Search in sources :

Example 1 with ProfileRequestContext

use of org.opensaml.profile.context.ProfileRequestContext in project oxTrust by GluuFederation.

the class AuthenticationFilter method getOAuthRedirectUrl.

public String getOAuthRedirectUrl(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    String authorizeUrl = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
    String clientScopes = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_SCOPE, null);
    String clientId = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
    String clientSecret = getPropertyFromInitParams(null, Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, null);
    if (clientSecret != null) {
        try {
            clientSecret = StringEncrypter.defaultInstance().decrypt(clientSecret, Configuration.instance().getCryptoPropertyValue());
        } catch (EncryptionException ex) {
            log.error("Failed to decrypt property: " + Configuration.OAUTH_PROPERTY_CLIENT_PASSWORD, ex);
        }
    }
    String redirectUri = constructRedirectUrl(request);
    List<String> scopes = Arrays.asList(clientScopes.split(StringUtils.SPACE));
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    // Lookup for relying party ID
    final String key = request.getParameter(ExternalAuthentication.CONVERSATION_KEY);
    request.getSession().setAttribute(SESSION_CONVERSATION_KEY, key);
    ProfileRequestContext prc = ExternalAuthentication.getProfileRequestContext(key, request);
    String relyingPartyId = "";
    final RelyingPartyContext relyingPartyCtx = prc.getSubcontext(RelyingPartyContext.class);
    if (relyingPartyCtx != null) {
        relyingPartyId = relyingPartyCtx.getRelyingPartyId();
        log.info("relyingPartyId found: " + relyingPartyId);
    } else
        log.warn("No RelyingPartyContext was available");
    // JWT
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
    JwtState jwtState = new JwtState(SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    if (relyingPartyId != null && !"".equals(relyingPartyId)) {
        String additionalClaims = String.format("{relyingPartyId: '%s'}", relyingPartyId);
        jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    } else
        log.warn("No relyingPartyId was available");
    String encodedState = jwtState.getEncodedJwt();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    Cookie currentShibstateCookie = getCurrentShibstateCookie(request);
    if (currentShibstateCookie != null) {
        String requestUri = decodeCookieValue(currentShibstateCookie.getValue());
        log.debug("requestUri = \"" + requestUri + "\"");
        String authenticationMode = determineAuthenticationMode(requestUri);
        if (StringHelper.isNotEmpty(authenticationMode)) {
            log.debug("acr_values = \"" + authenticationMode + "\"");
            authorizationRequest.setAcrValues(Arrays.asList(authenticationMode));
            updateShibstateCookie(response, currentShibstateCookie, requestUri, "/" + Configuration.OXAUTH_ACR_VALUES + "/" + authenticationMode);
        }
    }
    // Store for validation in session
    final HttpSession session = request.getSession(false);
    session.setAttribute(Configuration.SESSION_AUTH_STATE, encodedState);
    session.setAttribute(Configuration.SESSION_AUTH_NONCE, nonce);
    return authorizeUrl + "?" + authorizationRequest.getQueryString();
}
Also used : Cookie(javax.servlet.http.Cookie) AuthorizationRequest(org.xdi.oxauth.client.AuthorizationRequest) HttpSession(javax.servlet.http.HttpSession) ProfileRequestContext(org.opensaml.profile.context.ProfileRequestContext) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) RelyingPartyContext(net.shibboleth.idp.profile.context.RelyingPartyContext) JSONObject(org.codehaus.jettison.json.JSONObject) EncryptionException(org.xdi.util.security.StringEncrypter.EncryptionException) JwtState(org.xdi.oxauth.client.model.JwtState)

Aggregations

Cookie (javax.servlet.http.Cookie)1 HttpSession (javax.servlet.http.HttpSession)1 RelyingPartyContext (net.shibboleth.idp.profile.context.RelyingPartyContext)1 JSONObject (org.codehaus.jettison.json.JSONObject)1 ProfileRequestContext (org.opensaml.profile.context.ProfileRequestContext)1 AuthorizationRequest (org.xdi.oxauth.client.AuthorizationRequest)1 JwtState (org.xdi.oxauth.client.model.JwtState)1 ResponseType (org.xdi.oxauth.model.common.ResponseType)1 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)1 EncryptionException (org.xdi.util.security.StringEncrypter.EncryptionException)1