Search in sources :

Example 1 with OIDCDiscoveryEndPointException

use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCDiscoveryEndpoint method getResponse.

private Response getResponse(HttpServletRequest request, String tenant) {
    String response;
    OIDCProcessor processor = EndpointUtil.getOIDCService();
    try {
        OIDProviderResponseBuilder responseBuilder = getOidProviderResponseBuilder();
        response = responseBuilder.getOIDProviderConfigString(processor.getResponse(request, tenant));
    } catch (OIDCDiscoveryEndPointException e) {
        Response.ResponseBuilder errorResponse = Response.status(processor.handleError(e));
        return errorResponse.entity(e.getMessage()).build();
    } catch (ServerConfigurationException e) {
        log.error("Server Configuration error occurred.", e);
        Response.ResponseBuilder errorResponse = Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return errorResponse.entity("Error in reading configuration.").build();
    }
    Response.ResponseBuilder responseBuilder = Response.status(HttpServletResponse.SC_OK);
    return responseBuilder.entity(response).build();
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) ServerConfigurationException(org.wso2.carbon.base.ServerConfigurationException) OIDCProcessor(org.wso2.carbon.identity.discovery.OIDCProcessor) OIDProviderResponseBuilder(org.wso2.carbon.identity.discovery.builders.OIDProviderResponseBuilder) OIDCDiscoveryEndPointException(org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException) OIDProviderResponseBuilder(org.wso2.carbon.identity.discovery.builders.OIDProviderResponseBuilder)

Example 2 with OIDCDiscoveryEndPointException

use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultOIDCProcessor method getResponse.

public OIDProviderConfigResponse getResponse(HttpServletRequest request, String tenantDomain) throws OIDCDiscoveryEndPointException, ServerConfigurationException {
    OIDCProviderRequestBuilder requestBuilder = new DefaultOIDCProviderRequestBuilder();
    OIDProviderRequest requestObject = requestBuilder.buildRequest(request, tenantDomain);
    ProviderConfigBuilder responseBuilder = new ProviderConfigBuilder();
    return responseBuilder.buildOIDProviderConfig(requestObject);
}
Also used : ProviderConfigBuilder(org.wso2.carbon.identity.discovery.builders.ProviderConfigBuilder) DefaultOIDCProviderRequestBuilder(org.wso2.carbon.identity.discovery.builders.DefaultOIDCProviderRequestBuilder) DefaultOIDCProviderRequestBuilder(org.wso2.carbon.identity.discovery.builders.DefaultOIDCProviderRequestBuilder) OIDCProviderRequestBuilder(org.wso2.carbon.identity.discovery.builders.OIDCProviderRequestBuilder)

Example 3 with OIDCDiscoveryEndPointException

use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.

the class DefaultOIDCProviderRequestBuilder method buildRequest.

@Override
public OIDProviderRequest buildRequest(HttpServletRequest request, String tenant) throws OIDCDiscoveryEndPointException {
    OIDProviderRequest requestObject = new OIDProviderRequest();
    requestObject.setUri(request.getRequestURI());
    if (StringUtils.isNotBlank(tenant)) {
        requestObject.setTenantDomain(tenant);
    } else {
        requestObject.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
    }
    return requestObject;
}
Also used : OIDProviderRequest(org.wso2.carbon.identity.discovery.OIDProviderRequest)

Example 4 with OIDCDiscoveryEndPointException

use of org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException in project identity-inbound-auth-oauth by wso2-extensions.

the class ProviderConfigBuilder method buildOIDProviderConfig.

