Search in sources :

Example 11 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project pac4j by pac4j.

the class RunCasOidcWrapper method getClient.

@Override
protected IndirectClient getClient() {
    final OidcConfiguration configuration = new OidcConfiguration();
    configuration.setClientId(CLIENT_ID);
    configuration.setSecret("secret");
    // configuration.setDiscoveryURI("https://casserverpac4j.herokuapp.com/oidc/.well-known/openid-configuration");
    configuration.setDiscoveryURI("http://localhost:8888/cas/oidc/.well-known/openid-configuration");
    final OidcClient client = new OidcClient(configuration);
    client.setCallbackUrl(PAC4J_BASE_URL);
    return client;
}
Also used : OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) OidcClient(org.pac4j.oidc.client.OidcClient)

Example 12 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project pac4j by pac4j.

the class RunGoogleOidcClient method getClient.

@Override
protected IndirectClient getClient() {
    final OidcConfiguration configuration = new OidcConfiguration();
    configuration.setClientId("682158564078-ndcjc83kp5v7vudikqu1fudtkcs2odeb.apps.googleusercontent.com");
    configuration.setSecret("gLB2U7LPYBFTxqYtyG81AhLH");
    final GoogleOidcClient client = new GoogleOidcClient(configuration);
    client.setCallbackUrl(PAC4J_BASE_URL);
    return client;
}
Also used : OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient)

Example 13 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project pac4j by pac4j.

the class RunIdentityServer4 method getClient.

@Override
protected IndirectClient getClient() {
    final OidcConfiguration configuration = new OidcConfiguration();
    configuration.setClientId("test");
    configuration.setSecret("secret");
    configuration.setDiscoveryURI("http://localhost:1941/.well-known/openid-configuration");
    if (flow == Flow.IMPLICIT_FLOW) {
        // AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
        configuration.setResponseType("id_token");
        configuration.setResponseMode("form_post");
        configuration.setUseNonce(true);
        logger.warn("For the implicit flow, copy / paste the form body parameters after a ? as the returned url");
    } else if (flow == Flow.IMPLICIT_FLOW_CLIENT_SIDE) {
        // this flow can not be used in fact (as data ae passed as anchor parameters, only on client side)
        // AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
        configuration.setResponseType("id_token");
        configuration.setUseNonce(true);
    /*} else if (flow == Flow.AUTHORIZATION_CODE) {
            AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,*/
    } else if (flow == Flow.HYBRID_FLOW) {
        // AllowAccessTokensViaBrowser = true, AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
        configuration.setResponseType("code id_token token");
        configuration.setUseNonce(true);
    } else if (flow != Flow.AUTHORIZATION_CODE) {
        throw new TechnicalException("Unsupported flow for tests");
    }
    final OidcClient client = new OidcClient(configuration);
    client.setCallbackUrl(PAC4J_BASE_URL);
    return client;
}
Also used : OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) TechnicalException(org.pac4j.core.exception.TechnicalException) OidcClient(org.pac4j.oidc.client.OidcClient)

Example 14 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project pac4j by pac4j.

the class OidcClientBuilder method tryCreateOidcClient.

public void tryCreateOidcClient(final List<Client> clients) {
    for (int i = 0; i <= MAX_NUM_CLIENTS; i++) {
        final String id = getProperty(OIDC_ID, i);
        final String secret = getProperty(OIDC_SECRET, i);
        if (isNotBlank(id) && isNotBlank(secret)) {
            final OidcConfiguration configuration = new OidcConfiguration();
            configuration.setClientId(id);
            configuration.setSecret(secret);
            final String scope = getProperty(OIDC_SCOPE, i);
            if (isNotBlank(scope)) {
                configuration.setScope(scope);
            }
            final String discoveryUri = getProperty(OIDC_DISCOVERY_URI, i);
            if (isNotBlank(discoveryUri)) {
                configuration.setDiscoveryURI(discoveryUri);
            }
            final String useNonce = getProperty(OIDC_USE_NONCE, i);
            if (isNotBlank(useNonce)) {
                configuration.setUseNonce(Boolean.parseBoolean(useNonce));
            }
            final String jwsAlgo = getProperty(OIDC_PREFERRED_JWS_ALGORITHM, i);
            if (isNotBlank(jwsAlgo)) {
                configuration.setPreferredJwsAlgorithm(JWSAlgorithm.parse(jwsAlgo));
            }
            final String maxClockSkew = getProperty(OIDC_MAX_CLOCK_SKEW, i);
            if (isNotBlank(maxClockSkew)) {
                configuration.setMaxClockSkew(Integer.parseInt(maxClockSkew));
            }
            final String clientAuthenticationMethod = getProperty(OIDC_CLIENT_AUTHENTICATION_METHOD, i);
            if (isNotBlank(clientAuthenticationMethod)) {
                configuration.setClientAuthenticationMethod(ClientAuthenticationMethod.parse(clientAuthenticationMethod));
            }
            for (int j = 1; j <= MAX_NUM_CUSTOM_PROPERTIES; j++) {
                if (containsProperty(OIDC_CUSTOM_PARAM_KEY + j, i)) {
                    configuration.addCustomParam(getProperty(OIDC_CUSTOM_PARAM_KEY + j, i), getProperty(OIDC_CUSTOM_PARAM_VALUE + j, i));
                }
            }
            final String type = getProperty(OIDC_TYPE, i);
            final OidcClient oidcClient;
            if (OIDC_AZURE_TYPE.equalsIgnoreCase(type)) {
                oidcClient = new AzureAdClient(new AzureAdOidcConfiguration(configuration));
            } else if (OIDC_GOOGLE_TYPE.equalsIgnoreCase(type)) {
                oidcClient = new GoogleOidcClient(configuration);
            } else {
                oidcClient = new OidcClient(configuration);
            }
            oidcClient.setName(concat(oidcClient.getName(), i));
            clients.add(oidcClient);
        }
    }
}
Also used : AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) OidcClient(org.pac4j.oidc.client.OidcClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient)

Example 15 with OidcConfiguration

use of org.pac4j.oidc.config.OidcConfiguration in project ddf by codice.

the class OidcRealmTest method setup.

