View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.wa.bootstrap.mapping;
20  
21  import java.util.Map;
22  import java.util.Optional;
23  import java.util.concurrent.TimeUnit;
24  import java.util.stream.Collectors;
25  import org.apache.commons.lang3.BooleanUtils;
26  import org.apache.commons.lang3.StringUtils;
27  import org.apache.syncope.client.lib.SyncopeClient;
28  import org.apache.syncope.common.lib.auth.AbstractOIDCAuthModuleConf;
29  import org.apache.syncope.common.lib.auth.AppleOIDCAuthModuleConf;
30  import org.apache.syncope.common.lib.auth.AuthModuleConf;
31  import org.apache.syncope.common.lib.auth.AzureOIDCAuthModuleConf;
32  import org.apache.syncope.common.lib.auth.DuoMfaAuthModuleConf;
33  import org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf;
34  import org.apache.syncope.common.lib.auth.GoogleOIDCAuthModuleConf;
35  import org.apache.syncope.common.lib.auth.JDBCAuthModuleConf;
36  import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
37  import org.apache.syncope.common.lib.auth.KeycloakOIDCAuthModuleConf;
38  import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
39  import org.apache.syncope.common.lib.auth.OAuth20AuthModuleConf;
40  import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
41  import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
42  import org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf;
43  import org.apache.syncope.common.lib.auth.SpnegoAuthModuleConf;
44  import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
45  import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
46  import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
47  import org.apache.syncope.common.lib.auth.X509AuthModuleConf;
48  import org.apache.syncope.common.lib.to.AuthModuleTO;
49  import org.apache.syncope.common.lib.to.Item;
50  import org.apache.syncope.common.lib.types.AuthModuleState;
51  import org.apache.syncope.wa.bootstrap.WARestClient;
52  import org.apereo.cas.configuration.CasCoreConfigurationUtils;
53  import org.apereo.cas.configuration.model.core.authentication.AuthenticationHandlerStates;
54  import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
55  import org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties;
56  import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
57  import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties.AuthenticationTypes;
58  import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
59  import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
60  import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
61  import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
62  import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
63  import org.apereo.cas.configuration.model.support.mfa.simple.CasSimpleMultifactorAuthenticationProperties;
64  import org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
65  import org.apereo.cas.configuration.model.support.pac4j.oauth.Pac4jOAuth20ClientProperties;
66  import org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties;
67  import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAppleOidcClientProperties;
68  import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAzureOidcClientProperties;
69  import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
70  import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGoogleOidcClientProperties;
71  import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jKeyCloakOidcClientProperties;
72  import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
73  import org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties;
74  import org.apereo.cas.configuration.model.support.spnego.SpnegoAuthenticationProperties;
75  import org.apereo.cas.configuration.model.support.spnego.SpnegoLdapProperties;
76  import org.apereo.cas.configuration.model.support.spnego.SpnegoProperties;
77  import org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties;
78  import org.apereo.cas.configuration.model.support.x509.SubjectDnPrincipalResolverProperties.SubjectDnFormat;
79  import org.apereo.cas.configuration.model.support.x509.X509LdapProperties;
80  import org.apereo.cas.configuration.model.support.x509.X509Properties;
81  import org.apereo.cas.configuration.model.support.x509.X509Properties.PrincipalTypes;
82  import org.apereo.cas.util.ResourceUtils;
83  import org.apereo.cas.util.model.TriStateBoolean;
84  
85  public class AuthModulePropertySourceMapper extends PropertySourceMapper implements AuthModuleConf.Mapper {
86  
87      protected final WARestClient waRestClient;
88  
89      public AuthModulePropertySourceMapper(final WARestClient waRestClient) {
90          this.waRestClient = waRestClient;
91      }
92  
93      @Override
94      public Map<String, Object> map(final AuthModuleTO authModuleTO, final StaticAuthModuleConf conf) {
95          AcceptAuthenticationProperties props = new AcceptAuthenticationProperties();
96          props.setName(authModuleTO.getKey());
97          props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
98          props.setOrder(authModuleTO.getOrder());
99          String users = conf.getUsers().entrySet().stream().
100                 map(entry -> entry.getKey() + "::" + entry.getValue()).
