use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcDynamicClientRegistrationEndpointController method handleRequestInternal.
/**
* Handle request.
*
* @param jsonInput the json input
* @param request the request
* @param response the response
* @return the model and view
* @throws Exception the exception
*/
@PostMapping(value = '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.REGISTRATION_URL, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<OidcClientRegistrationResponse> handleRequestInternal(@RequestBody final String jsonInput, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
try {
final OidcClientRegistrationRequest registrationRequest = this.clientRegistrationRequestSerializer.from(jsonInput);
LOGGER.debug("Received client registration request [{}]", registrationRequest);
if (registrationRequest.getScopes().isEmpty()) {
throw new Exception("Registration request does not contain any scope values");
}
if (!registrationRequest.getScope().contains(OidcConstants.OPENID)) {
throw new Exception("Registration request scopes do not contain [{}]" + OidcConstants.OPENID);
}
final OidcRegisteredService registeredService = new OidcRegisteredService();
registeredService.setName(registrationRequest.getClientName());
if (StringUtils.isNotBlank(registrationRequest.getJwksUri())) {
registeredService.setJwks(registrationRequest.getJwksUri());
registeredService.setSignIdToken(true);
}
final String uri = registrationRequest.getRedirectUris().stream().findFirst().get();
registeredService.setServiceId(uri);
registeredService.setClientId(clientIdGenerator.getNewString());
registeredService.setClientSecret(clientSecretGenerator.getNewString());
registeredService.setEvaluationOrder(Integer.MIN_VALUE);
final Set<String> supportedScopes = new HashSet<>(casProperties.getAuthn().getOidc().getScopes());
supportedScopes.retainAll(registrationRequest.getScopes());
final OidcClientRegistrationResponse clientResponse = getClientRegistrationResponse(registrationRequest, registeredService);
registeredService.setScopes(supportedScopes);
final Set<String> processedScopes = new LinkedHashSet<>(supportedScopes);
registeredService.setScopes(processedScopes);
registeredService.setDescription("Dynamically registered service ".concat(registeredService.getName()).concat(" with grant types ").concat(clientResponse.getGrantTypes().stream().collect(Collectors.joining(","))).concat(" and with scopes ").concat(registeredService.getScopes().stream().collect(Collectors.joining(","))).concat(" and response types ").concat(clientResponse.getResponseTypes().stream().collect(Collectors.joining(","))));
registeredService.setDynamicallyRegistered(true);
scopeToAttributesFilter.reconcile(registeredService);
return new ResponseEntity<>(clientResponse, HttpStatus.CREATED);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
final Map<String, String> map = new HashMap<>();
map.put("error", "invalid_client_metadata");
map.put("error_message", e.getMessage());
return new ResponseEntity(map, HttpStatus.BAD_REQUEST);
}
}
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcRegisteredServiceUIAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
Service service = WebUtils.getService(requestContext);
if (service != null) {
service = serviceSelectionStrategy.resolveServiceFrom(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
if (registeredService instanceof OidcRegisteredService) {
final OidcRegisteredService oauthService = OidcRegisteredService.class.cast(registeredService);
WebUtils.putServiceUserInterfaceMetadata(requestContext, new DefaultRegisteredServiceUserInterfaceInfo(oauthService));
}
}
return success();
}
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class DefaultRegisteredServiceMapper method mapRegisteredService.
