use of org.gluu.oxauth.client.OpenIdConfigurationResponse in project oxAuth by GluuFederation.
the class BaseTest method discovery.
@BeforeTest
public void discovery(ITestContext context) throws Exception {
// Load Form Interaction
loginFormUsername = context.getCurrentXmlTest().getParameter("loginFormUsername");
loginFormPassword = context.getCurrentXmlTest().getParameter("loginFormPassword");
loginFormLoginButton = context.getCurrentXmlTest().getParameter("loginFormLoginButton");
authorizeFormAllowButton = context.getCurrentXmlTest().getParameter("authorizeFormAllowButton");
authorizeFormDoNotAllowButton = context.getCurrentXmlTest().getParameter("authorizeFormDoNotAllowButton");
allTestKeys = Maps.newHashMap(context.getCurrentXmlTest().getAllParameters());
String resource = context.getCurrentXmlTest().getParameter("swdResource");
if (StringUtils.isNotBlank(resource)) {
showTitle("OpenID Connect Discovery");
OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(resource);
OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec(clientEngine(true));
showClient(openIdConnectDiscoveryClient);
assertEquals(openIdConnectDiscoveryResponse.getStatus(), 200, "Unexpected response code");
assertNotNull(openIdConnectDiscoveryResponse.getSubject());
assertTrue(openIdConnectDiscoveryResponse.getLinks().size() > 0);
configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
System.out.println("OpenID Connect Configuration");
OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
client.setExecutor(clientEngine(true));
OpenIdConfigurationResponse response = client.execOpenIdConfiguration();
showClient(client);
assertEquals(response.getStatus(), 200, "Unexpected response code");
assertNotNull(response.getIssuer(), "The issuer is null");
assertNotNull(response.getAuthorizationEndpoint(), "The authorizationEndpoint is null");
assertNotNull(response.getTokenEndpoint(), "The tokenEndpoint is null");
assertNotNull(response.getRevocationEndpoint(), "The revocationEndpoint is null");
assertNotNull(response.getUserInfoEndpoint(), "The userInfoEndPoint is null");
assertNotNull(response.getJwksUri(), "The jwksUri is null");
assertNotNull(response.getRegistrationEndpoint(), "The registrationEndpoint is null");
assertTrue(response.getScopesSupported().size() > 0, "The scopesSupported is empty");
assertTrue(response.getScopeToClaimsMapping().size() > 0, "The scope to claims mapping is empty");
assertTrue(response.getResponseTypesSupported().size() > 0, "The responseTypesSupported is empty");
assertTrue(response.getGrantTypesSupported().size() > 0, "The grantTypesSupported is empty");
assertTrue(response.getAcrValuesSupported().size() >= 0, "The acrValuesSupported is empty");
assertTrue(response.getSubjectTypesSupported().size() > 0, "The subjectTypesSupported is empty");
assertTrue(response.getIdTokenSigningAlgValuesSupported().size() > 0, "The idTokenSigningAlgValuesSupported is empty");
assertTrue(response.getRequestObjectSigningAlgValuesSupported().size() > 0, "The requestObjectSigningAlgValuesSupported is empty");
assertTrue(response.getTokenEndpointAuthMethodsSupported().size() > 0, "The tokenEndpointAuthMethodsSupported is empty");
assertTrue(response.getClaimsSupported().size() > 0, "The claimsSupported is empty");
authorizationEndpoint = response.getAuthorizationEndpoint();
tokenEndpoint = response.getTokenEndpoint();
tokenRevocationEndpoint = response.getRevocationEndpoint();
userInfoEndpoint = response.getUserInfoEndpoint();
clientInfoEndpoint = response.getClientInfoEndpoint();
checkSessionIFrame = response.getCheckSessionIFrame();
endSessionEndpoint = response.getEndSessionEndpoint();
jwksUri = response.getJwksUri();
registrationEndpoint = response.getRegistrationEndpoint();
idGenEndpoint = response.getIdGenerationEndpoint();
introspectionEndpoint = response.getIntrospectionEndpoint();
deviceAuthzEndpoint = response.getDeviceAuthzEndpoint();
backchannelAuthenticationEndpoint = response.getBackchannelAuthenticationEndpoint();
revokeSessionEndpoint = response.getSessionRevocationEndpoint();
scopeToClaimsMapping = response.getScopeToClaimsMapping();
gluuConfigurationEndpoint = determineGluuConfigurationEndpoint(openIdConnectDiscoveryResponse.getLinks().get(0).getHref());
issuer = response.getIssuer();
} else {
showTitle("Loading configuration endpoints from properties file");
authorizationEndpoint = context.getCurrentXmlTest().getParameter("authorizationEndpoint");
tokenEndpoint = context.getCurrentXmlTest().getParameter("tokenEndpoint");
tokenRevocationEndpoint = context.getCurrentXmlTest().getParameter("tokenRevocationEndpoint");
userInfoEndpoint = context.getCurrentXmlTest().getParameter("userInfoEndpoint");
clientInfoEndpoint = context.getCurrentXmlTest().getParameter("clientInfoEndpoint");
checkSessionIFrame = context.getCurrentXmlTest().getParameter("checkSessionIFrame");
endSessionEndpoint = context.getCurrentXmlTest().getParameter("endSessionEndpoint");
jwksUri = context.getCurrentXmlTest().getParameter("jwksUri");
