Google Git
Sign in
apache / syncope / master / . / wa / bootstrap / src / main / java / org / apache / syncope / wa / bootstrap / mapping / AuthModulePropertySourceMapper.java
blob: 7d44f467c2214b631ee97038b38b2d2cf8ad4247 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.syncope.wa.bootstrap.mapping;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.auth.AbstractOIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.AppleOIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.AuthModuleConf;
import org.apache.syncope.common.lib.auth.AzureOIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.DuoMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.GoogleOIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.JDBCAuthModuleConf;
import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
import org.apache.syncope.common.lib.auth.KeycloakOIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
import org.apache.syncope.common.lib.auth.OAuth20AuthModuleConf;
import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
import org.apache.syncope.common.lib.auth.SimpleMfaAuthModuleConf;
import org.apache.syncope.common.lib.auth.SpnegoAuthModuleConf;
import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
import org.apache.syncope.common.lib.auth.X509AuthModuleConf;
import org.apache.syncope.common.lib.to.AuthModuleTO;
import org.apache.syncope.common.lib.to.Item;
import org.apache.syncope.common.lib.types.AuthModuleState;
import org.apache.syncope.wa.bootstrap.WARestClient;
import org.apereo.cas.configuration.model.core.authentication.AuthenticationHandlerStates;
import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties.AuthenticationTypes;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.duo.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.simple.CasSimpleMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.pac4j.oauth.Pac4jOAuth20ClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAppleOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAzureOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGoogleOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jKeyCloakOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
import org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties;
import org.apereo.cas.configuration.model.support.spnego.SpnegoAuthenticationProperties;
import org.apereo.cas.configuration.model.support.spnego.SpnegoLdapProperties;
import org.apereo.cas.configuration.model.support.spnego.SpnegoProperties;
import org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties;
import org.apereo.cas.configuration.model.support.x509.SubjectDnPrincipalResolverProperties.SubjectDnFormat;
import org.apereo.cas.configuration.model.support.x509.X509LdapProperties;
import org.apereo.cas.configuration.model.support.x509.X509Properties;
import org.apereo.cas.configuration.model.support.x509.X509Properties.PrincipalTypes;
import org.apereo.cas.configuration.support.TriStateBoolean;
import org.apereo.cas.util.ResourceUtils;
public class AuthModulePropertySourceMapper extends PropertySourceMapper implements AuthModuleConf.Mapper {
protected final WARestClient waRestClient;
public AuthModulePropertySourceMapper(final WARestClient waRestClient) {
this.waRestClient = waRestClient;
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final StaticAuthModuleConf conf) {
AcceptAuthenticationProperties props = new AcceptAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setOrder(authModuleTO.getOrder());
String users = conf.getUsers().entrySet().stream().
map(entry -> entry.getKey() + "::" + entry.getValue()).
collect(Collectors.joining(","));
props.setUsers(users);
return prefix("cas.authn.accept.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final LDAPAuthModuleConf conf) {
LdapAuthenticationProperties props = new LdapAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setOrder(authModuleTO.getOrder());
props.setType(AuthenticationTypes.valueOf(conf.getAuthenticationType().name()));
props.setDnFormat(conf.getDnFormat());
props.setEnhanceWithEntryResolver(conf.isEnhanceWithEntryResolver());
props.setDerefAliases(Optional.ofNullable(conf.getDerefAliases()).
map(LDAPAuthModuleConf.DerefAliasesType::name).orElse(null));
props.setResolveFromAttribute(conf.getResolveFromAttribute());
props.setPrincipalAttributeId(conf.getPrincipalAttributeId());
props.setPrincipalDnAttributeName(conf.getPrincipalDnAttributeName());
props.setPrincipalAttributeList(authModuleTO.getItems().stream().
