use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxAuth by GluuFederation.
the class BaseTest method discovery.
@BeforeTest
public void discovery(ITestContext context) throws Exception {
// Load Form Interaction
loginFormUsername = context.getCurrentXmlTest().getParameter("loginFormUsername");
loginFormPassword = context.getCurrentXmlTest().getParameter("loginFormPassword");
loginFormLoginButton = context.getCurrentXmlTest().getParameter("loginFormLoginButton");
authorizeFormAllowButton = context.getCurrentXmlTest().getParameter("authorizeFormAllowButton");
authorizeFormDoNotAllowButton = context.getCurrentXmlTest().getParameter("authorizeFormDoNotAllowButton");
allTestKeys = Maps.newHashMap(context.getCurrentXmlTest().getAllParameters());
String resource = context.getCurrentXmlTest().getParameter("swdResource");
if (StringUtils.isNotBlank(resource)) {
showTitle("OpenID Connect Discovery");
OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(resource);
OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec(clientEngine(true));
showClient(openIdConnectDiscoveryClient);
assertEquals(openIdConnectDiscoveryResponse.getStatus(), 200, "Unexpected response code");
assertNotNull(openIdConnectDiscoveryResponse.getSubject());
assertTrue(openIdConnectDiscoveryResponse.getLinks().size() > 0);
configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
System.out.println("OpenID Connect Configuration");
OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
client.setExecutor(clientEngine(true));
OpenIdConfigurationResponse response = client.execOpenIdConfiguration();
showClient(client);
assertEquals(response.getStatus(), 200, "Unexpected response code");
assertNotNull(response.getIssuer(), "The issuer is null");
assertNotNull(response.getAuthorizationEndpoint(), "The authorizationEndpoint is null");
assertNotNull(response.getTokenEndpoint(), "The tokenEndpoint is null");
assertNotNull(response.getRevocationEndpoint(), "The revocationEndpoint is null");
assertNotNull(response.getUserInfoEndpoint(), "The userInfoEndPoint is null");
assertNotNull(response.getJwksUri(), "The jwksUri is null");
assertNotNull(response.getRegistrationEndpoint(), "The registrationEndpoint is null");
assertTrue(response.getScopesSupported().size() > 0, "The scopesSupported is empty");
assertTrue(response.getScopeToClaimsMapping().size() > 0, "The scope to claims mapping is empty");
assertTrue(response.getResponseTypesSupported().size() > 0, "The responseTypesSupported is empty");
assertTrue(response.getGrantTypesSupported().size() > 0, "The grantTypesSupported is empty");
assertTrue(response.getAcrValuesSupported().size() >= 0, "The acrValuesSupported is empty");
assertTrue(response.getSubjectTypesSupported().size() > 0, "The subjectTypesSupported is empty");
assertTrue(response.getIdTokenSigningAlgValuesSupported().size() > 0, "The idTokenSigningAlgValuesSupported is empty");
assertTrue(response.getRequestObjectSigningAlgValuesSupported().size() > 0, "The requestObjectSigningAlgValuesSupported is empty");
assertTrue(response.getTokenEndpointAuthMethodsSupported().size() > 0, "The tokenEndpointAuthMethodsSupported is empty");
assertTrue(response.getClaimsSupported().size() > 0, "The claimsSupported is empty");
authorizationEndpoint = response.getAuthorizationEndpoint();
tokenEndpoint = response.getTokenEndpoint();
tokenRevocationEndpoint = response.getRevocationEndpoint();
userInfoEndpoint = response.getUserInfoEndpoint();
clientInfoEndpoint = response.getClientInfoEndpoint();
checkSessionIFrame = response.getCheckSessionIFrame();
endSessionEndpoint = response.getEndSessionEndpoint();
jwksUri = response.getJwksUri();
registrationEndpoint = response.getRegistrationEndpoint();
idGenEndpoint = response.getIdGenerationEndpoint();
introspectionEndpoint = response.getIntrospectionEndpoint();
deviceAuthzEndpoint = response.getDeviceAuthzEndpoint();
backchannelAuthenticationEndpoint = response.getBackchannelAuthenticationEndpoint();
revokeSessionEndpoint = response.getSessionRevocationEndpoint();
scopeToClaimsMapping = response.getScopeToClaimsMapping();
gluuConfigurationEndpoint = determineGluuConfigurationEndpoint(openIdConnectDiscoveryResponse.getLinks().get(0).getHref());
issuer = response.getIssuer();
} else {
showTitle("Loading configuration endpoints from properties file");
authorizationEndpoint = context.getCurrentXmlTest().getParameter("authorizationEndpoint");
tokenEndpoint = context.getCurrentXmlTest().getParameter("tokenEndpoint");
tokenRevocationEndpoint = context.getCurrentXmlTest().getParameter("tokenRevocationEndpoint");
userInfoEndpoint = context.getCurrentXmlTest().getParameter("userInfoEndpoint");
clientInfoEndpoint = context.getCurrentXmlTest().getParameter("clientInfoEndpoint");
checkSessionIFrame = context.getCurrentXmlTest().getParameter("checkSessionIFrame");
endSessionEndpoint = context.getCurrentXmlTest().getParameter("endSessionEndpoint");
jwksUri = context.getCurrentXmlTest().getParameter("jwksUri");
registrationEndpoint = context.getCurrentXmlTest().getParameter("registrationEndpoint");
configurationEndpoint = context.getCurrentXmlTest().getParameter("configurationEndpoint");
idGenEndpoint = context.getCurrentXmlTest().getParameter("idGenEndpoint");
introspectionEndpoint = context.getCurrentXmlTest().getParameter("introspectionEndpoint");
backchannelAuthenticationEndpoint = context.getCurrentXmlTest().getParameter("backchannelAuthenticationEndpoint");
revokeSessionEndpoint = context.getCurrentXmlTest().getParameter("revokeSessionEndpoint");
scopeToClaimsMapping = new HashMap<String, List<String>>();
issuer = context.getCurrentXmlTest().getParameter("issuer");
}
authorizationPageEndpoint = determineAuthorizationPageEndpoint(authorizationEndpoint);
}
use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxTrust by GluuFederation.
