Example 1 with CIBASettingNotifier
use of io.gravitee.am.model.oidc.CIBASettingNotifier in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandler method handle.
@Override
public void handle(RoutingContext context) {
final CibaAuthenticationRequest authRequest = context.get(CIBA_AUTH_REQUEST_KEY);
if (authRequest != null) {
final Client client = context.get(CLIENT_CONTEXT_KEY);
final List<CIBASettingNotifier> deviceNotifiers = this.domain.getOidc().getCibaSettings().getDeviceNotifiers();
if (CollectionUtils.isEmpty(deviceNotifiers)) {
LOGGER.warn("CIBA Authentication Request can't be processed without device notifier configured");
context.fail(new InvalidRequestException("No Device notifier configure for the domain"));
return;
}
// as a first implementation, we only manage a single notifier
// in future release we may manage multiple one and select the right one
// base one context information.
final String authDeviceNotifierId = deviceNotifiers.get(0).getId();
if (authRequest.getId() == null) {
final String authReqId = SecureRandomString.generate();
authRequest.setId(authReqId);
}
LOGGER.debug("CIBA Authentication Request linked to auth_req_id '{}'", authRequest);
final int expiresIn = authRequest.getRequestedExpiry() != null ? authRequest.getRequestedExpiry() : domain.getOidc().getCibaSettings().getAuthReqExpiry();
final String externalTrxId = SecureRandomString.generate();
// Forge a state token to validate the callback response
JWT jwt = new JWT();
jwt.setIss(client.getDomain());
final Instant now = Instant.now();
jwt.setIat(now.getEpochSecond());
jwt.setExp(now.plusSeconds(expiresIn).getEpochSecond());
jwt.setAud(client.getClientId());
jwt.setSub(authRequest.getSubject());
jwt.setJti(externalTrxId);
this.jwtService.encode(jwt, client).flatMap(stateJwt -> this.authRequestService.register(authRequest, client).flatMap(req -> {
final ADNotificationRequest adRequest = new ADNotificationRequest();
adRequest.setExpiresIn(expiresIn);
adRequest.setAcrValues(authRequest.getAcrValues());
adRequest.setMessage(authRequest.getBindingMessage());
adRequest.setScopes(authRequest.getScopes());
adRequest.setSubject(authRequest.getSubject());
adRequest.setState(stateJwt);
adRequest.setTransactionId(externalTrxId);
adRequest.setDeviceNotifierId(authDeviceNotifierId);
return authRequestService.notify(adRequest).flatMap(adResponse -> {
req.setExternalInformation(adResponse.getExtraData());
req.setExternalTrxId(adResponse.getTransactionId());
return authRequestService.updateAuthDeviceInformation(req);
});
})).subscribe(req -> {
CibaAuthenticationResponse response = new CibaAuthenticationResponse();
response.setAuthReqId(req.getId());
response.setExpiresIn(req.getExpireAt().toInstant().minusMillis(req.getCreatedAt().getTime()).getEpochSecond());
// specify rate limit for Poll and Ping mode
if (client.getBackchannelTokenDeliveryMode() != null && !client.getBackchannelTokenDeliveryMode().equals(CIBADeliveryMode.PUSH)) {
response.setInterval(domain.getOidc().getCibaSettings().getTokenReqInterval());
}
context.response().putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").setStatusCode(HttpStatusCode.OK_200).end(Json.encodePrettily(response));
}, error -> {
LOGGER.error("Unable to persist CIBA AuthenticationRequest object", error);
context.fail(error);
});
return;
} else {
LOGGER.error("CIBA Authentication Request object is null");
context.fail(new InvalidRequestException("Missing authentication request"));
