use of io.jans.as.model.uma.UmaMetadata in project jans by JanssenProject.
the class ScopeHttpTest method scopePresence.
@Test
@Parameters({ "umaMetaDataUrl" })
public void scopePresence(final String umaMetaDataUrl) {
final UmaMetadata metadata = UmaClientFactory.instance().createMetadataService(umaMetaDataUrl).getMetadata();
final UmaScopeService scopeService = UmaClientFactory.instance().createScopeService(metadata.getScopeEndpoint());
final UmaScopeDescription modifyScope = scopeService.getScope("modify");
UmaTestUtil.assertIt(modifyScope);
}
use of io.jans.as.model.uma.UmaMetadata in project jans by JanssenProject.
the class MetaDataFlowHttpTest method testGetUmaMetaDataConfiguration.
/**
* Test for getting meta data configuration
*/
@Test
@Parameters({ "umaMetaDataUrl" })
public void testGetUmaMetaDataConfiguration(final String umaMetaDataUrl) throws Exception {
showTitle("testGetUmaMetaDataConfiguration");
UmaMetadataService metaDataConfigurationService = UmaClientFactory.instance().createMetadataService(umaMetaDataUrl, clientEngine(true));
// Get meta data
UmaMetadata c = null;
try {
c = metaDataConfigurationService.getMetadata();
} catch (ClientErrorException ex) {
System.err.println(ex.getResponse().readEntity(String.class));
throw ex;
}
UmaTestUtil.assertIt(c);
}
use of io.jans.as.model.uma.UmaMetadata in project jans by JanssenProject.
the class RegisterSiteOperation method validateParametersAndFallbackIfNeeded.
private void validateParametersAndFallbackIfNeeded(RegisterSiteParams params) {
if (StringUtils.isNotBlank(params.getClientId()) && StringUtils.isBlank(params.getClientSecret())) {
throw new HttpException(ErrorResponseCode.INVALID_CLIENT_SECRET_REQUIRED);
}
if (StringUtils.isNotBlank(params.getClientSecret()) && StringUtils.isBlank(params.getClientId())) {
throw new HttpException(ErrorResponseCode.INVALID_CLIENT_ID_REQUIRED);
}
Rp fallback = getConfigurationService().defaultRp();
// op_configuration_endpoint
LOG.info("Either 'op_configuration_endpoint' or 'op_host' should be set. jans_client_api will now check which of these parameter is available.");
if (StringUtils.isBlank(params.getOpConfigurationEndpoint())) {
LOG.warn("'op_configuration_endpoint' is not set for parameter: " + params + ". Look up at configuration file for fallback of 'op_configuration_endpoint'.");
String fallbackOpConfigurationEndpoint = fallback.getOpConfigurationEndpoint();
if (StringUtils.isNotBlank(fallbackOpConfigurationEndpoint)) {
LOG.warn("Fallback to op_configuration_endpoint: " + fallbackOpConfigurationEndpoint + ", from configuration file.");
params.setOpConfigurationEndpoint(fallbackOpConfigurationEndpoint);
}
}
// op_host
if (Strings.isNullOrEmpty(params.getOpHost()) && Strings.isNullOrEmpty(params.getOpConfigurationEndpoint())) {
LOG.error("Either 'op_configuration_endpoint' or 'op_host' should be set. Parameter: " + params);
throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT);
}
// grant_type
List<String> grantTypes = Lists.newArrayList();
if (params.getGrantTypes() != null && !params.getGrantTypes().isEmpty()) {
grantTypes.addAll(params.getGrantTypes());
}
if (grantTypes.isEmpty() && fallback.getGrantType() != null && !fallback.getGrantType().isEmpty()) {
grantTypes.addAll(fallback.getGrantType());
}
if (!grantTypes.contains(GrantType.CLIENT_CREDENTIALS.getValue()) && getConfigurationService().getConfiguration().getAddClientCredentialsGrantTypeAutomaticallyDuringClientRegistration()) {
grantTypes.add(GrantType.CLIENT_CREDENTIALS.getValue());
}
params.setGrantTypes(grantTypes);
// post_logout_redirect_uri
