Search in sources :

Example 6 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project ddf by codice.

the class OidcHandlerConfigurationImplTest method testCreateOidcClientKeycloak.

@Test
public void testCreateOidcClientKeycloak() {
    OidcConfiguration oidcConfiguration = mock(KeycloakOidcConfiguration.class);
    OidcClient oidcClient = handlerConfiguration.createOidcClient("Keycloak", oidcConfiguration, DEFAULT_CALLBACK_URL);
    assertTrue(oidcClient instanceof KeycloakOidcClient);
}
Also used : OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) KeycloakOidcConfiguration(org.pac4j.oidc.config.KeycloakOidcConfiguration) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) OidcClient(org.pac4j.oidc.client.OidcClient) Test(org.junit.Test)

Example 7 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project ddf by codice.

the class OidcHandlerConfigurationImplTest method testCreateOidcClientGoogle.

@Test
public void testCreateOidcClientGoogle() {
    OidcConfiguration oidcConfiguration = mock(OidcConfiguration.class);
    OidcClient oidcClient = handlerConfiguration.createOidcClient("Google", oidcConfiguration, DEFAULT_CALLBACK_URL);
    assertTrue(oidcClient instanceof GoogleOidcClient);
}
Also used : OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) KeycloakOidcConfiguration(org.pac4j.oidc.config.KeycloakOidcConfiguration) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) OidcClient(org.pac4j.oidc.client.OidcClient) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) Test(org.junit.Test)

Example 8 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project ddf by codice.

the class OidcHandlerConfigurationImplTest method testCreateOidcClientAzure.

@Test
public void testCreateOidcClientAzure() {
    OidcConfiguration oidcConfiguration = mock(AzureAdOidcConfiguration.class);
    OidcClient oidcClient = handlerConfiguration.createOidcClient("Azure", oidcConfiguration, DEFAULT_CALLBACK_URL);
    assertTrue(oidcClient instanceof AzureAdClient);
}
Also used : OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) KeycloakOidcConfiguration(org.pac4j.oidc.config.KeycloakOidcConfiguration) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) OidcClient(org.pac4j.oidc.client.OidcClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) Test(org.junit.Test)

Example 9 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project ddf by codice.

the class OidcRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    // token is guaranteed to be of type OidcAuthenticationToken by the supports() method
    OidcAuthenticationToken oidcAuthenticationToken = (OidcAuthenticationToken) authenticationToken;
    OidcCredentials credentials = (OidcCredentials) oidcAuthenticationToken.getCredentials();
    OidcConfiguration oidcConfiguration = oidcHandlerConfiguration.getOidcConfiguration();
    OIDCProviderMetadata oidcProviderMetadata = oidcConfiguration.findProviderMetadata();
    WebContext webContext = (WebContext) oidcAuthenticationToken.getContext();
    OidcClient<OidcConfiguration> oidcClient = oidcHandlerConfiguration.getOidcClient(webContext.getFullRequestURL());
    int connectTimeout = oidcHandlerConfiguration.getConnectTimeout();
    int readTimeout = oidcHandlerConfiguration.getReadTimeout();
    try {
        OidcCredentialsResolver oidcCredentialsResolver = new OidcCredentialsResolver(oidcConfiguration, oidcClient, oidcProviderMetadata, connectTimeout, readTimeout);
        oidcCredentialsResolver.resolveIdToken(credentials, webContext);
    } catch (TechnicalException e) {
        throw new AuthenticationException(e);
    }
    // problem getting id token, invalidate credentials
    if (credentials.getIdToken() == null) {
        webContext.getSessionStore().destroySession(webContext);
        String msg = String.format("Could not fetch id token with Oidc credentials (%s). " + "This may be due to the credentials expiring. " + "Invalidating session in order to acquire valid credentials.", credentials);
        LOGGER.warn(msg);
        throw new AuthenticationException(msg);
    }
    OidcProfileCreator oidcProfileCreator = new CustomOidcProfileCreator(oidcConfiguration, oidcClient);
    Optional<UserProfile> userProfile = oidcProfileCreator.create(credentials, webContext);
    SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
    simpleAuthenticationInfo.setCredentials(credentials);
    if (userProfile.isPresent()) {
        OidcProfile oidcProfile = (OidcProfile) userProfile.get();
        simpleAuthenticationInfo.setPrincipals(createPrincipalCollectionFromCredentials(oidcProfile));
    } else {
        simpleAuthenticationInfo.setPrincipals(new SimplePrincipalCollection());
    }
    return simpleAuthenticationInfo;
}
Also used : WebContext(org.pac4j.core.context.WebContext) TechnicalException(org.pac4j.core.exception.TechnicalException) UserProfile(org.pac4j.core.profile.UserProfile) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) OidcAuthenticationToken(org.codice.ddf.security.handler.OidcAuthenticationToken) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) OidcCredentialsResolver(org.codice.ddf.security.oidc.resolver.OidcCredentialsResolver) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) OidcCredentials(org.pac4j.oidc.credentials.OidcCredentials) OidcProfileCreator(org.pac4j.oidc.profile.creator.OidcProfileCreator) OidcProfile(org.pac4j.oidc.profile.OidcProfile) OIDCProviderMetadata(com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)

Example 10 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project cas by apereo.

the class Pac4jAuthenticationEventExecutionPlanConfiguration method configureOidcClient.

