use of io.gravitee.am.model.oidc.CIBASettingNotifier in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandler method handle.
@Override
public void handle(RoutingContext context) {
final CibaAuthenticationRequest authRequest = context.get(CIBA_AUTH_REQUEST_KEY);
if (authRequest != null) {
final Client client = context.get(CLIENT_CONTEXT_KEY);
final List<CIBASettingNotifier> deviceNotifiers = this.domain.getOidc().getCibaSettings().getDeviceNotifiers();
if (CollectionUtils.isEmpty(deviceNotifiers)) {
LOGGER.warn("CIBA Authentication Request can't be processed without device notifier configured");
context.fail(new InvalidRequestException("No Device notifier configure for the domain"));
return;
}
// as a first implementation, we only manage a single notifier
// in future release we may manage multiple one and select the right one
// base one context information.
final String authDeviceNotifierId = deviceNotifiers.get(0).getId();
if (authRequest.getId() == null) {
final String authReqId = SecureRandomString.generate();
authRequest.setId(authReqId);
}
LOGGER.debug("CIBA Authentication Request linked to auth_req_id '{}'", authRequest);
final int expiresIn = authRequest.getRequestedExpiry() != null ? authRequest.getRequestedExpiry() : domain.getOidc().getCibaSettings().getAuthReqExpiry();
final String externalTrxId = SecureRandomString.generate();
// Forge a state token to validate the callback response
JWT jwt = new JWT();
jwt.setIss(client.getDomain());
final Instant now = Instant.now();
jwt.setIat(now.getEpochSecond());
jwt.setExp(now.plusSeconds(expiresIn).getEpochSecond());
jwt.setAud(client.getClientId());
jwt.setSub(authRequest.getSubject());
jwt.setJti(externalTrxId);
this.jwtService.encode(jwt, client).flatMap(stateJwt -> this.authRequestService.register(authRequest, client).flatMap(req -> {
final ADNotificationRequest adRequest = new ADNotificationRequest();
adRequest.setExpiresIn(expiresIn);
adRequest.setAcrValues(authRequest.getAcrValues());
adRequest.setMessage(authRequest.getBindingMessage());
adRequest.setScopes(authRequest.getScopes());
adRequest.setSubject(authRequest.getSubject());
adRequest.setState(stateJwt);
adRequest.setTransactionId(externalTrxId);
adRequest.setDeviceNotifierId(authDeviceNotifierId);
return authRequestService.notify(adRequest).flatMap(adResponse -> {
req.setExternalInformation(adResponse.getExtraData());
req.setExternalTrxId(adResponse.getTransactionId());
return authRequestService.updateAuthDeviceInformation(req);
});
})).subscribe(req -> {
CibaAuthenticationResponse response = new CibaAuthenticationResponse();
response.setAuthReqId(req.getId());
response.setExpiresIn(req.getExpireAt().toInstant().minusMillis(req.getCreatedAt().getTime()).getEpochSecond());
// specify rate limit for Poll and Ping mode
if (client.getBackchannelTokenDeliveryMode() != null && !client.getBackchannelTokenDeliveryMode().equals(CIBADeliveryMode.PUSH)) {
response.setInterval(domain.getOidc().getCibaSettings().getTokenReqInterval());
}
context.response().putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").setStatusCode(HttpStatusCode.OK_200).end(Json.encodePrettily(response));
}, error -> {
LOGGER.error("Unable to persist CIBA AuthenticationRequest object", error);
context.fail(error);
});
return;
} else {
LOGGER.error("CIBA Authentication Request object is null");
context.fail(new InvalidRequestException("Missing authentication request"));
}
}
use of io.gravitee.am.model.oidc.CIBASettingNotifier in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandlerTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
final OIDCSettings oidcSettings = OIDCSettings.defaultSettings();
final CIBASettingNotifier notifierSetting = new CIBASettingNotifier();
notifierSetting.setId("notifierid");
oidcSettings.getCibaSettings().setDeviceNotifiers(List.of(notifierSetting));
when(domain.getOidc()).thenReturn(oidcSettings);
handlerUnderTest = new AuthenticationRequestAcknowledgeHandler(authReqService, domain, jwtService);
router.route(HttpMethod.POST, "/oidc/ciba/authenticate").handler(handlerUnderTest).failureHandler(rc -> {
final Throwable failure = rc.failure();
if (failure instanceof OAuth2Exception) {
rc.response().setStatusCode(((OAuth2Exception) failure).getHttpStatusCode()).end();
} else {
rc.response().setStatusCode(HttpStatusCode.INTERNAL_SERVER_ERROR_500).end();
}
});
;
this.client = new Client();
this.client.setAuthorizedGrantTypes(Collections.singletonList(GrantType.CIBA_GRANT_TYPE));
this.client.setClientId("client_id_iss");
this.client.setDomain("domain_uuid");
}
use of io.gravitee.am.model.oidc.CIBASettingNotifier in project gravitee-access-management by gravitee-io.
the class DomainRepositoryTest method initDomain.
private Domain initDomain(String name) {
Domain domain = new Domain();
domain.setName(name);
domain.setHrid(name);
domain.setCreatedAt(new Date());
domain.setUpdatedAt(domain.getCreatedAt());
domain.setDescription(name + " description");
domain.setEnabled(true);
domain.setAlertEnabled(false);
domain.setPath("/" + name);
domain.setReferenceId("refId" + name);
domain.setReferenceType(ReferenceType.ENVIRONMENT);
domain.setVhostMode(true);
VirtualHost host = new VirtualHost();
host.setHost("hostname-" + name);
host.setPath("/hostname-" + name);
host.setOverrideEntrypoint(true);
VirtualHost host2 = new VirtualHost();
host2.setHost("hostname2-" + name);
host2.setPath("/hostname2-" + name);
host2.setOverrideEntrypoint(true);
domain.setVhosts(Arrays.asList(host, host2));
domain.setTags(new HashSet<>(Arrays.asList("tag1", "tag2")));
domain.setIdentities(new HashSet<>(Arrays.asList("id1", "id2")));
domain.setAccountSettings(new AccountSettings());
domain.setLoginSettings(new LoginSettings());
final OIDCSettings oidc = new OIDCSettings();
final CIBASettings cibaSettings = new CIBASettings();
cibaSettings.setEnabled(true);
final CIBASettingNotifier notifier = new CIBASettingNotifier();
notifier.setId(UUID.randomUUID().toString());
cibaSettings.setDeviceNotifiers(Arrays.asList(notifier));
oidc.setCibaSettings(cibaSettings);
domain.setOidc(oidc);
domain.setScim(new SCIMSettings());
domain.setUma(new UMASettings());
domain.setWebAuthnSettings(new WebAuthnSettings());
domain.setSelfServiceAccountManagementSettings(new SelfServiceAccountManagementSettings());
return domain;
}
Aggregations