org.jasig.cas.authentication.AuthenticationBuilder Java Examples

The following examples show how to use org.jasig.cas.authentication.AuthenticationBuilder. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RememberAuthenticationMethodMetaDataPopulator.java    From cas-mfa with Apache License 2.0 6 votes vote down vote up
@Override
public void populateAttributes(final AuthenticationBuilder authenticationBuilder, final Credential credential) {
    final RequestContext context = RequestContextHolder.getRequestContext();
    if (context != null) {
        final Service svc = WebUtils.getService(context);

        if (svc instanceof MultiFactorAuthenticationSupportingWebApplicationService) {
            final MultiFactorAuthenticationSupportingWebApplicationService mfaSvc =
                    (MultiFactorAuthenticationSupportingWebApplicationService) svc;

            authenticationBuilder.addAttribute(
                    MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD,
                    mfaSvc.getAuthenticationMethod());

            logger.debug("Captured authentication method [{}] into the authentication context",
                    mfaSvc.getAuthenticationMethod());
        }
    }
}
 
Example #2
Source File: KryoTranscoderTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
public MockTicketGrantingTicket(final String id, final Credential credential) {
    this.id = id;
    final CredentialMetaData credentialMetaData = new BasicCredentialMetaData(credential);
    final AuthenticationBuilder builder = new AuthenticationBuilder();
    final Map<String, Object> attributes = new HashMap<String, Object>();
    attributes.put("nickname", "bob");
    builder.setPrincipal(new SimplePrincipal("handymanbob", attributes));
    builder.setAuthenticationDate(new Date());
    builder.addCredential(credentialMetaData);
    final AuthenticationHandler handler = new MockAuthenticationHandler();
    try {
        builder.addSuccess(handler.getName(), handler.authenticate(credential));
    } catch (final Exception e) {
        throw new RuntimeException(e);
    }
    builder.addFailure(handler.getName(), FailedLoginException.class);
    this.authentication = builder.build();
}
 
Example #3
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyAuthenticationTypeFoundCustom() {
    final CustomCredential credentials = new CustomCredential();

    final Map<String, String> added = new HashMap<>();
    added.put(CustomCredential.class.getName(), "FF");

    this.populator.setUserDefinedMappings(added);

    final AuthenticationBuilder builder = newAuthenticationBuilder(TestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();

    assertEquals(
            "FF",
            auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
}
 
Example #4
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthenticationTypeFoundCustom() {
    final CustomCredential credentials = new CustomCredential();

    final Map<String, String> added = new HashMap<String, String>();
    added.put(CustomCredential.class.getName(), "FF");

    this.populator.setUserDefinedMappings(added);

    final AuthenticationBuilder builder = newAuthenticationBuilder(TestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();

    assertEquals(
            "FF",
            auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
}
 
Example #5
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testAuthenticationTypeFound() {
    final UsernamePasswordCredential credentials = new UsernamePasswordCredential();
    final AuthenticationBuilder builder = newAuthenticationBuilder(TestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();

    assertEquals(
            auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD),
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_PASSWORD);
}
 
Example #6
Source File: ClientAuthenticationMetaDataPopulator.java    From oxTrust with MIT License 5 votes vote down vote up
/**
 * {@InheritDoc}
 */
@Override
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
	if (credential instanceof ClientCredential) {
		final ClientCredential clientCredential = (ClientCredential) credential;
		builder.addAttribute(CLIENT_NAME, clientCredential.getOpenIdCredentials().getClientName());
	}
}
 
Example #7
Source File: CacheCredentialsMetaDataPopulator.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
    if (credential instanceof UsernamePasswordCredential) {
        final UsernamePasswordCredential c = (UsernamePasswordCredential) credential;
        final Authentication authentication = builder.build();
        this.credentialCache.put(authentication.getPrincipal().getId(), c.getPassword());
    }
}
 
