use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.
the class ParRestWebService method requestPushedAuthorizationRequest.
@POST
@Produces({ MediaType.APPLICATION_JSON })
public Response requestPushedAuthorizationRequest(@FormParam("scope") String scope, @FormParam("response_type") String responseType, @FormParam("client_id") String clientId, @FormParam("redirect_uri") String redirectUri, @FormParam("state") String state, @FormParam("response_mode") String responseMode, @FormParam("nonce") String nonce, @FormParam("display") String display, @FormParam("prompt") String prompt, @FormParam("max_age") Integer maxAge, @FormParam("ui_locales") String uiLocales, @FormParam("id_token_hint") String idTokenHint, @FormParam("login_hint") String loginHint, @FormParam("acr_values") String acrValuesStr, @FormParam("amr_values") String amrValuesStr, @FormParam("request") String request, @FormParam("request_uri") String requestUri, @FormParam("session_id") String sessionId, @FormParam("origin_headers") String originHeaders, @FormParam("code_challenge") String codeChallenge, @FormParam("code_challenge_method") String codeChallengeMethod, @FormParam("nbf") String nbf, @FormParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) String customResponseHeaders, @FormParam("claims") String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) {
try {
errorResponseFactory.validateComponentEnabled(ComponentType.PAR);
// it may be encoded
scope = ServerUtil.urlDecode(scope);
String tokenBindingHeader = httpRequest.getHeader("Sec-Token-Binding");
// ATTENTION : please do not add more parameter in this debug method because it will not work with framework
// there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
log.debug("Attempting to request PAR: " + "responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, " + "state = {}, request = {}, isSecure = {}, sessionId = {}", responseType, clientId, scope, redirectUri, nonce, state, request, securityContext.isSecure(), sessionId);
log.debug("Attempting to request PAR: " + "acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, " + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}", acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customResponseHeaders, claims, tokenBindingHeader);
parValidator.validatePkce(codeChallenge, codeChallengeMethod, state);
List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
ResponseMode responseModeObj = ResponseMode.getByValue(responseMode);
Jwt requestObject = Jwt.parseSilently(request);
clientId = getClientId(clientId, requestObject);
Client client = authorizeRestWebServiceValidator.validateClient(clientId, state, true);
redirectUri = getRedirectUri(redirectUri, requestObject);
redirectUri = authorizeRestWebServiceValidator.validateRedirectUri(client, redirectUri, state, null, httpRequest, AuthorizeErrorResponseType.INVALID_REQUEST);
RedirectUriResponse redirectUriResponse = new RedirectUriResponse(new RedirectUri(redirectUri, responseTypes, responseModeObj), state, httpRequest, errorResponseFactory);
redirectUriResponse.setFapiCompatible(appConfiguration.isFapi());
parValidator.validateRequestUriIsAbsent(requestUri);
final Integer parLifetime = client.getAttributes().getParLifetime();
final Par par = new Par();
par.setDeletable(true);
par.setTtl(parLifetime);
par.setExpirationDate(Util.createExpirationDate(parLifetime));
par.getAttributes().setScope(scope);
par.getAttributes().setNbf(Util.parseIntegerSilently(nbf));
par.getAttributes().setResponseType(responseType);
par.getAttributes().setClientId(clientId);
par.getAttributes().setRedirectUri(redirectUri);
par.getAttributes().setState(state);
par.getAttributes().setResponseMode(responseMode);
par.getAttributes().setNonce(nonce);
par.getAttributes().setDisplay(display);
par.getAttributes().setPrompt(prompt);
par.getAttributes().setMaxAge(maxAge);
par.getAttributes().setUiLocales(uiLocales);
par.getAttributes().setIdTokenHint(idTokenHint);
par.getAttributes().setLoginHint(loginHint);
par.getAttributes().setAcrValuesStr(acrValuesStr);
par.getAttributes().setAmrValuesStr(amrValuesStr);
par.getAttributes().setRequest(request);
par.getAttributes().setRequestUri(requestUri);
par.getAttributes().setSessionId(sessionId);
par.getAttributes().setOriginHeaders(originHeaders);
par.getAttributes().setCodeChallenge(codeChallenge);
par.getAttributes().setCodeChallengeMethod(codeChallengeMethod);
par.getAttributes().setCustomResponseHeaders(customResponseHeaders);
par.getAttributes().setClaims(claims);
par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));
parValidator.validateRequestObject(redirectUriResponse, par, client);
authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
parService.persist(par);
ParResponse parResponse = new ParResponse();
parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
// set it to TTL instead of lifetime because TTL can be updated during request object validation
parResponse.setExpiresIn(par.getTtl());
final String responseAsString = ServerUtil.asJson(parResponse);
log.debug("Created PAR {}", responseAsString);
return Response.status(Response.Status.CREATED).entity(responseAsString).type(MediaType.APPLICATION_JSON_TYPE).build();
} catch (WebApplicationException e) {
if (e.getResponse().getStatus() == Response.Status.FOUND.getStatusCode()) {
throw errorResponseFactory.createBadRequestException(createErrorResponseFromRedirectErrorUri(e.getResponse().getLocation()));
}
if (log.isErrorEnabled())
log.error(e.getMessage(), e);
throw e;
} catch (Exception e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
}
}
use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.