@Override
public void mapRegisteredService(final RegisteredService svc, final RegisteredServiceEditBean.ServiceData bean) {
bean.setAssignedId(Long.toString(svc.getId()));
bean.setServiceId(svc.getServiceId());
bean.setName(svc.getName());
bean.setDescription(svc.getDescription());
if (svc.getLogo() != null) {
bean.setLogoUrl(svc.getLogo().toExternalForm());
}
bean.setRequiredHandlers(svc.getRequiredHandlers());
if (StringUtils.isNotBlank(svc.getInformationUrl())) {
bean.setInformationUrl(svc.getInformationUrl());
}
if (StringUtils.isNotBlank(svc.getPrivacyUrl())) {
bean.setPrivacyUrl(svc.getPrivacyUrl());
}
if (svc instanceof OAuthRegisteredService) {
bean.setType(RegisteredServiceTypeEditBean.OAUTH.toString());
final OAuthRegisteredService oauth = (OAuthRegisteredService) svc;
final RegisteredServiceOAuthTypeEditBean oauthBean = bean.getOauth();
oauthBean.setBypass(oauth.isBypassApprovalPrompt());
oauthBean.setClientId(oauth.getClientId());
oauthBean.setClientSecret(oauth.getClientSecret());
oauthBean.setRefreshToken(oauth.isGenerateRefreshToken());
oauthBean.setJsonFormat(oauth.isJsonFormat());
if (svc instanceof OidcRegisteredService) {
bean.setType(RegisteredServiceTypeEditBean.OIDC.toString());
final OidcRegisteredService oidc = (OidcRegisteredService) svc;
final RegisteredServiceOidcTypeEditBean oidcBean = bean.getOidc();
oidcBean.setJwks(oidc.getJwks());
oidcBean.setSignToken(oidc.isSignIdToken());
oidcBean.setImplicit(oidc.isImplicit());
oidcBean.setEncrypt(oidc.isEncryptIdToken());
oidcBean.setEncryptAlg(oidc.getIdTokenEncryptionAlg());
oidcBean.setEncryptEnc(oidc.getIdTokenEncryptionEncoding());
oidcBean.setDynamic(oidc.isDynamicallyRegistered());
if (oidc.isDynamicallyRegistered()) {
oidcBean.setDynamicDate(oidc.getDynamicRegistrationDateTime().toString());
}
oidcBean.setScopes(oidc.getScopes().stream().collect(Collectors.joining(",")));
}
}
if (svc instanceof SamlRegisteredService) {
bean.setType(RegisteredServiceTypeEditBean.SAML.toString());
final SamlRegisteredService saml = (SamlRegisteredService) svc;
final RegisteredServiceSamlTypeEditBean samlbean = bean.getSaml();
samlbean.setMdLoc(saml.getMetadataLocation());
samlbean.setMdMaxVal(saml.getMetadataMaxValidity());
samlbean.setMdSigLoc(saml.getMetadataSignatureLocation());
samlbean.setAuthCtxCls(saml.getRequiredAuthenticationContextClass());
samlbean.setEncAssert(saml.isEncryptAssertions());
samlbean.setSignResp(saml.isSignResponses());
samlbean.setSignAssert(saml.isSignAssertions());
samlbean.setRemoveEmptyEntities(saml.isMetadataCriteriaRemoveEmptyEntitiesDescriptors());
samlbean.setRemoveRoleless(saml.isMetadataCriteriaRemoveRolelessEntityDescriptors());
if (StringUtils.isNotBlank(saml.getMetadataCriteriaDirection())) {
samlbean.setDir(saml.getMetadataCriteriaDirection().toUpperCase());
}
if (StringUtils.isNotBlank(saml.getMetadataCriteriaPattern())) {
samlbean.setMdPattern(saml.getMetadataCriteriaPattern());
}
if (StringUtils.isNotBlank(saml.getMetadataCriteriaRoles())) {
samlbean.setRoles(org.springframework.util.StringUtils.commaDelimitedListToSet(saml.getMetadataCriteriaRoles()));
}
}
bean.setTheme(svc.getTheme());
bean.setEvalOrder(svc.getEvaluationOrder());
final LogoutType logoutType = svc.getLogoutType();
switch(logoutType) {
case BACK_CHANNEL:
bean.setLogoutType(RegisteredServiceLogoutTypeEditBean.BACK.toString());
break;
case FRONT_CHANNEL:
bean.setLogoutType(RegisteredServiceLogoutTypeEditBean.FRONT.toString());
break;
default:
bean.setLogoutType(RegisteredServiceLogoutTypeEditBean.NONE.toString());
break;
}
final URL url = svc.getLogoutUrl();
if (url != null) {
bean.setLogoutUrl(url.toExternalForm());
}
final RegisteredServicePublicKey key = svc.getPublicKey();
final RegisteredServicePublicKeyEditBean pBean = bean.getPublicKey();
if (key != null) {
pBean.setAlgorithm(key.getAlgorithm());
pBean.setLocation(key.getLocation());
}
final Map<String, RegisteredServiceProperty> props = svc.getProperties();
final Set<RegisteredServiceEditBean.ServiceData.PropertyBean> beanProps = bean.getProperties();
props.entrySet().forEach(p -> {
final String set = org.springframework.util.StringUtils.collectionToCommaDelimitedString(p.getValue().getValues());
beanProps.add(new RegisteredServiceEditBean.ServiceData.PropertyBean(p.getKey(), set));
});
}
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class DefaultRegisteredServiceMapper method toRegisteredService.