map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).toList());
props.setAllowMultiplePrincipalAttributeValues(conf.isAllowMultiplePrincipalAttributeValues());
props.setAdditionalAttributes(conf.getAdditionalAttributes());
props.setAllowMissingPrincipalAttributeValue(conf.isAllowMissingPrincipalAttributeValue());
props.setCollectDnAttribute(props.isCollectDnAttribute());
props.getPasswordPolicy().setType(AbstractLdapProperties.LdapType.valueOf(conf.getLdapType().name()));
fill(props, conf);
return prefix("cas.authn.ldap[].", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final JDBCAuthModuleConf conf) {
QueryJdbcAuthenticationProperties props = new QueryJdbcAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setOrder(authModuleTO.getOrder());
props.setSql(conf.getSql());
props.setFieldDisabled(conf.getFieldDisabled());
props.setFieldExpired(conf.getFieldExpired());
props.setFieldPassword(conf.getFieldPassword());
props.setPrincipalAttributeList(authModuleTO.getItems().stream().
map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).toList());
fill(props, conf);
return prefix("cas.authn.jdbc.query[].", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final JaasAuthModuleConf conf) {
JaasAuthenticationProperties props = new JaasAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setOrder(authModuleTO.getOrder());
props.setLoginConfigType(conf.getLoginConfigType());
props.setKerberosKdcSystemProperty(conf.getKerberosKdcSystemProperty());
props.setKerberosRealmSystemProperty(conf.getKerberosRealmSystemProperty());
props.setLoginConfigType(conf.getLoginConfigurationFile());
props.setRealm(conf.getRealm());
return prefix("cas.authn.jaas[].", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final OAuth20AuthModuleConf conf) {
Pac4jOAuth20ClientProperties props = new Pac4jOAuth20ClientProperties();
props.setId(conf.getClientId());
props.setSecret(conf.getClientSecret());
props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
props.setCustomParams(conf.getCustomParams());
props.setAuthUrl(conf.getAuthUrl());
props.setProfileVerb(conf.getProfileVerb());
props.setProfileUrl(conf.getProfileUrl());
props.setTokenUrl(conf.getTokenUrl());
props.setResponseType(conf.getResponseType());
props.setScope(conf.getScope());
props.setPrincipalIdAttribute(conf.getUserIdAttribute());
props.setWithState(conf.isWithState());
props.setProfileAttrs(authModuleTO.getItems().stream().
collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName)));
return prefix("cas.authn.pac4j.oauth2[].", WAConfUtils.asMap(props));
}
protected void map(
final AuthModuleTO authModuleTO,
final BasePac4jOidcClientProperties props,
final AbstractOIDCAuthModuleConf conf) {
props.setId(conf.getClientId());
props.setSecret(conf.getClientSecret());
props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
props.setCustomParams(conf.getCustomParams());
props.setDiscoveryUri(conf.getDiscoveryUri());
props.setMaxClockSkew(conf.getMaxClockSkew());
props.setPreferredJwsAlgorithm(conf.getPreferredJwsAlgorithm());
props.setResponseMode(conf.getResponseMode());
props.setResponseType(conf.getResponseType());
props.setScope(conf.getScope());
props.setPrincipalIdAttribute(conf.getUserIdAttribute());
props.setExpireSessionWithToken(conf.isExpireSessionWithToken());
props.setTokenExpirationAdvance(conf.getTokenExpirationAdvance());
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final OIDCAuthModuleConf conf) {
Pac4jGenericOidcClientProperties props = new Pac4jGenericOidcClientProperties();
map(authModuleTO, props, conf);
Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
