protected RequestedAuthenticationContext getRequestedAuthenticationContext(AuthnRequest request) { RequestedAuthenticationContext result = null; if (request.getRequestedAuthnContext() != null) { AuthnContextComparisonTypeEnumeration comparison = request.getRequestedAuthnContext().getComparison(); if (null != comparison) { result = RequestedAuthenticationContext.valueOf(comparison.toString()); } } return result; }
protected AuthenticationContextClassReference getAuthenticationContextClassReference(AuthnRequest request) { AuthenticationContextClassReference result = null; final RequestedAuthnContext context = request.getRequestedAuthnContext(); if (context != null && !CollectionUtils.isEmpty(context.getAuthnContextClassRefs())) { final String urn = context.getAuthnContextClassRefs().get(0).getAuthnContextClassRef(); result = AuthenticationContextClassReference.fromUrn(urn); } return result; }
/** * Build redirect url by requested authn context. * * @param initialUrl the initial url * @param authnRequest the authn request * @param request the request * @return the redirect url */ protected String buildRedirectUrlByRequestedAuthnContext(final String initialUrl, final AuthnRequest authnRequest, final HttpServletRequest request) { val authenticationContextClassMappings = this.casProperties.getAuthn().getSamlIdp().getAuthenticationContextClassMappings(); if (authnRequest.getRequestedAuthnContext() == null || authenticationContextClassMappings == null || authenticationContextClassMappings.isEmpty()) { return initialUrl; } val mappings = getAuthenticationContextMappings(); val p = authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() .stream() .filter(ref -> { val clazz = ref.getAuthnContextClassRef(); return mappings.containsKey(clazz); }) .findFirst(); if (p.isPresent()) { val mappedClazz = mappings.get(p.get().getAuthnContextClassRef()); return initialUrl + '&' + casProperties.getAuthn().getMfa().getRequestParameter() + '=' + mappedClazz; } return initialUrl; }
@Override public String build(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) { if (StringUtils.isNotBlank(service.getRequiredAuthenticationContextClass())) { LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", service.getRequiredAuthenticationContextClass(), service.getName()); return service.getRequiredAuthenticationContextClass(); } val defClass = StringUtils.defaultIfBlank( casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX); val requestedAuthnContext = authnRequest instanceof AuthnRequest ? AuthnRequest.class.cast(authnRequest).getRequestedAuthnContext() : null; if (requestedAuthnContext == null) { LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass); return defClass; } val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs(); if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) { LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass); return defClass; } val finalCtx = StringUtils.defaultIfBlank(getAuthenticationContextByAssertion(assertion, requestedAuthnContext, authnContextClassRefs), defClass); LOGGER.debug("Returning authN context [{}]", finalCtx); return finalCtx; }
@Nonnull final AuthenticationContext authenticationContext) { final RequestedAuthnContext requestedCtx = authnRequest.getRequestedAuthnContext(); if (requestedCtx == null) { log.debug("{} AuthnRequest did not contain a RequestedAuthnContext, nothing to do", getLogPrefix());