the class AppInitializer method initOpenIdConfiguration.
@Produces
@ApplicationScoped
@Named("openIdConfiguration")
public OpenIdConfigurationResponse initOpenIdConfiguration() throws OxIntializationException {
String oxAuthIssuer = this.configurationFactory.getAppConfiguration().getOxAuthIssuer();
if (StringHelper.isEmpty(oxAuthIssuer)) {
log.info("oxAuth issuer isn't specified");
return null;
}
log.debug("Attempting to determine configuration endpoint URL");
OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient;
try {
openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(oxAuthIssuer);
} catch (URISyntaxException ex) {
throw new OxIntializationException("OpenId discovery response is invalid!", ex);
}
OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec();
if ((openIdConnectDiscoveryResponse.getStatus() != 200) || (openIdConnectDiscoveryResponse.getSubject() == null) || (openIdConnectDiscoveryResponse.getLinks().size() == 0)) {
throw new OxIntializationException("OpenId discovery response is invalid!");
}
log.debug("Attempting to load OpenID configuration");
String configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
OpenIdConfigurationResponse openIdConfiguration;
try {
openIdConfiguration = client.execOpenIdConfiguration();
} catch (Exception e) {
log.error("Failed to load OpenId configuration!", e);
throw new OxIntializationException("Failed to load OpenId configuration!");
}
if (openIdConfiguration.getStatus() != 200) {
throw new OxIntializationException("OpenId configuration response is invalid!");
}
return openIdConfiguration;
}
use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxTrust by GluuFederation.
the class OpenIdService method loadOpenIdConfiguration.
private void loadOpenIdConfiguration() throws IOException {
String openIdProvider = appConfiguration.getOxAuthIssuer();
if (StringHelper.isEmpty(openIdProvider)) {
throw new ConfigurationException("OpenIdProvider Url is invalid");
}
openIdProvider = openIdProvider + "/.well-known/openid-configuration";
final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
if ((response == null) || (response.getStatus() != 200)) {
throw new ConfigurationException("Failed to load oxAuth configuration");
}
log.info("Successfully loaded oxAuth configuration");
this.openIdConfiguration = response;
}
use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxTrust by GluuFederation.
the class OpenIdClient method loadOpenIdConfiguration.
private void loadOpenIdConfiguration() throws IOException {
String openIdProvider = appConfiguration.getOpenIdProviderUrl();
if (StringHelper.isEmpty(openIdProvider)) {
throw new ConfigurationException("OpenIdProvider Url is invalid");
}
final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
if ((response == null) || (response.getStatus() != 200)) {
throw new ConfigurationException("Failed to load oxAuth configuration");
}
logger.info("Successfully loaded oxAuth configuration");
this.openIdConfiguration = response;
}
use of org.gluu.oxauth.client.OpenIdConfigurationClient in project oxAuth by GluuFederation.
the class ConfigurationRestWebServiceHttpTest method requestOpenIdConfiguration.