if (params.getPostLogoutRedirectUris() != null && params.getPostLogoutRedirectUris().isEmpty() && fallback.getPostLogoutRedirectUris() != null && !fallback.getPostLogoutRedirectUris().isEmpty()) {
params.setPostLogoutRedirectUris(fallback.getPostLogoutRedirectUris());
}
// response_type
List<String> responseTypes = Lists.newArrayList();
if (params.getResponseTypes() != null && !params.getResponseTypes().isEmpty()) {
responseTypes.addAll(params.getResponseTypes());
}
if (responseTypes.isEmpty() && fallback.getResponseTypes() != null && !fallback.getResponseTypes().isEmpty()) {
responseTypes.addAll(fallback.getResponseTypes());
}
if (responseTypes.isEmpty()) {
responseTypes.add("code");
}
params.setResponseTypes(responseTypes);
// redirect_uris
if (params.getRedirectUris() == null || params.getRedirectUris().isEmpty()) {
params.setRedirectUris(fallback.getRedirectUris());
}
Set<String> redirectUris = Sets.newLinkedHashSet();
if (params.getRedirectUris() != null && !params.getRedirectUris().isEmpty() && params.getRedirectUris().stream().allMatch(uri -> Utils.isValidUrl(uri))) {
redirectUris.addAll(params.getRedirectUris());
} else {
throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
}
final Boolean autoRegister = getConfigurationService().getConfiguration().getUma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient();
if (autoRegister != null && autoRegister && !redirectUris.isEmpty()) {
String first = redirectUris.iterator().next();
if (first.contains(getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer())) {
final UmaMetadata discovery = getDiscoveryService().getUmaDiscovery(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath());
String autoRedirectUri = discovery.getClaimsInteractionEndpoint() + "?authentication=true";
LOG.trace("Register claims interaction endpoint as redirect_uri: " + autoRedirectUri);
redirectUris.add(autoRedirectUri);
} else {
LOG.trace("Skip auto registration of claims interaction endpoint as redirect_uri because OP host for different uri's is different which will not pass AS redirect_uri's validation (same host must be present).");
}
}
params.setRedirectUris(Lists.newArrayList(redirectUris));
// claims_redirect_uri
if ((params.getClaimsRedirectUri() == null || params.getClaimsRedirectUri().isEmpty()) && (fallback.getClaimsRedirectUri() != null && !fallback.getClaimsRedirectUri().isEmpty())) {
params.setClaimsRedirectUri(fallback.getClaimsRedirectUri());
}
Set<String> claimsRedirectUris = Sets.newHashSet();
if (params.getClaimsRedirectUri() != null && !params.getClaimsRedirectUri().isEmpty()) {
claimsRedirectUris.addAll(params.getClaimsRedirectUri());
}
params.setClaimsRedirectUri(Lists.newArrayList(claimsRedirectUris));
// scope
if (params.getScope() == null || params.getScope().isEmpty()) {
params.setScope(fallback.getScope());
}
if (params.getScope() == null || params.getScope().isEmpty()) {
throw new HttpException(ErrorResponseCode.INVALID_SCOPE);
}
// acr_values
if (params.getAcrValues() == null || params.getAcrValues().isEmpty()) {
params.setAcrValues(fallback.getAcrValues());
}
// client_jwks_uri
if (Strings.isNullOrEmpty(params.getClientJwksUri()) && !Strings.isNullOrEmpty(fallback.getClientJwksUri())) {
params.setClientJwksUri(fallback.getClientJwksUri());
}
// contacts
if (params.getContacts() == null || params.getContacts().isEmpty()) {
params.setContacts(fallback.getContacts());
}
// ui_locales
if (params.getUiLocales() == null || params.getUiLocales().isEmpty()) {
params.setUiLocales(fallback.getUiLocales());
}
// claims_locales
if ((params.getClaimsLocales() == null || params.getClaimsLocales().isEmpty()) && (fallback.getClaimsLocales() != null && !fallback.getClaimsLocales().isEmpty())) {
params.setClaimsLocales(fallback.getClaimsLocales());
