use of org.xdi.model.GluuAttribute in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method getClaims.
public Map<String, Object> getClaims(User user, Scope scope) throws InvalidClaimException {
Map<String, Object> claims = new HashMap<String, Object>();
if (scope != null && scope.getOxAuthClaims() != null) {
for (String claimDn : scope.getOxAuthClaims()) {
GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
String claimName = gluuAttribute.getOxAuthClaimName();
String ldapName = gluuAttribute.getName();
Object attribute = null;
if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
if (ldapName.equals("uid")) {
attribute = user.getUserId();
} else {
attribute = user.getAttribute(gluuAttribute.getName(), true);
}
if (attribute != null) {
if (attribute instanceof JSONArray) {
JSONArray jsonArray = (JSONArray) attribute;
List<String> values = new ArrayList<String>();
for (int i = 0; i < jsonArray.length(); i++) {
String value = jsonArray.optString(i);
if (value != null) {
values.add(value);
}
}
claims.put(claimName, values);
} else {
claims.put(claimName, attribute);
}
}
}
}
}
return claims;
}
use of org.xdi.model.GluuAttribute in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method getJwtResponse.
public String getJwtResponse(SignatureAlgorithm signatureAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
Jwt jwt = new Jwt();
AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
// Header
jwt.getHeader().setType(JwtType.JWT);
jwt.getHeader().setAlgorithm(signatureAlgorithm);
String keyId = cryptoProvider.getKeyId(webKeysConfiguration, signatureAlgorithm);
if (keyId != null) {
jwt.getHeader().setKeyId(keyId);
}
// Claims
List<Scope> dynamicScopes = new ArrayList<Scope>();
for (String scopeName : scopes) {
Scope scope = scopeService.getScopeByDisplayName(scopeName);
if (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType()) {
dynamicScopes.add(scope);
continue;
}
if (scope.getOxAuthClaims() != null) {
for (String claimDn : scope.getOxAuthClaims()) {
GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
String claimName = gluuAttribute.getOxAuthClaimName();
String ldapName = gluuAttribute.getName();
String attributeValue = null;
if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
if (ldapName.equals("uid")) {
attributeValue = user.getUserId();
} else {
attributeValue = user.getAttribute(gluuAttribute.getName());
}
jwt.getClaims().setClaim(claimName, attributeValue);
}
}
}
}
if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute != null) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional);
if (attribute != null) {
if (attribute instanceof JSONArray) {
JSONArray jsonArray = (JSONArray) attribute;
List<String> values = new ArrayList<String>();
for (int i = 0; i < jsonArray.length(); i++) {
String value = jsonArray.optString(i);
if (value != null) {
values.add(value);
}
}
jwt.getClaims().setClaim(claim.getName(), values);
} else {
String value = (String) attribute;
jwt.getClaims().setClaim(claim.getName(), value);
}
}
}
}
}
// Check for Subject Identifier Type
if (authorizationGrant.getClient().getSubjectType() != null && SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
String sectorIdentifierUri = null;
if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
} else {
sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
}
String userInum = authorizationGrant.getUser().getAttribute("inum");
PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(userInum, sectorIdentifierUri);
if (pairwiseIdentifier == null) {
pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri);
pairwiseIdentifier.setId(UUID.randomUUID().toString());
pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(pairwiseIdentifier.getId(), userInum));
pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
}
jwt.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
} else {
String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
jwt.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
}
// If signed, the UserInfo Response SHOULD contain the Claims iss (issuer) and aud (audience) as members. The iss value should be the OP's Issuer Identifier URL. The aud value should be or include the RP's Client ID value.
jwt.getClaims().setIssuer(appConfiguration.getIssuer());
jwt.getClaims().setAudience(authorizationGrant.getClientId());
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwt, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
// Signature
String sharedSecret = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret());
String signature = cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), sharedSecret, signatureAlgorithm);
jwt.setEncodedSignature(signature);
return jwt.toString();
}
use of org.xdi.model.GluuAttribute in project oxAuth by GluuFederation.