@Override
public RegisteredService toRegisteredService(final RegisteredServiceEditBean.ServiceData data) {
try {
final AbstractRegisteredService regSvc;
// create base RegisteredService object
final String type = data.getType();
if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OAUTH.toString()) || StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OIDC.toString())) {
if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OAUTH.toString())) {
regSvc = new OAuthRegisteredService();
} else {
regSvc = new OidcRegisteredService();
}
final RegisteredServiceOAuthTypeEditBean oauthBean = data.getOauth();
((OAuthRegisteredService) regSvc).setClientId(oauthBean.getClientId());
((OAuthRegisteredService) regSvc).setClientSecret(oauthBean.getClientSecret());
((OAuthRegisteredService) regSvc).setBypassApprovalPrompt(oauthBean.isBypass());
((OAuthRegisteredService) regSvc).setGenerateRefreshToken(oauthBean.isRefreshToken());
((OAuthRegisteredService) regSvc).setJsonFormat(oauthBean.isJsonFormat());
if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OIDC.toString())) {
((OidcRegisteredService) regSvc).setJwks(data.getOidc().getJwks());
((OidcRegisteredService) regSvc).setSignIdToken(data.getOidc().isSignToken());
((OidcRegisteredService) regSvc).setImplicit(data.getOidc().isImplicit());
((OidcRegisteredService) regSvc).setEncryptIdToken(data.getOidc().isEncrypt());
((OidcRegisteredService) regSvc).setIdTokenEncryptionAlg(data.getOidc().getEncryptAlg());
((OidcRegisteredService) regSvc).setIdTokenEncryptionEncoding(data.getOidc().getEncryptEnc());
((OidcRegisteredService) regSvc).setScopes(org.springframework.util.StringUtils.commaDelimitedListToSet(data.getOidc().getScopes()));
}
} else if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.SAML.toString())) {
regSvc = new SamlRegisteredService();
final RegisteredServiceSamlTypeEditBean samlBean = data.getSaml();
((SamlRegisteredService) regSvc).setEncryptAssertions(samlBean.isEncAssert());
((SamlRegisteredService) regSvc).setSignAssertions(samlBean.isSignAssert());
((SamlRegisteredService) regSvc).setSignResponses(samlBean.isSignResp());
((SamlRegisteredService) regSvc).setMetadataLocation(samlBean.getMdLoc());
((SamlRegisteredService) regSvc).setMetadataSignatureLocation(samlBean.getMdSigLoc());
((SamlRegisteredService) regSvc).setMetadataMaxValidity(samlBean.getMdMaxVal());
((SamlRegisteredService) regSvc).setRequiredAuthenticationContextClass(samlBean.getAuthCtxCls());
((SamlRegisteredService) regSvc).setMetadataCriteriaRemoveEmptyEntitiesDescriptors(samlBean.isRemoveEmptyEntities());
((SamlRegisteredService) regSvc).setMetadataCriteriaRemoveRolelessEntityDescriptors(samlBean.isRemoveRoleless());
if (StringUtils.isNotBlank(samlBean.getDir())) {
((SamlRegisteredService) regSvc).setMetadataCriteriaDirection(samlBean.getDir().toUpperCase());
}
if (StringUtils.isNotBlank(samlBean.getMdPattern()) && RegexUtils.isValidRegex(samlBean.getMdPattern())) {
((SamlRegisteredService) regSvc).setMetadataCriteriaPattern(samlBean.getMdPattern());
}
if (samlBean.getRoles() != null && !samlBean.getRoles().isEmpty()) {
((SamlRegisteredService) regSvc).setMetadataCriteriaRoles(org.springframework.util.StringUtils.collectionToCommaDelimitedString(samlBean.getRoles()));
