Examples with OidcSubjectPrincipal org.dcache.auth.OidcSubjectPrincipal used on opensource projects

Example 1 with OidcSubjectPrincipal

use of org.dcache.auth.OidcSubjectPrincipal in project dcache by dCache.

the class BaseProfile method addSub.

private void addSub(IdentityProvider idp, Map<String, JsonNode> claims, Set<Principal> principals) {
    var node = claims.get("sub");
    if (node != null && node.isTextual()) {
        String claimValue = node.asText();
        principals.add(new OidcSubjectPrincipal(claimValue, idp.getName()));
        // REVISIT: the JwtSubPrincipal is only included for backwards compatibility.  It is
        // not used by dCache and should (very likely) be removed.
        principals.add(new JwtSubPrincipal(idp.getName(), claimValue));
    }
}

Example 2 with OidcSubjectPrincipal

use of org.dcache.auth.OidcSubjectPrincipal in project dcache by dCache.

the class GplazmaMultiMapFileTest method shouldIgnoreMappingWithWrongOP.

@Test
public void shouldIgnoreMappingWithWrongOP() throws Exception {
    givenConfig("oidc:googleoidcsubject@GOOGLE    username:kermit");
    whenMapping(new OidcSubjectPrincipal("googleoidcsubject", "NOT-GOOGLE"));
    assertThat(warnings, is(empty()));
    assertThat(mappedPrincipals, is(empty()));
}

Example 3 with OidcSubjectPrincipal

use of org.dcache.auth.OidcSubjectPrincipal in project dcache by dCache.

the class GplazmaMultiMapFileTest method shouldPassWhenOidcMappedWithoutOP.

@Test
public void shouldPassWhenOidcMappedWithoutOP() throws Exception {
    givenConfig("oidc:googleoidcsubject    username:kermit");
    whenMapping(new OidcSubjectPrincipal("googleoidcsubject", "GOOGLE"));
    assertThat(warnings, is(empty()));
    assertThat(mappedPrincipals, hasItem(new UserNamePrincipal("kermit")));
}

Example 4 with OidcSubjectPrincipal

use of org.dcache.auth.OidcSubjectPrincipal in project dcache by dCache.

the class GplazmaMultiMapFileTest method shouldFailWhenWrongMapFormatOidc.

@Test
public void shouldFailWhenWrongMapFormatOidc() throws Exception {
    givenConfig("oid:googleopenidsubject    username:kermit");
    whenMapping(new OidcSubjectPrincipal("googleopenidsubject", "GOOGLE"));
    assertThat(warnings, is(not(empty())));
    assertThat(mappedPrincipals, is(empty()));
}

Example 5 with OidcSubjectPrincipal

use of org.dcache.auth.OidcSubjectPrincipal in project dcache by dCache.

the class GplazmaMultiMapFileTest method shouldPassWhenUidPrimaryGidFalseMappedFromOidcWithoutOP.

@Test
public void shouldPassWhenUidPrimaryGidFalseMappedFromOidcWithoutOP() throws Exception {
    givenConfig("oidc:googleoidcsubject   gid:1000,false  uid:1000  ");
    whenMapping(new OidcSubjectPrincipal("googleoidcsubject", "GOOGLE"));
    assertThat(warnings, is(empty()));
    assertThat(mappedPrincipals, hasItem(new UidPrincipal("1000")));
    assertThat(mappedPrincipals, hasItem(new GidPrincipal("1000", false)));
}