the class AuthorizeService method permissionDenied.
public void permissionDenied(final SessionId session) {
log.trace("permissionDenied");
invalidateSessionCookiesIfNeeded();
if (session == null) {
authenticationFailedSessionInvalid();
return;
}
String baseRedirectUri = session.getSessionAttributes().get(AuthorizeRequestParam.REDIRECT_URI);
String state = session.getSessionAttributes().get(AuthorizeRequestParam.STATE);
ResponseMode responseMode = ResponseMode.fromString(session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_MODE));
List<ResponseType> responseType = ResponseType.fromString(session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_TYPE), " ");
RedirectUri redirectUri = new RedirectUri(baseRedirectUri, responseType, responseMode);
redirectUri.parseQueryString(errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.ACCESS_DENIED, state));
// CIBA
Map<String, String> sessionAttribute = requestParameterService.getAllowedParameters(session.getSessionAttributes());
if (sessionAttribute.containsKey(AuthorizeRequestParam.AUTH_REQ_ID)) {
String authReqId = sessionAttribute.get(AuthorizeRequestParam.AUTH_REQ_ID);
CibaRequestCacheControl request = cibaRequestService.getCibaRequest(authReqId);
if (request != null && request.getClient() != null) {
if (request.getStatus() == CibaRequestStatus.PENDING) {
cibaRequestService.removeCibaRequest(authReqId);
}
switch(request.getClient().getBackchannelTokenDeliveryMode()) {
case POLL:
request.setStatus(CibaRequestStatus.DENIED);
request.setTokensDelivered(false);
cibaRequestService.update(request);
break;
case PING:
request.setStatus(CibaRequestStatus.DENIED);
request.setTokensDelivered(false);
cibaRequestService.update(request);
cibaPingCallbackService.pingCallback(request.getAuthReqId(), request.getClient().getBackchannelClientNotificationEndpoint(), request.getClientNotificationToken());
break;
case PUSH:
cibaPushErrorService.pushError(request.getAuthReqId(), request.getClient().getBackchannelClientNotificationEndpoint(), request.getClientNotificationToken(), PushErrorResponseType.ACCESS_DENIED, "The end-user denied the authorization request.");
break;
}
}
}
if (sessionAttribute.containsKey(DeviceAuthorizationService.SESSION_USER_CODE)) {
processDeviceAuthDeniedResponse(sessionAttribute);
}
if (responseMode == ResponseMode.JWT) {
String clientId = session.getSessionAttributes().get(AuthorizeRequestParam.CLIENT_ID);
Client client = clientService.getClient(clientId);
facesService.redirectToExternalURL(createJarmRedirectUri(redirectUri, client, session));
} else
facesService.redirectToExternalURL(redirectUri.toString());
}
use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.