@Before
public void setup() throws Exception {
    realm = new OidcRealm();
    // Generate the RSA key pair
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    validAlgorithm = Algorithm.RSA256(publicKey, privateKey);
    invalidAlgorithm = Algorithm.HMAC256("WRONG");
    JWK sigJwk = new RSAKey.Builder(publicKey).privateKey(privateKey).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
    String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
    OIDCProviderMetadata oidcProviderMetadata = mock(OIDCProviderMetadata.class);
    when(oidcProviderMetadata.getIDTokenJWSAlgs()).thenReturn(ImmutableList.of(JWSAlgorithm.RS256));
    when(oidcProviderMetadata.getIssuer()).thenReturn(new Issuer("http://localhost:8080/auth/realms/master"));
    when(oidcProviderMetadata.getJWKSetURI()).thenReturn(new URI("http://localhost:8080/auth/realms/master/protocol/openid-connect/certs"));
    ResourceRetriever resourceRetriever = mock(ResourceRetriever.class);
    Resource resource = new Resource(jwk, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(any())).thenReturn(resource);
    OidcConfiguration configuration = mock(OidcConfiguration.class);
    when(configuration.getClientId()).thenReturn("ddf-client");
    when(configuration.getSecret()).thenReturn("secret");
    when(configuration.isUseNonce()).thenReturn(true);
    when(configuration.getResponseType()).thenReturn("code");
    when(configuration.findProviderMetadata()).thenReturn(oidcProviderMetadata);
    when(configuration.findResourceRetriever()).thenReturn(resourceRetriever);
    OidcHandlerConfiguration handlerConfiguration = mock(OidcHandlerConfiguration.class);
    when(handlerConfiguration.getOidcConfiguration()).thenReturn(configuration);
    when(handlerConfiguration.getOidcClient(any())).thenReturn(mock(OidcClient.class));
    realm.setOidcHandlerConfiguration(handlerConfiguration);
    realm.setUsernameAttributeList(Collections.singletonList("preferred_username"));
    JWT jwt = mock(JWT.class);
    AccessToken accessToken = new BearerAccessToken(getAccessTokenBuilder().sign(validAlgorithm));
    AuthorizationCode authorizationCode = new AuthorizationCode();
    WebContext webContext = getWebContext();
    oidcCredentials = mock(OidcCredentials.class);
    when(oidcCredentials.getIdToken()).thenReturn(jwt);
    when(oidcCredentials.getIdToken()).thenReturn(jwt);
    when(oidcCredentials.getAccessToken()).thenReturn(accessToken);
    when(oidcCredentials.getCode()).thenReturn(authorizationCode);
    authenticationToken = mock(OidcAuthenticationToken.class);
    when(authenticationToken.getCredentials()).thenReturn(oidcCredentials);
    when(authenticationToken.getContext()).thenReturn(webContext);
}
Also used : OidcHandlerConfiguration(org.codice.ddf.security.handler.api.OidcHandlerConfiguration) AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) KeyPair(java.security.KeyPair) WebContext(org.pac4j.core.context.WebContext) Issuer(com.nimbusds.oauth2.sdk.id.Issuer) ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever) JWT(com.nimbusds.jwt.JWT) SignedJWT(com.nimbusds.jwt.SignedJWT) Resource(com.nimbusds.jose.util.Resource) OidcAuthenticationToken(org.codice.ddf.security.handler.OidcAuthenticationToken) KeyPairGenerator(java.security.KeyPairGenerator) URI(java.net.URI) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) OidcCredentials(org.pac4j.oidc.credentials.OidcCredentials) RSAPublicKey(java.security.interfaces.RSAPublicKey) OidcClient(org.pac4j.oidc.client.OidcClient) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) OIDCProviderMetadata(com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWK(com.nimbusds.jose.jwk.JWK) Before(org.junit.Before)

Aggregations

OidcConfiguration (org.pac4j.oidc.config.OidcConfiguration)19 OidcClient (org.pac4j.oidc.client.OidcClient)13 AzureAdOidcConfiguration (org.pac4j.oidc.config.AzureAdOidcConfiguration)8 GoogleOidcClient (org.pac4j.oidc.client.GoogleOidcClient)7 KeycloakOidcConfiguration (org.pac4j.oidc.config.KeycloakOidcConfiguration)7 Test (org.junit.Test)5 AzureAdClient (org.pac4j.oidc.client.AzureAdClient)4 KeycloakOidcClient (org.pac4j.oidc.client.KeycloakOidcClient)4 Verb (com.github.scribejava.core.model.Verb)2 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)2 OIDCProviderMetadata (com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)2 Collection (java.util.Collection)2 LinkedHashSet (java.util.LinkedHashSet)2 Set (java.util.Set)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2 StringUtils (org.apache.commons.lang3.StringUtils)2 OidcAuthenticationToken (org.codice.ddf.security.handler.OidcAuthenticationToken)2 TechnicalException (org.pac4j.core.exception.TechnicalException)2 OidcCredentials (org.pac4j.oidc.credentials.OidcCredentials)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1