/**
* Looks up the mfa data for a specific service.
*
* @param targetService the service to check
* @return service specific mfa settings
*/
private ServiceMfaData getServicesAuthenticationData(final WebApplicationService targetService) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(targetService);
if (registeredService == null) {
logger.debug(
"No registered service is found. Delegating to the next argument extractor in the chain...");
return null;
}
if (!(registeredService instanceof RegisteredServiceWithAttributes)) {
logger.debug("Registered service is not capable of defining an mfa attribute.");
return null;
}
final ServiceMfaData serviceData = new ServiceMfaData();
final RegisteredServiceWithAttributes service =
RegisteredServiceWithAttributes.class.cast(registeredService);
final Map mfaRole = Map.class.cast(service.getExtraAttributes().get(MFA_ROLE));
if (mfaRole == null) {
return null;
}
serviceData.setAttributeName(String.class.cast(mfaRole.get(MFA_ATTRIBUTE_NAME)));
serviceData.setAttributePattern(String.class.cast(mfaRole.get(MFA_ATTRIBUTE_PATTERN)));
serviceData.setAuthenticationMethod(
String.class.cast(service.getExtraAttributes().get(AUTHN_METHOD)));
if (serviceData.isValid()) {
return serviceData;
}
return null;
}
/**
* Gets mfa request context.
*
* @param serviceMfaData service specific mfa settings
* @param attributeValue the value found in the attribute
* @param targetService the target service
* @return the mfa request context
*/
private MultiFactorAuthenticationRequestContext getMfaRequestContext(
final ServiceMfaData serviceMfaData,
final String attributeValue,
final WebApplicationService targetService) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(targetService);
final RegisteredServiceWithAttributes service =
RegisteredServiceWithAttributes.class.cast(registeredService);
final String method = String.class.cast(service.getExtraAttributes().get("method"));
if (match(serviceMfaData.getAttributePattern(), attributeValue)) {
if (!this.authenticationMethodConfiguration.containsAuthenticationMethod(
serviceMfaData.getAuthenticationMethod())) {
logger.info(
"MFA attribute [{}] with value [{}] is not supported by the authentication method configuration.",
serviceMfaData.getAttributeName(),
serviceMfaData.getAuthenticationMethod());
return null;
}
final int mfaMethodRank =
this.authenticationMethodConfiguration
.getAuthenticationMethod(serviceMfaData.getAuthenticationMethod())
.getRank();
final MultiFactorAuthenticationSupportingWebApplicationService svc =
this.mfaServiceFactory.create(
targetService.getId(),
targetService.getId(),
targetService.getArtifactId(),
"POST".equals(method) ? ResponseType.POST : ResponseType.REDIRECT,
serviceMfaData.getAuthenticationMethod(),
MultiFactorAuthenticationSupportingWebApplicationService.AuthenticationMethodSource
.PRINCIPAL_ATTRIBUTE);
return new MultiFactorAuthenticationRequestContext(svc, mfaMethodRank);
}
logger.trace("{} did not match {}", attributeValue, serviceMfaData.getAttributePattern());
return null;
}