101                 collect(Collectors.joining(","));
102         props.setUsers(users);
103 
104         return prefix("cas.authn.accept.", CasCoreConfigurationUtils.asMap(props));
105     }
106 
107     @Override
108     public Map<String, Object> map(final AuthModuleTO authModuleTO, final LDAPAuthModuleConf conf) {
109         LdapAuthenticationProperties props = new LdapAuthenticationProperties();
110         props.setName(authModuleTO.getKey());
111         props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
112         props.setOrder(authModuleTO.getOrder());
113 
114         props.setType(AuthenticationTypes.valueOf(conf.getAuthenticationType().name()));
115         props.setDnFormat(conf.getDnFormat());
116         props.setEnhanceWithEntryResolver(conf.isEnhanceWithEntryResolver());
117         props.setDerefAliases(Optional.ofNullable(conf.getDerefAliases()).
118                 map(LDAPAuthModuleConf.DerefAliasesType::name).orElse(null));
119         props.setResolveFromAttribute(conf.getResolveFromAttribute());
120 
121         props.setPrincipalAttributeId(conf.getPrincipalAttributeId());
122         props.setPrincipalDnAttributeName(conf.getPrincipalDnAttributeName());
123         props.setPrincipalAttributeList(authModuleTO.getItems().stream().
124                 map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList()));
125         props.setAllowMultiplePrincipalAttributeValues(conf.isAllowMultiplePrincipalAttributeValues());
126         props.setAdditionalAttributes(conf.getAdditionalAttributes());
127         props.setAllowMissingPrincipalAttributeValue(conf.isAllowMissingPrincipalAttributeValue());
128         props.setCollectDnAttribute(props.isCollectDnAttribute());
129 
130         props.getPasswordPolicy().setType(AbstractLdapProperties.LdapType.valueOf(conf.getLdapType().name()));
131 
132         fill(props, conf);
133 
134         return prefix("cas.authn.ldap[].", CasCoreConfigurationUtils.asMap(props));
135     }
136 
137     @Override
138     public Map<String, Object> map(final AuthModuleTO authModuleTO, final JDBCAuthModuleConf conf) {
139         QueryJdbcAuthenticationProperties props = new QueryJdbcAuthenticationProperties();
140         props.setName(authModuleTO.getKey());
141         props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
142         props.setOrder(authModuleTO.getOrder());
143         props.setSql(conf.getSql());
144         props.setFieldDisabled(conf.getFieldDisabled());
145         props.setFieldExpired(conf.getFieldExpired());
146         props.setFieldPassword(conf.getFieldPassword());
147         props.setPrincipalAttributeList(authModuleTO.getItems().stream().
