/** {@inheritDoc} */ protected void marshallElementContent(XMLObject samlObject, Element domElement) throws MarshallingException { AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) samlObject; ElementSupport.appendTextContent(domElement, authnContextClassRef.getAuthnContextClassRef()); } }
/** * Gets authentication context by assertion. * This is more of a template method for the time being, * and may be enhanced later to support more advanced parsing of classes * from the assertion. * * @param assertion the assertion * @param requestedAuthnContext the requested authn context * @param authnContextClassRefs the authn context class refs * @return the authentication context by assertion */ protected String getAuthenticationContextByAssertion(final Object assertion, final RequestedAuthnContext requestedAuthnContext, final List<AuthnContextClassRef> authnContextClassRefs) { LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison()); authnContextClassRefs.forEach(c -> LOGGER.debug("Requested AuthN Context [{}]", c.getAuthnContextClassRef())); return null; } }
protected AuthenticationContextClassReference getAuthenticationContextClassReference(AuthnRequest request) { AuthenticationContextClassReference result = null; final RequestedAuthnContext context = request.getRequestedAuthnContext(); if (context != null && !CollectionUtils.isEmpty(context.getAuthnContextClassRefs())) { final String urn = context.getAuthnContextClassRefs().get(0).getAuthnContextClassRef(); result = AuthenticationContextClassReference.fromUrn(urn); } return result; }
/** * Build redirect url by requested authn context. * * @param initialUrl the initial url * @param authnRequest the authn request * @param request the request * @return the redirect url */ protected String buildRedirectUrlByRequestedAuthnContext(final String initialUrl, final AuthnRequest authnRequest, final HttpServletRequest request) { val authenticationContextClassMappings = this.casProperties.getAuthn().getSamlIdp().getAuthenticationContextClassMappings(); if (authnRequest.getRequestedAuthnContext() == null || authenticationContextClassMappings == null || authenticationContextClassMappings.isEmpty()) { return initialUrl; } val mappings = getAuthenticationContextMappings(); val p = authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() .stream() .filter(ref -> { val clazz = ref.getAuthnContextClassRef(); return mappings.containsKey(clazz); }) .findFirst(); if (p.isPresent()) { val mappedClazz = mappings.get(p.get().getAuthnContextClassRef()); return initialUrl + '&' + casProperties.getAuthn().getMfa().getRequestParameter() + '=' + mappedClazz; } return initialUrl; }
protected List<AuthenticationStatement> getAuthenticationStatements( List<AuthnStatement> authnStatements ) { List<AuthenticationStatement> result = new LinkedList<>(); for (AuthnStatement s : ofNullable(authnStatements).orElse(emptyList())) { AuthnContext authnContext = s.getAuthnContext(); AuthnContextClassRef authnContextClassRef = authnContext.getAuthnContextClassRef(); String ref = null; if (authnContextClassRef.getAuthnContextClassRef() != null) { ref = authnContextClassRef.getAuthnContextClassRef(); } result.add( new AuthenticationStatement() .setSessionIndex(s.getSessionIndex()) .setAuthInstant(s.getAuthnInstant()) .setSessionNotOnOrAfter(s.getSessionNotOnOrAfter()) .setAuthenticationContext( authnContext != null ? new AuthenticationContext() .setClassReference(AuthenticationContextClassReference.fromUrn(ref)) : null ) ); } return result; }
if (ref.getAuthnContextClassRef() != null) { if (!ignoredContexts.contains(ref.getAuthnContextClassRef())) { principals.add(new AuthnContextClassRefPrincipal(ref.getAuthnContextClassRef())); } else { log.info("{} Ignoring AuthnContextClassRef: {}", getLogPrefix(), ref.getAuthnContextClassRef());
for (AuthnContextClassRef authnContextClassRef : authnContextClassRefs) { List<Assertion> collectedAssertions = finder.findBySubjectAndAuthnContextClassRef(user, authnContextClassRef.getAuthnContextClassRef()); if(collectedAssertions != null || collectedAssertions.size() > 0) { assertions.addAll(collectedAssertions);
for (final AuthnStatement authnStatement : authnStatements) { if(authnStatement.getAuthnContext().getAuthnContextClassRef() != null) { authnContexts.add(authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
final AuthnContext ac = statement.getAuthnContext(); if (ac.getAuthnContextClassRef() != null) { return ac.getAuthnContextClassRef().getAuthnContextClassRef(); } else if (ac.getAuthnContextDeclRef() != null) { return ac.getAuthnContextDeclRef().getAuthnContextDeclRef();