This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new f2f5819cc1 SYNCOPE-1680: support Simple MFA for WA (#348)
f2f5819cc1 is described below
commit f2f5819cc17df83a2c96e9b23a3f4364e8866308
Author: Misagh Moayyed <[email protected]>
AuthorDate: Tue May 31 14:16:27 2022 +0400
SYNCOPE-1680: support Simple MFA for WA (#348)
---
.../common/lib/auth/SimpleMfaAuthModuleConf.java | 93 +++++++
.../src/test/resources/domains/MasterContent.xml | 2 +
.../core/persistence/jpa/inner/AuthModuleTest.java | 13 +
.../src/test/resources/domains/MasterContent.xml | 2 +
pom.xml | 10 +
.../bootstrap/SyncopeWAPropertySourceLocator.java | 267 ++++++++++++---------
wa/starter/pom.xml | 8 +
7 files changed, 284 insertions(+), 111 deletions(-)
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SimpleMfaAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SimpleMfaAuthModuleConf.java
new file mode 100644
index 0000000000..951b670372
--- /dev/null
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SimpleMfaAuthModuleConf.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.auth;
+
+public class SimpleMfaAuthModuleConf implements AuthModuleConf {
+ private static final long serialVersionUID = -7663257599139312426L;
+
+ private long timeToKillInSeconds = 30L;
+
+ private int tokenLength = 6;
+
+ private String bypassGroovyScript;
+
+ private String emailAttribute = "email";
+
+ private String emailFrom;
+
+ private String emailSubject;
+
+ private String emailText;
+
+ public String getEmailFrom() {
+ return emailFrom;
+ }
+
+ public void setEmailFrom(final String emailFrom) {
+ this.emailFrom = emailFrom;
+ }
+
+ public String getEmailSubject() {
+ return emailSubject;
+ }
+
+ public void setEmailSubject(final String emailSubject) {
+ this.emailSubject = emailSubject;
+ }
+
+ public String getEmailText() {
+ return emailText;
+ }
+
+ public void setEmailText(final String emailText) {
+ this.emailText = emailText;
+ }
+
+ public String getBypassGroovyScript() {
+ return bypassGroovyScript;
+ }
+
+ public void setBypassGroovyScript(final String bypassGroovyScript) {
+ this.bypassGroovyScript = bypassGroovyScript;
+ }
+
+ public String getEmailAttribute() {
+ return emailAttribute;
+ }
+
+ public void setEmailAttribute(final String emailAttribute) {
+ this.emailAttribute = emailAttribute;
+ }
+
+ public long getTimeToKillInSeconds() {
+ return timeToKillInSeconds;
+ }
+
+ public void setTimeToKillInSeconds(final long timeToKillInSeconds) {
+ this.timeToKillInSeconds = timeToKillInSeconds;
+ }
+
+ public int getTokenLength() {
+ return tokenLength;
+ }
+
+ public void setTokenLength(final int tokenLength) {
+ this.tokenLength = tokenLength;
+ }
+}
diff --git
a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
index 5a26612b17..4e59e87a05 100644
--- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
@@ -69,6 +69,8 @@ under the License.
description="JDBC auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT
* FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="DefaultGoogleMfaAuthModule"
description="Google Mfa auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf","codeDigits":6,"issuer":"SyncopeTest",
"label":"SyncopeTest", "timeStepSize":30, "windowSize":3}'/>
+ <AuthModule id="DefaultSimpleMfaAuthModule"
+ description="Simple Mfa auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf","tokenLength":6,
"timeToKillInSeconds":30}'/>
<AuthModule id="DefaultDuoMfaAuthModule"
description="Duo Mfa auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.DuoMfaAuthModuleConf","integrationKey":"DIOXVRZD2UMZ8XXMNFQ5","secretKey":"Q2IU2i8BFNd6VYflZT8Evl6lF7oPlj3PM15BmRU7",
"applicationKey":"u1IHBaREMB7Cb5S4QMISAgHycpj8lPBkDGfWt23I",
"apiHost":"theapi.duosecurity.com"}'/>
<AuthModule id="DefaultOIDCAuthModule"
diff --git
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
index 6e8c7c015a..ca05bde13e 100644
---
a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
+++
b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AuthModuleTest.java
@@ -35,6 +35,7 @@ import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
+import org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
@@ -66,6 +67,10 @@ public class AuthModuleTest extends AbstractTest {
assertNotNull(authModule);
assertTrue(authModule.getConf() instanceof LDAPAuthModuleConf);
+ authModule = authModuleDAO.find("DefaultSimpleMfaAuthModule");
+ assertNotNull(authModule);
+ assertTrue(authModule.getConf() instanceof SimpleMfaAuthModuleConf);
+
authModule = authModuleDAO.find("DefaultJDBCAuthModule");
assertNotNull(authModule);
assertTrue(authModule.getConf() instanceof JDBCAuthModuleConf);
@@ -232,6 +237,14 @@ public class AuthModuleTest extends AbstractTest {
saveAuthModule("SAML2IdPAuthModuleTest", conf);
}
+ @Test
+ public void saveWithSimpleMfaModule() {
+ SimpleMfaAuthModuleConf conf = new SimpleMfaAuthModuleConf();
+ conf.setTokenLength(9);
+ conf.setTimeToKillInSeconds(120);
+ saveAuthModule("SimpleMfaAuthModuleConf", conf);
+ }
+
@Test
public void saveWithU2FModule() {
U2FAuthModuleConf conf = new U2FAuthModuleConf();
diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
index bf0cf39dc4..066d186d20 100644
--- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
@@ -69,6 +69,8 @@ under the License.