}
}
Also used :
CIBASettingNotifier(io.gravitee.am.model.oidc.CIBASettingNotifier)
CIBADeliveryMode(io.gravitee.am.common.oidc.CIBADeliveryMode)
Json(io.vertx.core.json.Json)
HttpHeaders(io.gravitee.common.http.HttpHeaders)
Logger(org.slf4j.Logger)
ADNotificationRequest(io.gravitee.am.authdevice.notifier.api.model.ADNotificationRequest)
CibaAuthenticationResponse(io.gravitee.am.gateway.handler.ciba.service.response.CibaAuthenticationResponse)
JWT(io.gravitee.am.common.jwt.JWT)
Client(io.gravitee.am.model.oidc.Client)
SecureRandomString(io.gravitee.am.common.utils.SecureRandomString)
LoggerFactory(org.slf4j.LoggerFactory)
AuthenticationRequestService(io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)
Domain(io.gravitee.am.model.Domain)
ConstantKeys(io.gravitee.am.common.utils.ConstantKeys)
Instant(java.time.Instant)
RoutingContext(io.vertx.reactivex.ext.web.RoutingContext)
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
HttpStatusCode(io.gravitee.common.http.HttpStatusCode)
List(java.util.List)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
MediaType(io.gravitee.common.http.MediaType)
CollectionUtils(org.springframework.util.CollectionUtils)
JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService)
Handler(io.vertx.core.Handler)
CIBASettingNotifier(io.gravitee.am.model.oidc.CIBASettingNotifier)
JWT(io.gravitee.am.common.jwt.JWT)
CibaAuthenticationResponse(io.gravitee.am.gateway.handler.ciba.service.response.CibaAuthenticationResponse)
Instant(java.time.Instant)
CibaAuthenticationRequest(io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
SecureRandomString(io.gravitee.am.common.utils.SecureRandomString)
Client(io.gravitee.am.model.oidc.Client)
ADNotificationRequest(io.gravitee.am.authdevice.notifier.api.model.ADNotificationRequest)
Example 2 with CIBASettingNotifier
use of io.gravitee.am.model.oidc.CIBASettingNotifier in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestAcknowledgeHandlerTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
final OIDCSettings oidcSettings = OIDCSettings.defaultSettings();
final CIBASettingNotifier notifierSetting = new CIBASettingNotifier();
notifierSetting.setId("notifierid");
oidcSettings.getCibaSettings().setDeviceNotifiers(List.of(notifierSetting));
when(domain.getOidc()).thenReturn(oidcSettings);
handlerUnderTest = new AuthenticationRequestAcknowledgeHandler(authReqService, domain, jwtService);
router.route(HttpMethod.POST, "/oidc/ciba/authenticate").handler(handlerUnderTest).failureHandler(rc -> {
final Throwable failure = rc.failure();
if (failure instanceof OAuth2Exception) {
rc.response().setStatusCode(((OAuth2Exception) failure).getHttpStatusCode()).end();
} else {
rc.response().setStatusCode(HttpStatusCode.INTERNAL_SERVER_ERROR_500).end();
}
});
;
this.client = new Client();
this.client.setAuthorizedGrantTypes(Collections.singletonList(GrantType.CIBA_GRANT_TYPE));
this.client.setClientId("client_id_iss");
this.client.setDomain("domain_uuid");
}
Also used :
CIBASettingNotifier(io.gravitee.am.model.oidc.CIBASettingNotifier)
Client(io.gravitee.am.model.oidc.Client)
OIDCSettings(io.gravitee.am.model.oidc.OIDCSettings)
OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception)
Example 3 with CIBASettingNotifier
use of io.gravitee.am.model.oidc.CIBASettingNotifier in project gravitee-access-management by gravitee-io.
the class DomainRepositoryTest method initDomain.
