Example 1 with DhisOidcClientRegistration
use of org.hisp.dhis.security.oidc.DhisOidcClientRegistration in project dhis2-core by dhis2.
the class Dhis2JwtAuthenticationManagerResolver method getAuthenticationManager.
/**
* Looks for a DhisOidcClientRegistration in the DhisOidcProviderRepository
* that matches the input JWT "issuer". It creates a new
* DhisJwtAuthenticationProvider if it finds a matching config.
* <p>
* The DhisJwtAuthenticationProvider is configured with a custom
* {@link Converter} that "converts" the incoming JWT token into a
* {@link DhisJwtAuthenticationToken}.
* <p>
* It also configures a JWT decoder that "decodes" incoming JSON string into
* a JWT token ({@link Jwt}
*
* @param issuer JWT issuer to look up
*
* @return a DhisJwtAuthenticationProvider
*/
private AuthenticationManager getAuthenticationManager(String issuer) {
return this.authenticationManagers.computeIfAbsent(issuer, s -> {
DhisOidcClientRegistration clientRegistration = clientRegistrationRepository.findByIssuerUri(issuer);
if (clientRegistration == null) {
throw new InvalidBearerTokenException("Invalid issuer");
}
Converter<Jwt, DhisJwtAuthenticationToken> authConverter = getConverter(clientRegistration);
JwtDecoder decoder = getDecoder(issuer);
return new DhisJwtAuthenticationProvider(decoder, authConverter)::authenticate;
});
}
Also used :
DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder)
InvalidBearerTokenException(org.springframework.security.oauth2.server.resource.InvalidBearerTokenException)
Example 2 with DhisOidcClientRegistration
use of org.hisp.dhis.security.oidc.DhisOidcClientRegistration in project dhis2-core by dhis2.
the class Wso2Provider method parse.
public static DhisOidcClientRegistration parse(Properties config) {
Objects.requireNonNull(config, "DhisConfigurationProvider is missing!");
String wso2ClientId = config.getProperty(OIDC_PROVIDER_WSO2_CLIENT_ID.getKey());
String wso2ClientSecret = config.getProperty(OIDC_PROVIDER_WSO2_CLIENT_SECRET.getKey());
if (Strings.isNullOrEmpty(wso2ClientId)) {
return null;
}
if (Strings.isNullOrEmpty(wso2ClientSecret)) {
throw new IllegalArgumentException("WSO2 client secret is missing!");
}
ClientRegistration clientRegistration = buildClientRegistration(config, wso2ClientId, wso2ClientSecret, config.getProperty(OIDC_PROVIDER_WSO2_SERVER_URL.getKey()));
return DhisOidcClientRegistration.builder().clientRegistration(clientRegistration).mappingClaimKey(config.getProperty(OIDC_PROVIDER_WSO2_MAPPING_CLAIM.getKey())).loginIcon("../oidc/wso2-logo.svg").loginIconPadding("0px 1px").loginText(config.getProperty(OIDC_PROVIDER_WSO2_DISPLAY_ALIAS.getKey())).build();
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration)
Example 3 with DhisOidcClientRegistration
use of org.hisp.dhis.security.oidc.DhisOidcClientRegistration in project dhis2-core by dhis2.
the class AzureAdProvider method parse.
public static List<DhisOidcClientRegistration> parse(Properties config) {
Objects.requireNonNull(config, "DhisConfigurationProvider is missing!");
final ImmutableList.Builder<DhisOidcClientRegistration> clients = ImmutableList.builder();
for (int i = 0; i < MAX_AZURE_TENANTS; i++) {
String propertyPrefix = PROVIDER_PREFIX + i + '.';
String tenant = config.getProperty(propertyPrefix + AZURE_TENANT, "");
if (tenant.isEmpty()) {
continue;
}
DhisOidcClientRegistration dhisOidcClientRegistration = DhisOidcClientRegistration.builder().clientRegistration(buildClientRegistration(config, tenant, propertyPrefix)).mappingClaimKey(MoreObjects.firstNonNull(config.getProperty(propertyPrefix + MAPPING_CLAIM), DEFAULT_MAPPING_CLAIM)).loginIcon("../oidc/btn_azure_login.svg").loginIconPadding("13px 13px").loginText(config.getProperty(propertyPrefix + DISPLAY_ALIAS, "login_with_azure")).build();
clients.add(dhisOidcClientRegistration);
}
return clients.build();
}
Also used :
DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration)
ImmutableList(com.google.common.collect.ImmutableList)
Example 4 with DhisOidcClientRegistration
use of org.hisp.dhis.security.oidc.DhisOidcClientRegistration in project dhis2-core by dhis2.
the class GenericOidcProviderBuilderTest method testBuildSuccessfully.
