Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix authn delegation behavior #4644

Merged
merged 11 commits into from Jan 27, 2020
Merged

Fix authn delegation behavior #4644

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
d7d3e5a
Fix authn delegation behavior
leleuj Jan 22, 2020
fada56d
Merge branch 'master' into authdelegate
apereocas-bot Jan 22, 2020
6e1435b
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
8bb8e34
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
b7bdd9f
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
812c161
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
5a5802d
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
37a1d56
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
7306877
Merge branch 'master' into authdelegate
apereocas-bot Jan 23, 2020
c0da424
Merge branch 'master' of github.com:apereo/cas into authdelegate
leleuj Jan 25, 2020
7aa4618
Merge branch 'authdelegate' of github.com:leleuj/cas into authdelegate
leleuj Jan 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
34 changes: 2 additions & 32 deletions ...4j-webflow/src/main/java/org/apereo/cas/web/flow/DelegatedClientAuthenticationAction.java
View file
Open in desktop
Expand Up @@ -194,7 +194,6 @@ public Event doExecute(final RequestContext context) {
LOGGER.trace("Found existing single sign-on session");
populateContextWithService(context, webContext, clientName);
if (singleSignOnSessionAuthorizedForService(context)) {
prepareRequestContextForSingleSignOn(context, webContext, clientName);
prepareDelegatedClients(context);
LOGGER.trace("Skipping delegation and routing back to CAS authentication flow");
return super.doExecute(context);
Expand Down Expand Up @@ -225,7 +224,7 @@ public Event doExecute(final RequestContext context) {
return error();
}

private Service populateContextWithService(final RequestContext context, final JEEContext webContext, final String clientName) {
protected Service populateContextWithService(final RequestContext context, final JEEContext webContext, final String clientName) {
val service = restoreAuthenticationRequestInContext(context, webContext, clientName);
val resolvedService = authenticationRequestServiceSelectionStrategies.resolveService(service);
LOGGER.trace("Authentication is resolved by service request from [{}]", service);
Expand Down Expand Up @@ -401,7 +400,7 @@ protected Service restoreAuthenticationRequestInContext(final RequestContext req
}
}

private boolean singleSignOnSessionAuthorizedForService(final RequestContext context) {
protected boolean singleSignOnSessionAuthorizedForService(final RequestContext context) {
val resolvedService = resolveServiceFromRequestContext(context);
val authentication = getSingleSignOnAuthenticationFrom(context);
return authentication
Expand Down Expand Up @@ -441,14 +440,6 @@ protected boolean singleSignOnSessionExists(final RequestContext requestContext)
LOGGER.trace("Located a valid ticket-granting ticket. Examining existing single sign-on session strategies...");
val authentication = authn.get();
val builder = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication);
val credentials = authentication.getCredentials();
if (!credentials.isEmpty()) {
credentials.forEach(c -> {
val credential = c.toCredential();
builder.collect(credential);
});
builder.getInitialCredential().ifPresent(c -> WebUtils.putCredential(requestContext, c));
}
LOGGER.trace("Recording and tracking initial authentication results in the request context");
WebUtils.putAuthenticationResultBuilder(builder, requestContext);
WebUtils.putAuthentication(authentication, requestContext);
Expand All @@ -463,29 +454,8 @@ protected boolean singleSignOnSessionExists(final RequestContext requestContext)
return false;
}

/**
* Prepare the request context if there is a SSO session.
*
* @param context the request context
* @param webContext the web context
* @param clientName the client name
*/
protected void prepareRequestContextForSingleSignOn(final RequestContext context,
final JEEContext webContext,
final String clientName) {
val resolvedService = WebUtils.getService(argumentExtractors, context);
WebUtils.putServiceIntoFlowScope(context, resolvedService);
val registeredService = servicesManager.findServiceBy(resolvedService);
WebUtils.putRegisteredService(context, registeredService);
if (StringUtils.isNotBlank(clientName)) {
val client = findDelegatedClientByName(webContext.getNativeRequest(), clientName, resolvedService);
populateContextWithClientCredential(client, webContext, context);
}
}

private boolean isDelegatedClientAuthorizedForService(final Client<Credentials> client,
final Service service) {
return delegatedAuthenticationAccessStrategyHelper.isDelegatedClientAuthorizedForService(client, service);
}

}