Example 11 with OidcRegisteredService
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcIdTokenGeneratorService method generate.
/**
* Generate string.
*
* @param request the request
* @param response the response
* @param accessTokenId the access token id
* @param timeout the timeout
* @param responseType the response type
* @param registeredService the registered service
* @return the string
* @throws Exception the exception
*/
public String generate(final HttpServletRequest request, final HttpServletResponse response, final AccessToken accessTokenId, final long timeout, final OAuth20ResponseTypes responseType, final OAuthRegisteredService registeredService) throws Exception {
final OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) registeredService;
final J2EContext context = WebUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = WebUtils.getPac4jProfileManager(request, response);
final Optional<UserProfile> profile = manager.get(true);
LOGGER.debug("Attempting to produce claims for the id token [{}]", accessTokenId);
final JwtClaims claims = produceIdTokenClaims(request, accessTokenId, timeout, oidcRegisteredService, profile.get(), context, responseType);
LOGGER.debug("Produce claims for the id token [{}] as [{}]", accessTokenId, claims);
return this.signingService.encode(oidcRegisteredService, claims);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
UserProfile(org.pac4j.core.profile.UserProfile)
JwtClaims(org.jose4j.jwt.JwtClaims)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
J2EContext(org.pac4j.core.context.J2EContext)
Example 12 with OidcRegisteredService
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcAccessTokenResponseGenerator method generateJsonInternal.
@Override
protected void generateJsonInternal(final HttpServletRequest request, final HttpServletResponse response, final JsonGenerator jsonGenerator, final AccessToken accessTokenId, final RefreshToken refreshTokenId, final long timeout, final Service service, final OAuthRegisteredService registeredService, final OAuth20ResponseTypes responseType) throws Exception {
super.generateJsonInternal(request, response, jsonGenerator, accessTokenId, refreshTokenId, timeout, service, registeredService, responseType);
final OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) registeredService;
final String idToken = this.idTokenGenerator.generate(request, response, accessTokenId, timeout, responseType, oidcRegisteredService);
jsonGenerator.writeStringField(OidcConstants.ID_TOKEN, idToken);
}
Also used :
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
Example 13 with OidcRegisteredService
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcServiceJsonWebKeystoreCacheLoader method buildJsonWebKeySet.
private Optional<JsonWebKeySet> buildJsonWebKeySet(final OidcRegisteredService service) throws Exception {
try {
LOGGER.debug("Loading JSON web key from [{}]", service.getJwks());
final Resource resource = this.resourceLoader.getResource(service.getJwks());
final JsonWebKeySet jsonWebKeySet = buildJsonWebKeySet(resource);
if (jsonWebKeySet == null || jsonWebKeySet.getJsonWebKeys().isEmpty()) {
LOGGER.warn("No JSON web keys could be found for [{}]", service);
return Optional.empty();
}
final long badKeysCount = jsonWebKeySet.getJsonWebKeys().stream().filter(k -> StringUtils.isBlank(k.getAlgorithm()) && StringUtils.isBlank(k.getKeyId()) && StringUtils.isBlank(k.getKeyType())).count();
if (badKeysCount == jsonWebKeySet.getJsonWebKeys().size()) {
LOGGER.warn("No valid JSON web keys could be found for [{}]", service);
return Optional.empty();
}
final RsaJsonWebKey webKey = getJsonSigningWebKeyFromJwks(jsonWebKeySet);
if (webKey.getPublicKey() == null) {
LOGGER.warn("JSON web key retrieved [{}] has no associated public key", webKey.getKeyId());
return Optional.empty();
}
return Optional.of(jsonWebKeySet);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return Optional.empty();
}
Also used :
Logger(org.slf4j.Logger)
ResourceLoader(org.springframework.core.io.ResourceLoader)
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
StringUtils(org.apache.commons.lang3.StringUtils)
JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)
StandardCharsets(java.nio.charset.StandardCharsets)
CacheLoader(com.google.common.cache.CacheLoader)
IOUtils(org.apache.commons.io.IOUtils)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
Optional(java.util.Optional)
Resource(org.springframework.core.io.Resource)
Resource(org.springframework.core.io.Resource)
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)
Example 14 with OidcRegisteredService
use of org.apereo.cas.services.OidcRegisteredService in project cas by apereo.
the class OidcProfileScopeToAttributesFilter method filter.
@Override
public Principal filter(final Service service, final Principal profile, final RegisteredService registeredService, final J2EContext context) {
final Principal principal = super.filter(service, profile, registeredService, context);
final OidcRegisteredService oidcService = (OidcRegisteredService) registeredService;
final Collection<String> scopes = new ArrayList<>(OAuthUtils.getRequestedScopes(context));
scopes.addAll(oidcService.getScopes());
if (!scopes.contains(OidcConstants.OPENID)) {
LOGGER.debug("Request does not indicate a scope [{}] that can identify OpenID Connect", scopes);
return principal;
}
final Map<String, Object> attributes = new HashMap<>();
filterAttributesByScope(scopes, attributes, principal, oidcService);
return this.principalFactory.createPrincipal(profile.getId(), attributes);
}
Also used :
HashMap(java.util.HashMap)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
ArrayList(java.util.ArrayList)
Principal(org.apereo.cas.authentication.principal.Principal)
Aggregations
OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)14
ArrayList (java.util.ArrayList)3
Optional (java.util.Optional)3
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)3
URL (java.net.URL)2
StandardCharsets (java.nio.charset.StandardCharsets)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
IOUtils (org.apache.commons.io.IOUtils)2
StringUtils (org.apache.commons.lang3.StringUtils)2
Principal (org.apereo.cas.authentication.principal.Principal)2
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)2
RegisteredServiceEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceEditBean)2
RegisteredServiceOAuthTypeEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceOAuthTypeEditBean)2
RegisteredServicePublicKeyEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServicePublicKeyEditBean)2
RegisteredServiceSamlTypeEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceSamlTypeEditBean)2
OidcConstants (org.apereo.cas.oidc.OidcConstants)2
DefaultRegisteredServiceProperty (org.apereo.cas.services.DefaultRegisteredServiceProperty)2
