Search in sources :

Example 51 with BackchannelAuthenticationClient

use of io.jans.as.client.BackchannelAuthenticationClient in project jans by JanssenProject.

the class CibaPollModeJwtAuthRequestTests method processCibaAuthorizationEndpointFailCall.

/**
 * Process a Ciba call to the OP using JWT Request object and validate HTTP status and error type.
 *
 * @param jwtRequest   JWT in plain String.
 * @param clientId     Client identifier.
 * @param clientSecret Client secret.
 * @param httpStatus   Param used to validate response from the server.
 * @param errorType        Error used to validate error response from the server.
 */
private void processCibaAuthorizationEndpointFailCall(String jwtRequest, String clientId, String clientSecret, int httpStatus, BackchannelAuthenticationErrorResponseType errorType) {
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setRequest(jwtRequest);
    backchannelAuthenticationRequest.setClientId(clientId);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthenticationFail(backchannelAuthenticationResponse, httpStatus, errorType);
    assertNull(backchannelAuthenticationResponse.getAuthReqId());
    assertNull(backchannelAuthenticationResponse.getExpiresIn());
    assertNull(backchannelAuthenticationResponse.getInterval());
}
Also used : BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)

Example 52 with BackchannelAuthenticationClient

use of io.jans.as.client.BackchannelAuthenticationClient in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintES384.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintES384")
public void backchannelTokenDeliveryModePushIdTokenHintES384(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("backchannelTokenDeliveryModePushIdTokenHintES384");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES384);
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.ES384);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.ES384, BackchannelTokenDeliveryMode.PUSH, true);
    String clientId = registerResponse.getClientId();
    // 2. Authentication Request
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintES384);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.ES384);
    backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
    backchannelAuthenticationRequest.setKeyId(keyId);
    backchannelAuthenticationRequest.setAudience(tokenEndpoint);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) RegisterClient(io.jans.as.client.RegisterClient) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 53 with BackchannelAuthenticationClient

use of io.jans.as.client.BackchannelAuthenticationClient in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintPS512.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "PS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintPS512")
public void backchannelTokenDeliveryModePushIdTokenHintPS512(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("backchannelTokenDeliveryModePushIdTokenHintPS512");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS512);
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS512);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS512, BackchannelTokenDeliveryMode.PUSH, true);
    String clientId = registerResponse.getClientId();
    // 2. Authentication Request
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintPS512);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.PS512);
    backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
    backchannelAuthenticationRequest.setKeyId(keyId);
    backchannelAuthenticationRequest.setAudience(tokenEndpoint);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) RegisterClient(io.jans.as.client.RegisterClient) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 54 with BackchannelAuthenticationClient

use of io.jans.as.client.BackchannelAuthenticationClient in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushLoginHint2.

@Parameters({ "backchannelClientNotificationEndpoint", "backchannelUserCode", "userEmail" })
@Test
public void backchannelTokenDeliveryModePushLoginHint2(final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String userEmail) {
    showTitle("backchannelTokenDeliveryModePushLoginHint2");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS256);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS256, BackchannelTokenDeliveryMode.PUSH, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Authentication Request
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
    backchannelAuthenticationRequest.setLoginHint(userEmail);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    backchannelAuthenticationRequest.setAuthPassword(clientSecret);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) RegisterClient(io.jans.as.client.RegisterClient) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 55 with BackchannelAuthenticationClient

use of io.jans.as.client.BackchannelAuthenticationClient in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintPS256.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintPS256")
public void backchannelTokenDeliveryModePushIdTokenHintPS256(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("backchannelTokenDeliveryModePushIdTokenHintPS256");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS256);
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS256);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS256, BackchannelTokenDeliveryMode.PUSH, true);
    String clientId = registerResponse.getClientId();
    // 2. Authentication Request
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintPS256);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.PS256);
    backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
    backchannelAuthenticationRequest.setKeyId(keyId);
    backchannelAuthenticationRequest.setAudience(tokenEndpoint);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) RegisterClient(io.jans.as.client.RegisterClient) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

BackchannelAuthenticationClient (io.jans.as.client.BackchannelAuthenticationClient)111 BackchannelAuthenticationRequest (io.jans.as.client.BackchannelAuthenticationRequest)111 BackchannelAuthenticationResponse (io.jans.as.client.BackchannelAuthenticationResponse)111 BaseTest (io.jans.as.client.BaseTest)105 RegisterClient (io.jans.as.client.RegisterClient)105 RegisterRequest (io.jans.as.client.RegisterRequest)105 RegisterResponse (io.jans.as.client.RegisterResponse)105 Parameters (org.testng.annotations.Parameters)105 Test (org.testng.annotations.Test)105 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)27 TokenClient (io.jans.as.client.TokenClient)4 TokenRequest (io.jans.as.client.TokenRequest)4 TokenResponse (io.jans.as.client.TokenResponse)4 UserInfoClient (io.jans.as.client.UserInfoClient)2 UserInfoResponse (io.jans.as.client.UserInfoResponse)2 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2 RSASigner (io.jans.as.model.jws.RSASigner)2 Jwt (io.jans.as.model.jwt.Jwt)2