Search in sources :

Example 1 with OpenIdConfigurationClient

use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxAuth by GluuFederation.

the class BaseTest method discovery.

@BeforeTest
public void discovery(ITestContext context) throws Exception {
    // Load Form Interaction
    loginFormUsername = context.getCurrentXmlTest().getParameter("loginFormUsername");
    loginFormPassword = context.getCurrentXmlTest().getParameter("loginFormPassword");
    loginFormLoginButton = context.getCurrentXmlTest().getParameter("loginFormLoginButton");
    authorizeFormAllowButton = context.getCurrentXmlTest().getParameter("authorizeFormAllowButton");
    authorizeFormDoNotAllowButton = context.getCurrentXmlTest().getParameter("authorizeFormDoNotAllowButton");
    allTestKeys = Maps.newHashMap(context.getCurrentXmlTest().getAllParameters());
    String resource = context.getCurrentXmlTest().getParameter("swdResource");
    if (StringUtils.isNotBlank(resource)) {
        showTitle("OpenID Connect Discovery");
        OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(resource);
        OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec(clientEngine(true));
        showClient(openIdConnectDiscoveryClient);
        assertEquals(openIdConnectDiscoveryResponse.getStatus(), 200, "Unexpected response code");
        assertNotNull(openIdConnectDiscoveryResponse.getSubject());
        assertTrue(openIdConnectDiscoveryResponse.getLinks().size() > 0);
        configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
        System.out.println("OpenID Connect Configuration");
        OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
        client.setExecutor(clientEngine(true));
        OpenIdConfigurationResponse response = client.execOpenIdConfiguration();
        showClient(client);
        assertEquals(response.getStatus(), 200, "Unexpected response code");
        assertNotNull(response.getIssuer(), "The issuer is null");
        assertNotNull(response.getAuthorizationEndpoint(), "The authorizationEndpoint is null");
        assertNotNull(response.getTokenEndpoint(), "The tokenEndpoint is null");
        assertNotNull(response.getRevocationEndpoint(), "The revocationEndpoint is null");
        assertNotNull(response.getUserInfoEndpoint(), "The userInfoEndPoint is null");
        assertNotNull(response.getJwksUri(), "The jwksUri is null");
        assertNotNull(response.getRegistrationEndpoint(), "The registrationEndpoint is null");
        assertTrue(response.getScopesSupported().size() > 0, "The scopesSupported is empty");
        assertTrue(response.getScopeToClaimsMapping().size() > 0, "The scope to claims mapping is empty");
        assertTrue(response.getResponseTypesSupported().size() > 0, "The responseTypesSupported is empty");
        assertTrue(response.getGrantTypesSupported().size() > 0, "The grantTypesSupported is empty");
        assertTrue(response.getAcrValuesSupported().size() >= 0, "The acrValuesSupported is empty");
        assertTrue(response.getSubjectTypesSupported().size() > 0, "The subjectTypesSupported is empty");
        assertTrue(response.getIdTokenSigningAlgValuesSupported().size() > 0, "The idTokenSigningAlgValuesSupported is empty");
        assertTrue(response.getRequestObjectSigningAlgValuesSupported().size() > 0, "The requestObjectSigningAlgValuesSupported is empty");