public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest request) throws OIDCDiscoveryEndPointException, ServerConfigurationException {
    OIDProviderConfigResponse providerConfig = new OIDProviderConfigResponse();
    String tenantDomain = request.getTenantDomain();
    if (isUseEntityIdAsIssuerInOidcDiscovery()) {
        try {
            providerConfig.setIssuer(OAuth2Util.getIdTokenIssuer(tenantDomain));
        } catch (IdentityOAuth2Exception e) {
            throw new ServerConfigurationException(String.format("Error while retrieving OIDC Id token issuer " + "value for tenant domain: %s", tenantDomain), e);
        }
    } else {
        providerConfig.setIssuer(OAuth2Util.getIDTokenIssuer());
    }
    providerConfig.setAuthorizationEndpoint(OAuth2Util.OAuthURL.getOAuth2AuthzEPUrl());
    providerConfig.setTokenEndpoint(OAuth2Util.OAuthURL.getOAuth2TokenEPUrl());
    providerConfig.setUserinfoEndpoint(OAuth2Util.OAuthURL.getOAuth2UserInfoEPUrl());
    providerConfig.setRevocationEndpoint(OAuth2Util.OAuthURL.getOAuth2RevocationEPUrl());
    providerConfig.setRevocationEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthenticationMethods().toArray(new String[0]));
    providerConfig.setResponseModesSupported(OAuth2Util.getSupportedResponseModes().toArray(new String[0]));
    providerConfig.setIntrospectionEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthenticationMethods().toArray(new String[0]));
    providerConfig.setCodeChallengeMethodsSupported(OAuth2Util.getSupportedCodeChallengeMethods().toArray(new String[0]));
    try {
        providerConfig.setIntrospectionEndpoint(OAuth2Util.OAuthURL.getOAuth2IntrospectionEPUrl(tenantDomain));
        providerConfig.setRegistrationEndpoint(OAuth2Util.OAuthURL.getOAuth2DCREPUrl(tenantDomain));
        providerConfig.setJwksUri(OAuth2Util.OAuthURL.getOAuth2JWKSPageUrl(tenantDomain));
    } catch (URISyntaxException e) {
        throw new ServerConfigurationException("Error while building tenant specific url", e);
    }
    List<String> scopes = OAuth2Util.getOIDCScopes(tenantDomain);
    providerConfig.setScopesSupported(scopes.toArray(new String[scopes.size()]));
    try {
        List<ExternalClaim> claims = OIDCDiscoveryDataHolder.getInstance().getClaimManagementService().getExternalClaims(OIDC_CLAIM_DIALECT, tenantDomain);
        String[] claimArray = new String[claims.size() + 2];
        int i;
        for (i = 0; i < claims.size(); i++) {
            claimArray[i] = claims.get(i).getClaimURI();
        }
        claimArray[i++] = "iss";
        claimArray[i] = "acr";
        providerConfig.setClaimsSupported(claimArray);
    } catch (ClaimMetadataException e) {
        throw new ServerConfigurationException("Error while retrieving OIDC claim dialect", e);
    }
    try {
        providerConfig.setIdTokenSigningAlgValuesSupported(new String[] { OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getIdTokenSignatureAlgorithm()).getName() });
    } catch (IdentityOAuth2Exception e) {
        throw new ServerConfigurationException("Unsupported signature algorithm configured.", e);
    }
    Set<String> supportedResponseTypeNames = OAuthServerConfiguration.getInstance().getSupportedResponseTypeNames();
    providerConfig.setResponseTypesSupported(supportedResponseTypeNames.toArray(new String[supportedResponseTypeNames.size()]));
    providerConfig.setSubjectTypesSupported(new String[] { "public" });
    providerConfig.setCheckSessionIframe(buildServiceUrl(IdentityConstants.OAuth.CHECK_SESSION, IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_CHECK_SESSION_EP_URL)));
    providerConfig.setEndSessionEndpoint(buildServiceUrl(IdentityConstants.OAuth.LOGOUT, IdentityUtil.getProperty(IdentityConstants.OAuth.OIDC_LOGOUT_EP_URL)));
    try {
        providerConfig.setUserinfoSigningAlgValuesSupported(new String[] { OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm(OAuthServerConfiguration.getInstance().getUserInfoJWTSignatureAlgorithm()).getName() });
    } catch (IdentityOAuth2Exception e) {
        throw new ServerConfigurationException("Unsupported signature algorithm configured.", e);
    }
    providerConfig.setTokenEndpointAuthMethodsSupported(OAuth2Util.getSupportedClientAuthenticationMethods().stream().toArray(String[]::new));
    providerConfig.setGrantTypesSupported(OAuth2Util.getSupportedGrantTypes().stream().toArray(String[]::new));
    providerConfig.setRequestParameterSupported(Boolean.valueOf(OAuth2Util.isRequestParameterSupported()));
    providerConfig.setClaimsParameterSupported(Boolean.valueOf(OAuth2Util.isClaimsParameterSupported()));
    providerConfig.setRequestObjectSigningAlgValuesSupported(OAuth2Util.getRequestObjectSigningAlgValuesSupported().stream().toArray(String[]::new));
    providerConfig.setBackchannelLogoutSupported(Boolean.TRUE);
    providerConfig.setBackchannelLogoutSessionSupported(Boolean.TRUE);
    return providerConfig;
}
Also used : OIDProviderConfigResponse(org.wso2.carbon.identity.discovery.OIDProviderConfigResponse) ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) ServerConfigurationException(org.wso2.carbon.base.ServerConfigurationException) ExternalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim) URISyntaxException(java.net.URISyntaxException)

Aggregations

ServerConfigurationException (org.wso2.carbon.base.ServerConfigurationException)2 URISyntaxException (java.net.URISyntaxException)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Response (javax.ws.rs.core.Response)1 ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)1 ExternalClaim (org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim)1 OIDCDiscoveryEndPointException (org.wso2.carbon.identity.discovery.OIDCDiscoveryEndPointException)1 OIDCProcessor (org.wso2.carbon.identity.discovery.OIDCProcessor)1 OIDProviderConfigResponse (org.wso2.carbon.identity.discovery.OIDProviderConfigResponse)1 OIDProviderRequest (org.wso2.carbon.identity.discovery.OIDProviderRequest)1 DefaultOIDCProviderRequestBuilder (org.wso2.carbon.identity.discovery.builders.DefaultOIDCProviderRequestBuilder)1 OIDCProviderRequestBuilder (org.wso2.carbon.identity.discovery.builders.OIDCProviderRequestBuilder)1 OIDProviderResponseBuilder (org.wso2.carbon.identity.discovery.builders.OIDProviderResponseBuilder)1 ProviderConfigBuilder (org.wso2.carbon.identity.discovery.builders.ProviderConfigBuilder)1 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)1