148                 map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList()));
149         fill(props, conf);
150 
151         return prefix("cas.authn.jdbc.query[].", CasCoreConfigurationUtils.asMap(props));
152     }
153 
154     @Override
155     public Map<String, Object> map(final AuthModuleTO authModuleTO, final JaasAuthModuleConf conf) {
156         JaasAuthenticationProperties props = new JaasAuthenticationProperties();
157         props.setName(authModuleTO.getKey());
158         props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
159         props.setOrder(authModuleTO.getOrder());
160         props.setLoginConfigType(conf.getLoginConfigType());
161         props.setKerberosKdcSystemProperty(conf.getKerberosKdcSystemProperty());
162         props.setKerberosRealmSystemProperty(conf.getKerberosRealmSystemProperty());
163         props.setLoginConfigType(conf.getLoginConfigurationFile());
164         props.setRealm(conf.getRealm());
165 
166         return prefix("cas.authn.jaas[].", CasCoreConfigurationUtils.asMap(props));
167     }
168 
169     @Override
170     public Map<String, Object> map(final AuthModuleTO authModuleTO, final OAuth20AuthModuleConf conf) {
171         Pac4jOAuth20ClientProperties props = new Pac4jOAuth20ClientProperties();
172         props.setId(conf.getClientId());
173         props.setSecret(conf.getClientSecret());
174         props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
175         props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
176         props.setCustomParams(conf.getCustomParams());
177         props.setAuthUrl(conf.getAuthUrl());
178         props.setProfilePath(conf.getProfilePath());
179         props.setProfileVerb(conf.getProfileVerb());
180         props.setProfileUrl(conf.getProfileUrl());
181         props.setTokenUrl(conf.getTokenUrl());
182         props.setResponseType(conf.getResponseType());
183         props.setScope(conf.getScope());
184         props.setPrincipalAttributeId(conf.getUserIdAttribute());
185         props.setWithState(conf.isWithState());
186         props.setProfileAttrs(authModuleTO.getItems().stream().
187                 collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName)));
188 
189         return prefix("cas.authn.pac4j.oauth2[].", CasCoreConfigurationUtils.asMap(props));
190     }
191 
192     protected void map(
193             final AuthModuleTO authModuleTO,
194             final BasePac4jOidcClientProperties props,
195             final AbstractOIDCAuthModuleConf conf) {
196 
197         props.setId(conf.getClientId());
198         props.setSecret(conf.getClientSecret());
199         props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
200         props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
201         props.setCustomParams(conf.getCustomParams());
202         props.setDiscoveryUri(conf.getDiscoveryUri());
203         props.setMaxClockSkew(conf.getMaxClockSkew());
204         props.setPreferredJwsAlgorithm(conf.getPreferredJwsAlgorithm());
205         props.setResponseMode(conf.getResponseMode());
206         props.setResponseType(conf.getResponseType());
207         props.setScope(conf.getScope());
208         props.setPrincipalAttributeId(conf.getUserIdAttribute());
209         props.setExpireSessionWithToken(conf.isExpireSessionWithToken());
210         props.setTokenExpirationAdvance(conf.getTokenExpirationAdvance());
211     }
212 
213     @Override
214     public Map<String, Object> map(final AuthModuleTO authModuleTO, final OIDCAuthModuleConf conf) {
215         Pac4jGenericOidcClientProperties props = new Pac4jGenericOidcClientProperties();
216         map(authModuleTO, props, conf);
217 
218         Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
219         client.setGeneric(props);
220 
221         return prefix("cas.authn.pac4j.oidc[].generic.", CasCoreConfigurationUtils.asMap(props));
222     }
223 
224     @Override
225     public Map<String, Object> map(final AuthModuleTO authModuleTO, final AzureOIDCAuthModuleConf conf) {
226         Pac4jAzureOidcClientProperties props = new Pac4jAzureOidcClientProperties();
227         map(authModuleTO, props, conf);
228         props.setTenant(conf.getTenant());
229 
230         Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
231         client.setAzure(props);
232 
233         return prefix("cas.authn.pac4j.oidc[].azure.", CasCoreConfigurationUtils.asMap(props));
234     }
235 
236     @Override
237     public Map<String, Object> map(final AuthModuleTO authModuleTO, final GoogleOIDCAuthModuleConf conf) {
