use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.
the class GluuConfigurationWS method createScopeToClaimsMapping.
private Map<String, Set<String>> createScopeToClaimsMapping() {
Map<String, Set<String>> result = new HashMap<String, Set<String>>();
try {
for (Scope scope : scopeService.getAllScopesList()) {
final Set<String> claimsList = new HashSet<String>();
result.put(scope.getId(), claimsList);
final List<String> claimIdList = scope.getOxAuthClaims();
if (claimIdList != null && !claimIdList.isEmpty()) {
for (String claimDn : claimIdList) {
final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
final String claimName = attribute.getOxAuthClaimName();
if (StringUtils.isNotBlank(claimName)) {
claimsList.add(claimName);
}
}
}
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return result;
}
use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.
the class IdTokenFactory method setClaimsFromJwtAuthorizationRequest.
private void setClaimsFromJwtAuthorizationRequest(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, Set<String> scopes) throws InvalidClaimException {
final JwtAuthorizationRequest requestObject = authorizationGrant.getJwtAuthorizationRequest();
if (requestObject == null || requestObject.getIdTokenMember() == null) {
return;
}
for (Claim claim : requestObject.getIdTokenMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute == null) {
continue;
}
Client client = authorizationGrant.getClient();
if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
jwr.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
}
}
}
use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.
the class RegisterRestWebServiceImpl method getJSONObject.
private JSONObject getJSONObject(Client client) throws JSONException, StringEncrypter.EncryptionException {
JSONObject responseJsonObject = new JSONObject();
JsonApplier.getInstance().apply(client, responseJsonObject);
JsonApplier.getInstance().apply(client.getAttributes(), responseJsonObject);
Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.CLIENT_ID.toString(), client.getClientId());
if (appConfiguration.getReturnClientSecretOnRead()) {
Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_SECRET.toString(), clientService.decryptSecret(client.getClientSecret()));
}
Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString(), client.getRegistrationAccessToken());
Util.addToJSONObjectIfNotNull(responseJsonObject, REGISTRATION_CLIENT_URI.toString(), appConfiguration.getRegistrationEndpoint() + "?" + RegisterResponseParam.CLIENT_ID.toString() + "=" + client.getClientId());
responseJsonObject.put(CLIENT_ID_ISSUED_AT.toString(), client.getClientIdIssuedAt().getTime() / 1000);
responseJsonObject.put(CLIENT_SECRET_EXPIRES_AT.toString(), client.getClientSecretExpiresAt() != null && client.getClientSecretExpiresAt().getTime() > 0 ? client.getClientSecretExpiresAt().getTime() / 1000 : 0);
Util.addToJSONObjectIfNotNull(responseJsonObject, REDIRECT_URIS.toString(), client.getRedirectUris());
Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS_REDIRECT_URIS.toString(), client.getClaimRedirectUris());
Util.addToJSONObjectIfNotNull(responseJsonObject, RESPONSE_TYPES.toString(), ResponseType.toStringArray(client.getResponseTypes()));
Util.addToJSONObjectIfNotNull(responseJsonObject, GRANT_TYPES.toString(), GrantType.toStringArray(client.getGrantTypes()));
Util.addToJSONObjectIfNotNull(responseJsonObject, APPLICATION_TYPE.toString(), client.getApplicationType());
Util.addToJSONObjectIfNotNull(responseJsonObject, CONTACTS.toString(), client.getContacts());
Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_NAME.toString(), client.getClientName());
Util.addToJSONObjectIfNotNull(responseJsonObject, LOGO_URI.toString(), client.getLogoUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_URI.toString(), client.getClientUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, POLICY_URI.toString(), client.getPolicyUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, TOS_URI.toString(), client.getTosUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS_URI.toString(), client.getJwksUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, SECTOR_IDENTIFIER_URI.toString(), client.getSectorIdentifierUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, SUBJECT_TYPE.toString(), client.getSubjectType());
Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), client.getIdTokenSignedResponseAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), client.getIdTokenEncryptedResponseAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), client.getIdTokenEncryptedResponseEnc());
Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_SIGNED_RESPONSE_ALG.toString(), client.getUserInfoSignedResponseAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), client.getUserInfoEncryptedResponseAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), client.getUserInfoEncryptedResponseEnc());
Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_SIGNING_ALG.toString(), client.getRequestObjectSigningAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ALG.toString(), client.getRequestObjectEncryptionAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ENC.toString(), client.getRequestObjectEncryptionEnc());
Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_METHOD.toString(), client.getTokenEndpointAuthMethod());
Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), client.getTokenEndpointAuthSigningAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_MAX_AGE.toString(), client.getDefaultMaxAge());
Util.addToJSONObjectIfNotNull(responseJsonObject, REQUIRE_AUTH_TIME.toString(), client.getRequireAuthTime());
Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_ACR_VALUES.toString(), client.getDefaultAcrValues());
Util.addToJSONObjectIfNotNull(responseJsonObject, INITIATE_LOGIN_URI.toString(), client.getInitiateLoginUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, POST_LOGOUT_REDIRECT_URIS.toString(), client.getPostLogoutRedirectUris());
Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_URIS.toString(), client.getRequestUris());
Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZED_ORIGINS.toString(), client.getAuthorizedOrigins());
Util.addToJSONObjectIfNotNull(responseJsonObject, RPT_AS_JWT.toString(), client.isRptAsJwt());
Util.addToJSONObjectIfNotNull(responseJsonObject, TLS_CLIENT_AUTH_SUBJECT_DN.toString(), client.getAttributes().getTlsClientAuthSubjectDn());
Util.addToJSONObjectIfNotNull(responseJsonObject, ALLOW_SPONTANEOUS_SCOPES.toString(), client.getAttributes().getAllowSpontaneousScopes());
Util.addToJSONObjectIfNotNull(responseJsonObject, SPONTANEOUS_SCOPES.toString(), client.getAttributes().getSpontaneousScopes());
Util.addToJSONObjectIfNotNull(responseJsonObject, RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString(), client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
Util.addToJSONObjectIfNotNull(responseJsonObject, KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString(), client.getAttributes().getKeepClientAuthorizationAfterExpiration());
Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_AS_JWT.toString(), client.isAccessTokenAsJwt());
Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_SIGNING_ALG.toString(), client.getAccessTokenSigningAlg());
Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_LIFETIME.toString(), client.getAccessTokenLifetime());
Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_ID.toString(), client.getSoftwareId());
Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_VERSION.toString(), client.getSoftwareVersion());
Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_STATEMENT.toString(), client.getSoftwareStatement());
if (!Util.isNullOrEmpty(client.getJwks())) {
Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS.toString(), new JSONObject(client.getJwks()));
}
// Logout params
Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_URI.toString(), client.getFrontChannelLogoutUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getFrontChannelLogoutSessionRequired());
Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri());
Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getAttributes().getBackchannelLogoutSessionRequired());
// Custom Params
String[] scopeNames = null;
String[] scopeDns = client.getScopes();
if (scopeDns != null) {
scopeNames = new String[scopeDns.length];
for (int i = 0; i < scopeDns.length; i++) {
Scope scope = scopeService.getScopeByDn(scopeDns[i]);
scopeNames[i] = scope.getId();
}
}
if (appConfiguration.getLegacyDynamicRegistrationScopeParam()) {
Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPES.toString(), scopeNames);
} else {
Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPE.toString(), implode(scopeNames, " "));
}
String[] claimNames = null;
String[] claimDns = client.getClaims();
if (claimDns != null) {
claimNames = new String[claimDns.length];
for (int i = 0; i < claimDns.length; i++) {
GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDns[i]);
claimNames[i] = gluuAttribute.getOxAuthClaimName();
}
}
putCustomAttributesInResponse(client, responseJsonObject);
if (claimNames != null && claimNames.length > 0) {
Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS.toString(), implode(claimNames, " "));
}
cibaRegisterClientResponseService.updateResponse(responseJsonObject, client);
return responseJsonObject;
}
use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.
the class ScopeService method fillClaims.
private void fillClaims(Map<String, Object> claims, List<String> scopeClaims, User user) throws InvalidClaimException {
for (String claimDn : scopeClaims) {
GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
String claimName = gluuAttribute.getOxAuthClaimName();
String ldapName = gluuAttribute.getName();
if (StringUtils.isBlank(claimName)) {
log.error("Failed to get claim because claim name is not set for attribute, id: {}", gluuAttribute.getDn());
continue;
}
if (StringUtils.isBlank(ldapName)) {
log.error("Failed to get claim because name is not set for attribute, id: {}", gluuAttribute.getDn());
continue;
}
setClaimField(ldapName, claimName, user, gluuAttribute, claims);
}
}
use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.
the class OpenIdConfiguration method createScopeToClaimsMapping.
/**
* @deprecated theses params:
* <ul>
* <li>id_generation_endpoint</li>
* <li>introspection_endpoint</li>
* <li>auth_level_mapping</li>
* <li>scope_to_claims_mapping</li>
* </ul>
* will be moved from /.well-known/openid-configuration to
* /.well-known/gluu-configuration
*/
@Deprecated
private JSONArray createScopeToClaimsMapping(JSONArray scopesSupported, JSONArray claimsSupported) {
final JSONArray scopeToClaimMapping = new JSONArray();
Set<String> scopes = new HashSet<String>();
Set<String> claims = new HashSet<String>();
try {
for (Scope scope : scopeService.getAllScopesList()) {
if ((scope.getScopeType() == ScopeType.SPONTANEOUS && scope.isDeletable()) || !(canShowInConfigEndpoint(scope.getAttributes()))) {
continue;
}
final JSONArray claimsList = new JSONArray();
final JSONObject mapping = new JSONObject();
mapping.put(scope.getId(), claimsList);
scopes.add(scope.getId());
scopeToClaimMapping.put(mapping);
if (ScopeType.DYNAMIC.equals(scope.getScopeType())) {
List<String> claimNames = externalDynamicScopeService.executeExternalGetSupportedClaimsMethods(Arrays.asList(scope));
for (String claimName : claimNames) {
if (StringUtils.isNotBlank(claimName)) {
claimsList.put(claimName);
claims.add(claimName);
}
}
} else {
final List<String> claimIdList = scope.getOxAuthClaims();
if (claimIdList != null && !claimIdList.isEmpty()) {
for (String claimDn : claimIdList) {
final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
final String claimName = attribute.getOxAuthClaimName();
if (StringUtils.isNotBlank(claimName)) {
claimsList.put(claimName);
claims.add(claimName);
}
}
}
}
}
for (String scope : scopes) {
scopesSupported.put(scope);
}
for (String claim : claims) {
claimsSupported.put(claim);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return scopeToClaimMapping;
}
Aggregations