client.setGeneric(props);
return prefix("cas.authn.pac4j.oidc[].generic.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final AzureOIDCAuthModuleConf conf) {
Pac4jAzureOidcClientProperties props = new Pac4jAzureOidcClientProperties();
map(authModuleTO, props, conf);
props.setTenant(conf.getTenant());
Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
client.setAzure(props);
return prefix("cas.authn.pac4j.oidc[].azure.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final GoogleOIDCAuthModuleConf conf) {
Pac4jGoogleOidcClientProperties props = new Pac4jGoogleOidcClientProperties();
map(authModuleTO, props, conf);
Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
client.setGoogle(props);
return prefix("cas.authn.pac4j.oidc[].google.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final KeycloakOIDCAuthModuleConf conf) {
Pac4jKeyCloakOidcClientProperties props = new Pac4jKeyCloakOidcClientProperties();
map(authModuleTO, props, conf);
props.setRealm(conf.getRealm());
props.setBaseUri(conf.getBaseUri());
Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
client.setKeycloak(props);
return prefix("cas.authn.pac4j.oidc[].keycloak.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final AppleOIDCAuthModuleConf conf) {
Pac4jAppleOidcClientProperties props = new Pac4jAppleOidcClientProperties();
map(authModuleTO, props, conf);
props.setTimeout(conf.getTimeout());
props.setPrivateKey(conf.getPrivateKey());
props.setPrivateKeyId(conf.getPrivateKeyId());
props.setTeamId(conf.getTeamId());
Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
client.setApple(props);
return prefix("cas.authn.pac4j.oidc[].apple.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final SAML2IdPAuthModuleConf conf) {
Pac4jSamlClientProperties props = new Pac4jSamlClientProperties();
props.setClientName(Optional.ofNullable(conf.getClientName()).orElse(authModuleTO.getKey()));
props.setEnabled(authModuleTO.getState() == AuthModuleState.ACTIVE);
props.setAcceptedSkew(conf.getAcceptedSkew());
props.setAssertionConsumerServiceIndex(conf.getAssertionConsumerServiceIndex());
props.setAttributeConsumingServiceIndex(conf.getAttributeConsumingServiceIndex());
props.setAuthnContextClassRef(conf.getAuthnContextClassRefs());
props.setAuthnContextComparisonType(conf.getAuthnContextComparisonType());
props.setBlockedSignatureSigningAlgorithms(conf.getBlockedSignatureSigningAlgorithms());
props.setDestinationBinding(conf.getDestinationBinding().getUri());
props.getMetadata().setIdentityProviderMetadataPath(conf.getIdentityProviderMetadataPath());
props.getMetadata().getServiceProvider().getFileSystem().setLocation(conf.getServiceProviderMetadataPath());
props.setKeystorePath(conf.getKeystorePath());
props.setWantsAssertionsSigned(conf.isWantsAssertionsSigned());
props.setWantsResponsesSigned(conf.isResponsesSigned());
props.setKeystorePassword(conf.getKeystorePassword());
props.setMaximumAuthenticationLifetime(conf.getMaximumAuthenticationLifetime());
props.setNameIdPolicyFormat(conf.getNameIdPolicyFormat());
props.setPrivateKeyPassword(conf.getPrivateKeyPassword());
props.setProviderName(conf.getProviderName());
props.setServiceProviderEntityId(conf.getServiceProviderEntityId());
props.setSignatureAlgorithms(conf.getSignatureAlgorithms());
props.setSignatureCanonicalizationAlgorithm(conf.getSignatureCanonicalizationAlgorithm());
props.setSignatureReferenceDigestMethods(conf.getSignatureReferenceDigestMethods());
props.setPrincipalIdAttribute(conf.getUserIdAttribute());
props.setNameIdPolicyAllowCreate(StringUtils.isBlank(conf.getNameIdPolicyAllowCreate())