        assertTrue(response.getTokenEndpointAuthMethodsSupported().size() > 0, "The tokenEndpointAuthMethodsSupported is empty");
        assertTrue(response.getClaimsSupported().size() > 0, "The claimsSupported is empty");
        authorizationEndpoint = response.getAuthorizationEndpoint();
        tokenEndpoint = response.getTokenEndpoint();
        tokenRevocationEndpoint = response.getRevocationEndpoint();
        userInfoEndpoint = response.getUserInfoEndpoint();
        clientInfoEndpoint = response.getClientInfoEndpoint();
        checkSessionIFrame = response.getCheckSessionIFrame();
        endSessionEndpoint = response.getEndSessionEndpoint();
        jwksUri = response.getJwksUri();
        registrationEndpoint = response.getRegistrationEndpoint();
        idGenEndpoint = response.getIdGenerationEndpoint();
        introspectionEndpoint = response.getIntrospectionEndpoint();
        deviceAuthzEndpoint = response.getDeviceAuthzEndpoint();
        backchannelAuthenticationEndpoint = response.getBackchannelAuthenticationEndpoint();
        revokeSessionEndpoint = response.getSessionRevocationEndpoint();
        scopeToClaimsMapping = response.getScopeToClaimsMapping();
        gluuConfigurationEndpoint = determineGluuConfigurationEndpoint(openIdConnectDiscoveryResponse.getLinks().get(0).getHref());
        issuer = response.getIssuer();
    } else {
        showTitle("Loading configuration endpoints from properties file");
        authorizationEndpoint = context.getCurrentXmlTest().getParameter("authorizationEndpoint");
        tokenEndpoint = context.getCurrentXmlTest().getParameter("tokenEndpoint");
        tokenRevocationEndpoint = context.getCurrentXmlTest().getParameter("tokenRevocationEndpoint");
        userInfoEndpoint = context.getCurrentXmlTest().getParameter("userInfoEndpoint");
        clientInfoEndpoint = context.getCurrentXmlTest().getParameter("clientInfoEndpoint");
        checkSessionIFrame = context.getCurrentXmlTest().getParameter("checkSessionIFrame");
        endSessionEndpoint = context.getCurrentXmlTest().getParameter("endSessionEndpoint");
        jwksUri = context.getCurrentXmlTest().getParameter("jwksUri");
        registrationEndpoint = context.getCurrentXmlTest().getParameter("registrationEndpoint");
        configurationEndpoint = context.getCurrentXmlTest().getParameter("configurationEndpoint");
        idGenEndpoint = context.getCurrentXmlTest().getParameter("idGenEndpoint");
        introspectionEndpoint = context.getCurrentXmlTest().getParameter("introspectionEndpoint");
        backchannelAuthenticationEndpoint = context.getCurrentXmlTest().getParameter("backchannelAuthenticationEndpoint");
        revokeSessionEndpoint = context.getCurrentXmlTest().getParameter("revokeSessionEndpoint");
        scopeToClaimsMapping = new HashMap<String, List<String>>();
        issuer = context.getCurrentXmlTest().getParameter("issuer");
    }
    authorizationPageEndpoint = determineAuthorizationPageEndpoint(authorizationEndpoint);
}
Also used : OpenIdConnectDiscoveryClient(org.gluu.oxauth.client.OpenIdConnectDiscoveryClient) OpenIdConfigurationClient(org.gluu.oxauth.client.OpenIdConfigurationClient) OpenIdConnectDiscoveryResponse(org.gluu.oxauth.client.OpenIdConnectDiscoveryResponse) OpenIdConfigurationResponse(org.gluu.oxauth.client.OpenIdConfigurationResponse) List(java.util.List) BeforeTest(org.testng.annotations.BeforeTest)

