Example 1 with OidcProperties
use of org.apereo.cas.configuration.model.support.oidc.OidcProperties in project cas by apereo.
the class OidcConfiguration method oidcServiceJsonWebKeystoreCache.
@Bean
public LoadingCache<OidcRegisteredService, Optional<RsaJsonWebKey>> oidcServiceJsonWebKeystoreCache() {
final OidcProperties oidc = casProperties.getAuthn().getOidc();
final LoadingCache<OidcRegisteredService, Optional<RsaJsonWebKey>> cache = Caffeine.newBuilder().maximumSize(1).expireAfterWrite(oidc.getJwksCacheInMinutes(), TimeUnit.MINUTES).build(oidcServiceJsonWebKeystoreCacheLoader());
return cache;
}
Also used :
Optional(java.util.Optional)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Example 2 with OidcProperties
use of org.apereo.cas.configuration.model.support.oidc.OidcProperties in project cas by apereo.
the class OidcIdTokenGeneratorService method produceIdTokenClaims.
/**
* Produce id token claims jwt claims.
*
* @param request the request
* @param accessTokenId the access token id
* @param timeout the timeout
* @param service the service
* @param profile the user profile
* @param context the context
* @param responseType the response type
* @return the jwt claims
*/
protected JwtClaims produceIdTokenClaims(final HttpServletRequest request, final AccessToken accessTokenId, final long timeout, final OidcRegisteredService service, final UserProfile profile, final J2EContext context, final OAuth20ResponseTypes responseType) {
final Authentication authentication = accessTokenId.getAuthentication();
final Principal principal = authentication.getPrincipal();
final OidcProperties oidc = casProperties.getAuthn().getOidc();
final JwtClaims claims = new JwtClaims();
claims.setJwtId(getOAuthServiceTicket(accessTokenId.getTicketGrantingTicket()).getKey());
claims.setIssuer(oidc.getIssuer());
claims.setAudience(service.getClientId());
final NumericDate expirationDate = NumericDate.now();
expirationDate.addSeconds(timeout);
claims.setExpirationTime(expirationDate);
claims.setIssuedAtToNow();
claims.setNotBeforeMinutesInThePast(oidc.getSkew());
claims.setSubject(principal.getId());
final MultifactorAuthenticationProperties mfa = casProperties.getAuthn().getMfa();
final Map<String, Object> attributes = authentication.getAttributes();
if (attributes.containsKey(mfa.getAuthenticationContextAttribute())) {
final Collection<Object> val = CollectionUtils.toCollection(attributes.get(mfa.getAuthenticationContextAttribute()));
claims.setStringClaim(OidcConstants.ACR, val.iterator().next().toString());
}
if (attributes.containsKey(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS)) {
final Collection<Object> val = CollectionUtils.toCollection(attributes.get(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS));
claims.setStringListClaim(OidcConstants.AMR, val.toArray(new String[] {}));
}
claims.setClaim(OAuth20Constants.STATE, attributes.get(OAuth20Constants.STATE));
claims.setClaim(OAuth20Constants.NONCE, attributes.get(OAuth20Constants.NONCE));
claims.setClaim(OidcConstants.CLAIM_AT_HASH, generateAccessTokenHash(accessTokenId, service));
principal.getAttributes().entrySet().stream().filter(entry -> oidc.getClaims().contains(entry.getKey())).forEach(entry -> claims.setClaim(entry.getKey(), entry.getValue()));
if (!claims.hasClaim(OidcConstants.CLAIM_PREFERRED_USERNAME)) {
claims.setClaim(OidcConstants.CLAIM_PREFERRED_USERNAME, profile.getId());
}
return claims;
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
Arrays(java.util.Arrays)
AlgorithmIdentifiers(org.jose4j.jws.AlgorithmIdentifiers)
DigestUtils(org.apereo.cas.util.DigestUtils)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler)
MultifactorAuthenticationProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties)
Authentication(org.apereo.cas.authentication.Authentication)
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
Map(java.util.Map)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
AccessToken(org.apereo.cas.ticket.accesstoken.AccessToken)
ServicesManager(org.apereo.cas.services.ServicesManager)
OAuth20Constants(org.apereo.cas.support.oauth.OAuth20Constants)
OAuth20ResponseTypes(org.apereo.cas.support.oauth.OAuth20ResponseTypes)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
Collection(java.util.Collection)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
ProfileManager(org.pac4j.core.profile.ProfileManager)
StandardCharsets(java.nio.charset.StandardCharsets)
Pac4jUtils(org.apereo.cas.util.Pac4jUtils)
Slf4j(lombok.extern.slf4j.Slf4j)
MessageDigestAlgorithms(org.apache.commons.codec.digest.MessageDigestAlgorithms)
NumericDate(org.jose4j.jwt.NumericDate)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
Stream(java.util.stream.Stream)
JwtClaims(org.jose4j.jwt.JwtClaims)
Service(org.apereo.cas.authentication.principal.Service)
Entry(java.util.Map.Entry)
J2EContext(org.pac4j.core.context.J2EContext)
Optional(java.util.Optional)
Preconditions(com.google.common.base.Preconditions)
Principal(org.apereo.cas.authentication.principal.Principal)
EncodingUtils(org.apereo.cas.util.EncodingUtils)
UserProfile(org.pac4j.core.profile.UserProfile)
NumericDate(org.jose4j.jwt.NumericDate)
JwtClaims(org.jose4j.jwt.JwtClaims)
Authentication(org.apereo.cas.authentication.Authentication)
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
MultifactorAuthenticationProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties)
Principal(org.apereo.cas.authentication.principal.Principal)
Example 3 with OidcProperties
use of org.apereo.cas.configuration.model.support.oidc.OidcProperties in project cas by apereo.
