use of net.shibboleth.idp.profile.context.RelyingPartyContext in project oxTrust by GluuFederation.
the class AuthenticationFilter method getOAuthRedirectUrl.
public String getOAuthRedirectUrl(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
String authorizeUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
String clientScopes = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_SCOPE, null);
String clientId = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
String clientSecret = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, null);
if (clientSecret != null) {
try {
clientSecret = StringEncrypter.defaultInstance().decrypt(clientSecret, Configuration.instance().getCryptoPropertyValue());
} catch (EncryptionException ex) {
log.error("Failed to decrypt property: " + Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, ex);
}
}
String redirectUri = constructRedirectUrl(request);
List<String> scopes = Arrays.asList(clientScopes.split(StringUtils.SPACE));
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
String nonce = UUID.randomUUID().toString();
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
// Lookup for relying party ID
final String key = request.getParameter(ExternalAuthentication.CONVERSATION_KEY);
request.getSession().setAttribute(SESSION_CONVERSATION_KEY, key);
ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(key, request);
String relyingPartyId = "";
final RelyingPartyContext relyingPartyCtx = prc.getSubcontext(RelyingPartyContext.class);
if (relyingPartyCtx != null) {
relyingPartyId = relyingPartyCtx.getRelyingPartyId();
log.info("relyingPartyId found: " + relyingPartyId);
} else
log.warn("No RelyingPartyContext was available");
// JWT
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
JwtState jwtState = new JwtState(SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
if (relyingPartyId != null && !"".equals(relyingPartyId)) {
String additionalClaims = String.format("{relyingPartyId: '%s'}", relyingPartyId);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
} else
log.warn("No relyingPartyId was available");
String encodedState = jwtState.getEncodedJwt();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(encodedState);
Cookie currentShibstateCookie = getCurrentShibstateCookie(request);
if (currentShibstateCookie != null) {
String requestUri = decodeCookieValue(currentShibstateCookie.getValue());
log.debug("requestUri = \"" + requestUri + "\"");
String authenticationMode = determineAuthenticationMode(requestUri);
if (StringHelper.isNotEmpty(authenticationMode)) {
log.debug("acr_values = \"" + authenticationMode + "\"");
authorizationRequest.setAcrValues(Arrays.asList(authenticationMode));
updateShibstateCookie(response, currentShibstateCookie, requestUri, "/" + Configuration.OXAUTH_ACR_VALUES + "/" + authenticationMode);
}
}
// Store for validation in session
final HttpSession session = request.getSession(false);
session.setAttribute(Configuration.SESSION_AUTH_STATE, encodedState);
session.setAttribute(Configuration.SESSION_AUTH_NONCE, nonce);
return authorizeUrl + "?" + authorizationRequest.getQueryString();
}
Aggregations