the class FapiOpenIdConfiguration method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
*
* @param servletRequest servlet request
* @param httpResponse servlet response
*/
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) {
// addedforfapi
String authFromReq = null;
String xfapiinteractionid = null;
String tempaccess_token = null;
httpResponse.setContentType("application/json");
try (PrintWriter out = httpResponse.getWriter()) {
xfapiinteractionid = servletRequest.getHeader("x-fapi-interaction-id");
tempaccess_token = servletRequest.getParameter("access_token");
if ((tempaccess_token != null) && (xfapiinteractionid != null)) {
if (tempaccess_token.startsWith("Bearer")) {
log.info("FAPI: Authorization Bearer Token from qeury ********************************************* {}", tempaccess_token);
log.info("FAPI: Bearler Token is not allowed.**********************************************************************.");
httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "Bearer token in query is disallowed");
} else
httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "token in query is disallowed");
log.info("FAPI: Authorization token is non-Bearer is not allowed in query*********************************************");
}
String clientCertAsPem = servletRequest.getHeader("X-ClientCert");
if (clientCertAsPem != null) {
log.info("FAPI: clientCertAsPem found*****************************************");
log.info("FAPI: clientCertAsPem found*****************************************" + clientCertAsPem);
} else
log.info("FAPI: No clientCertAsPem *****************************************");
authFromReq = servletRequest.getHeader("Authorization");
String clientDn = null;
Client cl = null;
clientDn = tokenService.getClientDn(authFromReq);
String bearerToken = tokenService.getBearerToken(authFromReq);
X509Certificate cert = CertUtils.x509CertificateFromPem(clientCertAsPem);
AuthorizationGrant authorizationGrant = tokenService.getBearerAuthorizationGrant(authFromReq);
if (authorizationGrant == null) {
log.error("FAPI: Authorization grant is null.*********************************************");
httpResponse.sendError(httpResponse.SC_UNAUTHORIZED, "Authorization grant is null.");
}
if (cert == null) {
log.debug("Failed to parse client certificate, client_dn: {}.", clientDn);
return;
}
PublicKey publicKey = cert.getPublicKey();
byte[] encodedKey = publicKey.getEncoded();
if (clientDn != null) {
log.info("FAPI: ClientDn from Authoirization(tokenService) *********************************************" + clientDn);
cl = clientService.getClientByDn(clientDn);
String tempjwks = cl.getJwks();
if (tempjwks == null)
log.debug("********************FAPIRS JWKS not defined for the client");
else {
JSONObject jsonWebKeys = new JSONObject(tempjwks);
int matchctr = 0;
final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(jsonWebKeys);
try {
for (JSONWebKey key : keySet.getKeys()) {
if (ArrayUtils.isEquals(encodedKey, cryptoProvider.getPublicKey(key.getKid(), jsonWebKeys, null).getEncoded())) {
matchctr += 1;
log.debug("********************************Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", cl.getClientId(), key.getKid());
}
}
if (matchctr == 0) {
log.error("Client certificate does not match clientId. clientId: " + cl.getClientId() + "*********************************************");
httpResponse.setStatus(401, "The resource owner or authorization server denied the request");
return;
}
} catch (Exception e) {
log.info("Exception while keymatching****************************************************************");
}
}
} else
log.info("FAPI: ClientDn from Authoirization(tokenService) is NULL*********************************************");
// original
JSONObject jsonObj = new JSONObject();
if (xfapiinteractionid != null) {
httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
log.info("x-fapi-interaction-id*************************=" + xfapiinteractionid);
} else {
xfapiinteractionid = "c770aef3-6784-41f7-8e0e-ff5f97bddb3a";
httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
log.info("x-fapi-interaction-id***********************=" + xfapiinteractionid);
}
jsonObj.put(ISSUER, appConfiguration.getIssuer());
jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
jsonObj.put(PAR_ENDPOINT, appConfiguration.getParEndpoint());
jsonObj.put(REQUIRE_PAR, appConfiguration.getRequirePar());
JSONArray responseTypesSupported = new JSONArray();
for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
responseTypesSupported.put(implode(responseTypes, " "));
}
if (responseTypesSupported.length() > 0) {
jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
}
JSONArray responseModesSupported = new JSONArray();
if (appConfiguration.getResponseModesSupported() != null) {
for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
responseModesSupported.put(responseMode);
}
}
if (responseModesSupported.length() > 0) {
jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
}
JSONArray grantTypesSupported = new JSONArray();
for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
grantTypesSupported.put(grantType);
}
if (grantTypesSupported.length() > 0) {
jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
}
JSONArray acrValuesSupported = new JSONArray();
for (String acr : externalAuthenticationService.getAcrValuesList()) {
acrValuesSupported.put(acr);
}
jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
JSONArray subjectTypesSupported = new JSONArray();
for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