? TriStateBoolean.UNDEFINED
: TriStateBoolean.valueOf(conf.getNameIdPolicyAllowCreate().toUpperCase()));
return prefix("cas.authn.pac4j.saml[].", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final X509AuthModuleConf conf) {
X509Properties props = new X509Properties();
props.setName(conf.getName());
props.setOrder(conf.getOrder());
props.setCacheMaxElementsInMemory(conf.getCacheMaxElementsInMemory());
props.setCacheTimeToLiveSeconds(conf.getCacheTimeToLiveSeconds());
props.setCheckAll(conf.isCheckAll());
props.setCheckKeyUsage(conf.isCheckKeyUsage());
props.setCrlExpiredPolicy(conf.getCrlExpiredPolicy().name());
props.setCrlFetcher(conf.getCrlFetcher().name());
props.setCrlResourceExpiredPolicy(conf.getCrlResourceExpiredPolicy().name());
props.setCrlResourceUnavailablePolicy(conf.getCrlResourceUnavailablePolicy().name());
props.setCrlResources(conf.getCrlResources());
props.setCrlUnavailablePolicy(conf.getCrlUnavailablePolicy().name());
props.setExtractCert(conf.isExtractCert());
props.setMaxPathLength(conf.getMaxPathLength());
props.setMaxPathLengthAllowUnspecified(conf.isMaxPathLengthAllowUnspecified());
props.setMixedMode(conf.isMixedMode());
props.setRefreshIntervalSeconds(conf.getRefreshIntervalSeconds());
props.setRegExSubjectDnPattern(conf.getRegExSubjectDnPattern());
props.setRegExTrustedIssuerDnPattern(conf.getRegExTrustedIssuerDnPattern());
props.setRequireKeyUsage(conf.isRequireKeyUsage());
props.setRevocationChecker(conf.getRevocationChecker().name());
props.setRevocationPolicyThreshold(conf.getRevocationPolicyThreshold());
props.setSslHeaderName(conf.getSslHeaderName());
props.setThrowOnFetchFailure(conf.isThrowOnFetchFailure());
props.setPrincipalType(PrincipalTypes.valueOf(conf.getPrincipalType().name()));
if (StringUtils.isNotBlank(conf.getPrincipalAlternateAttribute())) {
switch (props.getPrincipalType()) {
case CN_EDIPI:
props.getCnEdipi().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
break;
case RFC822_EMAIL:
props.getRfc822Email().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
break;
case SUBJECT:
props.setPrincipalDescriptor(conf.getPrincipalAlternateAttribute());
break;
case SUBJECT_ALT_NAME:
props.getSubjectAltName().setAlternatePrincipalAttribute(conf.getPrincipalAlternateAttribute());
break;
case SUBJECT_DN:
case SERIAL_NO_DN:
case SERIAL_NO:
default:
}
}
props.getSubjectDn().setFormat(SubjectDnFormat.valueOf(conf.getPrincipalTypeSubjectDnFormat().name()));
props.getSerialNoDn().setSerialNumberPrefix(conf.getPrincipalTypeSerialNoDnSerialNumberPrefix());
props.getSerialNoDn().setValueDelimiter(conf.getPrincipalTypeSerialNoDnValueDelimiter());
props.getSerialNo().setPrincipalHexSNZeroPadding(conf.isPrincipalTypeSerialNoHexSNZeroPadding());
props.getSerialNo().setPrincipalSNRadix(conf.getPrincipalTypeSerialNoSNRadix());
if (conf.getLdap() != null) {
X509LdapProperties ldapProps = new X509LdapProperties();
ldapProps.setCertificateAttribute(conf.getLdap().getCertificateAttribute());
fill(ldapProps, conf.getLdap());
props.setLdap(ldapProps);
}
return prefix("cas.authn.x509.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final SyncopeAuthModuleConf conf) {
SyncopeClient syncopeClient = waRestClient.getSyncopeClient();
if (syncopeClient == null) {
LOG.warn("Application context is not ready to bootstrap WA configuration");
return Map.of();
}
SyncopeAuthenticationProperties props = new SyncopeAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setDomain(conf.getDomain());
props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(), "/rest"));
props.setAttributeMappings(authModuleTO.getItems().stream().
collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName)));
return prefix("cas.authn.syncope.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final GoogleMfaAuthModuleConf conf) {
GoogleAuthenticatorMultifactorProperties props = new GoogleAuthenticatorMultifactorProperties();
props.setName(authModuleTO.getKey());
props.setOrder(authModuleTO.getOrder());
props.getCore().setIssuer(conf.getIssuer());
props.getCore().setCodeDigits(conf.getCodeDigits());
props.getCore().setLabel(conf.getLabel());
props.getCore().setTimeStepSize(conf.getTimeStepSize());
props.getCore().setWindowSize(conf.getWindowSize());
if (conf.getLdap() != null) {
LdapGoogleAuthenticatorMultifactorProperties ldapProps = new LdapGoogleAuthenticatorMultifactorProperties();
ldapProps.setAccountAttributeName(conf.getLdap().getAccountAttributeName());
fill(ldapProps, conf.getLdap());
props.setLdap(ldapProps);
}
return prefix("cas.authn.mfa.gauth.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final DuoMfaAuthModuleConf conf) {
DuoSecurityMultifactorAuthenticationProperties props = new DuoSecurityMultifactorAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setOrder(authModuleTO.getOrder());
props.setDuoApiHost(conf.getApiHost());
props.setDuoIntegrationKey(conf.getIntegrationKey());
props.setDuoSecretKey(conf.getSecretKey());
return prefix("cas.authn.mfa.duo.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final SimpleMfaAuthModuleConf conf) {
CasSimpleMultifactorAuthenticationProperties props = new CasSimpleMultifactorAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setOrder(authModuleTO.getOrder());
props.getMail().setAttributeName(List.of(conf.getEmailAttribute()));
props.getMail().setFrom(conf.getEmailFrom());
props.getMail().setSubject(conf.getEmailSubject());
props.getMail().setText(conf.getEmailText());
props.getToken().getCore().setTokenLength(conf.getTokenLength());
props.getToken().getCore().setTimeToKillInSeconds(conf.getTimeToKillInSeconds());
if (StringUtils.isNotBlank(conf.getBypassGroovyScript())) {
try {
props.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(conf.getBypassGroovyScript()));
} catch (Exception e) {
LOG.error("Unable to load groovy script for bypass", e);
throw new IllegalArgumentException(e);
}
}
return prefix("cas.authn.mfa.simple.", WAConfUtils.asMap(props));
}
@Override
public Map<String, Object> map(final AuthModuleTO authModuleTO, final SpnegoAuthModuleConf conf) {
SpnegoProperties props = new SpnegoProperties();
props.setName(authModuleTO.getKey());
props.setOrder(authModuleTO.getOrder());
SpnegoAuthenticationProperties jcifsProperties = new SpnegoAuthenticationProperties();
jcifsProperties.setJcifsServicePrincipal(conf.getJcifsServicePrincipal());
props.getProperties().add(jcifsProperties);
props.setMixedModeAuthentication(conf.isMixedModeAuthentication());
props.setIpsToCheckPattern(conf.getIpsToCheckPattern());
props.setSend401OnAuthenticationFailure(conf.isSend401OnAuthenticationFailure());
props.setAlternativeRemoteHostAttribute(conf.getAlternativeRemoteHostAttribute());
props.setDnsTimeout(conf.getDnsTimeout());
props.setHostNameClientActionStrategy(conf.getHostNameClientActionStrategy());
props.setHostNamePatternString(conf.getHostNamePatternString());
props.setNtlmAllowed(conf.isNtlmAllowed());
props.setPoolSize(conf.getPoolSize());
props.setPoolTimeout(conf.getPoolTimeout());
props.setPrincipalWithDomainName(conf.isPrincipalWithDomainName());
props.setSpnegoAttributeName(conf.getSpnegoAttributeName());
props.setSupportedBrowsers(conf.getSupportedBrowsers());
props.getSystem().setUseSubjectCredsOnly(conf.isUseSubjectCredsOnly());
props.getSystem().setLoginConf(conf.getLoginConf());
props.getSystem().setKerberosKdc(conf.getKerberosKdc());
props.getSystem().setKerberosRealm(conf.getKerberosRealm());
props.getSystem().setKerberosConf(conf.getKerberosConf());
props.getSystem().setKerberosDebug(conf.isKerberosDebug() ? Boolean.TRUE.toString() : Boolean.FALSE.toString());
if (conf.getLdap() != null) {
SpnegoLdapProperties ldapProps = new SpnegoLdapProperties();
fill(ldapProps, conf.getLdap());
props.setLdap(ldapProps);
} else {
props.setLdap(null);
}
props.getPrincipal().setActiveAttributeRepositoryIds(conf.getAttributeRepoId());
return prefix("cas.authn.spnego.", WAConfUtils.asMap(props));
}
}