registrationEndpoint = context.getCurrentXmlTest().getParameter("registrationEndpoint");
configurationEndpoint = context.getCurrentXmlTest().getParameter("configurationEndpoint");
idGenEndpoint = context.getCurrentXmlTest().getParameter("idGenEndpoint");
introspectionEndpoint = context.getCurrentXmlTest().getParameter("introspectionEndpoint");
backchannelAuthenticationEndpoint = context.getCurrentXmlTest().getParameter("backchannelAuthenticationEndpoint");
revokeSessionEndpoint = context.getCurrentXmlTest().getParameter("revokeSessionEndpoint");
scopeToClaimsMapping = new HashMap<String, List<String>>();
issuer = context.getCurrentXmlTest().getParameter("issuer");
}
authorizationPageEndpoint = determineAuthorizationPageEndpoint(authorizationEndpoint);
}
use of org.gluu.oxauth.client.OpenIdConfigurationResponse in project oxTrust by GluuFederation.
the class Authenticator method requestAccessToken.
private String requestAccessToken(String oxAuthHost, String authorizationCode, String sessionState, String scopes, String clientID, String clientPassword) {
OpenIdConfigurationResponse openIdConfiguration = openIdService.getOpenIdConfiguration();
// 1. Request access token using the authorization code.
TokenClient tokenClient1 = new TokenClient(openIdConfiguration.getTokenEndpoint());
TokenResponse tokenResponse = tokenClient1.execAuthorizationCode(authorizationCode, appConfiguration.getLoginRedirectUrl(), clientID, clientPassword);
log.debug(" tokenResponse : " + tokenResponse);
if (tokenResponse == null) {
log.error("Get empty token response. User rcan't log into application");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
log.debug(" tokenResponse.getErrorType() : " + tokenResponse.getErrorType());
String accessToken = tokenResponse.getAccessToken();
log.debug(" accessToken : " + accessToken);
String idToken = tokenResponse.getIdToken();
log.debug(" idToken : " + idToken);
if (idToken == null) {
log.error("Failed to get id_token");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
log.info("Session validation successful. User is logged in");
UserInfoClient userInfoClient = new UserInfoClient(openIdConfiguration.getUserInfoEndpoint());
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
if (userInfoResponse == null) {
log.error("Get empty token response. User can't log into application");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Parse JWT
Jwt jwt;
try {
jwt = Jwt.parse(idToken);
} catch (InvalidJwtException ex) {
log.error("Failed to parse id_token");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Check nonce
if (!StringHelper.equals((String) identity.getSessionMap().get(OxTrustConstants.OXAUTH_NONCE), (String) jwt.getClaims().getClaim(JwtClaimName.NONCE))) {
log.error("User info response : nonce is not matching.");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Determine uid
List<String> uidValues = userInfoResponse.getClaims().get(JwtClaimName.USER_NAME);
if ((uidValues == null) || (uidValues.size() == 0)) {
log.error("User info response doesn't contains uid claim");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
// Check requested authentication method
if (identity.getSessionMap().containsKey(OxTrustConstants.OXAUTH_ACR_VALUES)) {
String requestAcrValues = (String) identity.getSessionMap().get(OxTrustConstants.OXAUTH_ACR_VALUES);
String issuer = openIdConfiguration.getIssuer();
String responseIssuer = (String) jwt.getClaims().getClaim(JwtClaimName.ISSUER);
if (issuer == null || responseIssuer == null || !issuer.equals(responseIssuer)) {
log.error("User info response : Issuer.");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
List<String> acrLevels = jwt.getClaims().getClaimAsStringList(JwtClaimName.AUTHENTICATION_METHOD_REFERENCES);
if ((acrLevels == null) || (acrLevels.size() == 0)) {
log.error("User info response doesn't contains acr claim");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
int currentAcrLevel = 0;
if (requestAcrValues.equalsIgnoreCase(OxTrustConstants.SCRIPT_TYPE_INTERNAL_RESERVED_NAME)) {
currentAcrLevel = -1;
} else {
currentAcrLevel = customScriptService.getScriptLevel(customScriptService.getScriptByDisplayName(requestAcrValues));
}
if (currentAcrLevel > Integer.valueOf(acrLevels.get(0))) {
log.error("User info response doesn't contains acr claim");
return OxTrustConstants.RESULT_NO_PERMISSIONS;
}
}
OauthData oauthData = identity.getOauthData();
oauthData.setHost(oxAuthHost);
oauthData.setUserUid(uidValues.get(0));
oauthData.setAccessToken(accessToken);
oauthData.setAccessTokenExpirationInSeconds(tokenResponse.getExpiresIn());
oauthData.setScopes(scopes);
oauthData.setIdToken(idToken);
oauthData.setSessionState(sessionState);
identity.setWorkingParameter(OxTrustConstants.OXAUTH_SSO_SESSION_STATE, Boolean.FALSE);
log.info("user uid:" + oauthData.getUserUid());
return authenticate();
}
use of org.gluu.oxauth.client.OpenIdConfigurationResponse in project oxTrust by GluuFederation.