@Test
@Parameters({ "swdResource" })
public void requestOpenIdConfiguration(final String resource) throws Exception {
showTitle("OpenID Connect Discovery");
OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(resource);
CloseableHttpClient httpClient = createHttpClient(HostnameVerifierType.ALLOW_ALL);
OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse;
try {
openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec(new ApacheHttpClient43Engine(httpClient));
} finally {
httpClient.close();
}
showClient(openIdConnectDiscoveryClient);
assertEquals(openIdConnectDiscoveryResponse.getStatus(), 200, "Unexpected response code");
assertNotNull(openIdConnectDiscoveryResponse.getSubject());
assertTrue(openIdConnectDiscoveryResponse.getLinks().size() > 0);
String configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
showTitle("OpenID Connect Configuration");
OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
OpenIdConfigurationResponse response = client.execOpenIdConfiguration();
showClient(client);
assertEquals(response.getStatus(), 200, "Unexpected response code");
assertNotNull(response.getIssuer(), "The issuer is null");
assertNotNull(response.getAuthorizationEndpoint(), "The authorizationEndpoint is null");
assertNotNull(response.getTokenEndpoint(), "The tokenEndpoint is null");
assertNotNull(response.getRevocationEndpoint(), "The tokenRevocationEndpoint is null");
assertNotNull(response.getUserInfoEndpoint(), "The userInfoEndPoint is null");
assertNotNull(response.getClientInfoEndpoint(), "The clientInfoEndPoint is null");
assertNotNull(response.getCheckSessionIFrame(), "The checkSessionIFrame is null");
assertNotNull(response.getEndSessionEndpoint(), "The endSessionEndpoint is null");
assertNotNull(response.getJwksUri(), "The jwksUri is null");
assertNotNull(response.getRegistrationEndpoint(), "The registrationEndpoint is null");
assertNotNull(response.getIntrospectionEndpoint(), "The introspectionEndpoint is null");
assertNotNull(response.getIdGenerationEndpoint(), "The idGenerationEndpoint is null");
assertTrue(response.getScopesSupported().size() > 0, "The scopesSupported is empty");
assertTrue(response.getScopeToClaimsMapping().size() > 0, "The scope to claims mapping is empty");
assertTrue(response.getResponseTypesSupported().size() > 0, "The responseTypesSupported is empty");
assertTrue(response.getResponseModesSupported().size() > 0, "The responseModesSupported is empty");
assertTrue(response.getGrantTypesSupported().size() > 0, "The grantTypesSupported is empty");
assertTrue(response.getAcrValuesSupported().size() >= 0, "The acrValuesSupported is empty");
assertTrue(response.getSubjectTypesSupported().size() > 0, "The subjectTypesSupported is empty");
assertTrue(response.getUserInfoSigningAlgValuesSupported().size() > 0, "The userInfoSigningAlgValuesSupported is empty");
assertTrue(response.getUserInfoEncryptionAlgValuesSupported().size() > 0, "The userInfoEncryptionAlgValuesSupported is empty");
assertTrue(response.getUserInfoEncryptionEncValuesSupported().size() > 0, "The userInfoEncryptionEncValuesSupported is empty");
assertTrue(response.getIdTokenSigningAlgValuesSupported().size() > 0, "The idTokenSigningAlgValuesSupported is empty");
assertTrue(response.getIdTokenEncryptionAlgValuesSupported().size() > 0, "The idTokenEncryptionAlgValuesSupported is empty");
assertTrue(response.getIdTokenEncryptionEncValuesSupported().size() > 0, "The idTokenEncryptionEncValuesSupported is empty");
assertTrue(response.getRequestObjectSigningAlgValuesSupported().size() > 0, "The requestObjectSigningAlgValuesSupported is empty");
assertTrue(response.getRequestObjectEncryptionAlgValuesSupported().size() > 0, "The requestObjectEncryptionAlgValuesSupported is empty");
assertTrue(response.getRequestObjectEncryptionEncValuesSupported().size() > 0, "The requestObjectEncryptionEncValuesSupported is empty");
assertTrue(response.getTokenEndpointAuthMethodsSupported().size() > 0, "The tokenEndpointAuthMethodsSupported is empty");
assertTrue(response.getTokenEndpointAuthSigningAlgValuesSupported().size() > 0, "The tokenEndpointAuthSigningAlgValuesSupported is empty");
assertTrue(response.getDisplayValuesSupported().size() > 0, "The displayValuesSupported is empty");
assertTrue(response.getClaimTypesSupported().size() > 0, "The claimTypesSupported is empty");
assertTrue(response.getClaimsSupported().size() > 0, "The claimsSupported is empty");
assertNotNull(response.getServiceDocumentation(), "The serviceDocumentation is null");
assertTrue(response.getClaimsLocalesSupported().size() > 0, "The claimsLocalesSupported is empty");
assertTrue(response.getUiLocalesSupported().size() > 0, "The uiLocalesSupported is empty");
assertTrue(response.getClaimsParameterSupported(), "The claimsParameterSupported is false");
assertTrue(response.getRequestParameterSupported(), "The requestParameterSupported is false");
assertTrue(response.getRequestUriParameterSupported(), "The requestUriParameterSupported is false");
assertFalse(response.getRequireRequestUriRegistration(), "The requireRequestUriRegistration is true");
assertNotNull(response.getOpPolicyUri(), "The opPolicyUri is null");
assertNotNull(response.getOpTosUri(), "The opTosUri is null");
// oxAuth #917: Add dynamic scopes and claims to discovery
Map<String, List<String>> scopeToClaims = response.getScopeToClaimsMapping();
List<String> scopesSupported = response.getScopesSupported();
List<String> claimsSupported = response.getClaimsSupported();
for (Map.Entry<String, List<String>> scopeEntry : scopeToClaims.entrySet()) {
assertTrue(scopesSupported.contains(scopeEntry.getKey()), "The scopes supported list does not contain the scope: " + scopeEntry.getKey());
for (String claimEntry : scopeEntry.getValue()) {
assertTrue(claimsSupported.contains(claimEntry), "The claims supported list does not contain the claim: " + claimEntry);
}
}
}
Aggregations