the class OidcRestfulJsonWebKeystoreGeneratorServiceTests method verifyFailsOperation.
@Test
public void verifyFailsOperation() throws Exception {
var oidcProperties = new OidcProperties();
oidcProperties.getJwks().getRest().setUrl("https://localhost:1234");
oidcProperties.getJwks().getRest().setMethod("get");
val resource = new OidcRestfulJsonWebKeystoreGeneratorService(oidcProperties).generate();
assertNull(resource);
}
Also used :
lombok.val(lombok.val)
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
Test(org.junit.jupiter.api.Test)
Example 4 with OidcProperties
use of org.apereo.cas.configuration.model.support.oidc.OidcProperties in project cas by apereo.
the class OidcConfiguration method oauthInterceptor.
@Bean
public HandlerInterceptorAdapter oauthInterceptor() {
final OidcProperties oidc = casProperties.getAuthn().getOidc();
final OidcConstants.DynamicClientRegistrationMode mode = OidcConstants.DynamicClientRegistrationMode.valueOf(StringUtils.defaultIfBlank(oidc.getDynamicClientRegistrationMode(), OidcConstants.DynamicClientRegistrationMode.PROTECTED.name()));
return new OidcHandlerInterceptorAdapter(requiresAuthenticationAccessTokenInterceptor, requiresAuthenticationAuthorizeInterceptor(), requiresAuthenticationDynamicRegistrationInterceptor(), mode, accessTokenGrantRequestExtractors);
}
Also used :
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
OidcHandlerInterceptorAdapter(org.apereo.cas.oidc.web.OidcHandlerInterceptorAdapter)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Example 5 with OidcProperties
use of org.apereo.cas.configuration.model.support.oidc.OidcProperties in project cas by apereo.
the class OidcConfiguration method oidcDefaultJsonWebKeystoreCache.
@Bean
public LoadingCache<String, Optional<RsaJsonWebKey>> oidcDefaultJsonWebKeystoreCache() {
final OidcProperties oidc = casProperties.getAuthn().getOidc();
final LoadingCache<String, Optional<RsaJsonWebKey>> cache = Caffeine.newBuilder().maximumSize(1).expireAfterWrite(oidc.getJwksCacheInMinutes(), TimeUnit.MINUTES).build(oidcDefaultJsonWebKeystoreCacheLoader());
return cache;
}
Also used :
Optional(java.util.Optional)
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
OidcProperties (org.apereo.cas.configuration.model.support.oidc.OidcProperties)8
lombok.val (lombok.val)4
Test (org.junit.jupiter.api.Test)4
Optional (java.util.Optional)3
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)3
FileSystemResource (org.springframework.core.io.FileSystemResource)3
OidcConstants (org.apereo.cas.oidc.OidcConstants)2
OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)2
Bean (org.springframework.context.annotation.Bean)2
Preconditions (com.google.common.base.Preconditions)1
StandardCharsets (java.nio.charset.StandardCharsets)1
Arrays (java.util.Arrays)1
Collection (java.util.Collection)1
Map (java.util.Map)1
Entry (java.util.Map.Entry)1
Stream (java.util.stream.Stream)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Slf4j (lombok.extern.slf4j.Slf4j)1
MessageDigestAlgorithms (org.apache.commons.codec.digest.MessageDigestAlgorithms)1
