()); builder.append(this.successes, other.getSuccesses()); builder.append(this.authenticationDate, other.getAuthenticationDate()); builder.append(wrap(this.attributes), other.getAttributes()); builder.append(wrap(this.failures), other.getFailures()); return builder.isEquals(); }
principalAttributes, authenticatedPrincipal.getId()); for (final String attrName : authn.getAttributes().keySet()) { if (!authenticationAttributes.containsKey(attrName)) { final Object value = authn.getAttributes().get(attrName); if (value != null) { authenticationAttributes.put(attrName, value); listOfValues.add(authn.getAttributes().get(attrName)); authenticationAttributes.put(attrName, listOfValues); LOGGER.debug("Collected multi-valued authentication attribute [{}] -> [{}]", attrName, listOfValues);
failures.putAll(authn.getFailures()); for (final String attrName : authn.getAttributes().keySet()) { if (!authenticationAttributes.containsKey(attrName)) { authenticationAttributes.put(attrName, authn.getAttributes().get(attrName)); } else { final Object oldValue = authenticationAttributes.remove(attrName); final Collection<Object> listOfValues = MultiFactorUtils.convertValueToCollection(oldValue); listOfValues.add(authn.getAttributes().get(attrName)); authenticationAttributes.put(attrName, listOfValues);
private AuthenticationStatement newAuthenticationStatement(final Authentication authentication) { final String authenticationMethod = (String) authentication.getAttributes().get( SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD); final AuthenticationStatement authnStatement = newSamlObject(AuthenticationStatement.class); authnStatement.setAuthenticationInstant(new DateTime(authentication.getAuthenticatedDate())); authnStatement.setAuthenticationMethod(authenticationMethod != null ? authenticationMethod : SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_UNSPECIFIED); authnStatement.setSubject(newSubject(authentication.getPrincipal().getId())); return authnStatement; }
sso.put(SsoSessionAttributeKeys.TICKET_GRANTING_TICKET.toString(), tgt.getId()); sso.put(SsoSessionAttributeKeys.PRINCIPAL_ATTRIBUTES.toString(), principal.getAttributes()); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_ATTRIBUTES.toString(), authentication.getAttributes());
@Override protected void prepareResponse(final Response response, final Map<String, Object> model) { final DateTime issuedAt = response.getIssueInstant(); final Service service = getAssertionFrom(model).getService(); final Authentication authentication = getPrimaryAuthenticationFrom(model); final String authenticationMethod = (String) authentication.getAttributes().get( SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD); final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement( authentication.getAuthenticationDate().toDate(), authenticationMethod, getPrincipal(model).getId()); final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId()); final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.issueLength); assertion.setConditions(conditions); final Subject subject = this.samlObjectBuilder.newSubject(getPrincipal(model).getId()); final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service); if (!attributesToSend.isEmpty()) { assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement( subject, attributesToSend, VALIDATION_SAML_ATTRIBUTE_NAMESPACE)); } response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null)); response.getAssertions().add(assertion); }
@Override protected void prepareResponse(final Response response, final Map<String, Object> model) { final Authentication authentication = getAssertionFrom(model).getChainedAuthentications().get(0); final DateTime issuedAt = response.getIssueInstant(); final Service service = getAssertionFrom(model).getService(); final Object o = authentication.getAttributes().get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME); final boolean isRemembered = o == Boolean.TRUE && !getAssertionFrom(model).isFromNewLogin(); // Build up the SAML assertion containing AuthenticationStatement and AttributeStatement final Assertion assertion = newSamlObject(Assertion.class); assertion.setID(generateId()); assertion.setIssueInstant(issuedAt); assertion.setIssuer(this.issuer); assertion.setConditions(newConditions(issuedAt, service.getId())); final AuthenticationStatement authnStatement = newAuthenticationStatement(authentication); assertion.getAuthenticationStatements().add(authnStatement); final Map<String, Object> attributes = authentication.getPrincipal().getAttributes(); if (!attributes.isEmpty() || isRemembered) { assertion.getAttributeStatements().add( newAttributeStatement(newSubject(authentication.getPrincipal().getId()), attributes, isRemembered)); } response.setStatus(newStatus(StatusCode.SUCCESS, null)); response.getAssertions().add(assertion); }
/** * Creates a new builder initialized with data from the given authentication source. * * @param source Authentication source. * * @return New builder instance initialized with all fields in the given authentication source. */ public static AuthenticationBuilder newInstance(final Authentication source) { final DefaultAuthenticationBuilder builder = new DefaultAuthenticationBuilder(source.getPrincipal()); builder.setAuthenticationDate(source.getAuthenticationDate()); builder.setCredentials(source.getCredentials()); builder.setSuccesses(source.getSuccesses()); builder.setFailures(source.getFailures()); builder.setAttributes(source.getAttributes()); return builder; }