subjectTypesSupported.put(subjectType);
}
if (subjectTypesSupported.length() > 0) {
jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
}
JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
}
if (userInfoSigningAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
}
JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
}
if (idTokenSigningAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
}
JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
}
if (idTokenEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
}
JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
}
if (idTokenEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
}
JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
}
if (requestObjectSigningAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
}
JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
}
if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
}
JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
}
if (requestObjectEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
}
JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
}
if (tokenEndpointAuthMethodsSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
}
JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
}
if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
}
JSONArray displayValuesSupported = new JSONArray();
for (String display : appConfiguration.getDisplayValuesSupported()) {
displayValuesSupported.put(display);
}
if (displayValuesSupported.length() > 0) {
jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
}
JSONArray claimTypesSupported = new JSONArray();
for (String claimType : appConfiguration.getClaimTypesSupported()) {
claimTypesSupported.put(claimType);
}
if (claimTypesSupported.length() > 0) {
jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
}
jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
idTokenTokenBindingCnfValuesSupported.put(value);
}
jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
JSONArray claimsLocalesSupported = new JSONArray();
for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
claimsLocalesSupported.put(claimLocale);
}
if (claimsLocalesSupported.length() > 0) {
jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
}
JSONArray uiLocalesSupported = new JSONArray();
for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
uiLocalesSupported.put(uiLocale);
}
if (uiLocalesSupported.length() > 0) {
jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
}
JSONArray scopesSupported = new JSONArray();
JSONArray claimsSupported = new JSONArray();
JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
if (scopesSupported.length() > 0) {
jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
}
if (claimsSupported.length() > 0) {
jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
}
jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
cibaConfigurationService.processConfiguration(jsonObj);
out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.
the class OpenIdConfiguration method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param servletRequest servlet request
* @param httpResponse servlet response
* @throws IOException
*/
@SuppressWarnings("deprecation")
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) throws IOException {
if (!(externalAuthenticationService.isLoaded() && externalDynamicScopeService.isLoaded())) {
httpResponse.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
log.error("Jans Auth still starting up!");
return;
}
httpResponse.setContentType("application/json");
try (PrintWriter out = httpResponse.getWriter()) {
final JSONObject cachedResponse = localResponseCache.getDiscoveryResponse();
if (cachedResponse != null) {
log.trace("Cached discovery response returned.");
out.println(ServerUtil.toPrettyJson(cachedResponse).replace("\\/", "/"));
return;
}
JSONObject jsonObj = new JSONObject();
jsonObj.put(ISSUER, appConfiguration.getIssuer());
jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
if (appConfiguration.isEnabledComponent(ComponentType.REVOKE_TOKEN))
jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.REVOKE_SESSION))
jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
if (appConfiguration.isEnabledComponent(ComponentType.USERINFO))
jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.CLIENTINFO))
jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.END_SESSION))
jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.REGISTRATION))
jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.ID_GENERATION))
jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.INTROSPECTION))
jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.DEVICE_AUTHZ))
jsonObj.put(DEVICE_AUTHZ_ENDPOINT, appConfiguration.getDeviceAuthzEndpoint());
if (appConfiguration.isEnabledComponent(ComponentType.PAR)) {
jsonObj.put(PAR_ENDPOINT, appConfiguration.getParEndpoint());
jsonObj.put(REQUIRE_PAR, appConfiguration.getRequirePar());
}
JSONArray responseTypesSupported = new JSONArray();
for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
responseTypesSupported.put(implode(responseTypes, " "));
}
if (responseTypesSupported.length() > 0) {
jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
}
JSONArray responseModesSupported = new JSONArray();
if (appConfiguration.getResponseModesSupported() != null) {
for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
responseModesSupported.put(responseMode);
}
}
if (responseModesSupported.length() > 0) {
jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
}