the class AppInitializer method initOpenIdConfiguration.
@Produces
@ApplicationScoped
@Named("openIdConfiguration")
public OpenIdConfigurationResponse initOpenIdConfiguration() throws OxIntializationException {
String oxAuthIssuer = this.configurationFactory.getAppConfiguration().getOxAuthIssuer();
if (StringHelper.isEmpty(oxAuthIssuer)) {
log.info("oxAuth issuer isn't specified");
return null;
}
log.debug("Attempting to determine configuration endpoint URL");
OpenIdConnectDiscoveryClient openIdConnectDiscoveryClient;
try {
openIdConnectDiscoveryClient = new OpenIdConnectDiscoveryClient(oxAuthIssuer);
} catch (URISyntaxException ex) {
throw new OxIntializationException("OpenId discovery response is invalid!", ex);
}
OpenIdConnectDiscoveryResponse openIdConnectDiscoveryResponse = openIdConnectDiscoveryClient.exec();
if ((openIdConnectDiscoveryResponse.getStatus() != 200) || (openIdConnectDiscoveryResponse.getSubject() == null) || (openIdConnectDiscoveryResponse.getLinks().size() == 0)) {
throw new OxIntializationException("OpenId discovery response is invalid!");
}
log.debug("Attempting to load OpenID configuration");
String configurationEndpoint = openIdConnectDiscoveryResponse.getLinks().get(0).getHref() + "/.well-known/openid-configuration";
OpenIdConfigurationClient client = new OpenIdConfigurationClient(configurationEndpoint);
OpenIdConfigurationResponse openIdConfiguration;
try {
openIdConfiguration = client.execOpenIdConfiguration();
} catch (Exception e) {
log.error("Failed to load OpenId configuration!", e);
throw new OxIntializationException("Failed to load OpenId configuration!");
}
if (openIdConfiguration.getStatus() != 200) {
throw new OxIntializationException("OpenId configuration response is invalid!");
}
return openIdConfiguration;
}
use of org.gluu.oxauth.client.OpenIdConfigurationResponse in project oxTrust by GluuFederation.
the class OpenIdService method loadOpenIdConfiguration.
private void loadOpenIdConfiguration() throws IOException {
String openIdProvider = appConfiguration.getOxAuthIssuer();
if (StringHelper.isEmpty(openIdProvider)) {
throw new ConfigurationException("OpenIdProvider Url is invalid");
}
openIdProvider = openIdProvider + "/.well-known/openid-configuration";
final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
if ((response == null) || (response.getStatus() != 200)) {
throw new ConfigurationException("Failed to load oxAuth configuration");
}
log.info("Successfully loaded oxAuth configuration");
this.openIdConfiguration = response;
}
use of org.gluu.oxauth.client.OpenIdConfigurationResponse in project oxTrust by GluuFederation.
the class OpenIdClient method loadOpenIdConfiguration.
private void loadOpenIdConfiguration() throws IOException {
String openIdProvider = appConfiguration.getOpenIdProviderUrl();
if (StringHelper.isEmpty(openIdProvider)) {
throw new ConfigurationException("OpenIdProvider Url is invalid");
}
final OpenIdConfigurationClient openIdConfigurationClient = new OpenIdConfigurationClient(openIdProvider);
final OpenIdConfigurationResponse response = openIdConfigurationClient.execOpenIdConfiguration();
if ((response == null) || (response.getStatus() != 200)) {
throw new ConfigurationException("Failed to load oxAuth configuration");
}
logger.info("Successfully loaded oxAuth configuration");
this.openIdConfiguration = response;
}
Aggregations