Search in sources :

Example 61 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class GluuConfigurationWS method createScopeToClaimsMapping.

private Map<String, Set<String>> createScopeToClaimsMapping() {
    Map<String, Set<String>> result = new HashMap<String, Set<String>>();
    try {
        for (Scope scope : scopeService.getAllScopesList()) {
            final Set<String> claimsList = new HashSet<String>();
            result.put(scope.getId(), claimsList);
            final List<String> claimIdList = scope.getOxAuthClaims();
            if (claimIdList != null && !claimIdList.isEmpty()) {
                for (String claimDn : claimIdList) {
                    final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                    final String claimName = attribute.getOxAuthClaimName();
                    if (StringUtils.isNotBlank(claimName)) {
                        claimsList.add(claimName);
                    }
                }
            }
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return result;
}
Also used : Scope(org.oxauth.persistence.model.Scope) WebApplicationException(javax.ws.rs.WebApplicationException) GluuAttribute(org.gluu.model.GluuAttribute)

Example 62 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class IdTokenFactory method setClaimsFromJwtAuthorizationRequest.

private void setClaimsFromJwtAuthorizationRequest(JsonWebResponse jwr, IAuthorizationGrant authorizationGrant, Set<String> scopes) throws InvalidClaimException {
    final JwtAuthorizationRequest requestObject = authorizationGrant.getJwtAuthorizationRequest();
    if (requestObject == null || requestObject.getIdTokenMember() == null) {
        return;
    }
    for (Claim claim : requestObject.getIdTokenMember().getClaims()) {
        // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
        boolean optional = true;
        GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
        if (gluuAttribute == null) {
            continue;
        }
        Client client = authorizationGrant.getClient();
        if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
            String ldapClaimName = gluuAttribute.getName();
            Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional, gluuAttribute.getOxMultiValuedAttribute());
            jwr.getClaims().setClaimFromJsonObject(claim.getName(), attribute);
        }
    }
}
Also used : JwtAuthorizationRequest(org.gluu.oxauth.model.authorize.JwtAuthorizationRequest) JwtSubClaimObject(org.gluu.oxauth.model.jwt.JwtSubClaimObject) Client(org.gluu.oxauth.model.registration.Client) Claim(org.gluu.oxauth.model.authorize.Claim) GluuAttribute(org.gluu.model.GluuAttribute)

Example 63 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class RegisterRestWebServiceImpl method getJSONObject.