}
} else {
if (RegexUtils.isValidRegex(data.getServiceId())) {
regSvc = new RegexRegisteredService();
} else {
throw new RuntimeException("Invalid service type.");
}
}
// set the assigned Id
final long assignedId = Long.parseLong(data.getAssignedId());
if (assignedId <= 0) {
regSvc.setId(RegisteredService.INITIAL_IDENTIFIER_VALUE);
} else {
regSvc.setId(assignedId);
}
// set simple RegisteredService properties
regSvc.setServiceId(data.getServiceId());
regSvc.setName(data.getName());
regSvc.setDescription(data.getDescription());
if (StringUtils.isNotBlank(data.getLogoUrl())) {
regSvc.setLogo(new URL(data.getLogoUrl()));
}
regSvc.setTheme(data.getTheme());
regSvc.setEvaluationOrder(data.getEvalOrder());
regSvc.setRequiredHandlers(data.getRequiredHandlers());
regSvc.setPrivacyUrl(data.getPrivacyUrl());
regSvc.setInformationUrl(data.getInformationUrl());
// process logout settings
regSvc.setLogoutType(parseLogoutType(data.getLogoutType()));
if (StringUtils.isNotBlank(data.getLogoutUrl())) {
regSvc.setLogoutUrl(new URL(data.getLogoutUrl()));
}
// process the Public Key
final RegisteredServicePublicKeyEditBean publicKey = data.getPublicKey();
if (publicKey != null && publicKey.isValid()) {
regSvc.setPublicKey(new RegisteredServicePublicKeyImpl(publicKey.getLocation(), publicKey.getAlgorithm()));
}
final Set<RegisteredServiceEditBean.ServiceData.PropertyBean> props = data.getProperties();
props.forEach(str -> {
final DefaultRegisteredServiceProperty value = new DefaultRegisteredServiceProperty();
value.setValues(org.springframework.util.StringUtils.commaDelimitedListToSet(str.getValue()));
regSvc.getProperties().put(str.getName(), value);
});
return regSvc;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcProfileScopeToAttributesFilter method reconcile.
@Override
public void reconcile(final RegisteredService service) {
if (!(service instanceof OidcRegisteredService)) {
super.reconcile(service);
return;
}
final List<String> otherScopes = new ArrayList<>();
final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
oidc.getScopes().forEach(s -> {
switch(s.trim().toLowerCase()) {
case OidcConstants.EMAIL:
policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
break;
case OidcConstants.ADDRESS:
policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
break;
case OidcConstants.PROFILE:
policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
break;
case OidcConstants.PHONE:
policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
break;
case OidcConstants.OFFLINE_ACCESS:
oidc.setGenerateRefreshToken(true);
break;
case OidcCustomScopeAttributeReleasePolicy.SCOPE_CUSTOM:
otherScopes.add(s.trim());
break;
default:
final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
if (userPolicy != null) {
policy.getPolicies().add(userPolicy);
}
}
});
otherScopes.remove(OidcConstants.OPENID);
if (!otherScopes.isEmpty()) {
policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
}
if (policy.getPolicies().isEmpty()) {
oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
} else {
oidc.setAttributeReleasePolicy(policy);
}
this.servicesManager.save(oidc);
}
Aggregations