238         Pac4jGoogleOidcClientProperties props = new Pac4jGoogleOidcClientProperties();
239         map(authModuleTO, props, conf);
240 
241         Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
242         client.setGoogle(props);
243 
244         return prefix("cas.authn.pac4j.oidc[].google.", CasCoreConfigurationUtils.asMap(props));
245     }
246 
247     @Override
248     public Map<String, Object> map(final AuthModuleTO authModuleTO, final KeycloakOIDCAuthModuleConf conf) {
249         Pac4jKeyCloakOidcClientProperties props = new Pac4jKeyCloakOidcClientProperties();
250         map(authModuleTO, props, conf);
251         props.setRealm(conf.getRealm());
252         props.setBaseUri(conf.getBaseUri());
253 
254         Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
255         client.setKeycloak(props);
256 
257         return prefix("cas.authn.pac4j.oidc[].keycloak.", CasCoreConfigurationUtils.asMap(props));
258     }
259 
260     @Override
261     public Map<String, Object> map(final AuthModuleTO authModuleTO, final AppleOIDCAuthModuleConf conf) {
262         Pac4jAppleOidcClientProperties props = new Pac4jAppleOidcClientProperties();
263         map(authModuleTO, props, conf);
264         props.setTimeout(conf.getTimeout());
265         props.setPrivateKey(conf.getPrivateKey());
266         props.setPrivateKeyId(conf.getPrivateKeyId());
267         props.setTeamId(conf.getTeamId());
268 
269         Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
270         client.setApple(props);
271 
272         return prefix("cas.authn.pac4j.oidc[].apple.", CasCoreConfigurationUtils.asMap(props));
273     }
274 
275     @Override
276     public Map<String, Object> map(final AuthModuleTO authModuleTO, final SAML2IdPAuthModuleConf conf) {
277         Pac4jSamlClientProperties props = new Pac4jSamlClientProperties();
278         props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
279         props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
280         props.setAcceptedSkew(conf.getAcceptedSkew());
281         props.setAssertionConsumerServiceIndex(conf.getAssertionConsumerServiceIndex());
282         props.setAttributeConsumingServiceIndex(conf.getAttributeConsumingServiceIndex());
283         props.setAuthnContextClassRef(conf.getAuthnContextClassRefs());
284         props.setAuthnContextComparisonType(conf.getAuthnContextComparisonType());
285         props.setBlockedSignatureSigningAlgorithms(conf.getBlockedSignatureSigningAlgorithms());
286         props.setDestinationBinding(conf.getDestinationBinding().getUri());
287         props.setIdentityProviderMetadataPath(conf.getIdentityProviderMetadataPath());
288         props.setServiceProviderMetadataPath(conf.getServiceProviderMetadataPath());
289         props.setKeystorePath(conf.getKeystorePath());
290         props.setWantsAssertionsSigned(conf.isWantsAssertionsSigned());
291         props.setWantsResponsesSigned(conf.isResponsesSigned());
292         props.setKeystoreAlias(conf.getKeystoreAlias());
293         props.setKeystorePassword(conf.getKeystorePassword());
294         props.setMaximumAuthenticationLifetime(conf.getMaximumAuthenticationLifetime());
295         props.setNameIdPolicyFormat(conf.getNameIdPolicyFormat());
296         props.setPrivateKeyPassword(conf.getPrivateKeyPassword());
297         props.setProviderName(conf.getProviderName());
298         props.setServiceProviderEntityId(conf.getServiceProviderEntityId());
299         props.setSignatureAlgorithms(conf.getSignatureAlgorithms());
300         props.setSignatureCanonicalizationAlgorithm(conf.getSignatureCanonicalizationAlgorithm());
301         props.setSignatureReferenceDigestMethods(conf.getSignatureReferenceDigestMethods());
302         props.setPrincipalAttributeId(conf.getUserIdAttribute());
303         props.setNameIdPolicyAllowCreate(StringUtils.isBlank(conf.getNameIdPolicyAllowCreate())
304                 ? TriStateBoolean.UNDEFINED
305                 : TriStateBoolean.valueOf(conf.getNameIdPolicyAllowCreate().toUpperCase()));
306 
307         return prefix("cas.authn.pac4j.saml[].", CasCoreConfigurationUtils.asMap(props));
308     }
309 
310     @Override
311     public Map<String, Object> map(final AuthModuleTO authModuleTO, final X509AuthModuleConf conf) {
312         X509Properties props = new X509Properties();
313         props.setName(conf.getName());
314         props.setOrder(conf.getOrder());
315         props.setCacheDiskOverflow(conf.isCacheDiskOverflow());