the class OpenIdConfiguration method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param servletRequest servlet request
* @param servletResponse servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException {
final HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
final HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
httpResponse.setContentType("application/json");
PrintWriter out = httpResponse.getWriter();
try {
JSONObject jsonObj = new JSONObject();
jsonObj.put(ISSUER, appConfiguration.getIssuer());
jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
JSONArray scopesSupported = new JSONArray();
for (Scope scope : scopeService.getAllScopesList()) {
boolean isUmaAuthorization = UmaScopeType.AUTHORIZATION.getValue().equals(scope.getDisplayName());
boolean isUmaProtection = UmaScopeType.PROTECTION.getValue().equals(scope.getDisplayName());
if (!isUmaAuthorization && !isUmaProtection)
scopesSupported.put(scope.getDisplayName());
}
if (scopesSupported.length() > 0) {
jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
}
JSONArray responseTypesSupported = new JSONArray();
for (String responseType : appConfiguration.getResponseTypesSupported()) {
responseTypesSupported.put(responseType);
}
if (responseTypesSupported.length() > 0) {
jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
}
JSONArray grantTypesSupported = new JSONArray();
for (String grantType : appConfiguration.getGrantTypesSupported()) {
grantTypesSupported.put(grantType);
}
if (grantTypesSupported.length() > 0) {
jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
}
JSONArray acrValuesSupported = new JSONArray();
for (String acr : externalAuthenticationService.getAcrValuesList()) {
acrValuesSupported.put(acr);
}
jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
JSONArray subjectTypesSupported = new JSONArray();
for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
subjectTypesSupported.put(subjectType);
}
if (subjectTypesSupported.length() > 0) {
jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
}
JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
}
if (userInfoSigningAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
}
JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
}
if (idTokenSigningAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
}
JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
}
if (idTokenEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
}
JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
}
if (idTokenEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
}
JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
}
if (requestObjectSigningAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
}
JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
}
if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
}
JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
}
if (requestObjectEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
}
JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
}
if (tokenEndpointAuthMethodsSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
}
JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
}
if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
}
JSONArray displayValuesSupported = new JSONArray();
for (String display : appConfiguration.getDisplayValuesSupported()) {
displayValuesSupported.put(display);
}
if (displayValuesSupported.length() > 0) {
jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
}
JSONArray claimTypesSupported = new JSONArray();
for (String claimType : appConfiguration.getClaimTypesSupported()) {
claimTypesSupported.put(claimType);
}
if (claimTypesSupported.length() > 0) {
jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
}
JSONArray claimsSupported = new JSONArray();
List<GluuAttribute> gluuAttributes = attributeService.getAllAttributes();
// Preload all scopes to avoid sending request to LDAP per
// claim
List<org.xdi.oxauth.model.common.Scope> scopes = scopeService.getAllScopesList();
for (GluuAttribute gluuAttribute : gluuAttributes) {
if (GluuStatus.ACTIVE.equals(gluuAttribute.getStatus())) {
String claimName = gluuAttribute.getOxAuthClaimName();
if (StringUtils.isNotBlank(claimName)) {
List<org.xdi.oxauth.model.common.Scope> scopesByClaim = scopeService.getScopesByClaim(scopes, gluuAttribute.getDn());
for (org.xdi.oxauth.model.common.Scope scope : scopesByClaim) {
if (ScopeType.OPENID.equals(scope.getScopeType())) {
claimsSupported.put(claimName);
break;
}
}
}
}
}
if (claimsSupported.length() > 0) {
jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
}
jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
JSONArray claimsLocalesSupported = new JSONArray();
for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
claimsLocalesSupported.put(claimLocale);
}
if (claimsLocalesSupported.length() > 0) {
jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
}
JSONArray uiLocalesSupported = new JSONArray();
for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
uiLocalesSupported.put(uiLocale);
}
if (uiLocalesSupported.length() > 0) {
jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
}
jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, createScopeToClaimsMapping());
jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, "true");
jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, "true");
jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
out.println(jsonObj.toString(4).replace("\\/", "/"));
} catch (JSONException e) {
log.error(e.getMessage(), e);
} catch (Exception e) {
log.error(e.getMessage(), e);
} finally {
out.close();
}
}
use of org.xdi.model.GluuAttribute in project oxAuth by GluuFederation.
the class OpenIdConfiguration method createScopeToClaimsMapping.
/**
* @deprecated theses params:
* <ul>
* <li>id_generation_endpoint</li>
* <li>introspection_endpoint</li>
* <li>auth_level_mapping</li>
* <li>scope_to_claims_mapping</li>
* </ul>
* will be moved from /.well-known/openid-configuration
* to /.well-known/gluu-configuration
*/
@Deprecated
private JSONArray createScopeToClaimsMapping() {
final JSONArray result = new JSONArray();
try {
for (Scope scope : scopeService.getAllScopesList()) {
final JSONArray claimsList = new JSONArray();
final JSONObject mapping = new JSONObject();
mapping.put(scope.getDisplayName(), claimsList);
result.put(mapping);
final List<String> claimIdList = scope.getOxAuthClaims();
if (claimIdList != null && !claimIdList.isEmpty()) {
for (String claimDn : claimIdList) {
final GluuAttribute attribute = attributeService.getAttributeByDn(claimDn);
final String claimName = attribute.getOxAuthClaimName();
if (StringUtils.isNotBlank(claimName)) {
claimsList.put(claimName);
}
}
}
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return result;
}
use of org.xdi.model.GluuAttribute in project oxTrust by GluuFederation.
the class CustomAttributeAction method removeMultiValuesInAttributes.
public void removeMultiValuesInAttributes(String inum, boolean mandatory) {
if (StringHelper.isEmpty(inum)) {
return;
}
GluuAttribute tmpAttribute = this.attributeInums.get(inum);
if (tmpAttribute == null) {
return;
}
String id = this.attributeIds.get(tmpAttribute);
this.availableAttributeIds.remove(id);
String[] values = null;
int index = 0;
for (GluuCustomAttribute customAttribute : this.customAttributes) {
if (tmpAttribute.equals(customAttribute.getMetadata())) {
values = customAttribute.getValues();
if (values.length == 1)
return;
break;
}
index++;
}
String[] newValues = new String[values.length - 1];
System.arraycopy(values, 0, newValues, 0, values.length - 1);
removeCustomAttribute(inum);
GluuCustomAttribute tmpGluuPersonAttribute = new GluuCustomAttribute(tmpAttribute.getName(), newValues, true, mandatory);
tmpGluuPersonAttribute.setMetadata(tmpAttribute);
this.customAttributes.add(index, tmpGluuPersonAttribute);
}
Aggregations