private void configureOidcClient(final Collection<BaseClient> properties) {
    final AtomicInteger index = new AtomicInteger();
    casProperties.getAuthn().getPac4j().getOidc().stream().filter(oidc -> StringUtils.isNotBlank(oidc.getId()) && StringUtils.isNotBlank(oidc.getSecret())).forEach(oidc -> {
        final OidcConfiguration cfg = new OidcConfiguration();
        if (StringUtils.isNotBlank(oidc.getScope())) {
            cfg.setScope(oidc.getScope());
        }
        cfg.setUseNonce(oidc.isUseNonce());
        cfg.setSecret(oidc.getSecret());
        cfg.setClientId(oidc.getId());
        if (StringUtils.isNotBlank(oidc.getPreferredJwsAlgorithm())) {
            cfg.setPreferredJwsAlgorithm(JWSAlgorithm.parse(oidc.getPreferredJwsAlgorithm().toUpperCase()));
        }
        cfg.setMaxClockSkew(oidc.getMaxClockSkew());
        cfg.setDiscoveryURI(oidc.getDiscoveryUri());
        cfg.setCustomParams(oidc.getCustomParams());
        final OidcClient client;
        switch(oidc.getType().toUpperCase()) {
            case "GOOGLE":
                client = new GoogleOidcClient(cfg);
                break;
            case "AZURE":
                client = new AzureAdClient(cfg);
                break;
            case "GENERIC":
            default:
                client = new OidcClient(cfg);
                break;
        }
        client.setName(client.getClass().getSimpleName() + index.incrementAndGet());
        properties.add(client);
    });
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) CasConfiguration(org.pac4j.cas.config.CasConfiguration) CasClient(org.pac4j.cas.client.CasClient) Google2Client(org.pac4j.oauth.client.Google2Client) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) SAML2Client(org.pac4j.saml.client.SAML2Client) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) StringUtils(org.apache.commons.lang3.StringUtils) AuthenticationEventExecutionPlan(org.apereo.cas.authentication.AuthenticationEventExecutionPlan) YahooClient(org.pac4j.oauth.client.YahooClient) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) Clients(org.pac4j.core.client.Clients) LinkedIn2Client(org.pac4j.oauth.client.LinkedIn2Client) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) ClientAuthenticationHandler(org.apereo.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ClientAuthenticationMetaDataPopulator(org.apereo.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator) Verb(com.github.scribejava.core.model.Verb) Collection(java.util.Collection) PrincipalResolver(org.apereo.cas.authentication.principal.PrincipalResolver) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) SAML2ClientLogoutAction(org.apereo.cas.support.pac4j.web.flow.SAML2ClientLogoutAction) Action(org.springframework.webflow.execution.Action) AuthenticationEventExecutionPlanConfigurer(org.apereo.cas.config.support.authentication.AuthenticationEventExecutionPlanConfigurer) Configuration(org.springframework.context.annotation.Configuration) BaseClient(org.pac4j.core.client.BaseClient) FoursquareClient(org.pac4j.oauth.client.FoursquareClient) GitHubClient(org.pac4j.oauth.client.GitHubClient) SAML2ClientConfiguration(org.pac4j.saml.client.SAML2ClientConfiguration) AuthenticationMetaDataPopulator(org.apereo.cas.authentication.AuthenticationMetaDataPopulator) WindowsLiveClient(org.pac4j.oauth.client.WindowsLiveClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) BitbucketClient(org.pac4j.oauth.client.BitbucketClient) WordPressClient(org.pac4j.oauth.client.WordPressClient) ArrayList(java.util.ArrayList) OidcClient(org.pac4j.oidc.client.OidcClient) Qualifier(org.springframework.beans.factory.annotation.Qualifier) PayPalClient(org.pac4j.oauth.client.PayPalClient) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) LinkedHashSet(java.util.LinkedHashSet) ServicesManager(org.apereo.cas.services.ServicesManager) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) Logger(org.slf4j.Logger) FacebookClient(org.pac4j.oauth.client.FacebookClient) GenericOAuth20Client(org.pac4j.oauth.client.GenericOAuth20Client) Pac4jProperties(org.apereo.cas.configuration.model.support.pac4j.Pac4jProperties) TwitterClient(org.pac4j.oauth.client.TwitterClient) Bean(org.springframework.context.annotation.Bean) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) DropBoxClient(org.pac4j.oauth.client.DropBoxClient) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) OidcClient(org.pac4j.oidc.client.OidcClient) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient)

Aggregations

OidcConfiguration (org.pac4j.oidc.config.OidcConfiguration)19 OidcClient (org.pac4j.oidc.client.OidcClient)13 AzureAdOidcConfiguration (org.pac4j.oidc.config.AzureAdOidcConfiguration)8 GoogleOidcClient (org.pac4j.oidc.client.GoogleOidcClient)7 KeycloakOidcConfiguration (org.pac4j.oidc.config.KeycloakOidcConfiguration)7 Test (org.junit.Test)5 AzureAdClient (org.pac4j.oidc.client.AzureAdClient)4 KeycloakOidcClient (org.pac4j.oidc.client.KeycloakOidcClient)4 Verb (com.github.scribejava.core.model.Verb)2 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)2 OIDCProviderMetadata (com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)2 Collection (java.util.Collection)2 LinkedHashSet (java.util.LinkedHashSet)2 Set (java.util.Set)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 StringUtils (org.apache.commons.lang3.StringUtils)2 OidcAuthenticationToken (org.codice.ddf.security.handler.OidcAuthenticationToken)2 TechnicalException (org.pac4j.core.exception.TechnicalException)2 OidcCredentials (org.pac4j.oidc.credentials.OidcCredentials)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1