316         props.setCacheDiskSize(conf.getCacheDiskSize());
317         props.setCacheEternal(conf.isCacheEternal());
318         props.setCacheMaxElementsInMemory(conf.getCacheMaxElementsInMemory());
319         props.setCacheTimeToLiveSeconds(conf.getCacheTimeToLiveSeconds());
320         props.setCheckAll(conf.isCheckAll());
321         props.setCheckKeyUsage(conf.isCheckKeyUsage());
322         props.setCrlExpiredPolicy(conf.getCrlExpiredPolicy().name());
323         props.setCrlFetcher(conf.getCrlFetcher().name());
324         props.setCrlResourceExpiredPolicy(conf.getCrlResourceExpiredPolicy().name());
325         props.setCrlResourceUnavailablePolicy(conf.getCrlResourceUnavailablePolicy().name());
326         props.setCrlResources(conf.getCrlResources());
327         props.setCrlUnavailablePolicy(conf.getCrlUnavailablePolicy().name());
328         props.setExtractCert(conf.isExtractCert());
329         props.setMaxPathLength(conf.getMaxPathLength());
330         props.setMaxPathLengthAllowUnspecified(conf.isMaxPathLengthAllowUnspecified());
331         props.setMixedMode(conf.isMixedMode());
332         props.setRefreshIntervalSeconds(conf.getRefreshIntervalSeconds());
333         props.setRegExSubjectDnPattern(conf.getRegExSubjectDnPattern());
334         props.setRegExTrustedIssuerDnPattern(conf.getRegExTrustedIssuerDnPattern());
335         props.setRequireKeyUsage(conf.isRequireKeyUsage());
336         props.setRevocationChecker(conf.getRevocationChecker().name());
337         props.setRevocationPolicyThreshold(conf.getRevocationPolicyThreshold());
338         props.setSslHeaderName(conf.getSslHeaderName());
339         props.setThrowOnFetchFailure(conf.isThrowOnFetchFailure());
340 
341         props.setPrincipalType(PrincipalTypes.valueOf(conf.getPrincipalType().name()));
342         if (StringUtils.isNotBlank(conf.getPrincipalAlternateAttribute())) {
343             switch (props.getPrincipalType()) {
344                 case CN_EDIPI:
345                     props.getCnEdipi().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
346                     break;
347 
348                 case RFC822_EMAIL:
349                     props.getRfc822Email().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
350                     break;
351 
352                 case SUBJECT:
353                     props.setPrincipalDescriptor(conf.getPrincipalAlternateAttribute());
354                     break;
355 
356                 case SUBJECT_ALT_NAME:
357                     props.getSubjectAltName().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
358                     break;
359 
360                 case SUBJECT_DN:
361                 case SERIAL_NO_DN:
362                 case SERIAL_NO:
363                 default:
364             }
365         }
366         props.getSubjectDn().setFormat(SubjectDnFormat.valueOf(conf.getPrincipalTypeSubjectDnFormat().name()));
367         props.getSerialNoDn().setSerialNumberPrefix(conf.getPrincipalTypeSerialNoDnSerialNumberPrefix());
368         props.getSerialNoDn().setValueDelimiter(conf.getPrincipalTypeSerialNoDnValueDelimiter());
369         props.getSerialNo().setPrincipalHexSNZeroPadding(conf.isPrincipalTypeSerialNoHexSNZeroPadding());
370         props.getSerialNo().setPrincipalSNRadix(conf.getPrincipalTypeSerialNoSNRadix());
371 
372         if (conf.getLdap() != null) {
373             X509LdapProperties ldapProps = new X509LdapProperties();
374             ldapProps.setCertificateAttribute(conf.getLdap().getCertificateAttribute());
375             fill(ldapProps, conf.getLdap());
376             props.setLdap(ldapProps);
377         }
378 
379         return prefix("cas.authn.x509.", CasCoreConfigurationUtils.asMap(props));
380     }
381 
382     @Override
383     public Map<String, Object> map(final AuthModuleTO authModuleTO, final SyncopeAuthModuleConf conf) {
384         SyncopeClient syncopeClient = waRestClient.getSyncopeClient();
385         if (syncopeClient == null) {
386             LOG.warn("Application context is not ready to bootstrap WA configuration");
387             return Map.of();
388         }
389 
390         SyncopeAuthenticationProperties props = new SyncopeAuthenticationProperties();
391         props.setName(authModuleTO.getKey());
392         props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
393         props.setDomain(conf.getDomain());
394         props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(), "/rest"));
395         props.setAttributeMappings(authModuleTO.getItems().stream().