JSONArray grantTypesSupported = new JSONArray();
for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
grantTypesSupported.put(grantType);
}
if (grantTypesSupported.length() > 0) {
jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
}
JSONArray acrValuesSupported = new JSONArray();
for (String acr : externalAuthenticationService.getAcrValuesList()) {
acrValuesSupported.put(acr);
}
jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
JSONArray subjectTypesSupported = new JSONArray();
for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
subjectTypesSupported.put(subjectType);
}
if (subjectTypesSupported.length() > 0) {
jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
}
JSONArray authorizationSigningAlgValuesSupported = new JSONArray();
for (String authorizationSigningAlg : appConfiguration.getAuthorizationSigningAlgValuesSupported()) {
authorizationSigningAlgValuesSupported.put(authorizationSigningAlg);
}
if (!authorizationSigningAlgValuesSupported.isEmpty()) {
jsonObj.put(AUTHORIZATION_SIGNING_ALG_VALUES_SUPPORTED, authorizationSigningAlgValuesSupported);
}
JSONArray authorizationEncryptionAlgValuesSupported = new JSONArray();
for (String authorizationEncryptionAlg : appConfiguration.getAuthorizationEncryptionAlgValuesSupported()) {
authorizationEncryptionAlgValuesSupported.put(authorizationEncryptionAlg);
}
if (!authorizationEncryptionAlgValuesSupported.isEmpty()) {
jsonObj.put(AUTHORIZATION_ENCRYPTION_ALG_VALUES_SUPPORTED, authorizationEncryptionAlgValuesSupported);
}
JSONArray authorizationEncryptionEncValuesSupported = new JSONArray();
for (String authorizationEncyptionEnc : appConfiguration.getAuthorizationEncryptionEncValuesSupported()) {
authorizationEncryptionEncValuesSupported.put(authorizationEncyptionEnc);
}
if (!authorizationEncryptionEncValuesSupported.isEmpty()) {
jsonObj.put(AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED, authorizationEncryptionEncValuesSupported);
}
JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
}
if (userInfoSigningAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
}
JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
}
if (idTokenSigningAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
}
JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
}
if (idTokenEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
}
JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
}
if (idTokenEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
}
JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
}
if (requestObjectSigningAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
}
JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
}
if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
}
JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
}
if (requestObjectEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
}
JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
}
if (tokenEndpointAuthMethodsSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
}
JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
}
if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
}
JSONArray dpopSigningAlgValuesSupported = new JSONArray();
for (String dpopSigningAlg : appConfiguration.getDpopSigningAlgValuesSupported()) {
dpopSigningAlgValuesSupported.put(dpopSigningAlg);
}
if (dpopSigningAlgValuesSupported.length() > 0) {
jsonObj.put(DPOP_SIGNING_ALG_VALUES_SUPPORTED, dpopSigningAlgValuesSupported);
}
JSONArray displayValuesSupported = new JSONArray();
for (String display : appConfiguration.getDisplayValuesSupported()) {
displayValuesSupported.put(display);
}
if (displayValuesSupported.length() > 0) {
jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
}
JSONArray claimTypesSupported = new JSONArray();
for (String claimType : appConfiguration.getClaimTypesSupported()) {
claimTypesSupported.put(claimType);
}
if (claimTypesSupported.length() > 0) {
jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
}
jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
idTokenTokenBindingCnfValuesSupported.put(value);
}
jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
JSONArray claimsLocalesSupported = new JSONArray();
for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
claimsLocalesSupported.put(claimLocale);
}
if (claimsLocalesSupported.length() > 0) {
jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
}
JSONArray uiLocalesSupported = new JSONArray();
for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
uiLocalesSupported.put(uiLocale);
}
if (uiLocalesSupported.length() > 0) {
jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
}
JSONArray scopesSupported = new JSONArray();
JSONArray claimsSupported = new JSONArray();
JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
if (scopesSupported.length() > 0) {
jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
}
if (claimsSupported.length() > 0) {
jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
}
jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
addMtlsAliases(jsonObj);
// CIBA Configuration
cibaConfigurationService.processConfiguration(jsonObj);
filterOutKeys(jsonObj);
localResponseCache.putDiscoveryResponse(jsonObj);
JSONObject clone = new JSONObject(jsonObj.toString());
ExecutionContext context = new ExecutionContext(servletRequest, httpResponse);
if (!externalDiscoveryService.modifyDiscovery(jsonObj, context)) {
// revert to original state if object was modified in script
jsonObj = clone;
}
out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
Aggregations