}
// client_name
if (StringUtils.isBlank(params.getClientName()) && StringUtils.isNotBlank(fallback.getClientName())) {
params.setClientName(fallback.getClientName());
}
// client_jwks_uri
if (StringUtils.isBlank(params.getClientJwksUri()) && StringUtils.isNotBlank(fallback.getClientJwksUri())) {
params.setClientJwksUri(fallback.getClientJwksUri());
}
// token_endpoint_auth_method
if (StringUtils.isBlank(params.getClientTokenEndpointAuthMethod()) && StringUtils.isNotBlank(fallback.getTokenEndpointAuthMethod())) {
params.setClientTokenEndpointAuthMethod(fallback.getTokenEndpointAuthMethod());
}
// token_endpoint_auth_signing_alg
if (StringUtils.isBlank(params.getClientTokenEndpointAuthSigningAlg()) && StringUtils.isNotBlank(fallback.getTokenEndpointAuthSigningAlg())) {
params.setClientTokenEndpointAuthSigningAlg(fallback.getTokenEndpointAuthSigningAlg());
}
// request_uris
if ((params.getClientRequestUris() == null || params.getClientRequestUris().isEmpty()) && (fallback.getRequestUris() != null && !fallback.getRequestUris().isEmpty())) {
params.setClientRequestUris(fallback.getRequestUris());
}
// front_channel_logout_uris
if (StringUtils.isBlank(params.getClientFrontchannelLogoutUri()) && StringUtils.isNotBlank(fallback.getFrontChannelLogoutUri())) {
params.setClientFrontchannelLogoutUri(fallback.getFrontChannelLogoutUri());
}
// sector_identifier_uri
if (StringUtils.isBlank(params.getClientSectorIdentifierUri()) && StringUtils.isNotBlank(fallback.getSectorIdentifierUri())) {
params.setClientSectorIdentifierUri(fallback.getSectorIdentifierUri());
}
// client_id
if (StringUtils.isBlank(params.getClientId()) && StringUtils.isNotBlank(fallback.getClientId())) {
params.setClientId(fallback.getClientId());
}
// client_secret
if (StringUtils.isBlank(params.getClientSecret()) && StringUtils.isNotBlank(fallback.getClientSecret())) {
params.setClientSecret(fallback.getClientSecret());
}
// access_token_signing_alg
if (StringUtils.isBlank(params.getAccessTokenSigningAlg()) && StringUtils.isNotBlank(fallback.getAccessTokenSigningAlg())) {
params.setAccessTokenSigningAlg(fallback.getAccessTokenSigningAlg());
}
// logo_uri
if (StringUtils.isBlank(params.getLogoUri()) && StringUtils.isNotBlank(fallback.getLogoUri())) {
params.setLogoUri(fallback.getLogoUri());
}
// client_uri
if (StringUtils.isBlank(params.getClientUri()) && StringUtils.isNotBlank(fallback.getClientUri())) {
params.setClientUri(fallback.getClientUri());
}
// policy_uri
if (StringUtils.isBlank(params.getPolicyUri()) && StringUtils.isNotBlank(fallback.getPolicyUri())) {
params.setPolicyUri(fallback.getPolicyUri());
}
// tos_uri
if (StringUtils.isBlank(params.getTosUri()) && StringUtils.isNotBlank(fallback.getTosUri())) {
params.setTosUri(fallback.getTosUri());
}
// jwks
if (StringUtils.isBlank(params.getJwks()) && StringUtils.isNotBlank(fallback.getJwks())) {
params.setJwks(fallback.getJwks());
}
// id_token_binding_cnf
if (StringUtils.isBlank(params.getIdTokenBindingCnf()) && StringUtils.isNotBlank(fallback.getIdTokenBindingCnf())) {
params.setIdTokenBindingCnf(fallback.getIdTokenBindingCnf());
}
// tls_client_auth_subject_dn
if (StringUtils.isBlank(params.getTlsClientAuthSubjectDn()) && StringUtils.isNotBlank(fallback.getTlsClientAuthSubjectDn())) {
params.setTlsClientAuthSubjectDn(fallback.getTlsClientAuthSubjectDn());
}
// id_token_signed_response_alg
if (StringUtils.isBlank(params.getIdTokenSignedResponseAlg()) && StringUtils.isNotBlank(fallback.getIdTokenSignedResponseAlg())) {
params.setIdTokenSignedResponseAlg(fallback.getIdTokenSignedResponseAlg());
}
// id_token_encrypted_response_alg