description="JDBC auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT
* FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="DefaultGoogleMfaAuthModule"
description="Google Mfa auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf","codeDigits":6,"issuer":"SyncopeTest",
"label":"SyncopeTest", "timeStepSize":30, "windowSize":3}'/>
+ <AuthModule id="DefaultSimpleMfaAuthModule"
+ description="Simple Mfa auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf","tokenLength":6,
"timeToKillInSeconds":30}'/>
<AuthModule id="DefaultDuoMfaAuthModule"
description="Duo Mfa auth module"
jsonConf='{"_class":"org.apache.syncope.common.lib.auth.DuoMfaAuthModuleConf","integrationKey":"DIOXVRZD2UMZ8XXMNFQ5","secretKey":"Q2IU2i8BFNd6VYflZT8Evl6lF7oPlj3PM15BmRU7",
"applicationKey":"u1IHBaREMB7Cb5S4QMISAgHycpj8lPBkDGfWt23I",
"apiHost":"theapi.duosecurity.com"}'/>
<AuthModule id="DefaultOIDCAuthModule"
diff --git a/pom.xml b/pom.xml
index 155e720ba8..4f82c6933d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1535,6 +1535,16 @@ under the License.
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-simple-mfa</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-simple-mfa-core</artifactId>
+ <version>${cas.version}</version>
+ </dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-gauth</artifactId>
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
index a43e960a02..48c6644b7c 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
@@ -35,6 +35,7 @@ import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
+import org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
@@ -52,12 +53,14 @@ import
org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationPropert
import
org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
import
org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties;
import
org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
+import
org.apereo.cas.configuration.model.support.mfa.simple.CasSimpleMultifactorAuthenticationProperties;
import
org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
import
org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties;
import
org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
import
org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
import
org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties;
import
org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties;
+import org.apereo.cas.util.ResourceUtils;
import org.apereo.cas.util.model.TriStateBoolean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -80,25 +83,25 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
private static SimpleFilterProvider getParentCasFilterProvider() {
return new SimpleFilterProvider().
- setFailOnUnknownId(false).
- addFilter(CasConfigurationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- CasConfigurationProperties.class,
-
CasConfigurationProperties::getAuthn)));
+ setFailOnUnknownId(false).
+ addFilter(CasConfigurationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ CasConfigurationProperties.class,
+ CasConfigurationProperties::getAuthn)));
}
private static Map<String, Object> filterCasProperties(
- final CasConfigurationProperties casProperties,
- final SimpleFilterProvider filters) {
+ final CasConfigurationProperties casProperties,
+ final SimpleFilterProvider filters) {
return CasCoreConfigurationUtils.asMap(casProperties.withHolder(),
filters);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final SyncopeAuthModuleConf conf,
- final String address) {
+ final String authModule,
+ final SyncopeAuthModuleConf conf,
+ final String address) {
SyncopeAuthenticationProperties syncopeProps = new
SyncopeAuthenticationProperties();
syncopeProps.setName(authModule);
@@ -110,22 +113,22 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getSyncope)));
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getSyncope)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final StaticAuthModuleConf conf) {
+ final String authModule,
+ final StaticAuthModuleConf conf) {
AcceptAuthenticationProperties staticProps = new
AcceptAuthenticationProperties();
staticProps.setName(authModule);
String users = conf.getUsers().entrySet().stream().
- map(entry -> entry.getKey() + "::" + entry.getValue()).
- collect(Collectors.joining(","));
+ map(entry -> entry.getKey() + "::" + entry.getValue()).