396                 collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName)));
397 
398         return prefix("cas.authn.syncope.", CasCoreConfigurationUtils.asMap(props));
399     }
400 
401     @Override
402     public Map<String, Object> map(final AuthModuleTO authModuleTO, final GoogleMfaAuthModuleConf conf) {
403         GoogleAuthenticatorMultifactorProperties props = new GoogleAuthenticatorMultifactorProperties();
404         props.setName(authModuleTO.getKey());
405         props.setOrder(authModuleTO.getOrder());
406         props.getCore().setIssuer(conf.getIssuer());
407         props.getCore().setCodeDigits(conf.getCodeDigits());
408         props.getCore().setLabel(conf.getLabel());
409         props.getCore().setTimeStepSize(conf.getTimeStepSize());
410         props.getCore().setWindowSize(conf.getWindowSize());
411 
412         if (conf.getLdap() != null) {
413             LdapGoogleAuthenticatorMultifactorProperties ldapProps = new LdapGoogleAuthenticatorMultifactorProperties();
414             ldapProps.setAccountAttributeName(conf.getLdap().getAccountAttributeName());
415             fill(ldapProps, conf.getLdap());
416             props.setLdap(ldapProps);
417         }
418 
419         return prefix("cas.authn.mfa.gauth.", CasCoreConfigurationUtils.asMap(props));
420     }
421 
422     @SuppressWarnings("deprecation")
423     @Override
424     public Map<String, Object> map(final AuthModuleTO authModuleTO, final DuoMfaAuthModuleConf conf) {
425         DuoSecurityMultifactorAuthenticationProperties props = new DuoSecurityMultifactorAuthenticationProperties();
426         props.setName(authModuleTO.getKey());
427         props.setOrder(authModuleTO.getOrder());
428         props.setDuoApiHost(conf.getApiHost());
429         props.setDuoApplicationKey(conf.getApplicationKey());
430         props.setDuoIntegrationKey(conf.getIntegrationKey());
431         props.setDuoSecretKey(conf.getSecretKey());
432 
433         return prefix("cas.authn.mfa.duo.", CasCoreConfigurationUtils.asMap(props));
434     }
435 
436     @Override
437     public Map<String, Object> map(final AuthModuleTO authModuleTO, final U2FAuthModuleConf conf) {
438         U2FMultifactorAuthenticationProperties props = new U2FMultifactorAuthenticationProperties();
439         props.setName(authModuleTO.getKey());
440         props.setOrder(authModuleTO.getOrder());
441         props.getCore().setExpireDevices(conf.getExpireDevices());
442         props.getCore().setExpireDevicesTimeUnit(TimeUnit.valueOf(conf.getExpireDevicesTimeUnit()));
443         props.getCore().setExpireRegistrations(conf.getExpireRegistrations());
444         props.getCore().setExpireRegistrationsTimeUnit(TimeUnit.valueOf(conf.getExpireRegistrationsTimeUnit()));
445 
446         return prefix("cas.authn.mfa.u2f.", CasCoreConfigurationUtils.asMap(props));
447     }
448 
449     @Override
450     public Map<String, Object> map(final AuthModuleTO authModuleTO, final SimpleMfaAuthModuleConf conf) {
451         CasSimpleMultifactorAuthenticationProperties props = new CasSimpleMultifactorAuthenticationProperties();
452         props.setName(authModuleTO.getKey());
453         props.setOrder(authModuleTO.getOrder());
454 
455         props.getMail().setAttributeName(conf.getEmailAttribute());
456         props.getMail().setFrom(conf.getEmailFrom());
