Skip to content

Commit

Permalink
Fix authn delegation behavior (#4644)
Browse files Browse the repository at this point in the history 
Co-authored-by: apereocas-bot <45107089+apereocas-bot@users.noreply.github.com>
  • Loading branch information
@leleuj @apereocas-bot
leleuj and apereocas-bot committed Jan 27, 2020
1 parent f10efd7 commit 7c46161
Showing 1 changed file with 2 additions and 32 deletions.
34 changes: 2 additions & 32 deletions ...4j-webflow/src/main/java/org/apereo/cas/web/flow/DelegatedClientAuthenticationAction.java
View file
Expand Up @@ -194,7 +194,6 @@ public Event doExecute(final RequestContext context) {
LOGGER.trace("Found existing single sign-on session");
populateContextWithService(context, webContext, clientName);
if (singleSignOnSessionAuthorizedForService(context)) {
prepareRequestContextForSingleSignOn(context, webContext, clientName);
prepareDelegatedClients(context);
LOGGER.trace("Skipping delegation and routing back to CAS authentication flow");
return super.doExecute(context);
Expand Down Expand Up @@ -225,7 +224,7 @@ public Event doExecute(final RequestContext context) {
return error();
}

private Service populateContextWithService(final RequestContext context, final JEEContext webContext, final String clientName) {
protected Service populateContextWithService(final RequestContext context, final JEEContext webContext, final String clientName) {
val service = restoreAuthenticationRequestInContext(context, webContext, clientName);
val resolvedService = authenticationRequestServiceSelectionStrategies.resolveService(service);
LOGGER.trace("Authentication is resolved by service request from [{}]", service);
Expand Down Expand Up @@ -401,7 +400,7 @@ protected Service restoreAuthenticationRequestInContext(final RequestContext req
}
}

private boolean singleSignOnSessionAuthorizedForService(final RequestContext context) {
protected boolean singleSignOnSessionAuthorizedForService(final RequestContext context) {
val resolvedService = resolveServiceFromRequestContext(context);
val authentication = getSingleSignOnAuthenticationFrom(context);
return authentication
Expand Down Expand Up @@ -441,14 +440,6 @@ protected boolean singleSignOnSessionExists(final RequestContext requestContext)
LOGGER.trace("Located a valid ticket-granting ticket. Examining existing single sign-on session strategies...");
val authentication = authn.get();
val builder = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication);
val credentials = authentication.getCredentials();
if (!credentials.isEmpty()) {
credentials.forEach(c -> {
val credential = c.toCredential();
builder.collect(credential);
});
builder.getInitialCredential().ifPresent(c -> WebUtils.putCredential(requestContext, c));
}
LOGGER.trace("Recording and tracking initial authentication results in the request context");
WebUtils.putAuthenticationResultBuilder(builder, requestContext);
WebUtils.putAuthentication(authentication, requestContext);
Expand All @@ -463,29 +454,8 @@ protected boolean singleSignOnSessionExists(final RequestContext requestContext)
return false;
}

/**
* Prepare the request context if there is a SSO session.
*
* @param context the request context
* @param webContext the web context
* @param clientName the client name
*/
protected void prepareRequestContextForSingleSignOn(final RequestContext context,
final JEEContext webContext,
final String clientName) {
val resolvedService = WebUtils.getService(argumentExtractors, context);
WebUtils.putServiceIntoFlowScope(context, resolvedService);
val registeredService = servicesManager.findServiceBy(resolvedService);
WebUtils.putRegisteredService(context, registeredService);
if (StringUtils.isNotBlank(clientName)) {
val client = findDelegatedClientByName(webContext.getNativeRequest(), clientName, resolvedService);
populateContextWithClientCredential(client, webContext, context);
}
}

private boolean isDelegatedClientAuthorizedForService(final Client<Credentials> client,
final Service service) {
return delegatedAuthenticationAccessStrategyHelper.isDelegatedClientAuthorizedForService(client, service);
}

}

0 comments on commit 7c46161

Please sign in to comment.