1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.wa.bootstrap.mapping;
20
21 import java.util.Map;
22 import java.util.Optional;
23 import java.util.concurrent.TimeUnit;
24 import java.util.stream.Collectors;
25 import org.apache.commons.lang3.BooleanUtils;
26 import org.apache.commons.lang3.StringUtils;
27 import org.apache.syncope.client.lib.SyncopeClient;
28 import org.apache.syncope.common.lib.auth.AbstractOIDCAuthModuleConf;
29 import org.apache.syncope.common.lib.auth.AppleOIDCAuthModuleConf;
30 import org.apache.syncope.common.lib.auth.AuthModuleConf;
31 import org.apache.syncope.common.lib.auth.AzureOIDCAuthModuleConf;
32 import org.apache.syncope.common.lib.auth.DuoMfaAuthModuleConf;
33 import org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf;
34 import org.apache.syncope.common.lib.auth.GoogleOIDCAuthModuleConf;
35 import org.apache.syncope.common.lib.auth.JDBCAuthModuleConf;
36 import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
37 import org.apache.syncope.common.lib.auth.KeycloakOIDCAuthModuleConf;
38 import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
39 import org.apache.syncope.common.lib.auth.OAuth20AuthModuleConf;
40 import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
41 import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
42 import org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf;
43 import org.apache.syncope.common.lib.auth.SpnegoAuthModuleConf;
44 import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
45 import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
46 import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
47 import org.apache.syncope.common.lib.auth.X509AuthModuleConf;
48 import org.apache.syncope.common.lib.to.AuthModuleTO;
49 import org.apache.syncope.common.lib.to.Item;
50 import org.apache.syncope.common.lib.types.AuthModuleState;
51 import org.apache.syncope.wa.bootstrap.WARestClient;
52 import org.apereo.cas.configuration.CasCoreConfigurationUtils;
53 import org.apereo.cas.configuration.model.core.authentication.AuthenticationHandlerStates;
54 import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
55 import org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties;
56 import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
57 import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties.AuthenticationTypes;
58 import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
59 import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
60 import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
61 import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
62 import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
63 import org.apereo.cas.configuration.model.support.mfa.simple.CasSimpleMultifactorAuthenticationProperties;
64 import org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
65 import org.apereo.cas.configuration.model.support.pac4j.oauth.Pac4jOAuth20ClientProperties;
66 import org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties;
67 import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAppleOidcClientProperties;
68 import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAzureOidcClientProperties;
69 import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
70 import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGoogleOidcClientProperties;
71 import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jKeyCloakOidcClientProperties;
72 import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
73 import org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties;
74 import org.apereo.cas.configuration.model.support.spnego.SpnegoAuthenticationProperties;
75 import org.apereo.cas.configuration.model.support.spnego.SpnegoLdapProperties;
76 import org.apereo.cas.configuration.model.support.spnego.SpnegoProperties;
77 import org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties;
78 import org.apereo.cas.configuration.model.support.x509.SubjectDnPrincipalResolverProperties.SubjectDnFormat;
79 import org.apereo.cas.configuration.model.support.x509.X509LdapProperties;
80 import org.apereo.cas.configuration.model.support.x509.X509Properties;
81 import org.apereo.cas.configuration.model.support.x509.X509Properties.PrincipalTypes;
82 import org.apereo.cas.util.ResourceUtils;
83 import org.apereo.cas.util.model.TriStateBoolean;
84
85 public class AuthModulePropertySourceMapper extends PropertySourceMapper implements AuthModuleConf.Mapper {
86
87 protected final WARestClient waRestClient;
88
89 public AuthModulePropertySourceMapper(final WARestClient waRestClient) {
90 this.waRestClient = waRestClient;
91 }
92
93 @Override
94 public Map<String, Object> map(final AuthModuleTO authModuleTO, final StaticAuthModuleConf conf) {
95 AcceptAuthenticationProperties props = new AcceptAuthenticationProperties();
96 props.setName(authModuleTO.getKey());
97 props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
98 props.setOrder(authModuleTO.getOrder());
99 String users = conf.getUsers().entrySet().stream().
100 map(entry -> entry.getKey() + "::" + entry.getValue()).
