use of org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy in project cas by apereo.
the class OidcProfileScopeToAttributesFilter method reconcile.
@Override
public void reconcile(final RegisteredService service) {
if (!(service instanceof OidcRegisteredService)) {
super.reconcile(service);
return;
}
LOGGER.debug("Reconciling OpenId Connect scopes and claims for [{}]", service.getServiceId());
final List<String> otherScopes = new ArrayList<>();
final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
oidc.getScopes().forEach(s -> {
LOGGER.debug("Reviewing scope [{}] for [{}]", s, service.getServiceId());
try {
final OidcConstants.StandardScopes scope = OidcConstants.StandardScopes.valueOf(s.trim().toLowerCase().toUpperCase());
switch(scope) {
case EMAIL:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcEmailScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
break;
case ADDRESS:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcAddressScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
break;
case PROFILE:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcProfileScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
break;
case PHONE:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcProfileScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
break;
case OFFLINE_ACCESS:
LOGGER.debug("Given scope [{}], service [{}] is marked to generate refresh tokens", s, service.getId());
oidc.setGenerateRefreshToken(Boolean.TRUE);
break;
case CUSTOM:
LOGGER.debug("Found custom scope [{}] for service [{}]", s, service.getId());
otherScopes.add(s.trim());
break;
default:
LOGGER.debug("Scope [{}] is unsupported for service [{}]", s, service.getId());
break;
}
} catch (final Exception e) {
LOGGER.debug("[{}] appears to be a user-defined scope and does not match any of the predefined standard scopes. " + "Checking [{}] against user-defined scopes provided as [{}]", s, s, userScopes);
final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
if (userPolicy != null) {
LOGGER.debug("Mapped user-defined scope [{}] to attribute release policy [{}]", s, userPolicy);
policy.getPolicies().add(userPolicy);
}
}
});
otherScopes.remove(OidcConstants.StandardScopes.OPENID.getScope());
if (!otherScopes.isEmpty()) {
LOGGER.debug("Mapped scopes [{}] to attribute release policy [{}]", otherScopes, OidcCustomScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
}
if (policy.getPolicies().isEmpty()) {
LOGGER.debug("No attribute release policy could be determined based on given scopes. " + "No claims/attributes will be released to [{}]", service.getServiceId());
oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
} else {
oidc.setAttributeReleasePolicy(policy);
}
LOGGER.debug("Scope/claim reconciliation for service [{}] resulted in the following attribute release policy [{}]", service.getServiceId(), oidc.getAttributeReleasePolicy());
if (!oidc.equals(service)) {
LOGGER.debug("Saving scope/claim reconciliation results for service [{}] into registry", service.getServiceId());
this.servicesManager.save(oidc);
LOGGER.debug("Saved service [{}] into registry", service.getServiceId());
} else {
LOGGER.debug("No changes detected in service [{}] after scope/claim reconciliation", service.getId());
}
}
Aggregations