457         props.getMail().setSubject(conf.getEmailSubject());
458         props.getMail().setText(conf.getEmailText());
459 
460         props.getToken().getCore().setTokenLength(conf.getTokenLength());
461         props.getToken().getCore().setTimeToKillInSeconds(conf.getTimeToKillInSeconds());
462 
463         if (StringUtils.isNotBlank(conf.getBypassGroovyScript())) {
464             try {
465                 props.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(conf.getBypassGroovyScript()));
466             } catch (Exception e) {
467                 LOG.error("Unable to load groovy script for bypass", e);
468                 throw new IllegalArgumentException(e);
469             }
470         }
471 
472         return prefix("cas.authn.mfa.simple.", CasCoreConfigurationUtils.asMap(props));
473     }
474 
475     @Override
476     public Map<String, Object> map(final AuthModuleTO authModuleTO, final SpnegoAuthModuleConf conf) {
477         SpnegoProperties props = new SpnegoProperties();
478         props.setName(authModuleTO.getKey());
479         props.setOrder(authModuleTO.getOrder());
480 
481         SpnegoAuthenticationProperties jcifsProperties = new SpnegoAuthenticationProperties();
482         jcifsProperties.setJcifsServicePrincipal(conf.getJcifsServicePrincipal());
483         props.getProperties().add(jcifsProperties);
484 
485         props.setMixedModeAuthentication(conf.isMixedModeAuthentication());
486         props.setIpsToCheckPattern(conf.getIpsToCheckPattern());
487         props.setSend401OnAuthenticationFailure(conf.isSend401OnAuthenticationFailure());
488         props.setAlternativeRemoteHostAttribute(conf.getAlternativeRemoteHostAttribute());
489         props.setDnsTimeout(conf.getDnsTimeout());
490         props.setHostNameClientActionStrategy(conf.getHostNameClientActionStrategy());
491         props.setHostNamePatternString(conf.getHostNamePatternString());
492         props.setNtlm(conf.isNtlm());
493         props.setNtlmAllowed(conf.isNtlmAllowed());
494         props.setPoolSize(conf.getPoolSize());
495         props.setPoolTimeout(conf.getPoolTimeout());
496         props.setPrincipalWithDomainName(conf.isPrincipalWithDomainName());
497         props.setSpnegoAttributeName(conf.getSpnegoAttributeName());
498         props.setSupportedBrowsers(conf.getSupportedBrowsers());
499 
500         props.getSystem().setUseSubjectCredsOnly(conf.isUseSubjectCredsOnly());
501         props.getSystem().setLoginConf(conf.getLoginConf());
502         props.getSystem().setKerberosKdc(conf.getKerberosKdc());
503         props.getSystem().setKerberosRealm(conf.getKerberosRealm());
504         props.getSystem().setKerberosConf(conf.getKerberosConf());
505         props.getSystem().setKerberosDebug(BooleanUtils.toStringTrueFalse(conf.isKerberosDebug()));
506 
507         if (conf.getLdap() != null) {
508             SpnegoLdapProperties ldapProps = new SpnegoLdapProperties();
509             fill(ldapProps, conf.getLdap());
510             props.setLdap(ldapProps);
511         } else {
512             props.setLdap(null);
513         }
514 
515         props.getPrincipal().setActiveAttributeRepositoryIds(conf.getAttributeRepoId());
516 
517         return prefix("cas.authn.spnego.", CasCoreConfigurationUtils.asMap(props));
518     }
519 }