Search in sources :

Example 1 with Association

use of org.openid4java.association.Association in project cas by apereo.

the class OpenIdServiceResponseBuilder method build.

/**
     * Generates an Openid response.
     * If no ticketId is found, response is negative.
     * If we have a ticket id, then we check if we have an association.
     * If so, we ask OpenId server manager to generate the answer according with the existing association.
     * If not, we send back an answer with the ticket id as association handle.
     * This will force the consumer to ask a verification, which will validate the service ticket.
     *
     * @param ticketId              the service ticket to provide to the service.
     * @param webApplicationService the service requesting an openid response
     * @return the generated authentication answer
     */
@Override
public Response build(final WebApplicationService webApplicationService, final String ticketId) {
    final OpenIdService service = (OpenIdService) webApplicationService;
    final ParameterList parameterList = new ParameterList(WebUtils.getHttpServletRequestFromRequestAttributes().getParameterMap());
    final Map<String, String> parameters = new HashMap<>();
    if (StringUtils.isBlank(ticketId)) {
        parameters.put(OpenIdProtocolConstants.OPENID_MODE, OpenIdProtocolConstants.CANCEL);
        return buildRedirect(service, parameters);
    }
    final Association association = getAssociation(serverManager, parameterList);
    final boolean associated = association != null;
    final boolean associationValid = isAssociationValid(association);
    boolean successFullAuthentication = true;
    Assertion assertion = null;
    try {
        if (associated && associationValid) {
            assertion = centralAuthenticationService.validateServiceTicket(ticketId, service);
            LOGGER.debug("Validated openid ticket [{}] for [{}]", ticketId, service);
        } else if (!associated) {
            LOGGER.debug("Responding to non-associated mode. Service ticket [{}] must be validated by the RP", ticketId);
        } else {
            LOGGER.warn("Association does not exist or is not valid");
            successFullAuthentication = false;
        }
    } catch (final AbstractTicketException e) {
        LOGGER.error("Could not validate ticket : [{}]", e.getMessage(), e);
        successFullAuthentication = false;
    }
    final String id = determineIdentity(service, assertion);
    return buildAuthenticationResponse(service, parameters, successFullAuthentication, id, parameterList);
}
Also used : Association(org.openid4java.association.Association) HashMap(java.util.HashMap) Assertion(org.apereo.cas.validation.Assertion) ParameterList(org.openid4java.message.ParameterList) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)

Aggregations

HashMap (java.util.HashMap)1 AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)1 Assertion (org.apereo.cas.validation.Assertion)1 Association (org.openid4java.association.Association)1 ParameterList (org.openid4java.message.ParameterList)1