101 collect(Collectors.joining(","));
102 props.setUsers(users);
103
104 return prefix("cas.authn.accept.", CasCoreConfigurationUtils.asMap(props));
105 }
106
107 @Override
108 public Map<String, Object> map(final AuthModuleTO authModuleTO, final LDAPAuthModuleConf conf) {
109 LdapAuthenticationProperties props = new LdapAuthenticationProperties();
110 props.setName(authModuleTO.getKey());
111 props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
112 props.setOrder(authModuleTO.getOrder());
113
114 props.setType(AuthenticationTypes.valueOf(conf.getAuthenticationType().name()));
115 props.setDnFormat(conf.getDnFormat());
116 props.setEnhanceWithEntryResolver(conf.isEnhanceWithEntryResolver());
117 props.setDerefAliases(Optional.ofNullable(conf.getDerefAliases()).
118 map(LDAPAuthModuleConf.DerefAliasesType::name).orElse(null));
119 props.setResolveFromAttribute(conf.getResolveFromAttribute());
120
121 props.setPrincipalAttributeId(conf.getPrincipalAttributeId());
122 props.setPrincipalDnAttributeName(conf.getPrincipalDnAttributeName());
123 props.setPrincipalAttributeList(authModuleTO.getItems().stream().
124 map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList()));
125 props.setAllowMultiplePrincipalAttributeValues(conf.isAllowMultiplePrincipalAttributeValues());
126 props.setAdditionalAttributes(conf.getAdditionalAttributes());
127 props.setAllowMissingPrincipalAttributeValue(conf.isAllowMissingPrincipalAttributeValue());
128 props.setCollectDnAttribute(props.isCollectDnAttribute());
129
130 props.getPasswordPolicy().setType(AbstractLdapProperties.LdapType.valueOf(conf.getLdapType().name()));
131
132 fill(props, conf);
133
134 return prefix("cas.authn.ldap[].", CasCoreConfigurationUtils.asMap(props));
135 }
136
137 @Override
138 public Map<String, Object> map(final AuthModuleTO authModuleTO, final JDBCAuthModuleConf conf) {
139 QueryJdbcAuthenticationProperties props = new QueryJdbcAuthenticationProperties();
140 props.setName(authModuleTO.getKey());
141 props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
142 props.setOrder(authModuleTO.getOrder());
143 props.setSql(conf.getSql());
144 props.setFieldDisabled(conf.getFieldDisabled());
145 props.setFieldExpired(conf.getFieldExpired());
146 props.setFieldPassword(conf.getFieldPassword());
147 props.setPrincipalAttributeList(authModuleTO.getItems().stream().
