Ejemplo n.º 1
0
        public void SimpleOTP()
        {
            server
            .Given(
                Request.Create()
                .WithPath("/validate/check")
                .UsingPost()
                .WithBody("user=test&pass=test")
                .WithHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
                )
            .RespondWith(
                Response.Create()
                .WithStatusCode(200)
                .WithBody("{\n" +
                          "\"detail\":" +
                          " {\n" +
                          "\"message\": \"matching 1 tokens\",\n" +
                          "\"otplen\": 6,\n" +
                          "\"serial\": \"PISP0001C673\",\n" +
                          "\"threadid\": 140536383567616,\n" +
                          "\"type\": \"totp\"\n" +
                          "},\n" +
                          "\"id\": 1,\n" +
                          "\"jsonrpc\": \"2.0\",\n" +
                          "\"result\": " +
                          "{\n" +
                          "\"status\": true,\n" +
                          "\"value\": true\n" +
                          "},\n" +
                          "\"time\": 1589276995.4397042,\n" +
                          "\"version\": \"privacyIDEA 3.2.1\",\n" +
                          "\"versionnumber\": \"3.2.1\",\n" +
                          "\"signature\": \"rsa_sha256_pss:AAAAAAAAAAA\"}"));

            var resp = privacyIDEA.ValidateCheck("test", "test");

            Assert.IsNotNull(resp);
            Assert.IsTrue(resp.Value);
            Assert.IsTrue(resp.Status);
            Assert.AreEqual("totp", resp.Type);
            Assert.AreEqual("PISP0001C673", resp.Serial);
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Initiates a new authentication process and returns our form to the AD FS system.
        /// </summary>
        /// <param name="identityClaim">Claim information from the ADFS</param>
        /// <param name="request">The http request</param>
        /// <param name="authContext">The context for the authentication</param>
        /// <returns>new instance of IAdapterPresentationForm</returns>
        public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request,
                                                        IAuthenticationContext authContext)
        {
            Log("BeginAuthentication: identityClaim: " + identityClaim.Value);

            string username, domain, upn = "";

            // separates the username from the domain
            string[] tmp = identityClaim.Value.Split('\\');

            if (tmp.Length > 1)
            {
                username = tmp[1];
                domain   = tmp[0];
                if (use_upn)
                {
                    // get UPN from sAMAccountName
                    Log("Getting UPN for user:"******" and domain: " + domain + "...");
                    PrincipalContext ctx  = new PrincipalContext(ContextType.Domain, domain);
                    UserPrincipal    user = UserPrincipal.FindByIdentity(ctx, username);
                    upn = user.UserPrincipalName;
                    Log("Found UPN: " + upn);
                }
                else
                {
                    upn = "not used";
                }
            }
            else
            {
                username = tmp[0];
                upn      = tmp[0];
                domain   = "";
            }

            Log("UPN value: " + upn + ", Domain value: " + domain);

            // use upn or sam as loginname attribute
            if (use_upn)
            {
                username = upn;
            }

            // Prepare the form
            var form = new AdapterPresentationForm();

            // trigger challenges with service account or empty pass if configured
            PIResponse response = null;

            if (privacyIDEA != null)
            {
                if (this.triggerChallenge)
                {
                    response = privacyIDEA.TriggerChallenges(username, domain);
                }
                else if (this.sendEmptyPassword)
                {
                    response = privacyIDEA.ValidateCheck(username, "", domain: domain);
                }
            }
            else
            {
                Error("privacyIDEA not initialized!");
            }

            // Evaluate the response for triggered token and prepare the form accordingly
            if (response != null)
            {
                if (response.Challenges.Count > 0)
                {
                    form = ExtractChallengeDataToForm(response, form, authContext);
                }
                else if (response.Value)
                {
                    // Success in step 1, carry this over to the second step so that step will be skipped
                    authContext.Data.Add("authSuccess", "1");
                    form.AutoSubmit = "1";
                }
                else
                {
                    if (!string.IsNullOrEmpty(response.ErrorMessage))
                    {
                        Error("Error in first step: " + response.ErrorMessage);
                        form.ErrorMessage = response.ErrorMessage;
                    }
                    else
                    {
                        Error("Sent something in first step and got failure without message");
                    }
                }
            }

            form.Mode = "otp";
            authContext.Data.Add("userid", username);
            authContext.Data.Add("domain", domain);

            // Perform optional user enrollment
            // If a challenge was triggered previously, checking if the user has a token is skipped
            if (enrollmentEnabled &&
                (response != null && string.IsNullOrEmpty(response.TransactionID) || (response == null)) &&
                !privacyIDEA.UserHasToken(username, domain))
            {
                PIEnrollResponse res = privacyIDEA.TokenInit(username, domain);
                if (enrollmentApps.Any())
                {
                    form.EnrollmentApps = enrollmentApps;
                }
                form.EnrollmentUrl = res.TotpUrl;
                form.EnrollmentImg = res.Base64TotpImage;
            }

            return(form);
        }