@Test
@SuppressWarnings("unchecked")
void testBuildSuccessfully() {
Properties p = new Properties();
p.put("oidc.provider.idporten.client_id", "testClientId");
p.put("oidc.provider.idporten.client_secret", "testClientSecret!#!?");
p.put("oidc.provider.idporten.ext_client.android.client_id", "externalClientId");
p.put("oidc.provider.idporten.authorization_uri", "https://oidc-ver2.difi.no/authorize");
p.put("oidc.provider.idporten.token_uri", "https://oidc-ver2.difi.no/token");
p.put("oidc.provider.idporten.user_info_uri", "https://oidc-ver2.difi.no/userinfo");
p.put("oidc.provider.idporten.jwk_uri", "https://oidc-ver2.difi.no/jwk");
p.put("oidc.provider.idporten.issuer_uri", "https://oidc-ver2.difi.no");
p.put("oidc.provider.idporten.end_session_endpoint", "https://oidc-ver2.difi.no/endsession");
p.put("oidc.provider.idporten.scopes", "pid");
p.put("oidc.provider.idporten.mapping_claim", "helseid://claims/identity/pid");
p.put("oidc.provider.idporten.display_alias", "IdPorten");
p.put("oidc.provider.idporten.enable_logout", "true");
p.put("oidc.provider.idporten.login_image", "../oidc/idporten-logo.svg");
p.put("oidc.provider.idporten.login_image_padding", "0px 0px");
p.put("oidc.provider.idporten.extra_request_parameters", "acr_value 4 , test_param five");
p.put("oidc.provider.idporten.enable_pkce", "true");
List<DhisOidcClientRegistration> providerConfigList = GenericOidcProviderConfigParser.parse(p);
assertEquals(providerConfigList.size(), 1);
DhisOidcClientRegistration r = providerConfigList.get(0);
assertNotNull(r);
final String registrationId = r.getClientRegistration().getRegistrationId();
assertEquals(registrationId, "idporten");
assertEquals("helseid://claims/identity/pid", r.getMappingClaimKey());
assertEquals("../oidc/idporten-logo.svg", r.getLoginIcon());
assertEquals("0px 0px", r.getLoginIconPadding());
assertEquals("IdPorten", r.getLoginText());
assertEquals("testClientId", r.getClientRegistration().getClientId());
assertEquals("testClientSecret!#!?", r.getClientRegistration().getClientSecret());
assertTrue(r.getClientRegistration().getScopes().contains("pid"));
assertEquals("https://oidc-ver2.difi.no/token", r.getClientRegistration().getProviderDetails().getTokenUri());
assertEquals("https://oidc-ver2.difi.no/authorize", r.getClientRegistration().getProviderDetails().getAuthorizationUri());
assertEquals("https://oidc-ver2.difi.no/jwk", r.getClientRegistration().getProviderDetails().getJwkSetUri());
assertEquals("https://oidc-ver2.difi.no/userinfo", r.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
assertEquals("https://oidc-ver2.difi.no", r.getClientRegistration().getProviderDetails().getIssuerUri());
assertEquals("true", r.getClientRegistration().getProviderDetails().getConfigurationMetadata().get("enable_pkce"));
Object parameters = r.getClientRegistration().getProviderDetails().getConfigurationMetadata().get("extra_request_parameters");
Map<String, String> extraRequestParams = (Map<String, String>) parameters;
assertEquals("4", extraRequestParams.get("acr_value"));
Map<String, Map<String, String>> externalClients = r.getExternalClients();
assertNotNull(externalClients);
Map<String, String> android = externalClients.get("android");
assertNotNull(externalClients);
String client_id = android.get("client_id");
assertEquals("externalClientId", client_id);
}
Also used :
DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration)
Properties(java.util.Properties)
Map(java.util.Map)
HashMap(java.util.HashMap)
Test(org.junit.jupiter.api.Test)
Example 5 with DhisOidcClientRegistration
use of org.hisp.dhis.security.oidc.DhisOidcClientRegistration in project dhis2-core by dhis2.
the class JwtBearerTokenTest method setupGoogleProvider.
private void setupGoogleProvider(String clientId) {
Properties config = new Properties();
config.put(ConfigurationKey.OIDC_PROVIDER_GOOGLE_CLIENT_ID.getKey(), clientId);
config.put(ConfigurationKey.OIDC_PROVIDER_GOOGLE_CLIENT_SECRET.getKey(), "secret");
DhisOidcClientRegistration parse = GoogleProvider.parse(config);
dhisOidcProviderRepository.addRegistration(parse);
}
Also used :
DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration)
Properties(java.util.Properties)
Aggregations
DhisOidcClientRegistration (org.hisp.dhis.security.oidc.DhisOidcClientRegistration)7
Map (java.util.Map)3
HashMap (java.util.HashMap)2
Properties (java.util.Properties)2
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)2
ImmutableList (com.google.common.collect.ImmutableList)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
ArrayList (java.util.ArrayList)1
Set (java.util.Set)1
Test (org.junit.jupiter.api.Test)1
Jwt (org.springframework.security.oauth2.jwt.Jwt)1
JwtDecoder (org.springframework.security.oauth2.jwt.JwtDecoder)1
InvalidBearerTokenException (org.springframework.security.oauth2.server.resource.InvalidBearerTokenException)1