148 map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList()));
149 fill(props, conf);
150
151 return prefix("cas.authn.jdbc.query[].", CasCoreConfigurationUtils.asMap(props));
152 }
153
154 @Override
155 public Map<String, Object> map(final AuthModuleTO authModuleTO, final JaasAuthModuleConf conf) {
156 JaasAuthenticationProperties props = new JaasAuthenticationProperties();
157 props.setName(authModuleTO.getKey());
158 props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
159 props.setOrder(authModuleTO.getOrder());
160 props.setLoginConfigType(conf.getLoginConfigType());
161 props.setKerberosKdcSystemProperty(conf.getKerberosKdcSystemProperty());
162 props.setKerberosRealmSystemProperty(conf.getKerberosRealmSystemProperty());
163 props.setLoginConfigType(conf.getLoginConfigurationFile());
164 props.setRealm(conf.getRealm());
165
166 return prefix("cas.authn.jaas[].", CasCoreConfigurationUtils.asMap(props));
167 }
168
169 @Override
170 public Map<String, Object> map(final AuthModuleTO authModuleTO, final OAuth20AuthModuleConf conf) {
171 Pac4jOAuth20ClientProperties props = new Pac4jOAuth20ClientProperties();
172 props.setId(conf.getClientId());
173 props.setSecret(conf.getClientSecret());
174 props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
175 props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
176 props.setCustomParams(conf.getCustomParams());
177 props.setAuthUrl(conf.getAuthUrl());
178 props.setProfilePath(conf.getProfilePath());
179 props.setProfileVerb(conf.getProfileVerb());
180 props.setProfileUrl(conf.getProfileUrl());
181 props.setTokenUrl(conf.getTokenUrl());
182 props.setResponseType(conf.getResponseType());
183 props.setScope(conf.getScope());
184 props.setPrincipalAttributeId(conf.getUserIdAttribute());
185 props.setWithState(conf.isWithState());
186 props.setProfileAttrs(authModuleTO.getItems().stream().
187 collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName)));
188
189 return prefix("cas.authn.pac4j.oauth2[].", CasCoreConfigurationUtils.asMap(props));
190 }
191
192 protected void map(
193 final AuthModuleTO authModuleTO,
194 final BasePac4jOidcClientProperties props,
195 final AbstractOIDCAuthModuleConf conf) {
196
197 props.setId(conf.getClientId());
198 props.setSecret(conf.getClientSecret());
199 props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
200 props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
201 props.setCustomParams(conf.getCustomParams());
202 props.setDiscoveryUri(conf.getDiscoveryUri());
203 props.setMaxClockSkew(conf.getMaxClockSkew());
204 props.setPreferredJwsAlgorithm(conf.getPreferredJwsAlgorithm());
205 props.setResponseMode(conf.getResponseMode());
206 props.setResponseType(conf.getResponseType());
207 props.setScope(conf.getScope());
208 props.setPrincipalAttributeId(conf.getUserIdAttribute());
209 props.setExpireSessionWithToken(conf.isExpireSessionWithToken());
210 props.setTokenExpirationAdvance(conf.getTokenExpirationAdvance());
211 }
212
213 @Override
214 public Map<String, Object> map(final AuthModuleTO authModuleTO, final OIDCAuthModuleConf conf) {
215 Pac4jGenericOidcClientProperties props = new Pac4jGenericOidcClientProperties();
216 map(authModuleTO, props, conf);
217
218 Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
219 client.setGeneric(props);
220
221 return prefix("cas.authn.pac4j.oidc[].generic.", CasCoreConfigurationUtils.asMap(props));
222 }
223
224 @Override
225 public Map<String, Object> map(final AuthModuleTO authModuleTO, final AzureOIDCAuthModuleConf conf) {
226 Pac4jAzureOidcClientProperties props = new Pac4jAzureOidcClientProperties();
227 map(authModuleTO, props, conf);
228 props.setTenant(conf.getTenant());
229
230 Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
231 client.setAzure(props);
232
233 return prefix("cas.authn.pac4j.oidc[].azure.", CasCoreConfigurationUtils.asMap(props));
234 }
235
236 @Override