private JSONObject getJSONObject(Client client) throws JSONException, StringEncrypter.EncryptionException {
    JSONObject responseJsonObject = new JSONObject();
    JsonApplier.getInstance().apply(client, responseJsonObject);
    JsonApplier.getInstance().apply(client.getAttributes(), responseJsonObject);
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.CLIENT_ID.toString(), client.getClientId());
    if (appConfiguration.getReturnClientSecretOnRead()) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_SECRET.toString(), clientService.decryptSecret(client.getClientSecret()));
    }
    Util.addToJSONObjectIfNotNull(responseJsonObject, RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString(), client.getRegistrationAccessToken());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REGISTRATION_CLIENT_URI.toString(), appConfiguration.getRegistrationEndpoint() + "?" + RegisterResponseParam.CLIENT_ID.toString() + "=" + client.getClientId());
    responseJsonObject.put(CLIENT_ID_ISSUED_AT.toString(), client.getClientIdIssuedAt().getTime() / 1000);
    responseJsonObject.put(CLIENT_SECRET_EXPIRES_AT.toString(), client.getClientSecretExpiresAt() != null && client.getClientSecretExpiresAt().getTime() > 0 ? client.getClientSecretExpiresAt().getTime() / 1000 : 0);
    Util.addToJSONObjectIfNotNull(responseJsonObject, REDIRECT_URIS.toString(), client.getRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS_REDIRECT_URIS.toString(), client.getClaimRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RESPONSE_TYPES.toString(), ResponseType.toStringArray(client.getResponseTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, GRANT_TYPES.toString(), GrantType.toStringArray(client.getGrantTypes()));
    Util.addToJSONObjectIfNotNull(responseJsonObject, APPLICATION_TYPE.toString(), client.getApplicationType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CONTACTS.toString(), client.getContacts());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_NAME.toString(), client.getClientName());
    Util.addToJSONObjectIfNotNull(responseJsonObject, LOGO_URI.toString(), client.getLogoUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, CLIENT_URI.toString(), client.getClientUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POLICY_URI.toString(), client.getPolicyUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOS_URI.toString(), client.getTosUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS_URI.toString(), client.getJwksUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SECTOR_IDENTIFIER_URI.toString(), client.getSectorIdentifierUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SUBJECT_TYPE.toString(), client.getSubjectType());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), client.getIdTokenSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), client.getIdTokenEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), client.getIdTokenEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_SIGNED_RESPONSE_ALG.toString(), client.getUserInfoSignedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), client.getUserInfoEncryptedResponseAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), client.getUserInfoEncryptedResponseEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_SIGNING_ALG.toString(), client.getRequestObjectSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ALG.toString(), client.getRequestObjectEncryptionAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_OBJECT_ENCRYPTION_ENC.toString(), client.getRequestObjectEncryptionEnc());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_METHOD.toString(), client.getTokenEndpointAuthMethod());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), client.getTokenEndpointAuthSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_MAX_AGE.toString(), client.getDefaultMaxAge());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUIRE_AUTH_TIME.toString(), client.getRequireAuthTime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_ACR_VALUES.toString(), client.getDefaultAcrValues());
    Util.addToJSONObjectIfNotNull(responseJsonObject, INITIATE_LOGIN_URI.toString(), client.getInitiateLoginUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, POST_LOGOUT_REDIRECT_URIS.toString(), client.getPostLogoutRedirectUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_URIS.toString(), client.getRequestUris());
    Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZED_ORIGINS.toString(), client.getAuthorizedOrigins());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RPT_AS_JWT.toString(), client.isRptAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, TLS_CLIENT_AUTH_SUBJECT_DN.toString(), client.getAttributes().getTlsClientAuthSubjectDn());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ALLOW_SPONTANEOUS_SCOPES.toString(), client.getAttributes().getAllowSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SPONTANEOUS_SCOPES.toString(), client.getAttributes().getSpontaneousScopes());
    Util.addToJSONObjectIfNotNull(responseJsonObject, RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString(), client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
    Util.addToJSONObjectIfNotNull(responseJsonObject, KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString(), client.getAttributes().getKeepClientAuthorizationAfterExpiration());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_AS_JWT.toString(), client.isAccessTokenAsJwt());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_SIGNING_ALG.toString(), client.getAccessTokenSigningAlg());
    Util.addToJSONObjectIfNotNull(responseJsonObject, ACCESS_TOKEN_LIFETIME.toString(), client.getAccessTokenLifetime());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_ID.toString(), client.getSoftwareId());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_VERSION.toString(), client.getSoftwareVersion());
    Util.addToJSONObjectIfNotNull(responseJsonObject, SOFTWARE_STATEMENT.toString(), client.getSoftwareStatement());
    if (!Util.isNullOrEmpty(client.getJwks())) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, JWKS.toString(), new JSONObject(client.getJwks()));
    }
    // Logout params
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_URI.toString(), client.getFrontChannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getFrontChannelLogoutSessionRequired());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri());
    Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getAttributes().getBackchannelLogoutSessionRequired());
    // Custom Params
    String[] scopeNames = null;
    String[] scopeDns = client.getScopes();
    if (scopeDns != null) {
        scopeNames = new String[scopeDns.length];
        for (int i = 0; i < scopeDns.length; i++) {
            Scope scope = scopeService.getScopeByDn(scopeDns[i]);
            scopeNames[i] = scope.getId();
        }
    }
    if (appConfiguration.getLegacyDynamicRegistrationScopeParam()) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPES.toString(), scopeNames);
    } else {
        Util.addToJSONObjectIfNotNull(responseJsonObject, SCOPE.toString(), implode(scopeNames, " "));
    }
    String[] claimNames = null;
    String[] claimDns = client.getClaims();
    if (claimDns != null) {
        claimNames = new String[claimDns.length];
        for (int i = 0; i < claimDns.length; i++) {
            GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDns[i]);
            claimNames[i] = gluuAttribute.getOxAuthClaimName();
        }
    }
    putCustomAttributesInResponse(client, responseJsonObject);
    if (claimNames != null && claimNames.length > 0) {
        Util.addToJSONObjectIfNotNull(responseJsonObject, CLAIMS.toString(), implode(claimNames, " "));
    }
    cibaRegisterClientResponseService.updateResponse(responseJsonObject, client);
    return responseJsonObject;
}
Also used : JSONObject(org.json.JSONObject) Scope(org.oxauth.persistence.model.Scope) GluuAttribute(org.gluu.model.GluuAttribute)

