Examples with OidcRegisteredService org.apereo.cas.services.OidcRegisteredService used on opensource projects

Example 6 with OidcRegisteredService

use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.

the class OidcIdTokenGeneratorService method produceIdTokenClaims.

/**
     * Produce id token claims jwt claims.
     *
     * @param request       the request
     * @param accessTokenId the access token id
     * @param timeout       the timeout
     * @param service       the service
     * @param profile       the user profile
     * @param context       the context
     * @param responseType  the response type
     * @return the jwt claims
     */
protected JwtClaims produceIdTokenClaims(final HttpServletRequest request, final AccessToken accessTokenId, final long timeout, final OidcRegisteredService service, final UserProfile profile, final J2EContext context, final OAuth20ResponseTypes responseType) {
    final Authentication authentication = accessTokenId.getAuthentication();
    final Principal principal = authentication.getPrincipal();
    final JwtClaims claims = new JwtClaims();
    claims.setJwtId(UUID.randomUUID().toString());
    claims.setIssuer(this.issuer);
    claims.setAudience(service.getClientId());
    final NumericDate expirationDate = NumericDate.now();
    expirationDate.addSeconds(timeout);
    claims.setExpirationTime(expirationDate);
    claims.setIssuedAtToNow();
    claims.setNotBeforeMinutesInThePast(this.skew);
    claims.setSubject(principal.getId());
    if (authentication.getAttributes().containsKey(casProperties.getAuthn().getMfa().getAuthenticationContextAttribute())) {
        final Collection<Object> val = CollectionUtils.toCollection(authentication.getAttributes().get(casProperties.getAuthn().getMfa().getAuthenticationContextAttribute()));
        claims.setStringClaim(OidcConstants.ACR, val.iterator().next().toString());
    }
    if (authentication.getAttributes().containsKey(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS)) {
        final Collection<Object> val = CollectionUtils.toCollection(authentication.getAttributes().get(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS));
        claims.setStringListClaim(OidcConstants.AMR, val.toArray(new String[] {}));
    }
    claims.setClaim(OAuthConstants.STATE, authentication.getAttributes().get(OAuthConstants.STATE));
    claims.setClaim(OAuthConstants.NONCE, authentication.getAttributes().get(OAuthConstants.NONCE));
    claims.setClaim(OidcConstants.CLAIM_AT_HASH, generateAccessTokenHash(accessTokenId, service));
    principal.getAttributes().entrySet().stream().filter(entry -> casProperties.getAuthn().getOidc().getClaims().contains(entry.getKey())).forEach(entry -> claims.setClaim(entry.getKey(), entry.getValue()));
    if (!claims.hasClaim(OidcConstants.CLAIM_PREFERRED_USERNAME)) {
        claims.setClaim(OidcConstants.CLAIM_PREFERRED_USERNAME, profile.getId());
    }
    return claims;
}

Example 7 with OidcRegisteredService

use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.

the class OidcConfiguration method oidcServiceJsonWebKeystoreCache.

@Bean
public LoadingCache<OidcRegisteredService, Optional<RsaJsonWebKey>> oidcServiceJsonWebKeystoreCache() {
    final OidcProperties oidc = casProperties.getAuthn().getOidc();
    final LoadingCache<OidcRegisteredService, Optional<RsaJsonWebKey>> cache = CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(oidc.getJwksCacheInMinutes(), TimeUnit.MINUTES).build(oidcServiceJsonWebKeystoreCacheLoader());
    return cache;
}

Example 8 with OidcRegisteredService

use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.

the class OidcConsentApprovalViewResolver method prepareApprovalViewModel.

@Override
protected void prepareApprovalViewModel(final Map<String, Object> model, final J2EContext ctx, final OAuthRegisteredService svc) {
    super.prepareApprovalViewModel(model, ctx, svc);
    final OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) svc;
    model.put("dynamic", oidcRegisteredService.isDynamicallyRegistered());
    model.put("dynamicTime", oidcRegisteredService.getDynamicRegistrationDateTime());
    final Set<String> supportedScopes = new HashSet<>(casProperties.getAuthn().getOidc().getScopes());
    supportedScopes.retainAll(oidcRegisteredService.getScopes());
    supportedScopes.retainAll(OAuthUtils.getRequestedScopes(ctx));
    model.put("scopes", supportedScopes);
}

Example 9 with OidcRegisteredService

use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.

the class OidcAuthorizeEndpointController method buildCallbackUrlForImplicitTokenResponseType.

private String buildCallbackUrlForImplicitTokenResponseType(final J2EContext context, final Authentication authentication, final Service service, final String redirectUri, final String clientId, final OAuth20ResponseTypes responseType) {
    try {
        final AccessToken accessToken = generateAccessToken(service, authentication, context);
        LOGGER.debug("Generated OAuth access token: [{}]", accessToken);
        final OidcRegisteredService oidcService = (OidcRegisteredService) OAuthUtils.getRegisteredOAuthService(this.getServicesManager(), clientId);
        final long timeout = casProperties.getTicket().getTgt().getTimeToKillInSeconds();
        final String idToken = this.idTokenGenerator.generate(context.getRequest(), context.getResponse(), accessToken, timeout, responseType, oidcService);
        LOGGER.debug("Generated id token [{}]", idToken);
        final List<NameValuePair> params = new ArrayList<>();
        params.add(new BasicNameValuePair(OidcConstants.ID_TOKEN, idToken));
        return buildCallbackUrlResponseType(authentication, service, redirectUri, accessToken, params);
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
}

Example 10 with OidcRegisteredService

use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.

the class OidcJwksEndpointController method handleRequestInternal.

/**
     * Handle request for jwk set.
     *
     * @param request  the request
     * @param response the response
     * @param model    the model
     * @return the jwk set
     * @throws Exception the exception
     */
@GetMapping(value = '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.JWKS_URL, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<String> handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response, final Model model) throws Exception {
    Assert.notNull(this.jwksFile, "JWKS file cannot be undefined or null.");
    try {
        final String jsonJwks = IOUtils.toString(this.jwksFile.getInputStream(), StandardCharsets.UTF_8);
        final JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jsonJwks);
        getServicesManager().getAllServices().stream().filter(s -> s instanceof OidcRegisteredService && StringUtils.isNotBlank(((OidcRegisteredService) s).getJwks())).forEach(Unchecked.consumer(s -> {
            final OidcRegisteredService service = (OidcRegisteredService) s;
            final Resource resource = this.resourceLoader.getResource(service.getJwks());
            final JsonWebKeySet set = new JsonWebKeySet(IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8));
            set.getJsonWebKeys().forEach(jsonWebKeySet::addJsonWebKey);
        }));
        final String body = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        return new ResponseEntity<>(body, HttpStatus.OK);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        return new ResponseEntity<>(e.getMessage(), HttpStatus.BAD_REQUEST);
    }
}