237 public Map<String, Object> map(final AuthModuleTO authModuleTO, final GoogleOIDCAuthModuleConf conf) {
238 Pac4jGoogleOidcClientProperties props = new Pac4jGoogleOidcClientProperties();
239 map(authModuleTO, props, conf);
240
241 Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
242 client.setGoogle(props);
243
244 return prefix("cas.authn.pac4j.oidc[].google.", CasCoreConfigurationUtils.asMap(props));
245 }
246
247 @Override
248 public Map<String, Object> map(final AuthModuleTO authModuleTO, final KeycloakOIDCAuthModuleConf conf) {
249 Pac4jKeyCloakOidcClientProperties props = new Pac4jKeyCloakOidcClientProperties();
250 map(authModuleTO, props, conf);
251 props.setRealm(conf.getRealm());
252 props.setBaseUri(conf.getBaseUri());
253
254 Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
255 client.setKeycloak(props);
256
257 return prefix("cas.authn.pac4j.oidc[].keycloak.", CasCoreConfigurationUtils.asMap(props));
258 }
259
260 @Override
261 public Map<String, Object> map(final AuthModuleTO authModuleTO, final AppleOIDCAuthModuleConf conf) {
262 Pac4jAppleOidcClientProperties props = new Pac4jAppleOidcClientProperties();
263 map(authModuleTO, props, conf);
264 props.setTimeout(conf.getTimeout());
265 props.setPrivateKey(conf.getPrivateKey());
266 props.setPrivateKeyId(conf.getPrivateKeyId());
267 props.setTeamId(conf.getTeamId());
268
269 Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
270 client.setApple(props);
271
272 return prefix("cas.authn.pac4j.oidc[].apple.", CasCoreConfigurationUtils.asMap(props));
273 }
274
275 @Override
276 public Map<String, Object> map(final AuthModuleTO authModuleTO, final SAML2IdPAuthModuleConf conf) {
277 Pac4jSamlClientProperties props = new Pac4jSamlClientProperties();
278 props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
279 props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
280 props.setAcceptedSkew(conf.getAcceptedSkew());
281 props.setAssertionConsumerServiceIndex(conf.getAssertionConsumerServiceIndex());
282 props.setAttributeConsumingServiceIndex(conf.getAttributeConsumingServiceIndex());
283 props.setAuthnContextClassRef(conf.getAuthnContextClassRefs());
284 props.setAuthnContextComparisonType(conf.getAuthnContextComparisonType());
285 props.setBlockedSignatureSigningAlgorithms(conf.getBlockedSignatureSigningAlgorithms());
286 props.setDestinationBinding(conf.getDestinationBinding().getUri());
287 props.setIdentityProviderMetadataPath(conf.getIdentityProviderMetadataPath());
288 props.setServiceProviderMetadataPath(conf.getServiceProviderMetadataPath());
289 props.setKeystorePath(conf.getKeystorePath());
290 props.setWantsAssertionsSigned(conf.isWantsAssertionsSigned());
291 props.setWantsResponsesSigned(conf.isResponsesSigned());
292 props.setKeystoreAlias(conf.getKeystoreAlias());
293 props.setKeystorePassword(conf.getKeystorePassword());
294 props.setMaximumAuthenticationLifetime(conf.getMaximumAuthenticationLifetime());
295 props.setNameIdPolicyFormat(conf.getNameIdPolicyFormat());
296 props.setPrivateKeyPassword(conf.getPrivateKeyPassword());
297 props.setProviderName(conf.getProviderName());
298 props.setServiceProviderEntityId(conf.getServiceProviderEntityId());
299 props.setSignatureAlgorithms(conf.getSignatureAlgorithms());
300 props.setSignatureCanonicalizationAlgorithm(conf.getSignatureCanonicalizationAlgorithm());
301 props.setSignatureReferenceDigestMethods(conf.getSignatureReferenceDigestMethods());
302 props.setPrincipalAttributeId(conf.getUserIdAttribute());
303 props.setNameIdPolicyAllowCreate(StringUtils.isBlank(conf.getNameIdPolicyAllowCreate())
304 ? TriStateBoolean.UNDEFINED
305 : TriStateBoolean.valueOf(conf.getNameIdPolicyAllowCreate().toUpperCase()));
306
307 return prefix("cas.authn.pac4j.saml[].", CasCoreConfigurationUtils.asMap(props));
308 }
309
310 @Override
311 public Map<String, Object> map(final AuthModuleTO authModuleTO, final X509AuthModuleConf conf) {
312 X509Properties props = new X509Properties();
