Search in sources :

Example 1 with DynamicScopeExternalContext

use of io.jans.as.server.service.external.context.DynamicScopeExternalContext in project jans by JanssenProject.

the class ExternalDynamicScopeService method executeExternalGetSupportedClaimsMethods.

public List<String> executeExternalGetSupportedClaimsMethods(List<Scope> dynamicScope) {
    DynamicScopeExternalContext context = new DynamicScopeExternalContext(dynamicScope, null, null);
    Set<String> result = new HashSet<String>();
    for (CustomScriptConfiguration customScriptConfiguration : getScriptsToExecute(context)) {
        List<String> scriptResult = executeExternalGetSupportedClaimsMethod(customScriptConfiguration);
        if (scriptResult != null) {
            result.addAll(scriptResult);
        }
    }
    return new ArrayList<String>(result);
}
Also used : ArrayList(java.util.ArrayList) DynamicScopeExternalContext(io.jans.as.server.service.external.context.DynamicScopeExternalContext) CustomScriptConfiguration(io.jans.model.custom.script.conf.CustomScriptConfiguration) HashSet(java.util.HashSet)

Example 2 with DynamicScopeExternalContext

use of io.jans.as.server.service.external.context.DynamicScopeExternalContext in project jans by JanssenProject.

the class IdTokenFactory method fillClaims.

private void fillClaims(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, AuthorizationCode authorizationCode, AccessToken accessToken, RefreshToken refreshToken, ExecutionContext executionContext) throws Exception {
    jwr.getClaims().setIssuer(appConfiguration.getIssuer());
    Audience.setAudience(jwr.getClaims(), authorizationGrant.getClient());
    int lifeTime = appConfiguration.getIdTokenLifetime();
    int lifetimeFromScript = externalUpdateTokenService.getIdTokenLifetimeInSeconds(ExternalUpdateTokenContext.of(executionContext));
    if (lifetimeFromScript > 0) {
        lifeTime = lifetimeFromScript;
        log.trace("Override id token lifetime with value from script: {}", lifetimeFromScript);
    }
    Calendar calendar = Calendar.getInstance();
    Date issuedAt = calendar.getTime();
    calendar.add(Calendar.SECOND, lifeTime);
    Date expiration = calendar.getTime();
    jwr.getClaims().setExpirationTime(expiration);
    jwr.getClaims().setIssuedAt(issuedAt);
    jwr.setClaim("code", UUID.randomUUID().toString());
    if (executionContext.getPreProcessing() != null) {
        executionContext.getPreProcessing().apply(jwr);
    }
    final SessionId session = sessionIdService.getSessionByDn(authorizationGrant.getSessionDn());
    if (session != null) {
        jwr.setClaim("sid", session.getOutsideSid());
    }
    if (authorizationGrant.getAcrValues() != null) {
        jwr.setClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, authorizationGrant.getAcrValues());
        setAmrClaim(jwr, authorizationGrant.getAcrValues());
    }
    String nonce = executionContext.getNonce();
    if (StringUtils.isNotBlank(nonce)) {
        jwr.setClaim(JwtClaimName.NONCE, nonce);
    }
    if (authorizationGrant.getAuthenticationTime() != null) {
        jwr.getClaims().setClaim(JwtClaimName.AUTHENTICATION_TIME, authorizationGrant.getAuthenticationTime());
    }
    if (authorizationCode != null) {
        String codeHash = AbstractToken.getHash(authorizationCode.getCode(), jwr.getHeader().getSignatureAlgorithm());
        jwr.setClaim(JwtClaimName.CODE_HASH, codeHash);
    }
    if (accessToken != null) {
        String accessTokenHash = AbstractToken.getHash(accessToken.getCode(), jwr.getHeader().getSignatureAlgorithm());
        jwr.setClaim(JwtClaimName.ACCESS_TOKEN_HASH, accessTokenHash);
    }
    String state = executionContext.getState();
    if (Strings.isNotBlank(state)) {
        String stateHash = AbstractToken.getHash(state, jwr.getHeader().getSignatureAlgorithm());