Example 2 with OpenIdConfigurationClient

use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxTrust by GluuFederation.

the class AppInitializer method initOpenIdConfiguration.

@Produces
@ApplicationScoped
@Named("openIdConfiguration")
public OpenIdConfigurationResponse initOpenIdConfiguration() throws OxIntializationException {
    String oxAuthIssuer = this.configurationFactory.getAppConfiguration().getOxAuthIssuer();
    if (StringHelper.isEmpty(oxAuthIssuer)) {
        log.info("oxAuth issuer isn't specified");
        return null;
    }
    log.debug("Attempting to determine configuration endpoint URL");
    OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient;
    try {
        openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(oxAuthIssuer);
    } catch (URISyntaxException ex) {
        throw new OxIntializationException("OpenId discovery response is invalid!", ex);
    }
    OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec();
    if ((openIdConnectDiscoveryResponse.getStatus() != 200) || (openIdConnectDiscoveryResponse.getSubject() == null) || (openIdConnectDiscoveryResponse.getLinks().size() == 0)) {
        throw new OxIntializationException("OpenId discovery response is invalid!");
    }
    log.debug("Attempting to load OpenID configuration");
    String configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
    OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
    OpenIdConfigurationResponse openIdConfiguration;
    try {
        openIdConfiguration = client.execOpenIdConfiguration();
    } catch (Exception e) {
        log.error("Failed to load OpenId configuration!", e);
        throw new OxIntializationException("Failed to load OpenId configuration!");
    }
    if (openIdConfiguration.getStatus() != 200) {
        throw new OxIntializationException("OpenId configuration response is invalid!");
    }
    return openIdConfiguration;
}
Also used : OpenIdConnectDiscoveryClient(org.gluu.oxauth.client.OpenIdConnectDiscoveryClient) OpenIdConfigurationClient(org.gluu.oxauth.client.OpenIdConfigurationClient) OpenIdConnectDiscoveryResponse(org.gluu.oxauth.client.OpenIdConnectDiscoveryResponse) OpenIdConfigurationResponse(org.gluu.oxauth.client.OpenIdConfigurationResponse) URISyntaxException(java.net.URISyntaxException) OxIntializationException(org.gluu.exception.OxIntializationException) URISyntaxException(java.net.URISyntaxException) EncryptionException(org.gluu.util.security.StringEncrypter.EncryptionException) OxIntializationException(org.gluu.exception.OxIntializationException) Named(javax.inject.Named) Produces(javax.enterprise.inject.Produces) ApplicationScoped(javax.enterprise.context.ApplicationScoped)

Example 3 with OpenIdConfigurationClient

use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxTrust by GluuFederation.

the class OpenIdService method loadOpenIdConfiguration.

private void loadOpenIdConfiguration() throws IOException {
    String openIdProvider = appConfiguration.getOxAuthIssuer();
    if (StringHelper.isEmpty(openIdProvider)) {
        throw new ConfigurationException("OpenIdProvider Url is invalid");
    }
    openIdProvider = openIdProvider + "/.well-known/openid-configuration";
    final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
    final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
    if ((response == null) || (response.getStatus() != 200)) {
        throw new ConfigurationException("Failed to load oxAuth configuration");
    }
    log.info("Successfully loaded oxAuth configuration");
    this.openIdConfiguration = response;
}
Also used : OpenIdConfigurationClient(org.gluu.oxauth.client.OpenIdConfigurationClient) ConfigurationException(org.gluu.util.exception.ConfigurationException) OpenIdConfigurationResponse(org.gluu.oxauth.client.OpenIdConfigurationResponse)

Example 4 with OpenIdConfigurationClient

use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxTrust by GluuFederation.

the class OpenIdClient method loadOpenIdConfiguration.

private void loadOpenIdConfiguration() throws IOException {
    String openIdProvider = appConfiguration.getOpenIdProviderUrl();
    if (StringHelper.isEmpty(openIdProvider)) {
        throw new ConfigurationException("OpenIdProvider Url is invalid");
    }
    final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
    final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
    if ((response == null) || (response.getStatus() != 200)) {
        throw new ConfigurationException("Failed to load oxAuth configuration");
    }
    logger.info("Successfully loaded oxAuth configuration");
    this.openIdConfiguration = response;
}
Also used : OpenIdConfigurationClient(org.gluu.oxauth.client.OpenIdConfigurationClient) ConfigurationException(org.gluu.util.exception.ConfigurationException) OpenIdConfigurationResponse(org.gluu.oxauth.client.OpenIdConfigurationResponse)

Example 5 with OpenIdConfigurationClient

use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxAuth by GluuFederation.

the class ConfigurationRestWebServiceHttpTest method requestOpenIdConfiguration.

