(syncope) branch 4_0_X updated: [SYNCOPE-1872] Allow to control force mfa execution configuration on authentication policy (#1057)

Thu, 17 Apr 2025 03:37:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

andreapatricelli pushed a commit to branch 4_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/4_0_X by this push:
     new 46aa008a32 [SYNCOPE-1872] Allow to control force mfa execution 
configuration on authentication policy (#1057)
46aa008a32 is described below

commit 46aa008a3271f800eb3588271d6423bf859d7aaf
Author: Andrea Patricelli <[email protected]>
AuthorDate: Thu Apr 17 12:12:06 2025 +0200

    [SYNCOPE-1872] Allow to control force mfa execution configuration on 
authentication policy (#1057)
---
 .../syncope/client/console/policies/AuthPolicyModalPanel.java  |  6 ++++++
 .../syncope/client/console/policies/AuthPolicyModalPanel.html  |  3 +++
 .../client/console/policies/PolicyDirectoryPanel.properties    |  1 +
 .../console/policies/PolicyDirectoryPanel_fr_CA.properties     |  1 +
 .../client/console/policies/PolicyDirectoryPanel_it.properties |  1 +
 .../client/console/policies/PolicyDirectoryPanel_ja.properties |  1 +
 .../console/policies/PolicyDirectoryPanel_pt_BR.properties     |  1 +
 .../client/console/policies/PolicyDirectoryPanel_ru.properties |  1 +
 .../syncope/common/lib/policy/DefaultAuthPolicyConf.java       | 10 ++++++++++
 .../apache/syncope/wa/starter/mapping/DefaultAuthMapper.java   |  2 +-
 10 files changed, 26 insertions(+), 1 deletion(-)

diff --git 
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
 
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
index 76833d3574..d1bc313fd0 100644
--- 
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
+++ 
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
@@ -87,6 +87,12 @@ public class AuthPolicyModalPanel extends 
AbstractModalPanel<AuthPolicyTO> {
                 new PropertyModel<>(model.getObject().getConf(), 
"bypassEnabled"),
                 false));
 
+        add(new AjaxCheckBoxPanel(
+                "forceMfaExecution",
+                "forceMfaExecution",
+                new PropertyModel<>(model.getObject().getConf(), 
"forceMfaExecution"),
+                false));
+        
         add(new AjaxTextFieldPanel(
                 "bypassPrincipalAttributeName",
                 "bypassPrincipalAttributeName",
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
index e66a972c85..b5923fc5df 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
@@ -27,6 +27,9 @@ under the License.
     <div class="form-group">
       <span wicket:id="bypassEnabled"/>
     </div>
+    <div class="form-group">
+      <span wicket:id="forceMfaExecution"/>
+    </div>
     <div class="form-group">
       <span wicket:id="bypassPrincipalAttributeName"/>
     </div>
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
index d5451c65bd..bf29479340 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
@@ -56,5 +56,6 @@ enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=Configuration history
 bypassEnabled=Enable Bypass
+forceMfaExecution=Force multifactor authentication
 bypassPrincipalAttributeName=Bypass Principal Attribute Name
 bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
index a951aa0562..96c63e1e03 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
@@ -56,5 +56,6 @@ enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=Historique de configuration
 bypassEnabled=Enable Bypass
+forceMfaExecution=Forcer l'authentification multifacteur
 bypassPrincipalAttributeName=Bypass Principal Attribute Name
 bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
index a55a004688..de8714010b 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
@@ -56,5 +56,6 @@ enable.proxyTgtConf=Abilita Proxy TGT
 enable.proxyStConf=Abilita Proxy ST
 auditHistory.title=Storico delle configurazioni
 bypassEnabled=Abilita Bypass
+forceMfaExecution=Forza l'autenticazione multifattore
 bypassPrincipalAttributeName=Bypass Nome Attributo
 bypassPrincipalAttributeValue=Bypass Valore Attributo
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
index bd417f8aad..622c6c13d7 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
@@ -56,6 +56,7 @@ enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=\u8a2d\u5b9a\u5c65\u6b74
 bypassEnabled=Enable Bypass
+forceMfaExecution=\u591a\u8981\u7d20\u8a8d\u8a3c\u3092\u5f37\u5236\u3059\u308b
 bypassPrincipalAttributeName=Bypass Principal Attribute Name
 bypassPrincipalAttributeValue=Bypass Principal Attribute Value
 
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
index f189b1abdd..5342aecfa6 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
@@ -56,5 +56,6 @@ enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=Hist\u00f3rico de configura\u00e7\u00e3o
 bypassEnabled=Enable Bypass
+forceMfaExecution=For\u00e7ar autentica\u00e7\u00e3o multifator
 bypassPrincipalAttributeName=Bypass Principal Attribute Name
 bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
index e767cb8b71..26b25636da 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
@@ -57,5 +57,6 @@ enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=\u0418\u0441\u0442\u043e\u0440\u0438\u044f 
\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438
 bypassEnabled=Enable Bypass
+forceMfaExecution=\u041f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f
 
\u043c\u043d\u043e\u0433\u043e\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f
 
\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f
 bypassPrincipalAttributeName=Bypass Principal Attribute Name
 bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
index b0a4b4f789..0d0584f748 100644
--- 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
+++ 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
@@ -31,6 +31,8 @@ public class DefaultAuthPolicyConf implements AuthPolicyConf {
 
     private boolean bypassEnabled;
 
+    private boolean forceMfaExecution = true;
+    
     private String bypassPrincipalAttributeName;
 
     private String bypassPrincipalAttributeValue;
@@ -53,6 +55,14 @@ public class DefaultAuthPolicyConf implements AuthPolicyConf 
{
         this.bypassEnabled = bypassEnabled;
     }
 
+    public boolean isForceMfaExecution() {
+        return forceMfaExecution;
+    }
+
+    public void setForceMfaExecution(final boolean forceMfaExecution) {
+        this.forceMfaExecution = forceMfaExecution;
+    }
+
     public String getBypassPrincipalAttributeName() {
         return bypassPrincipalAttributeName;
     }
diff --git 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
index 859b983ae4..60adf1ecaa 100644
--- 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
+++ 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
@@ -124,7 +124,7 @@ public class DefaultAuthMapper implements AuthMapper {
                 mfaPolicy.setBypassEnabled(policyConf.isBypassEnabled());
             }
 
-            mfaPolicy.setForceExecution(true);
+            mfaPolicy.setForceExecution(policyConf.isForceMfaExecution());
             mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
         }

Reply via email to