313 props.setName(conf.getName());
314 props.setOrder(conf.getOrder());
315 props.setCacheDiskOverflow(conf.isCacheDiskOverflow());
316 props.setCacheDiskSize(conf.getCacheDiskSize());
317 props.setCacheEternal(conf.isCacheEternal());
318 props.setCacheMaxElementsInMemory(conf.getCacheMaxElementsInMemory());
319 props.setCacheTimeToLiveSeconds(conf.getCacheTimeToLiveSeconds());
320 props.setCheckAll(conf.isCheckAll());
321 props.setCheckKeyUsage(conf.isCheckKeyUsage());
322 props.setCrlExpiredPolicy(conf.getCrlExpiredPolicy().name());
323 props.setCrlFetcher(conf.getCrlFetcher().name());
324 props.setCrlResourceExpiredPolicy(conf.getCrlResourceExpiredPolicy().name());
325 props.setCrlResourceUnavailablePolicy(conf.getCrlResourceUnavailablePolicy().name());
326 props.setCrlResources(conf.getCrlResources());
327 props.setCrlUnavailablePolicy(conf.getCrlUnavailablePolicy().name());
328 props.setExtractCert(conf.isExtractCert());
329 props.setMaxPathLength(conf.getMaxPathLength());
330 props.setMaxPathLengthAllowUnspecified(conf.isMaxPathLengthAllowUnspecified());
331 props.setMixedMode(conf.isMixedMode());
332 props.setRefreshIntervalSeconds(conf.getRefreshIntervalSeconds());
333 props.setRegExSubjectDnPattern(conf.getRegExSubjectDnPattern());
334 props.setRegExTrustedIssuerDnPattern(conf.getRegExTrustedIssuerDnPattern());
335 props.setRequireKeyUsage(conf.isRequireKeyUsage());
336 props.setRevocationChecker(conf.getRevocationChecker().name());
337 props.setRevocationPolicyThreshold(conf.getRevocationPolicyThreshold());
338 props.setSslHeaderName(conf.getSslHeaderName());
339 props.setThrowOnFetchFailure(conf.isThrowOnFetchFailure());
340
341 props.setPrincipalType(PrincipalTypes.valueOf(conf.getPrincipalType().name()));
342 if (StringUtils.isNotBlank(conf.getPrincipalAlternateAttribute())) {
343 switch (props.getPrincipalType()) {
344 case CN_EDIPI:
345 props.getCnEdipi().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
346 break;
347
348 case RFC822_EMAIL:
349 props.getRfc822Email().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
350 break;
351
352 case SUBJECT:
353 props.setPrincipalDescriptor(conf.getPrincipalAlternateAttribute());
354 break;
355
356 case SUBJECT_ALT_NAME:
357 props.getSubjectAltName().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
358 break;
359
360 case SUBJECT_DN:
361 case SERIAL_NO_DN:
362 case SERIAL_NO:
363 default:
364 }
365 }
366 props.getSubjectDn().setFormat(SubjectDnFormat.valueOf(conf.getPrincipalTypeSubjectDnFormat().name()));
367 props.getSerialNoDn().setSerialNumberPrefix(conf.getPrincipalTypeSerialNoDnSerialNumberPrefix());
368 props.getSerialNoDn().setValueDelimiter(conf.getPrincipalTypeSerialNoDnValueDelimiter());
369 props.getSerialNo().setPrincipalHexSNZeroPadding(conf.isPrincipalTypeSerialNoHexSNZeroPadding());
370 props.getSerialNo().setPrincipalSNRadix(conf.getPrincipalTypeSerialNoSNRadix());
371
372 if (conf.getLdap() != null) {
373 X509LdapProperties ldapProps = new X509LdapProperties();
374 ldapProps.setCertificateAttribute(conf.getLdap().getCertificateAttribute());
375 fill(ldapProps, conf.getLdap());
376 props.setLdap(ldapProps);
377 }
378
379 return prefix("cas.authn.x509.", CasCoreConfigurationUtils.asMap(props));
380 }
381
382 @Override
383 public Map<String, Object> map(final AuthModuleTO authModuleTO, final SyncopeAuthModuleConf conf) {
384 SyncopeClient syncopeClient = waRestClient.getSyncopeClient();
385 if (syncopeClient == null) {
386 LOG.warn("Application context is not ready to bootstrap WA configuration");
387 return Map.of();
388 }
389
390 SyncopeAuthenticationProperties props = new SyncopeAuthenticationProperties();
391 props.setName(authModuleTO.getKey());
392 props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
393 props.setDomain(conf.getDomain());
394 props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(), "/rest"));
395 props.setAttributeMappings(authModuleTO.getItems().stream().