+ collect(Collectors.joining(","));
staticProps.setUsers(users);
CasConfigurationProperties casProperties = new
CasConfigurationProperties();
@@ -133,16 +136,16 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getAccept)));
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getAccept)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final LDAPAuthModuleConf conf) {
+ final String authModule,
+ final LDAPAuthModuleConf conf) {
LdapAuthenticationProperties ldapProps = new
LdapAuthenticationProperties();
ldapProps.setName(authModule);
@@ -163,18 +166,19 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.addFilter(
- AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getLdap)));
+ AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getLdap)));
return filterCasProperties(casProperties, filterProvider);
}
+
@SuppressWarnings("deprecation")
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final DuoMfaAuthModuleConf conf) {
+ final String authModule,
+ final DuoMfaAuthModuleConf conf) {
DuoSecurityMultifactorAuthenticationProperties props = new
DuoSecurityMultifactorAuthenticationProperties();
props.setName(authModule);
@@ -188,25 +192,64 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.
- addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getMfa))).
-
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
-
MultifactorAuthenticationProperties.class,
-
MultifactorAuthenticationProperties::getDuo)));
+ addFilter(AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getMfa))).
+
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ MultifactorAuthenticationProperties.class,
+ MultifactorAuthenticationProperties::getDuo)));
+ return filterCasProperties(casProperties, filterProvider);
+ }
+
+ private static Map<String, Object> mapAuthModule(final String authModule,
+ final
SimpleMfaAuthModuleConf conf) {
+ CasSimpleMultifactorAuthenticationProperties props =
+ new CasSimpleMultifactorAuthenticationProperties();
+
+ props.setName(authModule);
+ props.setTokenLength(conf.getTokenLength());
+ props.setTimeToKillInSeconds(conf.getTimeToKillInSeconds());
+ props.getMail().setAttributeName(conf.getEmailAttribute());
+ props.getMail().setFrom(conf.getEmailFrom());
+ props.getMail().setSubject(conf.getEmailSubject());
+ props.getMail().setText(conf.getEmailText());
+
+ try {
+ if (StringUtils.isNotBlank(conf.getBypassGroovyScript())) {
+
props.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(conf.getBypassGroovyScript()));
+ }
+ } catch (final Exception e) {
+ LOG.error("Unable to load groovy script for bypass", e);
+ throw new IllegalArgumentException(e);
+ }
+ CasConfigurationProperties casProperties = new
CasConfigurationProperties();
+ casProperties.getAuthn().getMfa().setSimple(props);
+
+ SimpleFilterProvider filterProvider = getParentCasFilterProvider();
+ filterProvider.
+ addFilter(AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getMfa))).
+
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ MultifactorAuthenticationProperties.class,
+ MultifactorAuthenticationProperties::getSimple)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final GoogleMfaAuthModuleConf conf) {
+ final String authModule,
+ final GoogleMfaAuthModuleConf conf) {
GoogleAuthenticatorMultifactorProperties props =
- new GoogleAuthenticatorMultifactorProperties();
+ new GoogleAuthenticatorMultifactorProperties();
props.setName(authModule);
props.getCore().setIssuer(conf.getIssuer());
props.getCore().setCodeDigits(conf.getCodeDigits());
@@ -221,20 +264,20 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
filterProvider.addFilter(
AuthenticationProperties.class.getSimpleName(),
SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getMfa))).
-
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
-
MultifactorAuthenticationProperties.class,
-
MultifactorAuthenticationProperties::getGauth)));
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getMfa))).
+
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ MultifactorAuthenticationProperties.class,
+ MultifactorAuthenticationProperties::getGauth)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final U2FAuthModuleConf conf) {
+ final String authModule,
+ final U2FAuthModuleConf conf) {
U2FMultifactorAuthenticationProperties props = new
U2FMultifactorAuthenticationProperties();
props.setName(authModule);
@@ -248,22 +291,22 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.
- addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getMfa))).
-
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
-
MultifactorAuthenticationProperties.class,
-
MultifactorAuthenticationProperties::getU2f)));
+ addFilter(AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getMfa))).
+
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ MultifactorAuthenticationProperties.class,
+ MultifactorAuthenticationProperties::getU2f)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final JaasAuthModuleConf conf) {
+ final String authModule,
+ final JaasAuthModuleConf conf) {
JaasAuthenticationProperties props = new
JaasAuthenticationProperties();
props.setName(authModule);
@@ -278,16 +321,16 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getJaas)));
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getJaas)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final JDBCAuthModuleConf conf) {
+ final String authModule,
+ final JDBCAuthModuleConf conf) {
QueryJdbcAuthenticationProperties props = new
QueryJdbcAuthenticationProperties();
props.setName(authModule);
@@ -307,22 +350,22 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.
- addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getJdbc))).
-
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- JdbcAuthenticationProperties.class,
-
JdbcAuthenticationProperties::getQuery)));
+ addFilter(AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getJdbc))).
+
addFilter(MultifactorAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ JdbcAuthenticationProperties.class,
+ JdbcAuthenticationProperties::getQuery)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final OIDCAuthModuleConf conf) {
+ final String authModule,
+ final OIDCAuthModuleConf conf) {
Pac4jGenericOidcClientProperties props = new
Pac4jGenericOidcClientProperties();
props.setId(conf.getId());
@@ -344,22 +387,22 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.
- addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getPac4j))).
-
addFilter(Pac4jDelegatedAuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
-
Pac4jDelegatedAuthenticationProperties.class,
-
Pac4jDelegatedAuthenticationProperties::getOidc)));
+ addFilter(AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getPac4j))).
+
addFilter(Pac4jDelegatedAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ Pac4jDelegatedAuthenticationProperties.class,
+ Pac4jDelegatedAuthenticationProperties::getOidc)));
return filterCasProperties(casProperties, filterProvider);
}
private static Map<String, Object> mapAuthModule(
- final String authModule,
- final SAML2IdPAuthModuleConf conf) {
+ final String authModule,
+ final SAML2IdPAuthModuleConf conf) {
Pac4jSamlClientProperties props = new Pac4jSamlClientProperties();
props.setClientName(authModule);
@@ -383,24 +426,24 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
props.setSignatureReferenceDigestMethods(conf.getSignatureReferenceDigestMethods());
props.setPrincipalAttributeId(conf.getUserIdAttribute());
props.setNameIdPolicyAllowCreate(StringUtils.isBlank(conf.getNameIdPolicyAllowCreate())
- ? TriStateBoolean.UNDEFINED
- :
TriStateBoolean.valueOf(conf.getNameIdPolicyAllowCreate().toUpperCase()));
+ ? TriStateBoolean.UNDEFINED
+ :
TriStateBoolean.valueOf(conf.getNameIdPolicyAllowCreate().toUpperCase()));
CasConfigurationProperties casProperties = new
CasConfigurationProperties();
casProperties.getAuthn().getPac4j().getSaml().add(props);
SimpleFilterProvider filterProvider = getParentCasFilterProvider();
filterProvider.
- addFilter(AuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
- AuthenticationProperties.class,
- AuthenticationProperties::getPac4j))).
-
addFilter(Pac4jDelegatedAuthenticationProperties.class.getSimpleName(),
- SimpleBeanPropertyFilter.filterOutAllExcept(
- CasCoreConfigurationUtils.getPropertyName(
-
Pac4jDelegatedAuthenticationProperties.class,
-
Pac4jDelegatedAuthenticationProperties::getSaml)));
+ addFilter(AuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ AuthenticationProperties.class,
+ AuthenticationProperties::getPac4j))).
+
addFilter(Pac4jDelegatedAuthenticationProperties.class.getSimpleName(),
+ SimpleBeanPropertyFilter.filterOutAllExcept(
+ CasCoreConfigurationUtils.getPropertyName(
+ Pac4jDelegatedAuthenticationProperties.class,
+ Pac4jDelegatedAuthenticationProperties::getSaml)));
return filterCasProperties(casProperties, filterProvider);
}
@@ -425,9 +468,11 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
properties.putAll(mapAuthModule(authModuleTO.getKey(),
(StaticAuthModuleConf) authConf));
} else if (authConf instanceof SyncopeAuthModuleConf) {
properties.putAll(mapAuthModule(authModuleTO.getKey(),
- (SyncopeAuthModuleConf) authConf,
syncopeClient.getAddress()));
+ (SyncopeAuthModuleConf) authConf,
syncopeClient.getAddress()));
} else if (authConf instanceof GoogleMfaAuthModuleConf) {
properties.putAll(mapAuthModule(authModuleTO.getKey(),
(GoogleMfaAuthModuleConf) authConf));
+ } else if (authConf instanceof SimpleMfaAuthModuleConf) {
+ properties.putAll(mapAuthModule(authModuleTO.getKey(),
(SimpleMfaAuthModuleConf) authConf));
} else if (authConf instanceof DuoMfaAuthModuleConf) {
properties.putAll(mapAuthModule(authModuleTO.getKey(),
(DuoMfaAuthModuleConf) authConf));
} else if (authConf instanceof JaasAuthModuleConf) {
@@ -444,7 +489,7 @@ public class SyncopeWAPropertySourceLocator implements
PropertySourceLocator {
});
syncopeClient.getService(WAConfigService.class).list().
- forEach(attr -> properties.put(attr.getSchema(),
attr.getValues()));
+ forEach(attr -> properties.put(attr.getSchema(),
attr.getValues()));
LOG.debug("Collected WA properties: {}", properties);
return new MapPropertySource(getClass().getName(), properties);
}
diff --git a/wa/starter/pom.xml b/wa/starter/pom.xml
index d30e8a2c9a..1e212e5e5e 100644
--- a/wa/starter/pom.xml
+++ b/wa/starter/pom.xml
@@ -227,6 +227,14 @@ under the License.
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-u2f-core</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-simple-mfa</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-simple-mfa-core</artifactId>
+ </dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-gauth</artifactId>
