gluu
公開メンバ関数 | 公開変数類 | 全メンバ一覧
U2fExternalAuthenticator.PersonAuthentication クラス
U2fExternalAuthenticator.PersonAuthentication の継承関係図
Inheritance graph
U2fExternalAuthenticator.PersonAuthentication 連携図
Collaboration graph

公開メンバ関数

def __init__ (self, currentTimeMillis)
 
def init (self, configurationAttributes)
 
def destroy (self, configurationAttributes)
 
def getApiVersion (self)
 
def isValidAuthenticationMethod (self, usageType, configurationAttributes)
 
def getAlternativeAuthenticationMethod (self, usageType, configurationAttributes)
 
def authenticate (self, configurationAttributes, requestParameters, step)
 
def prepareForStep (self, configurationAttributes, requestParameters, step)
 
def getExtraParametersForStep (self, configurationAttributes, step)
 
def getCountAuthenticationSteps (self, configurationAttributes)
 
def getPageForStep (self, configurationAttributes, step)
 
def logout (self, configurationAttributes, requestParameters)
 

公開変数類

 currentTimeMillis
 
 metaDataConfiguration
 

詳解

構築子と解体子

◆ __init__()

def U2fExternalAuthenticator.PersonAuthentication.__init__ (   self,
  currentTimeMillis 
)
24  def __init__(self, currentTimeMillis):
25  self.currentTimeMillis = currentTimeMillis
26 

関数詳解

◆ authenticate()

def U2fExternalAuthenticator.PersonAuthentication.authenticate (   self,
  configurationAttributes,
  requestParameters,
  step 
)
73  def authenticate(self, configurationAttributes, requestParameters, step):
74  authenticationService = CdiUtil.bean(AuthenticationService)
75 
76  identity = CdiUtil.bean(Identity)
77  credentials = identity.getCredentials()
78 
79  user_name = credentials.getUsername()
80 
81  if (step == 1):
82  print "U2F. Authenticate for step 1"
83 
84  user_password = credentials.getPassword()
85  logged_in = False
86  if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
87  userService = CdiUtil.bean(UserService)
88  logged_in = authenticationService.authenticate(user_name, user_password)
89 
90  if (not logged_in):
91  return False
92 
93  return True
94  elif (step == 2):
95  print "U2F. Authenticate for step 2"
96 
97  token_response = ServerUtil.getFirstValue(requestParameters, "tokenResponse")
98  if token_response == None:
99  print "U2F. Authenticate for step 2. tokenResponse is empty"
100  return False
101 
102  auth_method = ServerUtil.getFirstValue(requestParameters, "authMethod")
103  if auth_method == None:
104  print "U2F. Authenticate for step 2. authMethod is empty"
105  return False
106 
107  authenticationService = CdiUtil.bean(AuthenticationService)
108  user = authenticationService.getAuthenticatedUser()
109  if (user == None):
110  print "U2F. Prepare for step 2. Failed to determine user name"
111  return False
112 
113  if (auth_method == 'authenticate'):
114  print "U2F. Prepare for step 2. Call FIDO U2F in order to finish authentication workflow"
115  authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)
116  authenticationStatus = authenticationRequestService.finishAuthentication(user.getUserId(), token_response)
117 
118  if (authenticationStatus.getStatus() != Constants.RESULT_SUCCESS):
119  print "U2F. Authenticate for step 2. Get invalid authentication status from FIDO U2F server"
120  return False
121 
122  return True
123  elif (auth_method == 'enroll'):
124  print "U2F. Prepare for step 2. Call FIDO U2F in order to finish registration workflow"
125  registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)
126  registrationStatus = registrationRequestService.finishRegistration(user.getUserId(), token_response)
127 
128  if (registrationStatus.getStatus() != Constants.RESULT_SUCCESS):
129  print "U2F. Authenticate for step 2. Get invalid registration status from FIDO U2F server"
130  return False
131 
132  return True
133  else:
134  print "U2F. Prepare for step 2. Authenticatiod method is invalid"
135  return False
136 
137  return False
138  else:
139  return False
140 

◆ destroy()

def U2fExternalAuthenticator.PersonAuthentication.destroy (   self,
  configurationAttributes 
)
59  def destroy(self, configurationAttributes):
60  print "U2F. Destroy"
61  print "U2F. Destroyed successfully"
62  return True
63 

◆ getAlternativeAuthenticationMethod()

def U2fExternalAuthenticator.PersonAuthentication.getAlternativeAuthenticationMethod (   self,
  usageType,
  configurationAttributes 
)
70  def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
71  return None
72 

◆ getApiVersion()

def U2fExternalAuthenticator.PersonAuthentication.getApiVersion (   self)
64  def getApiVersion(self):
65  return 1
66 

◆ getCountAuthenticationSteps()

def U2fExternalAuthenticator.PersonAuthentication.getCountAuthenticationSteps (   self,
  configurationAttributes 
)
200  def getCountAuthenticationSteps(self, configurationAttributes):
201  return 2
202 

◆ getExtraParametersForStep()

def U2fExternalAuthenticator.PersonAuthentication.getExtraParametersForStep (   self,
  configurationAttributes,
  step 
)
197  def getExtraParametersForStep(self, configurationAttributes, step):
198  return None
199 