Example 64 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class ScopeService method fillClaims.

private void fillClaims(Map<String, Object> claims, List<String> scopeClaims, User user) throws InvalidClaimException {
    for (String claimDn : scopeClaims) {
        GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
        String claimName = gluuAttribute.getOxAuthClaimName();
        String ldapName = gluuAttribute.getName();
        if (StringUtils.isBlank(claimName)) {
            log.error("Failed to get claim because claim name is not set for attribute, id: {}", gluuAttribute.getDn());
            continue;
        }
        if (StringUtils.isBlank(ldapName)) {
            log.error("Failed to get claim because name is not set for attribute, id: {}", gluuAttribute.getDn());
            continue;
        }
        setClaimField(ldapName, claimName, user, gluuAttribute, claims);
    }
}
Also used : GluuAttribute(org.gluu.model.GluuAttribute)

Example 65 with GluuAttribute

use of org.gluu.model.GluuAttribute in project oxAuth by GluuFederation.

the class OpenIdConfiguration method createScopeToClaimsMapping.

/**
 * @deprecated theses params:
 *             <ul>
 *             <li>id_generation_endpoint</li>
 *             <li>introspection_endpoint</li>
 *             <li>auth_level_mapping</li>
 *             <li>scope_to_claims_mapping</li>
 *             </ul>
 *             will be moved from /.well-known/openid-configuration to
 *             /.well-known/gluu-configuration
 */
@Deprecated
private JSONArray createScopeToClaimsMapping(JSONArray scopesSupported, JSONArray claimsSupported) {
    final JSONArray scopeToClaimMapping = new JSONArray();
    Set<String> scopes = new HashSet<String>();
    Set<String> claims = new HashSet<String>();
    try {
        for (Scope scope : scopeService.getAllScopesList()) {
            if ((scope.getScopeType() == ScopeType.SPONTANEOUS && scope.isDeletable()) || !(canShowInConfigEndpoint(scope.getAttributes()))) {
                continue;
            }
            final JSONArray claimsList = new JSONArray();
            final JSONObject mapping = new JSONObject();
            mapping.put(scope.getId(), claimsList);
            scopes.add(scope.getId());
            scopeToClaimMapping.put(mapping);
            if (ScopeType.DYNAMIC.equals(scope.getScopeType())) {
                List<String> claimNames = externalDynamicScopeService.executeExternalGetSupportedClaimsMethods(Arrays.asList(scope));
                for (String claimName : claimNames) {
                    if (StringUtils.isNotBlank(claimName)) {
                        claimsList.put(claimName);
                        claims.add(claimName);
                    }
                }
            } else {
                final List<String> claimIdList = scope.getOxAuthClaims();
                if (claimIdList != null && !claimIdList.isEmpty()) {
                    for (String claimDn : claimIdList) {
                        final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
                        final String claimName = attribute.getOxAuthClaimName();
                        if (StringUtils.isNotBlank(claimName)) {
                            claimsList.put(claimName);
                            claims.add(claimName);
                        }
                    }
                }
            }
        }
        for (String scope : scopes) {
            scopesSupported.put(scope);
        }
        for (String claim : claims) {
            claimsSupported.put(claim);
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return scopeToClaimMapping;
}
Also used : Scope(org.oxauth.persistence.model.Scope) JSONObject(org.json.JSONObject) JSONArray(org.json.JSONArray) IOException(java.io.IOException) GluuAttribute(org.gluu.model.GluuAttribute)

Aggregations

GluuAttribute (org.gluu.model.GluuAttribute)68 ArrayList (java.util.ArrayList)21 GluuCustomAttribute (org.gluu.oxtrust.model.GluuCustomAttribute)10 IOException (java.io.IOException)8 Scope (org.oxauth.persistence.model.Scope)8 HttpEntity (org.apache.http.HttpEntity)7 HttpResponse (org.apache.http.HttpResponse)7 ParseException (org.apache.http.ParseException)7 Test (org.junit.Test)7 HttpGet (org.apache.http.client.methods.HttpGet)6 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)6 Filter (org.gluu.search.filter.Filter)5 JSONObject (org.json.JSONObject)4 Operation (io.swagger.v3.oas.annotations.Operation)3 ApiResponses (io.swagger.v3.oas.annotations.responses.ApiResponses)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 FacesMessage (javax.faces.application.FacesMessage)3 UIInput (javax.faces.component.UIInput)3 AttributeValidation (org.gluu.model.attribute.AttributeValidation)3