use of org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext in project cas by apereo.
the class BaseOidcScopeAttributeReleasePolicy method getAttributesInternal.
@Override
public Map<String, List<Object>> getAttributesInternal(final RegisteredServiceAttributeReleasePolicyContext context, final Map<String, List<Object>> attributes) {
val applicationContext = ApplicationContextProvider.getApplicationContext();
if (applicationContext == null) {
LOGGER.warn("Could not locate the application context to process attributes");
return new HashMap<>(0);
}
val resolvedAttributes = new TreeMap<String, List<Object>>(String.CASE_INSENSITIVE_ORDER);
resolvedAttributes.putAll(attributes);
val attributesToRelease = Maps.<String, List<Object>>newHashMapWithExpectedSize(attributes.size());
LOGGER.debug("Attempting to map and filter claims based on resolved attributes [{}]", resolvedAttributes);
val properties = applicationContext.getBean(CasConfigurationProperties.class);
val supportedClaims = properties.getAuthn().getOidc().getDiscovery().getClaims();
val allowedClaims = new LinkedHashSet<>(getAllowedAttributes());
allowedClaims.retainAll(supportedClaims);
LOGGER.debug("[{}] is designed to allow claims [{}] for scope [{}]. After cross-checking with " + "supported claims [{}], the final collection of allowed attributes is [{}]", getClass().getSimpleName(), getAllowedAttributes(), getScopeType(), supportedClaims, allowedClaims);
allowedClaims.stream().map(claim -> mapClaimToAttribute(claim, resolvedAttributes)).filter(p -> p.getValue() != null).forEach(p -> attributesToRelease.put(p.getKey(), CollectionUtils.toCollection(p.getValue(), ArrayList.class)));
return attributesToRelease;
}
use of org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext in project cas by apereo.
the class MetadataRequestedAttributesAttributeReleasePolicy method determineRequestedAttributeDefinitions.
@Override
protected List<String> determineRequestedAttributeDefinitions(final RegisteredServiceAttributeReleasePolicyContext context) {
val entityId = getEntityIdFromRequest(context.getService());
val facade = determineServiceProviderMetadataFacade((SamlRegisteredService) context.getRegisteredService(), entityId);
return facade.map(SamlRegisteredServiceServiceProviderMetadataFacade::getSsoDescriptor).map(sso -> sso.getAttributeConsumingServices().stream().map(svc -> svc.getRequestedAttributes().stream().map(attr -> this.useFriendlyName ? attr.getFriendlyName() : attr.getName()).collect(Collectors.toList())).flatMap(List::stream).sorted().distinct().collect(Collectors.toList())).orElseGet(ArrayList::new);
}
use of org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicy method getAttributesForSamlRegisteredService.
@Override
protected Map<String, List<Object>> getAttributesForSamlRegisteredService(final Map<String, List<Object>> attributes, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor, final RegisteredServiceAttributeReleasePolicyContext context) {
val releaseAttributes = new HashMap<String, List<Object>>();
getSamlAuthnRequest(applicationContext).ifPresent(authnRequest -> {
if (authnRequest.getExtensions() != null) {
authnRequest.getExtensions().getUnknownXMLObjects().stream().filter(object -> object instanceof RequestedAttribute).map(object -> (RequestedAttribute) object).filter(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Checking for requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
return attributes.containsKey(name);
}).forEach(attr -> {
val name = this.useFriendlyName ? attr.getFriendlyName() : attr.getName();
LOGGER.debug("Found requested attribute [{}] in metadata for [{}]", name, context.getRegisteredService().getName());
releaseAttributes.put(name, attributes.get(name));
});
}
});
return authorizeReleaseOfAllowedAttributes(context, releaseAttributes);
}
use of org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext in project cas by apereo.
the class MetadataRegistrationAuthorityAttributeReleasePolicy method getAttributesForSamlRegisteredService.
@Override
protected Map<String, List<Object>> getAttributesForSamlRegisteredService(final Map<String, List<Object>> attributes, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor, final RegisteredServiceAttributeReleasePolicyContext context) {
val extensions = Optional.ofNullable(facade.getExtensions()).map(ElementExtensibleXMLObject::getUnknownXMLObjects).orElseGet(List::of);
val matched = extensions.stream().filter(object -> object instanceof RegistrationInfo).map(info -> (RegistrationInfo) info).anyMatch(info -> RegexUtils.find(this.registrationAuthority, info.getRegistrationAuthority()));
if (matched) {
return authorizeReleaseOfAllowedAttributes(context, attributes);
}
return new HashMap<>(0);
}
use of org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext in project cas by apereo.
the class WSFederationClaimsReleasePolicy method getAttributesInternal.
@Override
public Map<String, List<Object>> getAttributesInternal(final RegisteredServiceAttributeReleasePolicyContext context, final Map<String, List<Object>> attrs) {
val resolvedAttributes = new TreeMap<String, List<Object>>(String.CASE_INSENSITIVE_ORDER);
resolvedAttributes.putAll(attrs);
val attributesToRelease = Maps.<String, List<Object>>newHashMapWithExpectedSize(resolvedAttributes.size());
getAllowedAttributes().entrySet().stream().filter(entry -> WSFederationClaims.contains(entry.getKey().toUpperCase())).forEach(entry -> {
val claimName = entry.getKey();
val attributeValue = resolvedAttributes.get(entry.getValue());
val claim = WSFederationClaims.valueOf(claimName.toUpperCase());
if (resolvedAttributes.containsKey(claim.getUri())) {
attributesToRelease.put(claim.getUri(), resolvedAttributes.get(claim.getUri()));
} else {
LOGGER.trace("Evaluating claim [{}] mapped to attribute value [{}]", claim.getUri(), attributeValue);
mapSingleAttributeDefinition(claim.getUri(), entry.getValue(), attributeValue, resolvedAttributes, attributesToRelease);
}
});
return attributesToRelease;
}
Aggregations