        jwr.setClaim(JwtClaimName.STATE_HASH, stateHash);
    }
    if (authorizationGrant.getGrantType() != null) {
        jwr.setClaim("grant", authorizationGrant.getGrantType().getValue());
    }
    jwr.setClaim(JwtClaimName.OX_OPENID_CONNECT_VERSION, appConfiguration.getOxOpenIdConnectVersion());
    User user = authorizationGrant.getUser();
    List<Scope> dynamicScopes = new ArrayList<>();
    if (executionContext.isIncludeIdTokenClaims() && authorizationGrant.getClient().isIncludeClaimsInIdToken()) {
        for (String scopeName : executionContext.getScopes()) {
            Scope scope = scopeService.getScopeById(scopeName);
            if (scope == null) {
                continue;
            }
            if (DYNAMIC == scope.getScopeType()) {
                dynamicScopes.add(scope);
                continue;
            }
            Map<String, Object> claims = scopeService.getClaims(user, scope);
            if (Boolean.TRUE.equals(scope.isGroupClaims())) {
                JwtSubClaimObject groupClaim = new JwtSubClaimObject();
                groupClaim.setName(scope.getId());
                for (Map.Entry<String, Object> entry : claims.entrySet()) {
                    String key = entry.getKey();
                    Object value = entry.getValue();
                    if (value instanceof List) {
                        groupClaim.setClaim(key, (List) value);
                    } else {
                        groupClaim.setClaim(key, (String) value);
                    }
                }
                jwr.getClaims().setClaim(scope.getId(), groupClaim);
            } else {
                for (Map.Entry<String, Object> entry : claims.entrySet()) {
                    String key = entry.getKey();
                    Object value = entry.getValue();
                    if (value instanceof List) {
                        jwr.getClaims().setClaim(key, (List) value);
                    } else if (value instanceof Boolean) {
                        jwr.getClaims().setClaim(key, (Boolean) value);
                    } else if (value instanceof Date) {
                        jwr.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
                    } else {
                        jwr.setClaim(key, (String) value);
                    }
                }
            }
            jwr.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute("inum"));
        }
    }
    setClaimsFromJwtAuthorizationRequest(jwr, authorizationGrant, executionContext.getScopes());
    setClaimsFromRequestedClaims(executionContext.getClaimsAsString(), jwr, user);
    filterClaimsBasedOnAccessToken(jwr, accessToken, authorizationCode);
    jwrService.setSubjectIdentifier(jwr, authorizationGrant);
    if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
        final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
        DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwr, unmodifiableAuthorizationGrant);
        externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
    }
    processCiba(jwr, authorizationGrant, refreshToken);
    if (executionContext.getPostProcessor() != null) {
        executionContext.getPostProcessor().apply(jwr);
    }
}
Also used : User(io.jans.as.common.model.common.User) Calendar(java.util.Calendar) ArrayList(java.util.ArrayList) DynamicScopeExternalContext(io.jans.as.server.service.external.context.DynamicScopeExternalContext) Date(java.util.Date) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) UnmodifiableAuthorizationGrant(io.jans.as.server.model.common.UnmodifiableAuthorizationGrant) Scope(io.jans.as.persistence.model.Scope) JSONObject(org.json.JSONObject) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) List(java.util.List) ArrayList(java.util.ArrayList) SessionId(io.jans.as.server.model.common.SessionId) Map(java.util.Map)