396 collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName)));
397
398 return prefix("cas.authn.syncope.", CasCoreConfigurationUtils.asMap(props));
399 }
400
401 @Override
402 public Map<String, Object> map(final AuthModuleTO authModuleTO, final GoogleMfaAuthModuleConf conf) {
403 GoogleAuthenticatorMultifactorProperties props = new GoogleAuthenticatorMultifactorProperties();
404 props.setName(authModuleTO.getKey());
405 props.setOrder(authModuleTO.getOrder());
406 props.getCore().setIssuer(conf.getIssuer());
407 props.getCore().setCodeDigits(conf.getCodeDigits());
408 props.getCore().setLabel(conf.getLabel());
409 props.getCore().setTimeStepSize(conf.getTimeStepSize());
410 props.getCore().setWindowSize(conf.getWindowSize());
411
412 if (conf.getLdap() != null) {
413 LdapGoogleAuthenticatorMultifactorProperties ldapProps = new LdapGoogleAuthenticatorMultifactorProperties();
414 ldapProps.setAccountAttributeName(conf.getLdap().getAccountAttributeName());
415 fill(ldapProps, conf.getLdap());
416 props.setLdap(ldapProps);
417 }
418
419 return prefix("cas.authn.mfa.gauth.", CasCoreConfigurationUtils.asMap(props));
420 }
421
422 @SuppressWarnings("deprecation")
423 @Override
424 public Map<String, Object> map(final AuthModuleTO authModuleTO, final DuoMfaAuthModuleConf conf) {
425 DuoSecurityMultifactorAuthenticationProperties props = new DuoSecurityMultifactorAuthenticationProperties();
426 props.setName(authModuleTO.getKey());
427 props.setOrder(authModuleTO.getOrder());
428 props.setDuoApiHost(conf.getApiHost());
429 props.setDuoApplicationKey(conf.getApplicationKey());
430 props.setDuoIntegrationKey(conf.getIntegrationKey());
431 props.setDuoSecretKey(conf.getSecretKey());
432
433 return prefix("cas.authn.mfa.duo.", CasCoreConfigurationUtils.asMap(props));
434 }
435
436 @Override
437 public Map<String, Object> map(final AuthModuleTO authModuleTO, final U2FAuthModuleConf conf) {
438 U2FMultifactorAuthenticationProperties props = new U2FMultifactorAuthenticationProperties();
439 props.setName(authModuleTO.getKey());
440 props.setOrder(authModuleTO.getOrder());
441 props.getCore().setExpireDevices(conf.getExpireDevices());
442 props.getCore().setExpireDevicesTimeUnit(TimeUnit.valueOf(conf.getExpireDevicesTimeUnit()));
443 props.getCore().setExpireRegistrations(conf.getExpireRegistrations());
444 props.getCore().setExpireRegistrationsTimeUnit(TimeUnit.valueOf(conf.getExpireRegistrationsTimeUnit()));
445
446 return prefix("cas.authn.mfa.u2f.", CasCoreConfigurationUtils.asMap(props));
447 }
448
449 @Override
450 public Map<String, Object> map(final AuthModuleTO authModuleTO, final SimpleMfaAuthModuleConf conf) {
451 CasSimpleMultifactorAuthenticationProperties props = new CasSimpleMultifactorAuthenticationProperties();
452 props.setName(authModuleTO.getKey());
453 props.setOrder(authModuleTO.getOrder());
454
455 props.getMail().setAttributeName(conf.getEmailAttribute());