@Test
@Parameters({ "swdResource" })
public void requestOpenIdConfiguration(final String resource) throws Exception {
    showTitle("OpenID Connect Discovery");
    OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(resource);
    CloseableHttpClient httpClient = createHttpClient(HostnameVerifierType.ALLOW_ALL);
    OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse;
    try {
        openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec(new ApacheHttpClient43Engine(httpClient));
    } finally {
        httpClient.close();
    }
    showClient(openIdConnectDiscoveryClient);
    assertEquals(openIdConnectDiscoveryResponse.getStatus(), 200, "Unexpected response code");
    assertNotNull(openIdConnectDiscoveryResponse.getSubject());
    assertTrue(openIdConnectDiscoveryResponse.getLinks().size() > 0);
    String configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
    showTitle("OpenID Connect Configuration");
    OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
    OpenIdConfigurationResponse response = client.execOpenIdConfiguration();
    showClient(client);
    assertEquals(response.getStatus(), 200, "Unexpected response code");
    assertNotNull(response.getIssuer(), "The issuer is null");
    assertNotNull(response.getAuthorizationEndpoint(), "The authorizationEndpoint is null");
    assertNotNull(response.getTokenEndpoint(), "The tokenEndpoint is null");
    assertNotNull(response.getRevocationEndpoint(), "The tokenRevocationEndpoint is null");
    assertNotNull(response.getUserInfoEndpoint(), "The userInfoEndPoint is null");
    assertNotNull(response.getClientInfoEndpoint(), "The clientInfoEndPoint is null");
    assertNotNull(response.getCheckSessionIFrame(), "The checkSessionIFrame is null");
    assertNotNull(response.getEndSessionEndpoint(), "The endSessionEndpoint is null");
    assertNotNull(response.getJwksUri(), "The jwksUri is null");
    assertNotNull(response.getRegistrationEndpoint(), "The registrationEndpoint is null");
    assertNotNull(response.getIntrospectionEndpoint(), "The introspectionEndpoint is null");
    assertNotNull(response.getIdGenerationEndpoint(), "The idGenerationEndpoint is null");
    assertTrue(response.getScopesSupported().size() > 0, "The scopesSupported is empty");
    assertTrue(response.getScopeToClaimsMapping().size() > 0, "The scope to claims mapping is empty");
    assertTrue(response.getResponseTypesSupported().size() > 0, "The responseTypesSupported is empty");
    assertTrue(response.getResponseModesSupported().size() > 0, "The responseModesSupported is empty");
    assertTrue(response.getGrantTypesSupported().size() > 0, "The grantTypesSupported is empty");
    assertTrue(response.getAcrValuesSupported().size() >= 0, "The acrValuesSupported is empty");
    assertTrue(response.getSubjectTypesSupported().size() > 0, "The subjectTypesSupported is empty");
    assertTrue(response.getUserInfoSigningAlgValuesSupported().size() > 0, "The userInfoSigningAlgValuesSupported is empty");
    assertTrue(response.getUserInfoEncryptionAlgValuesSupported().size() > 0, "The userInfoEncryptionAlgValuesSupported is empty");
    assertTrue(response.getUserInfoEncryptionEncValuesSupported().size() > 0, "The userInfoEncryptionEncValuesSupported is empty");
    assertTrue(response.getIdTokenSigningAlgValuesSupported().size() > 0, "The idTokenSigningAlgValuesSupported is empty");
    assertTrue(response.getIdTokenEncryptionAlgValuesSupported().size() > 0, "The idTokenEncryptionAlgValuesSupported is empty");
    assertTrue(response.getIdTokenEncryptionEncValuesSupported().size() > 0, "The idTokenEncryptionEncValuesSupported is empty");
    assertTrue(response.getRequestObjectSigningAlgValuesSupported().size() > 0, "The requestObjectSigningAlgValuesSupported is empty");
    assertTrue(response.getRequestObjectEncryptionAlgValuesSupported().size() > 0, "The requestObjectEncryptionAlgValuesSupported is empty");