Example #8
Source File: TestUtils.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
public static Authentication getAuthentication(final Principal principal, final Map<String, Object> attributes) {
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    return new AuthenticationBuilder(principal)
            .addCredential(meta)
            .addSuccess("testHandler", new HandlerResult(handler, meta))
            .setAttributes(attributes)
            .build();
}
 
Example #9
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
private AuthenticationBuilder newBuilder(final Credential credential) {
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    final AuthenticationBuilder builder = new AuthenticationBuilder(TestUtils.getPrincipal())
            .addCredential(meta)
            .addSuccess("test", new HandlerResult(handler, meta));

    this.p.populateAttributes(builder, credential);
    return builder;
}
 
Example #10
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithoutRememberMeCredentials() {
    final AuthenticationBuilder builder = newBuilder(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final Authentication auth = builder.build();

    assertNull(auth.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME));
}
 
Example #11
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithFalseRememberMeCredentials() {
    final RememberMeUsernamePasswordCredential c = new RememberMeUsernamePasswordCredential();
    c.setRememberMe(false);
    final AuthenticationBuilder builder = newBuilder(c);
    final Authentication auth = builder.build();

    assertNull(auth.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME));
}
 
Example #12
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithTrueRememberMeCredentials() {
    final RememberMeUsernamePasswordCredential c = new RememberMeUsernamePasswordCredential();
    c.setRememberMe(true);
    final AuthenticationBuilder builder = newBuilder(c);
    final Authentication auth = builder.build();

    assertEquals(true, auth.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME));
}
 
Example #13
Source File: RememberMeAuthenticationMetaDataPopulator.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
    if (credential instanceof RememberMeCredential) {
        final RememberMeCredential r = (RememberMeCredential) credential;
        if (r.isRememberMe()) {
            builder.addAttribute(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, true);
        }
    }
}
 
Example #14
Source File: ClientAuthenticationMetaDataPopulator.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
    if (credential instanceof ClientCredential) {
        final ClientCredential clientCredential = (ClientCredential) credential;
        builder.addAttribute(CLIENT_NAME, clientCredential.getCredentials().getClientName());
    }
}
 
Example #15
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
private static AuthenticationBuilder newAuthenticationBuilder(final Principal principal) {
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    return new AuthenticationBuilder(principal)
            .addCredential(meta)
            .addSuccess("test", new HandlerResult(handler, meta));
}
 
Example #16
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testAuthenticationTypeNotFound() {
    final CustomCredential credentials = new CustomCredential();
    final AuthenticationBuilder builder = newAuthenticationBuilder(TestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();

    assertNull(auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
}
 
Example #17
Source File: SamlAuthenticationMetaDataPopulator.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
public final void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {

    final String credentialsClass = credential.getClass().getName();
    final String authenticationMethod = this.authenticationMethods.get(credentialsClass);

    builder.addAttribute(ATTRIBUTE_AUTHENTICATION_METHOD, authenticationMethod);
}
 
Example #18
Source File: KryoTranscoderTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyEncodeDecodeTGTImpl() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final AuthenticationBuilder bldr = new DefaultAuthenticationBuilder(
            new DefaultPrincipalFactory()
                    .createPrincipal("user", Collections.unmodifiableMap(this.principalAttributes)));
    bldr.setAttributes(Collections.unmodifiableMap(this.principalAttributes));
    bldr.setAuthenticationDate(new Date());
    bldr.addCredential(new BasicCredentialMetaData(userPassCredential));
    bldr.addFailure("error", AccountNotFoundException.class);
    bldr.addSuccess("authn", new DefaultHandlerResult(
            new AcceptUsersAuthenticationHandler(),
            new BasicCredentialMetaData(userPassCredential)));

    final TicketGrantingTicket parent =
            new TicketGrantingTicketImpl(TGT_ID, TestUtils.getService(), null, bldr.build(),
                    new NeverExpiresExpirationPolicy());

    final TicketGrantingTicket expectedTGT =
            new TicketGrantingTicketImpl(TGT_ID, TestUtils.getService(),
                    null, bldr.build(),
                    new NeverExpiresExpirationPolicy());

    final ServiceTicket ticket = expectedTGT.grantServiceTicket(ST_ID,
            TestUtils.getService(),
            new NeverExpiresExpirationPolicy(), false);
    CachedData result = transcoder.encode(expectedTGT);
    final TicketGrantingTicket resultTicket = (TicketGrantingTicket) transcoder.decode(result);

    assertEquals(expectedTGT, resultTicket);
    result = transcoder.encode(ticket);
    final ServiceTicket resultStTicket = (ServiceTicket) transcoder.decode(result);
    assertEquals(ticket, resultStTicket);

