Search in sources :

Example 1 with OidcPhoneScopeAttributeReleasePolicy

use of org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy in project cas by apereo.

the class OidcProfileScopeToAttributesFilter method reconcile.

@Override
public void reconcile(final RegisteredService service) {
    if (!(service instanceof OidcRegisteredService)) {
        super.reconcile(service);
        return;
    }
    LOGGER.debug("Reconciling OpenId Connect scopes and claims for [{}]", service.getServiceId());
    final List<String> otherScopes = new ArrayList<>();
    final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
    final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
    oidc.getScopes().forEach(s -> {
        LOGGER.debug("Reviewing scope [{}] for [{}]", s, service.getServiceId());
        try {
            final OidcConstants.StandardScopes scope = OidcConstants.StandardScopes.valueOf(s.trim().toLowerCase().toUpperCase());
            switch(scope) {
                case EMAIL:
                    LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcEmailScopeAttributeReleasePolicy.class.getSimpleName());
                    policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
                    break;
                case ADDRESS:
                    LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcAddressScopeAttributeReleasePolicy.class.getSimpleName());
                    policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
                    break;
                case PROFILE:
                    LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcProfileScopeAttributeReleasePolicy.class.getSimpleName());
                    policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
                    break;
                case PHONE:
                    LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcProfileScopeAttributeReleasePolicy.class.getSimpleName());
                    policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
                    break;
                case OFFLINE_ACCESS:
                    LOGGER.debug("Given scope [{}], service [{}] is marked to generate refresh tokens", s, service.getId());
                    oidc.setGenerateRefreshToken(Boolean.TRUE);
                    break;
                case CUSTOM:
                    LOGGER.debug("Found custom scope [{}] for service [{}]", s, service.getId());
                    otherScopes.add(s.trim());
                    break;
                default:
                    LOGGER.debug("Scope [{}] is unsupported for service [{}]", s, service.getId());
                    break;
            }
        } catch (final Exception e) {
            LOGGER.debug("[{}] appears to be a user-defined scope and does not match any of the predefined standard scopes. " + "Checking [{}] against user-defined scopes provided as [{}]", s, s, userScopes);
            final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
            if (userPolicy != null) {
                LOGGER.debug("Mapped user-defined scope [{}] to attribute release policy [{}]", s, userPolicy);
                policy.getPolicies().add(userPolicy);
            }
        }
    });
    otherScopes.remove(OidcConstants.StandardScopes.OPENID.getScope());
    if (!otherScopes.isEmpty()) {
        LOGGER.debug("Mapped scopes [{}] to attribute release policy [{}]", otherScopes, OidcCustomScopeAttributeReleasePolicy.class.getSimpleName());
        policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
    }
    if (policy.getPolicies().isEmpty()) {
        LOGGER.debug("No attribute release policy could be determined based on given scopes. " + "No claims/attributes will be released to [{}]", service.getServiceId());
        oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
    } else {
        oidc.setAttributeReleasePolicy(policy);
    }
    LOGGER.debug("Scope/claim reconciliation for service [{}] resulted in the following attribute release policy [{}]", service.getServiceId(), oidc.getAttributeReleasePolicy());
    if (!oidc.equals(service)) {
        LOGGER.debug("Saving scope/claim reconciliation results for service [{}] into registry", service.getServiceId());
        this.servicesManager.save(oidc);
        LOGGER.debug("Saved service [{}] into registry", service.getServiceId());
    } else {
        LOGGER.debug("No changes detected in service [{}] after scope/claim reconciliation", service.getId());
    }
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy) OidcAttributeToScopeClaimMapper(org.apereo.cas.oidc.claims.mapping.OidcAttributeToScopeClaimMapper) OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy) HashMap(java.util.HashMap) Reflections(org.reflections.Reflections) OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy) ArrayList(java.util.ArrayList) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy) HashSet(java.util.HashSet) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) DefaultOAuth20ProfileScopeToAttributesFilter(org.apereo.cas.support.oauth.profile.DefaultOAuth20ProfileScopeToAttributesFilter) FilterBuilder(org.reflections.util.FilterBuilder) OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties) Map(java.util.Map) OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy) AccessToken(org.apereo.cas.ticket.accesstoken.AccessToken) ConfigurationBuilder(org.reflections.util.ConfigurationBuilder) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) ServicesManager(org.apereo.cas.services.ServicesManager) Unchecked(org.jooq.lambda.Unchecked) OidcConstants(org.apereo.cas.oidc.OidcConstants) Collection(java.util.Collection) OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy) Set(java.util.Set) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) RegisteredService(org.apereo.cas.services.RegisteredService) ClasspathHelper(org.reflections.util.ClasspathHelper) SubTypesScanner(org.reflections.scanners.SubTypesScanner) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) Service(org.apereo.cas.authentication.principal.Service) J2EContext(org.pac4j.core.context.J2EContext) Principal(org.apereo.cas.authentication.principal.Principal) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) ArrayList(java.util.ArrayList) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy) OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy) OidcConstants(org.apereo.cas.oidc.OidcConstants) OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy) OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy) OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)

Aggregations

ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1 Slf4j (lombok.extern.slf4j.Slf4j)1 Principal (org.apereo.cas.authentication.principal.Principal)1 PrincipalFactory (org.apereo.cas.authentication.principal.PrincipalFactory)1 Service (org.apereo.cas.authentication.principal.Service)1 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1 OidcProperties (org.apereo.cas.configuration.model.support.oidc.OidcProperties)1 OidcConstants (org.apereo.cas.oidc.OidcConstants)1 BaseOidcScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)1 OidcAddressScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy)1 OidcCustomScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy)1 OidcEmailScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)1 OidcPhoneScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy)1 OidcProfileScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy)1