Skip to content

Commit

Permalink
[SYNCOPE-1811] MFA bypass properties (#665)
Browse files Browse the repository at this point in the history
  • Loading branch information
mdisabatino committed Mar 27, 2024
1 parent 2f0c5e9 commit f0c6d04
Show file tree
Hide file tree
Showing 10 changed files with 90 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.apache.syncope.client.ui.commons.Constants;
import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel;
import org.apache.syncope.client.ui.commons.markup.html.form.AjaxPalettePanel;
import org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
import org.apache.syncope.common.lib.policy.AuthPolicyTO;
import org.apache.syncope.common.lib.to.AuthModuleTO;
Expand Down Expand Up @@ -79,6 +80,24 @@ public AuthPolicyModalPanel(
"authModules",
new PropertyModel<>(model.getObject().getConf(), "authModules"),
allAuthModules));

add(new AjaxCheckBoxPanel(
"bypassEnabled",
"bypassEnabled",
new PropertyModel<>(model.getObject().getConf(), "bypassEnabled"),
false));

add(new AjaxTextFieldPanel(
"bypassPrincipalAttributeName",
"bypassPrincipalAttributeName",
new PropertyModel<>(model.getObject().getConf(), "bypassPrincipalAttributeName"),
false));

add(new AjaxTextFieldPanel(
"bypassPrincipalAttributeValue",
"bypassPrincipalAttributeValue",
new PropertyModel<>(model.getObject().getConf(), "bypassPrincipalAttributeValue"),
false));
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,14 @@
<div class="form-group">
<span wicket:id="authModules"/>
</div>
<div class="form-group">
<span wicket:id="bypassEnabled"/>
</div>
<div class="form-group">
<span wicket:id="bypassPrincipalAttributeName"/>
</div>
<div class="form-group">
<span wicket:id="bypassPrincipalAttributeValue"/>
</div>
</wicket:extend>
</html>
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,6 @@ enable.stConf=Enable ST
enable.proxyTgtConf=Enable Proxy TGT
enable.proxyStConf=Enable Proxy ST
auditHistory.title=Configuration history
bypassEnabled=Enable Bypass
bypassPrincipalAttributeName=Bypass Principal Attribute Name
bypassPrincipalAttributeValue=Bypass Principal Attribute Value
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,6 @@ enable.stConf=Enable ST
enable.proxyTgtConf=Enable Proxy TGT
enable.proxyStConf=Enable Proxy ST
auditHistory.title=Historique de configuration
bypassEnabled=Enable Bypass
bypassPrincipalAttributeName=Bypass Principal Attribute Name
bypassPrincipalAttributeValue=Bypass Principal Attribute Value
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,6 @@ enable.stConf=Abilita ST
enable.proxyTgtConf=Abilita Proxy TGT
enable.proxyStConf=Abilita Proxy ST
auditHistory.title=Storico delle configurazioni
bypassEnabled=Abilita Bypass
bypassPrincipalAttributeName=Bypass Nome Attributo
bypassPrincipalAttributeValue=Bypass Valore Attributo
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,7 @@ enable.stConf=Enable ST
enable.proxyTgtConf=Enable Proxy TGT
enable.proxyStConf=Enable Proxy ST
auditHistory.title=\u8a2d\u5b9a\u5c65\u6b74
bypassEnabled=Enable Bypass
bypassPrincipalAttributeName=Bypass Principal Attribute Name
bypassPrincipalAttributeValue=Bypass Principal Attribute Value

Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,6 @@ enable.stConf=Enable ST
enable.proxyTgtConf=Enable Proxy TGT
enable.proxyStConf=Enable Proxy ST
auditHistory.title=Hist\u00f3rico de configura\u00e7\u00e3o
bypassEnabled=Enable Bypass
bypassPrincipalAttributeName=Bypass Principal Attribute Name
bypassPrincipalAttributeValue=Bypass Principal Attribute Value
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,6 @@ enable.stConf=Enable ST
enable.proxyTgtConf=Enable Proxy TGT
enable.proxyStConf=Enable Proxy ST
auditHistory.title=\u0418\u0441\u0442\u043e\u0440\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438
bypassEnabled=Enable Bypass
bypassPrincipalAttributeName=Bypass Principal Attribute Name
bypassPrincipalAttributeValue=Bypass Principal Attribute Value
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ public class DefaultAuthPolicyConf implements AuthPolicyConf {

private boolean tryAll;

private boolean bypassEnabled;

private String bypassPrincipalAttributeName;

private String bypassPrincipalAttributeValue;

private final List<String> authModules = new ArrayList<>();

public boolean isTryAll() {
Expand All @@ -39,6 +45,30 @@ public void setTryAll(final boolean tryAll) {
this.tryAll = tryAll;
}

public boolean isBypassEnabled() {
return bypassEnabled;
}

public void setBypassEnabled(final boolean bypassEnabled) {
this.bypassEnabled = bypassEnabled;
}

public String getBypassPrincipalAttributeName() {
return bypassPrincipalAttributeName;
}

public void setBypassPrincipalAttributeName(final String bypassPrincipalAttributeName) {
this.bypassPrincipalAttributeName = bypassPrincipalAttributeName;
}

public String getBypassPrincipalAttributeValue() {
return bypassPrincipalAttributeValue;
}

public void setBypassPrincipalAttributeValue(final String bypassPrincipalAttributeValue) {
this.bypassPrincipalAttributeValue = bypassPrincipalAttributeValue;
}

@JacksonXmlElementWrapper(localName = "authModules")
@JacksonXmlProperty(localName = "authModule")
public List<String> getAuthModules() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.auth.MFAAuthModuleConf;
import org.apache.syncope.common.lib.auth.Pac4jAuthModuleConf;
Expand Down Expand Up @@ -78,8 +79,9 @@ public AuthMapperResult build(
delegatedAuthHandlers.addAll(authModules.stream().
filter(m -> m.getConf() instanceof Pac4jAuthModuleConf).
map(m -> Pair.of(
m.getKey(),
Optional.ofNullable(((Pac4jAuthModuleConf) m.getConf()).getClientName()).orElse(m.getKey()))).
m.getKey(),
Optional.ofNullable(((Pac4jAuthModuleConf) m.getConf()).getClientName())
.orElse(m.getKey()))).
collect(Collectors.toSet()));
if (!delegatedAuthHandlers.isEmpty()) {
authHandlers.removeAll(delegatedAuthHandlers.stream().map(Pair::getLeft).collect(Collectors.toSet()));
Expand Down Expand Up @@ -110,7 +112,15 @@ public AuthMapperResult build(
collect(Collectors.toSet());

mfaPolicy = new DefaultRegisteredServiceMultifactorPolicy();
mfaPolicy.setBypassEnabled(false);

if (StringUtils.isNotBlank(policyConf.getBypassPrincipalAttributeName())
&& StringUtils.isNotBlank(policyConf.getBypassPrincipalAttributeValue())) {
mfaPolicy.setBypassPrincipalAttributeName(policyConf.getBypassPrincipalAttributeName());
mfaPolicy.setBypassPrincipalAttributeValue(policyConf.getBypassPrincipalAttributeValue());
} else {
mfaPolicy.setBypassEnabled(policyConf.isBypassEnabled());
}

mfaPolicy.setForceExecution(true);
mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
}
Expand Down

0 comments on commit f0c6d04

Please sign in to comment.