private Domain initDomain(String name) {
Domain domain = new Domain();
domain.setName(name);
domain.setHrid(name);
domain.setCreatedAt(new Date());
domain.setUpdatedAt(domain.getCreatedAt());
domain.setDescription(name + " description");
domain.setEnabled(true);
domain.setAlertEnabled(false);
domain.setPath("/" + name);
domain.setReferenceId("refId" + name);
domain.setReferenceType(ReferenceType.ENVIRONMENT);
domain.setVhostMode(true);
VirtualHost host = new VirtualHost();
host.setHost("hostname-" + name);
host.setPath("/hostname-" + name);
host.setOverrideEntrypoint(true);
VirtualHost host2 = new VirtualHost();
host2.setHost("hostname2-" + name);
host2.setPath("/hostname2-" + name);
host2.setOverrideEntrypoint(true);
domain.setVhosts(Arrays.asList(host, host2));
domain.setTags(new HashSet<>(Arrays.asList("tag1", "tag2")));
domain.setIdentities(new HashSet<>(Arrays.asList("id1", "id2")));
domain.setAccountSettings(new AccountSettings());
domain.setLoginSettings(new LoginSettings());
final OIDCSettings oidc = new OIDCSettings();
final CIBASettings cibaSettings = new CIBASettings();
cibaSettings.setEnabled(true);
final CIBASettingNotifier notifier = new CIBASettingNotifier();
notifier.setId(UUID.randomUUID().toString());
cibaSettings.setDeviceNotifiers(Arrays.asList(notifier));
oidc.setCibaSettings(cibaSettings);
domain.setOidc(oidc);
domain.setScim(new SCIMSettings());
domain.setUma(new UMASettings());
domain.setWebAuthnSettings(new WebAuthnSettings());
domain.setSelfServiceAccountManagementSettings(new SelfServiceAccountManagementSettings());
return domain;
}
Also used :
SCIMSettings(io.gravitee.am.model.scim.SCIMSettings)
CIBASettings(io.gravitee.am.model.oidc.CIBASettings)
OIDCSettings(io.gravitee.am.model.oidc.OIDCSettings)
WebAuthnSettings(io.gravitee.am.model.login.WebAuthnSettings)
UMASettings(io.gravitee.am.model.uma.UMASettings)
AccountSettings(io.gravitee.am.model.account.AccountSettings)
CIBASettingNotifier(io.gravitee.am.model.oidc.CIBASettingNotifier)
SelfServiceAccountManagementSettings(io.gravitee.am.model.SelfServiceAccountManagementSettings)
LoginSettings(io.gravitee.am.model.login.LoginSettings)
VirtualHost(io.gravitee.am.model.VirtualHost)
Domain(io.gravitee.am.model.Domain)
Aggregations
CIBASettingNotifier (io.gravitee.am.model.oidc.CIBASettingNotifier)3
Domain (io.gravitee.am.model.Domain)2
Client (io.gravitee.am.model.oidc.Client)2
OIDCSettings (io.gravitee.am.model.oidc.OIDCSettings)2
ADNotificationRequest (io.gravitee.am.authdevice.notifier.api.model.ADNotificationRequest)1
InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1
OAuth2Exception (io.gravitee.am.common.exception.oauth2.OAuth2Exception)1
JWT (io.gravitee.am.common.jwt.JWT)1
CIBADeliveryMode (io.gravitee.am.common.oidc.CIBADeliveryMode)1
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1
SecureRandomString (io.gravitee.am.common.utils.SecureRandomString)1
AuthenticationRequestService (io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)1
CibaAuthenticationRequest (io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)1
CibaAuthenticationResponse (io.gravitee.am.gateway.handler.ciba.service.response.CibaAuthenticationResponse)1
JWTService (io.gravitee.am.gateway.handler.common.jwt.JWTService)1
SelfServiceAccountManagementSettings (io.gravitee.am.model.SelfServiceAccountManagementSettings)1
VirtualHost (io.gravitee.am.model.VirtualHost)1
AccountSettings (io.gravitee.am.model.account.AccountSettings)1
LoginSettings (io.gravitee.am.model.login.LoginSettings)1
WebAuthnSettings (io.gravitee.am.model.login.WebAuthnSettings)1
