Example 11 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class EndSession method validateRedirect.
private void validateRedirect(OAuth2Request request, String idToken, String redirectUri) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
SignedJwt jwt = new JwtReconstruction().reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String clientId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.AZP);
ClientRegistration client = clientRegistrationStore.get(clientId, request);
URI requestedUri = URI.create(redirectUri);
if (!requestedUri.isAbsolute()) {
throw new RelativeRedirectUriException();
}
if (!client.getPostLogoutRedirectUris().contains(requestedUri)) {
throw new RedirectUriMismatchException();
}
}
Also used :
RelativeRedirectUriException(org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction)
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
URI(java.net.URI)
Example 12 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class OpenIDTokenIssuer method issueToken.
/**
* Issues an OpenId Connect token, using the details of the access token.
*
* @param accessToken The access token requested by the OAuth2 request.
* @param request The OAuth2 request.
* @return A {@code Map.Entry} of the token name with the Token instance.
* @throws ServerException If any internal server error occurs.
* @throws InvalidClientException If either the request does not contain the client's id or the client fails to be
* authenticated.
* @throws NotFoundException If the realm does not have an OAuth 2.0 provider service.
*/
public Map.Entry<String, String> issueToken(AccessToken accessToken, OAuth2Request request) throws ServerException, InvalidClientException, NotFoundException {
final Set<String> scope = accessToken.getScope();
if (scope != null && scope.contains(OAuth2Constants.Params.OPENID)) {
final ResourceOwner resourceOwner;
try {
request.setSession(accessToken.getSessionId());
resourceOwner = resourceOwnerSessionValidator.validate(request);
final String nonce = accessToken.getNonce();
final OpenIdConnectToken openIdToken = tokenStore.createOpenIDToken(resourceOwner, accessToken.getClientId(), accessToken.getClientId(), nonce, getOps(accessToken, request), request);
final SignedJwt signedJwt = openIdToken.sign();
return new AbstractMap.SimpleEntry<String, String>(OAuth2Constants.JWTTokenParams.ID_TOKEN, signedJwt.build());
} catch (SignatureException e) {
logger.error("Unable to sign JWT", e);
throw new ServerException("Cant sign JWT");
} catch (OAuth2Exception e) {
logger.error("User must be authenticated to issue ID tokens.", e);
throw new ServerException("User must be authenticated to issue ID tokens.");
}
}
return null;
}
Also used :
ServerException(org.forgerock.oauth2.core.exceptions.ServerException)
ResourceOwner(org.forgerock.oauth2.core.ResourceOwner)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
SignatureException(java.security.SignatureException)
OAuth2Exception(org.forgerock.oauth2.core.exceptions.OAuth2Exception)
Example 13 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class PolicyRequestTest method getJwtSubject.
private Jwt getJwtSubject(final String subjectName) {
JwsHeader header = new JwsHeader(Collections.<String, Object>emptyMap());
JwtClaimsSet claims = new JwtClaimsSet();
claims.setSubject(subjectName);
SigningHandler handler = new NOPSigningHandler();
return new SignedJwt(header, claims, handler);
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwsHeader(org.forgerock.json.jose.jws.JwsHeader)
NOPSigningHandler(org.forgerock.json.jose.jws.handlers.NOPSigningHandler)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
NOPSigningHandler(org.forgerock.json.jose.jws.handlers.NOPSigningHandler)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
Example 14 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class CheckSessionImpl method getClientSessionURI.
/**
* {@inheritDoc}
*/
public String getClientSessionURI(HttpServletRequest request) throws UnauthorizedClientException, InvalidClientException, NotFoundException {
SignedJwt jwt = getIDToken(request);
if (jwt == null) {
return "";
}
final ClientRegistration clientRegistration = getClientRegistration(jwt);
if (clientRegistration != null && !isJwtValid(jwt, clientRegistration)) {
return "";
}
return clientRegistration.getClientSessionURI();
}
Also used :
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
Example 15 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class CheckSessionImpl method getValidSession.
/**
* {@inheritDoc}
*/
public boolean getValidSession(HttpServletRequest request) {
SignedJwt jwt = getIDToken(request);
if (jwt == null) {
return false;
}
try {
final ClientRegistration clientRegistration = getClientRegistration(jwt);
if (clientRegistration != null && !isJwtValid(jwt, clientRegistration)) {
return false;
}
String opsId = (String) jwt.getClaimsSet().getClaim(OPS);
if (opsId == null) {
opsId = (String) jwt.getClaimsSet().getClaim(LEGACY_OPS);
}
JsonValue idTokenUserSessionToken = tokenAdapter.fromToken(cts.read(opsId));
String sessionId = idTokenUserSessionToken.get(LEGACY_OPS).asString();
SSOToken ssoToken = ssoTokenManager.createSSOToken(sessionId);
return ssoTokenManager.isValidToken(ssoToken);
} catch (Exception e) {
logger.error("Unable to get the SSO token", e);
return false;
}
}
Also used :
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
SSOToken(com.iplanet.sso.SSOToken)
JsonValue(org.forgerock.json.JsonValue)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException)
UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)
Aggregations
SignedJwt (org.forgerock.json.jose.jws.SignedJwt)17
JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)8
Test (org.testng.annotations.Test)5
SSOToken (com.iplanet.sso.SSOToken)4
ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)3
OpenIdConnectTokenConfig (org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)3
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
PublicKey (java.security.PublicKey)2
SignatureException (java.security.SignatureException)2
JsonValue (org.forgerock.json.JsonValue)2
JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)2
JwtReconstruction (org.forgerock.json.jose.common.JwtReconstruction)2
JwsSigningException (org.forgerock.json.jose.exceptions.JwsSigningException)2
SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)2
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)2
LoginConfiguration (org.forgerock.openam.core.rest.authn.core.LoginConfiguration)2
LoginProcess (org.forgerock.openam.core.rest.authn.core.LoginProcess)2
RestAuthException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)2
