/** * Put ticket granting ticket in request and flow scopes. * * @param context the context * @param ticket the ticket value */ public static void putTicketGrantingTicketInScopes( final RequestContext context, @NotNull final TicketGrantingTicket ticket) { final String ticketValue = ticket != null ? ticket.getId() : null; putTicketGrantingTicketInScopes(context, ticketValue); }
@Override public final TicketGrantingTicket getGrantingTicket() { final TicketGrantingTicket old = this.ticket.getGrantingTicket(); if (old == null || !callback) { return old; } return this.ticketRegistry.getTicket(old.getId(), Ticket.class); }
@Override public String handle(final Credential credential, final TicketGrantingTicket proxyGrantingTicketId) { final HttpBasedServiceCredential serviceCredentials = (HttpBasedServiceCredential) credential; final String proxyIou = this.uniqueTicketIdGenerator.getNewTicketId(ProxyGrantingTicket.PROXY_GRANTING_TICKET_IOU_PREFIX); final URL callbackUrl = serviceCredentials.getCallbackUrl(); final String serviceCredentialsAsString = callbackUrl.toExternalForm(); final int bufferLength = serviceCredentialsAsString.length() + proxyIou.length() + proxyGrantingTicketId.getId().length() + BUFFER_LENGTH_ADDITIONAL_CHARGE; final StringBuilder stringBuffer = new StringBuilder(bufferLength); stringBuffer.append(serviceCredentialsAsString); if (callbackUrl.getQuery() != null) { stringBuffer.append('&'); } else { stringBuffer.append('?'); } stringBuffer.append(PARAMETER_PROXY_GRANTING_TICKET_IOU); stringBuffer.append('='); stringBuffer.append(proxyIou); stringBuffer.append('&'); stringBuffer.append(PARAMETER_PROXY_GRANTING_TICKET_ID); stringBuffer.append('='); stringBuffer.append(proxyGrantingTicketId); if (this.httpClient.isValidEndPoint(stringBuffer.toString())) { logger.debug("Sent ProxyIou of {} for service: {}", proxyIou, serviceCredentials); return proxyIou; } logger.debug("Failed to send ProxyIou of {} for service: {}", proxyIou, serviceCredentials); return null; }
@Override public void addTicket(final Ticket ticket) { if (ticket instanceof TicketGrantingTicket) { final TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) ticket; final String ticketId = ticketGrantingTicket.getId(); final String userName = ticketGrantingTicket.getAuthentication().getPrincipal().getId().toLowerCase(); logger.debug("Creating mapping ticket {} to user name {}", ticketId, userName); this.cache.put(ticketId, userName); } this.ticketRegistry.addTicket(ticket); }
@Override protected void onSuccessfulValidation(String serviceTicketId, Assertion assertion) { try { RegisteredServiceWithAttributes registeredService = RegisteredServiceWithAttributes.class.cast(this.servicesManager.findServiceBy(assertion.getService())); if (!this.registeredServicesPolicies.ssoSessionInitiating(registeredService)) { this.cas.destroyTicketGrantingTicket(tgtHolder.get().getId()); } } finally { tgtHolder.remove(); } } }
final URI ticketReference = new URI(request.getRequestURL().toString() + '/' + tgtId.getId()); final HttpHeaders headers = new HttpHeaders(); headers.setLocation(ticketReference);
/** * Gets the authentication satisfied by policy. * * @param ticket the ticket * @param context the context * @return the authentication satisfied by policy * @throws AbstractTicketException the ticket exception */ protected final Authentication getAuthenticationSatisfiedByPolicy( final TicketGrantingTicket ticket, final ServiceContext context) throws AbstractTicketException { final ContextualAuthenticationPolicy<ServiceContext> policy = serviceContextAuthenticationPolicyFactory.createPolicy(context); if (policy.isSatisfiedBy(ticket.getAuthentication())) { logger.debug("Authentication policy {} is satisfied by the authentication associated with {}", policy, ticket.getId()); return ticket.getAuthentication(); } for (final Authentication auth : ticket.getSupplementalAuthentications()) { if (policy.isSatisfiedBy(auth)) { logger.debug("Authentication policy {} is satisfied by supplemental authentication associated with {}", policy, ticket.getId()); return auth; } } throw new UnsatisfiedAuthenticationPolicyException(policy); }
logger.debug("TGT {} is not proxied by another service", ticketGrantingTicket.getId());
dateFormat.format(authentication.getAuthenticationDate())); sso.put(SsoSessionAttributeKeys.NUMBER_OF_USES.toString(), tgt.getCountOfUses()); sso.put(SsoSessionAttributeKeys.TICKET_GRANTING_TICKET.toString(), tgt.getId()); sso.put(SsoSessionAttributeKeys.PRINCIPAL_ATTRIBUTES.toString(), principal.getAttributes()); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_ATTRIBUTES.toString(), authentication.getAttributes());
/** * Creates the ticket granting ticket. * * @param authentication the authentication * @param context the context * @param credentials the credentials * @param messageContext the message context * @param id the id * @return the event * @throws Exception the exception */ private Event createTicketGrantingTicket(final Authentication authentication, final RequestContext context, final Credential credentials, final MessageContext messageContext, final String id) throws Exception { final MultiFactorCredentials mfa = MultiFactorRequestContextUtils.getMfaCredentials(context); mfa.addAuthenticationToChain(authentication); mfa.getChainedCredentials().put(id, credentials); MultiFactorRequestContextUtils.setMfaCredentials(context, mfa); final TicketGrantingTicket tgt = this.cas.createTicketGrantingTicket(mfa); WebUtils.putTicketGrantingTicketInScopes(context, tgt); final FlowSession session = context.getFlowExecutionContext().getActiveSession(); logger.debug("Located active webflow session {}", session.getDefinition().getId()); session.getParent().getScope().put("ticketGrantingTicketId", tgt.getId()); return getSuccessEvent(context); }