    assertTrue(response.getRequestObjectEncryptionEncValuesSupported().size() > 0, "The requestObjectEncryptionEncValuesSupported is empty");
    assertTrue(response.getTokenEndpointAuthMethodsSupported().size() > 0, "The tokenEndpointAuthMethodsSupported is empty");
    assertTrue(response.getTokenEndpointAuthSigningAlgValuesSupported().size() > 0, "The tokenEndpointAuthSigningAlgValuesSupported is empty");
    assertTrue(response.getDisplayValuesSupported().size() > 0, "The displayValuesSupported is empty");
    assertTrue(response.getClaimTypesSupported().size() > 0, "The claimTypesSupported is empty");
    assertTrue(response.getClaimsSupported().size() > 0, "The claimsSupported is empty");
    assertNotNull(response.getServiceDocumentation(), "The serviceDocumentation is null");
    assertTrue(response.getClaimsLocalesSupported().size() > 0, "The claimsLocalesSupported is empty");
    assertTrue(response.getUiLocalesSupported().size() > 0, "The uiLocalesSupported is empty");
    assertTrue(response.getClaimsParameterSupported(), "The claimsParameterSupported is false");
    assertTrue(response.getRequestParameterSupported(), "The requestParameterSupported is false");
    assertTrue(response.getRequestUriParameterSupported(), "The requestUriParameterSupported is false");
    assertFalse(response.getRequireRequestUriRegistration(), "The requireRequestUriRegistration is true");
    assertNotNull(response.getOpPolicyUri(), "The opPolicyUri is null");
    assertNotNull(response.getOpTosUri(), "The opTosUri is null");
    // oxAuth #917: Add dynamic scopes and claims to discovery
    Map<String, List<String>> scopeToClaims = response.getScopeToClaimsMapping();
    List<String> scopesSupported = response.getScopesSupported();
    List<String> claimsSupported = response.getClaimsSupported();
    for (Map.Entry<String, List<String>> scopeEntry : scopeToClaims.entrySet()) {
        assertTrue(scopesSupported.contains(scopeEntry.getKey()), "The scopes supported list does not contain the scope: " + scopeEntry.getKey());
        for (String claimEntry : scopeEntry.getValue()) {
            assertTrue(claimsSupported.contains(claimEntry), "The claims supported list does not contain the claim: " + claimEntry);
        }
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) OpenIdConnectDiscoveryClient(org.gluu.oxauth.client.OpenIdConnectDiscoveryClient) OpenIdConfigurationClient(org.gluu.oxauth.client.OpenIdConfigurationClient) OpenIdConnectDiscoveryResponse(org.gluu.oxauth.client.OpenIdConnectDiscoveryResponse) OpenIdConfigurationResponse(org.gluu.oxauth.client.OpenIdConfigurationResponse) List(java.util.List) Map(java.util.Map) ApacheHttpClient43Engine(org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Aggregations

OpenIdConfigurationClient (org.gluu.oxauth.client.OpenIdConfigurationClient)6 OpenIdConfigurationResponse (org.gluu.oxauth.client.OpenIdConfigurationResponse)6 OpenIdConnectDiscoveryClient (org.gluu.oxauth.client.OpenIdConnectDiscoveryClient)4 OpenIdConnectDiscoveryResponse (org.gluu.oxauth.client.OpenIdConnectDiscoveryResponse)4 List (java.util.List)2 BaseTest (org.gluu.oxauth.BaseTest)2 ConfigurationException (org.gluu.util.exception.ConfigurationException)2 ApacheHttpClient43Engine (org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine)2 Parameters (org.testng.annotations.Parameters)2 Test (org.testng.annotations.Test)2 URISyntaxException (java.net.URISyntaxException)1 Map (java.util.Map)1 ApplicationScoped (javax.enterprise.context.ApplicationScoped)1 Produces (javax.enterprise.inject.Produces)1 Named (javax.inject.Named)1 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)1 OxIntializationException (org.gluu.exception.OxIntializationException)1 EncryptionException (org.gluu.util.security.StringEncrypter.EncryptionException)1 BeforeTest (org.testng.annotations.BeforeTest)1