}
 
Example #19
Source File: SamlAuthenticationMetaDataPopulator.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
public final void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {

    final String credentialsClass = credential.getClass().getName();
    final String authenticationMethod = this.authenticationMethods.get(credentialsClass);

    builder.addAttribute(ATTRIBUTE_AUTHENTICATION_METHOD, authenticationMethod);
}
 
Example #20
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
private AuthenticationBuilder newBuilder(final Credential credential) {
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    final AuthenticationBuilder builder = new DefaultAuthenticationBuilder(TestUtils.getPrincipal())
            .addCredential(meta)
            .addSuccess("test", new DefaultHandlerResult(handler, meta));

    if (this.p.supports(credential)) {
        this.p.populateAttributes(builder, credential);
    }
    return builder;
}
 
Example #21
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyWithoutRememberMeCredentials() {
    final AuthenticationBuilder builder = newBuilder(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final Authentication auth = builder.build();

    assertNull(auth.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME));
}
 
Example #22
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyWithFalseRememberMeCredentials() {
    final RememberMeUsernamePasswordCredential c = new RememberMeUsernamePasswordCredential();
    c.setRememberMe(false);
    final AuthenticationBuilder builder = newBuilder(c);
    final Authentication auth = builder.build();

    assertNull(auth.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME));
}
 
Example #23
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyAuthenticationTypeFound() {
    final UsernamePasswordCredential credentials = new UsernamePasswordCredential();
    final AuthenticationBuilder builder = newAuthenticationBuilder(TestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();

    assertEquals(
            auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD),
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_PASSWORD);
}
 
Example #24
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyAuthenticationTypeNotFound() {
    final CustomCredential credentials = new CustomCredential();
    final AuthenticationBuilder builder = newAuthenticationBuilder(TestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();

    assertNull(auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
}
 
Example #25
Source File: SamlAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
private static AuthenticationBuilder newAuthenticationBuilder(final Principal principal) {
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    return new DefaultAuthenticationBuilder(principal)
            .addCredential(meta)
            .addSuccess("test", new DefaultHandlerResult(handler, meta));
}
 
Example #26
Source File: RememberMeAuthenticationMetaDataPopulatorTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyWithTrueRememberMeCredentials() {
    final RememberMeUsernamePasswordCredential c = new RememberMeUsernamePasswordCredential();
    c.setRememberMe(true);
    final AuthenticationBuilder builder = newBuilder(c);
    final Authentication auth = builder.build();

    assertEquals(true, auth.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME));
}
 
Example #27
Source File: RememberMeAuthenticationMetaDataPopulator.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
    final RememberMeCredential r = (RememberMeCredential) credential;
    if (r.isRememberMe()) {
        builder.addAttribute(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, Boolean.TRUE);
    }
}
 
Example #28
Source File: CentralAuthenticationServiceImpl.java    From taoshop with Apache License 2.0 4 votes vote down vote up
@Audit(
        action = "SERVICE_TICKET_VALIDATE",
        actionResolverName = "VALIDATE_SERVICE_TICKET_RESOLVER",
        resourceResolverName = "VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name = "VALIDATE_SERVICE_TICKET_METER")
@Counted(name = "VALIDATE_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws AbstractTicketException {
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    verifyRegisteredServiceProperties(registeredService, service);

    final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null) {
        logger.info("Service ticket [{}] does not exist.", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    try {
        synchronized (serviceTicket) {
            if (serviceTicket.isExpired()) {
                logger.info("ServiceTicket [{}] has expired.", serviceTicketId);
                throw new InvalidTicketException(serviceTicketId);
            }