456 props.getMail().setFrom(conf.getEmailFrom());
457 props.getMail().setSubject(conf.getEmailSubject());
458 props.getMail().setText(conf.getEmailText());
459
460 props.getToken().getCore().setTokenLength(conf.getTokenLength());
461 props.getToken().getCore().setTimeToKillInSeconds(conf.getTimeToKillInSeconds());
462
463 if (StringUtils.isNotBlank(conf.getBypassGroovyScript())) {
464 try {
465 props.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(conf.getBypassGroovyScript()));
466 } catch (Exception e) {
467 LOG.error("Unable to load groovy script for bypass", e);
468 throw new IllegalArgumentException(e);
469 }
470 }
471
472 return prefix("cas.authn.mfa.simple.", CasCoreConfigurationUtils.asMap(props));
473 }
474
475 @Override
476 public Map<String, Object> map(final AuthModuleTO authModuleTO, final SpnegoAuthModuleConf conf) {
477 SpnegoProperties props = new SpnegoProperties();
478 props.setName(authModuleTO.getKey());
479 props.setOrder(authModuleTO.getOrder());
480
481 SpnegoAuthenticationProperties jcifsProperties = new SpnegoAuthenticationProperties();
482 jcifsProperties.setJcifsServicePrincipal(conf.getJcifsServicePrincipal());
483 props.getProperties().add(jcifsProperties);
484
485 props.setMixedModeAuthentication(conf.isMixedModeAuthentication());
486 props.setIpsToCheckPattern(conf.getIpsToCheckPattern());
487 props.setSend401OnAuthenticationFailure(conf.isSend401OnAuthenticationFailure());
488 props.setAlternativeRemoteHostAttribute(conf.getAlternativeRemoteHostAttribute());
489 props.setDnsTimeout(conf.getDnsTimeout());
490 props.setHostNameClientActionStrategy(conf.getHostNameClientActionStrategy());
491 props.setHostNamePatternString(conf.getHostNamePatternString());
492 props.setNtlm(conf.isNtlm());
493 props.setNtlmAllowed(conf.isNtlmAllowed());
494 props.setPoolSize(conf.getPoolSize());
495 props.setPoolTimeout(conf.getPoolTimeout());
496 props.setPrincipalWithDomainName(conf.isPrincipalWithDomainName());
497 props.setSpnegoAttributeName(conf.getSpnegoAttributeName());
498 props.setSupportedBrowsers(conf.getSupportedBrowsers());
499
500 props.getSystem().setUseSubjectCredsOnly(conf.isUseSubjectCredsOnly());
501 props.getSystem().setLoginConf(conf.getLoginConf());
502 props.getSystem().setKerberosKdc(conf.getKerberosKdc());
503 props.getSystem().setKerberosRealm(conf.getKerberosRealm());
504 props.getSystem().setKerberosConf(conf.getKerberosConf());
505 props.getSystem().setKerberosDebug(BooleanUtils.toStringTrueFalse(conf.isKerberosDebug()));
506
507 if (conf.getLdap() != null) {
508 SpnegoLdapProperties ldapProps = new SpnegoLdapProperties();
509 fill(ldapProps, conf.getLdap());
510 props.setLdap(ldapProps);
511 } else {
512 props.setLdap(null);
513 }
514
515 props.getPrincipal().setActiveAttributeRepositoryIds(conf.getAttributeRepoId());
516
517 return prefix("cas.authn.spnego.", CasCoreConfigurationUtils.asMap(props));
518 }
519 }