if (StringUtils.isBlank(params.getIdTokenEncryptedResponseAlg()) && StringUtils.isNotBlank(fallback.getIdTokenEncryptedResponseAlg())) {
params.setIdTokenEncryptedResponseAlg(fallback.getIdTokenEncryptedResponseAlg());
}
// id_token_encrypted_response_enc
if (StringUtils.isBlank(params.getIdTokenEncryptedResponseEnc()) && StringUtils.isNotBlank(fallback.getIdTokenEncryptedResponseEnc())) {
params.setIdTokenEncryptedResponseEnc(fallback.getIdTokenEncryptedResponseEnc());
}
// user_info_signed_response_alg
if (StringUtils.isBlank(params.getUserInfoSignedResponseAlg()) && StringUtils.isNotBlank(fallback.getUserInfoSignedResponseAlg())) {
params.setUserInfoSignedResponseAlg(fallback.getUserInfoSignedResponseAlg());
}
// user_info_encrypted_response_alg
if (StringUtils.isBlank(params.getUserInfoEncryptedResponseAlg()) && StringUtils.isNotBlank(fallback.getUserInfoEncryptedResponseAlg())) {
params.setUserInfoEncryptedResponseAlg(fallback.getUserInfoEncryptedResponseAlg());
}
// user_info_encrypted_response_enc
if (StringUtils.isBlank(params.getUserInfoEncryptedResponseEnc()) && StringUtils.isNotBlank(fallback.getUserInfoEncryptedResponseEnc())) {
params.setUserInfoEncryptedResponseEnc(fallback.getUserInfoEncryptedResponseEnc());
}
// request_object_signing_alg
if (StringUtils.isBlank(params.getRequestObjectSigningAlg()) && StringUtils.isNotBlank(fallback.getRequestObjectSigningAlg())) {
params.setRequestObjectSigningAlg(fallback.getRequestObjectSigningAlg());
}
// request_object_encryption_alg
if (StringUtils.isBlank(params.getRequestObjectEncryptionAlg()) && StringUtils.isNotBlank(fallback.getRequestObjectEncryptionAlg())) {
params.setRequestObjectEncryptionAlg(fallback.getRequestObjectEncryptionAlg());
}
// request_object_encryption_enc
if (StringUtils.isBlank(params.getRequestObjectEncryptionEnc()) && StringUtils.isNotBlank(fallback.getRequestObjectEncryptionEnc())) {
params.setRequestObjectEncryptionEnc(fallback.getRequestObjectEncryptionEnc());
}
// default_max_age
if (params.getDefaultMaxAge() == null && fallback.getDefaultMaxAge() != null) {
params.setDefaultMaxAge(fallback.getDefaultMaxAge());
}
// initiate_login_uri
if (StringUtils.isBlank(params.getInitiateLoginUri()) && StringUtils.isNotBlank(fallback.getInitiateLoginUri())) {
params.setInitiateLoginUri(fallback.getInitiateLoginUri());
}
// authorized_origins
if ((params.getAuthorizedOrigins() == null || params.getAuthorizedOrigins().isEmpty()) && (fallback.getAuthorizedOrigins() != null && !fallback.getAuthorizedOrigins().isEmpty())) {
params.setAuthorizedOrigins(fallback.getAuthorizedOrigins());
}
// access_token_lifetime
if (params.getAccessTokenLifetime() == null && fallback.getAccessTokenLifetime() != null) {
params.setAccessTokenLifetime(fallback.getAccessTokenLifetime());
}
// software_id
if (StringUtils.isBlank(params.getSoftwareId()) && StringUtils.isNotBlank(fallback.getSoftwareId())) {
params.setSoftwareId(fallback.getSoftwareId());
}
// software_version
if (StringUtils.isBlank(params.getSoftwareVersion()) && StringUtils.isNotBlank(fallback.getSoftwareVersion())) {
params.setSoftwareVersion(fallback.getSoftwareVersion());
}
// software_statement
if (StringUtils.isBlank(params.getSoftwareStatement()) && StringUtils.isNotBlank(fallback.getSoftwareStatement())) {
params.setSoftwareStatement(fallback.getSoftwareStatement());
}
// custom_attributes
if ((params.getCustomAttributes() == null || params.getCustomAttributes().isEmpty()) && (fallback.getCustomAttributes() != null && !fallback.getCustomAttributes().isEmpty())) {
params.setCustomAttributes(fallback.getCustomAttributes());
}
// access_token_as_jwt
if (params.getAccessTokenAsJwt() == null) {
params.setAccessTokenAsJwt(fallback.getAccessTokenAsJwt());