◆ getPageForStep()

def U2fExternalAuthenticator.PersonAuthentication.getPageForStep (   self,
  configurationAttributes,
  step 
)
203  def getPageForStep(self, configurationAttributes, step):
204  if (step == 2):
205  return "/auth/u2f/login.xhtml"
206 
207  return ""
208 

◆ init()

def U2fExternalAuthenticator.PersonAuthentication.init (   self,
  configurationAttributes 
)
27  def init(self, configurationAttributes):
28  print "U2F. Initialization"
29 
30  print "U2F. Initialization. Downloading U2F metadata"
31  u2f_server_uri = configurationAttributes.get("u2f_server_uri").getValue2()
32  u2f_server_metadata_uri = u2f_server_uri + "/.well-known/fido-u2f-configuration"
33 
34  metaDataConfigurationService = FidoU2fClientFactory.instance().createMetaDataConfigurationService(u2f_server_metadata_uri)
35 
36  max_attempts = 20
37  for attempt in range(1, max_attempts + 1):
38  try:
39  self.metaDataConfiguration = metaDataConfigurationService.getMetadataConfiguration()
40  break
41  except ClientResponseFailure, ex:
42  # Detect if last try or we still get Service Unavailable HTTP error
43  if (attempt == max_attempts) or (ex.getResponse().getResponseStatus() != Response.Status.SERVICE_UNAVAILABLE):
44  raise ex
45 
46  java.lang.Thread.sleep(3000)
47  print "Attempting to load metadata: %d" % attempt
48  except ResteasyClientException, ex:
49  # Detect if last try or we still get Service Unavailable HTTP error
50  if attempt == max_attempts:
51  raise ex
52 
53  java.lang.Thread.sleep(3000)
54  print "Attempting to load metadata: %d" % attempt
55 
56  print "U2F. Initialized successfully"
57  return True
58 

◆ isValidAuthenticationMethod()

def U2fExternalAuthenticator.PersonAuthentication.isValidAuthenticationMethod (   self,
  usageType,
  configurationAttributes 
)
67  def isValidAuthenticationMethod(self, usageType, configurationAttributes):
68  return True
69 

◆ logout()

def U2fExternalAuthenticator.PersonAuthentication.logout (   self,
  configurationAttributes,
  requestParameters 
)
209  def logout(self, configurationAttributes, requestParameters):
210  return True
211 

◆ prepareForStep()

def U2fExternalAuthenticator.PersonAuthentication.prepareForStep (   self,
  configurationAttributes,
  requestParameters,
  step 
)
141  def prepareForStep(self, configurationAttributes, requestParameters, step):
142  identity = CdiUtil.bean(Identity)
143 
144  if (step == 1):
145  return True
146  elif (step == 2):
147  print "U2F. Prepare for step 2"
148 
149  session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()
150  if StringHelper.isEmpty(session_id):
151  print "U2F. Prepare for step 2. Failed to determine session_id"
152  return False
153 
154  authenticationService = CdiUtil.bean(AuthenticationService)
155  user = authenticationService.getAuthenticatedUser()
156  if (user == None):
157  print "U2F. Prepare for step 2. Failed to determine user name"
158  return False
159 
160  u2f_application_id = configurationAttributes.get("u2f_application_id").getValue2()
161 
162  # Check if user have registered devices
163  deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)
164 
165  userInum = user.getAttribute("inum")
166 
167  registrationRequest = None
168  authenticationRequest = None
169 
170  deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, u2f_application_id)
171  if (deviceRegistrations.size() > 0):
172  print "U2F. Prepare for step 2. Call FIDO U2F in order to start authentication workflow"
173 
174  try:
175  authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)
176  authenticationRequest = authenticationRequestService.startAuthentication(user.getUserId(), None, u2f_application_id, session_id)
177  except ClientResponseFailure, ex:
178  if (ex.getResponse().getResponseStatus() != Response.Status.NOT_FOUND):
179  print "U2F. Prepare for step 2. Failed to start authentication workflow. Exception:", sys.exc_info()[1]
180  return False
181  else:
182  print "U2F. Prepare for step 2. Call FIDO U2F in order to start registration workflow"
183  registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)
184  registrationRequest = registrationRequestService.startRegistration(user.getUserId(), u2f_application_id, session_id)
185 
186  identity.setWorkingParameter("fido_u2f_authentication_request", ServerUtil.asJson(authenticationRequest))
187  identity.setWorkingParameter("fido_u2f_registration_request", ServerUtil.asJson(registrationRequest))
188 
189  return True
190  elif (step == 3):
191  print "U2F. Prepare for step 3"
192 
193  return True
194  else:
195  return False
196 

メンバ詳解

◆ currentTimeMillis

U2fExternalAuthenticator.PersonAuthentication.currentTimeMillis

◆ metaDataConfiguration

U2fExternalAuthenticator.PersonAuthentication.metaDataConfiguration
このクラス詳解は次のファイルから抽出されました:
2018年09月30日(日) 14時46分57秒作成 - gluu / 構成:   doxygen 1.8.13