            if (!serviceTicket.isValidFor(service)) {
                logger.error("Service ticket [{}] with service [{}] does not match supplied service [{}]",
                        serviceTicketId, serviceTicket.getService().getId(), service);
                throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService());
            }
        }

        final TicketGrantingTicket root = serviceTicket.getGrantingTicket().getRoot();
        final Authentication authentication = getAuthenticationSatisfiedByPolicy(
                root, new ServiceContext(serviceTicket.getService(), registeredService));
        final Principal principal = authentication.getPrincipal();

        final RegisteredServiceAttributeReleasePolicy attributePolicy = registeredService.getAttributeReleasePolicy();
        logger.debug("Attribute policy [{}] is associated with service [{}]", attributePolicy, registeredService);

        @SuppressWarnings("unchecked")
        final Map<String, Object> attributesToRelease = attributePolicy != null
                ? attributePolicy.getAttributes(principal) : Collections.EMPTY_MAP;

        final String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service);
        final Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, attributesToRelease);
        final AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
        builder.setPrincipal(modifiedPrincipal);

        final Assertion assertion = new ImmutableAssertion(
                builder.build(),
                serviceTicket.getGrantingTicket().getChainedAuthentications(),
                serviceTicket.getService(),
                serviceTicket.isFromNewLogin());

        doPublishEvent(new CasServiceTicketValidatedEvent(this, serviceTicket, assertion));

        return assertion;

    } finally {
        if (serviceTicket.isExpired()) {
            this.ticketRegistry.deleteTicket(serviceTicketId);
        }
    }
}
 
Example #29
Source File: ClientAuthenticationMetaDataPopulator.java    From springboot-shiro-cas-mybatis with MIT License 4 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
    final ClientCredential clientCredential = (ClientCredential) credential;
    builder.addAttribute(CLIENT_NAME, clientCredential.getCredentials().getClientName());
}
 
Example #30
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 4 votes vote down vote up
@Audit(
    action="SERVICE_TICKET_VALIDATE",
    actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
    resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name="VALIDATE_SERVICE_TICKET_METER")
@Counted(name="VALIDATE_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    verifyRegisteredServiceProperties(registeredService, service);

    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null) {
        logger.info("Service ticket [{}] does not exist.", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    try {
        synchronized (serviceTicket) {
            if (serviceTicket.isExpired()) {
                logger.info("ServiceTicket [{}] has expired.", serviceTicketId);
                throw new InvalidTicketException(serviceTicketId);
            }

            if (!serviceTicket.isValidFor(service)) {
                logger.error("Service ticket [{}] with service [{}] does not match supplied service [{}]",
                        serviceTicketId, serviceTicket.getService().getId(), service);
                throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService());
            }
        }

        final TicketGrantingTicket root = serviceTicket.getGrantingTicket().getRoot();
        final Authentication authentication = getAuthenticationSatisfiedByPolicy(
                root, new ServiceContext(serviceTicket.getService(), registeredService));
        final Principal principal = authentication.getPrincipal();

        final AttributeReleasePolicy attributePolicy = registeredService.getAttributeReleasePolicy();
        logger.debug("Attribute policy [{}] is associated with service [{}]", attributePolicy, registeredService);
        
        @SuppressWarnings("unchecked")
        final Map<String, Object> attributesToRelease = attributePolicy != null
                ? attributePolicy.getAttributes(principal) : Collections.EMPTY_MAP;
        
        final String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service);
        final Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, attributesToRelease);
        final AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
        builder.setPrincipal(modifiedPrincipal);

        return new ImmutableAssertion(
                builder.build(),
                serviceTicket.getGrantingTicket().getChainedAuthentications(),
                serviceTicket.getService(),
                serviceTicket.isFromNewLogin());
    } finally {
        if (serviceTicket.isExpired()) {
            this.serviceTicketRegistry.deleteTicket(serviceTicketId);
        }
    }
}