}
// rpt_as_jwt
if (params.getRptAsJwt() == null) {
params.setRptAsJwt(fallback.getRptAsJwt());
}
// front_channel_logout_session_required
if (params.getFrontChannelLogoutSessionRequired() == null) {
params.setFrontChannelLogoutSessionRequired(fallback.getFrontChannelLogoutSessionRequired());
}
// run_introspection_script_beforeaccess_token_as_jwt_creation_and_include_claims
if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() == null) {
params.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(fallback.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
}
// require_auth_time
if (params.getRequireAuthTime() == null) {
params.setRequireAuthTime(fallback.getRequireAuthTime());
}
}
use of io.jans.as.model.uma.UmaMetadata in project jans by JanssenProject.
the class RsProtectOperation method validate.
private void validate(RsProtectParams params) {
if (params.getResources() == null || params.getResources().isEmpty()) {
throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
}
if (!ResourceValidator.isHttpMethodUniqueInPath(params.getResources())) {
throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
}
if (params.getResources() != null) {
for (RsResource resource : params.getResources()) {
if (resource.getConditions() != null) {
for (Condition condition : resource.getConditions()) {
if (condition.getScopeExpression() != null) {
String json = condition.getScopeExpression().toString();
if (StringUtils.isNotBlank(json) && !json.equalsIgnoreCase("null")) {
boolean nodeValid = JsonLogicNodeParser.isNodeValid(json);
LOG.trace("Scope expression validator - Valid: " + nodeValid + ", expression: " + json);
if (!nodeValid) {
throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
}
validateScopeExpression(json);
}
}
}
}
}
}
Rp rp = getRp();
List<UmaResource> existingUmaResources = rp.getUmaProtectedResources();
if (existingUmaResources != null && !existingUmaResources.isEmpty()) {
if (params.getOverwrite() == null || !params.getOverwrite()) {
throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
} else {
// remove existing resources, overwrite=true
UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
String pat = getUmaTokenService().getPat(params.getRpId()).getToken();
UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine());
for (UmaResource resource : existingUmaResources) {
LOG.trace("Removing existing resource " + resource.getId() + " ...");
resourceService.deleteResource("Bearer " + pat, resource.getId());
LOG.trace("Removed existing resource " + resource.getId() + ".");
}
rp.getUmaProtectedResources().clear();
getRpService().updateSilently(rp);
}
}
}
use of io.jans.as.model.uma.UmaMetadata in project jans by JanssenProject.
the class DiscoveryService method getUmaDiscovery.
public UmaMetadata getUmaDiscovery(String opConfigurationEndpoint) {
validationService.validateOpConfigurationEndpoint(opConfigurationEndpoint);
try {
final UmaMetadata r = umaMap.get(opConfigurationEndpoint);
if (r != null) {
validationService.isOpHostAllowed(r.getIssuer());
return r;
}
final UmaMetadata response = opClientFactory.createUmaClientFactory().createMetadataService(getUmaDiscoveryUrl(opConfigurationEndpoint), httpService.getClientEngine()).getMetadata();
LOG.trace("Uma discovery response: {} ", response);
umaMap.put(opConfigurationEndpoint, response);
validationService.isOpHostAllowed(response.getIssuer());
return response;
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
LOG.error("Unable to fetch UMA discovery information for op_configuration_endpoint: {}", opConfigurationEndpoint);
throw new HttpException(ErrorResponseCode.NO_UMA_DISCOVERY_RESPONSE);
}
Aggregations