use of org.openid4java.association.Association in project cas by apereo.
the class OpenIdServiceResponseBuilder method build.
/**
* Generates an Openid response.
* If no ticketId is found, response is negative.
* If we have a ticket id, then we check if we have an association.
* If so, we ask OpenId server manager to generate the answer according with the existing association.
* If not, we send back an answer with the ticket id as association handle.
* This will force the consumer to ask a verification, which will validate the service ticket.
*
* @param ticketId the service ticket to provide to the service.
* @param webApplicationService the service requesting an openid response
* @return the generated authentication answer
*/
@Override
public Response build(final WebApplicationService webApplicationService, final String ticketId) {
final OpenIdService service = (OpenIdService) webApplicationService;
final ParameterList parameterList = new ParameterList(WebUtils.getHttpServletRequestFromRequestAttributes().getParameterMap());
final Map<String, String> parameters = new HashMap<>();
if (StringUtils.isBlank(ticketId)) {
parameters.put(OpenIdProtocolConstants.OPENID_MODE, OpenIdProtocolConstants.CANCEL);
return buildRedirect(service, parameters);
}
final Association association = getAssociation(serverManager, parameterList);
final boolean associated = association != null;
final boolean associationValid = isAssociationValid(association);
boolean successFullAuthentication = true;
Assertion assertion = null;
try {
if (associated && associationValid) {
assertion = centralAuthenticationService.validateServiceTicket(ticketId, service);
LOGGER.debug("Validated openid ticket [{}] for [{}]", ticketId, service);
} else if (!associated) {
LOGGER.debug("Responding to non-associated mode. Service ticket [{}] must be validated by the RP", ticketId);
} else {
LOGGER.warn("Association does not exist or is not valid");
successFullAuthentication = false;
}
} catch (final AbstractTicketException e) {
LOGGER.error("Could not validate ticket : [{}]", e.getMessage(), e);
successFullAuthentication = false;
}
final String id = determineIdentity(service, assertion);
return buildAuthenticationResponse(service, parameters, successFullAuthentication, id, parameterList);
}
Aggregations