Example 3 with DynamicScopeExternalContext

use of io.jans.as.server.service.external.context.DynamicScopeExternalContext in project jans by JanssenProject.

the class UserInfoRestWebServiceImpl method getJSonResponse.

/**
 * Builds a JSon String with the response parameters.
 */
public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws InvalidClaimException, ParseException {
    log.trace("Building JSON reponse with next scopes {} for user {} and user custom attributes {}", scopes, user.getUserId(), user.getCustomAttributes());
    JsonWebResponse jsonWebResponse = new JsonWebResponse();
    // Claims
    List<Scope> dynamicScopes = new ArrayList<>();
    for (String scopeName : scopes) {
        Scope scope = scopeService.getScopeById(scopeName);
        if ((scope != null) && (ScopeType.DYNAMIC == scope.getScopeType())) {
            dynamicScopes.add(scope);
            continue;
        }
        Map<String, Object> claims = scopeService.getClaims(user, scope);
        if (claims == null) {
            continue;
        }
        if (scope == null) {
            log.trace("Unable to find scope in persistence. Is it removed? Scope name: {}", scopeName);
        }
        if (scope != null && Boolean.TRUE.equals(scope.isGroupClaims())) {
            JwtSubClaimObject groupClaim = new JwtSubClaimObject();
            groupClaim.setName(scope.getId());
            for (Map.Entry<String, Object> entry : claims.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (value instanceof List) {
                    groupClaim.setClaim(key, (List<String>) value);
                } else {
                    groupClaim.setClaim(key, String.valueOf(value));
                }
            }
            jsonWebResponse.getClaims().setClaim(scope.getId(), groupClaim);
        } else {
            for (Map.Entry<String, Object> entry : claims.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (value instanceof List) {
                    jsonWebResponse.getClaims().setClaim(key, (List<String>) value);
                } else if (value instanceof Boolean) {
                    jsonWebResponse.getClaims().setClaim(key, (Boolean) value);
                } else if (value instanceof Date) {
                    jsonWebResponse.getClaims().setClaim(key, ((Date) value).getTime() / 1000);
                } else {
                    jsonWebResponse.getClaims().setClaim(key, String.valueOf(value));
                }
            }
        }
    }
    if (authorizationGrant.getClaims() != null) {
        JSONObject claimsObj = new JSONObject(authorizationGrant.getClaims());
        if (claimsObj.has("userinfo")) {
            JSONObject userInfoObj = claimsObj.getJSONObject("userinfo");
            for (Iterator<String> it = userInfoObj.keys(); it.hasNext(); ) {
                String claimName = it.next();
                // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                boolean optional = true;
                GluuAttribute gluuAttribute = attributeService.getByClaimName(claimName);
                if (gluuAttribute != null) {
                    String ldapClaimName = gluuAttribute.getName();
                    Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
                    jsonWebResponse.getClaims().setClaimFromJsonObject(claimName, attribute);
                }
            }
        }
    }
    if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
        for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
            // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
            boolean optional = true;
            GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
            if (gluuAttribute != null) {
                Client client = authorizationGrant.getClient();
                if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                    String ldapClaimName = gluuAttribute.getName();
                    Object attribute = user.getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
                    jsonWebResponse.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
                }
            }
        }
    }
    jsonWebResponse.getClaims().setSubjectIdentifier(authorizationGrant.getSub());
    if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
        final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
        DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jsonWebResponse, unmodifiableAuthorizationGrant);
        externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
    }
    return jsonWebResponse.toString();
}
Also used : JsonWebResponse(io.jans.as.model.token.JsonWebResponse) ArrayList(java.util.ArrayList) DynamicScopeExternalContext(io.jans.as.server.service.external.context.DynamicScopeExternalContext) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) Date(java.util.Date) GluuAttribute(io.jans.model.GluuAttribute) UnmodifiableAuthorizationGrant(io.jans.as.server.model.common.UnmodifiableAuthorizationGrant) DefaultScope(io.jans.as.server.model.common.DefaultScope) Scope(io.jans.as.persistence.model.Scope) JSONObject(org.json.JSONObject) JSONObject(org.json.JSONObject) JwtSubClaimObject(io.jans.as.model.jwt.JwtSubClaimObject) List(java.util.List) ArrayList(java.util.ArrayList) AuthorizationGrantList(io.jans.as.server.model.common.AuthorizationGrantList) Client(io.jans.as.common.model.registration.Client) Map(java.util.Map) Claim(io.jans.as.server.model.authorize.Claim)

Aggregations

DynamicScopeExternalContext (io.jans.as.server.service.external.context.DynamicScopeExternalContext)3 ArrayList (java.util.ArrayList)3 JwtSubClaimObject (io.jans.as.model.jwt.JwtSubClaimObject)2 Scope (io.jans.as.persistence.model.Scope)2 UnmodifiableAuthorizationGrant (io.jans.as.server.model.common.UnmodifiableAuthorizationGrant)2 Date (java.util.Date)2 List (java.util.List)2 Map (java.util.Map)2 JSONObject (org.json.JSONObject)2 User (io.jans.as.common.model.common.User)1 Client (io.jans.as.common.model.registration.Client)1 JsonWebResponse (io.jans.as.model.token.JsonWebResponse)1 Claim (io.jans.as.server.model.authorize.Claim)1 AuthorizationGrantList (io.jans.as.server.model.common.AuthorizationGrantList)1 DefaultScope (io.jans.as.server.model.common.DefaultScope)1 SessionId (io.jans.as.server.model.common.SessionId)1 GluuAttribute (io.jans.model.GluuAttribute)1 CustomScriptConfiguration (io.jans.model.custom.script.conf.CustomScriptConfiguration)1 Calendar (java.util.Calendar)1 HashSet (java.util.HashSet)1