You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2018/05/08 09:07:41 UTC
[1/4] syncope git commit: [SYNCOPE-1270] Upgrade CXF to get OIDC fix
for Azure + other refinements
Repository: syncope
Updated Branches:
refs/heads/2_0_X 70aa8425b -> 48f54252c
refs/heads/master 7cdeb5fa8 -> 7efefd570
[SYNCOPE-1270] Upgrade CXF to get OIDC fix for Azure + other refinements
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3c439b03
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3c439b03
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3c439b03
Branch: refs/heads/2_0_X
Commit: 3c439b0353fd61a84b4485e59f6a33a5b4b8475b
Parents: 70aa842
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Tue May 8 11:05:05 2018 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Tue May 8 11:05:05 2018 +0200
----------------------------------------------------------------------
.../syncope/ext/oidcclient/agent/Login.java | 2 +-
.../syncope/common/lib/OIDCConstants.java | 8 +-
.../syncope/core/logic/OIDCClientLogic.java | 82 ++++++++++++--------
pom.xml | 2 +-
4 files changed, 56 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/3c439b03/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java b/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
index 36850e4..7906506 100644
--- a/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
+++ b/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
@@ -67,7 +67,7 @@ public class Login extends HttpServlet {
UriBuilder ub = UriBuilder.fromUri(requestTO.getProviderAddress());
ub.queryParam(OIDCConstants.CLIENT_ID, requestTO.getClientId());
ub.queryParam(OIDCConstants.REDIRECT_URI, requestTO.getRedirectURI());
- ub.queryParam(OIDCConstants.RESPOSNSE_TYPE, requestTO.getResponseType());
+ ub.queryParam(OIDCConstants.RESPONSE_TYPE, requestTO.getResponseType());
ub.queryParam(OIDCConstants.SCOPE, requestTO.getScope());
ub.queryParam(OIDCConstants.STATE, requestTO.getState());
response.setHeader("Location", ub.build().toASCIIString());
http://git-wip-us.apache.org/repos/asf/syncope/blob/3c439b03/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java b/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
index 12daa0a..b0b406a 100644
--- a/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
+++ b/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
@@ -26,15 +26,13 @@ public final class OIDCConstants {
public static final String SCOPE = "scope";
- public static final String RESPOSNSE_TYPE = "response_type";
-
- public static final String REDIRECT_URI = "redirect_uri";
+ public static final String RESPONSE_TYPE = "response_type";
public static final String STATE = "state";
- public static final String CODE = "code";
+ public static final String REDIRECT_URI = "redirect_uri";
- public static final String GRANT_TYPE = "grant_type";
+ public static final String CODE = "code";
public static final String OP = "op";
http://git-wip-us.apache.org/repos/asf/syncope/blob/3c439b03/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java b/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
index 20decf9..b56a819 100644
--- a/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
+++ b/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
@@ -18,9 +18,11 @@
*/
package org.apache.syncope.core.logic;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
import com.fasterxml.uuid.Generators;
import com.fasterxml.uuid.impl.RandomBasedGenerator;
+import java.io.IOException;
+import java.io.InputStream;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
@@ -29,19 +31,21 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
+import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider;
import org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider;
import org.apache.cxf.rs.security.oauth2.client.Consumer;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
import org.apache.cxf.rs.security.oidc.rp.IdTokenReader;
import org.apache.cxf.rs.security.oidc.rp.UserInfoClient;
import org.apache.syncope.common.lib.AbstractBaseBean;
-import org.apache.syncope.common.lib.OIDCConstants;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.AttrTO;
import org.apache.syncope.common.lib.to.OIDCLoginRequestTO;
@@ -69,8 +73,6 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
private static final Encryptor ENCRYPTOR = Encryptor.getInstance();
- private static final ObjectMapper MAPPER = new ObjectMapper();
-
private static final RandomBasedGenerator UUID_GENERATOR = Generators.randomBasedGenerator();
private static final String JWT_CLAIM_OP_ENTITYID = "OP_ENTITYID";
@@ -117,7 +119,7 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
requestTO.setProviderAddress(op.getAuthorizationEndpoint());
requestTO.setClientId(op.getClientID());
requestTO.setScope("openid email profile");
- requestTO.setResponseType("code");
+ requestTO.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
requestTO.setRedirectURI(redirectURI);
requestTO.setState(UUID_GENERATOR.generate().toString());
return requestTO;
@@ -128,17 +130,27 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
final OIDCProvider op = getOIDCProvider(opName);
// 1. get OpenID Connect tokens
- String body = OIDCConstants.CODE + "=" + authorizationCode
- + "&" + OIDCConstants.CLIENT_ID + "=" + op.getClientID()
- + "&" + OIDCConstants.CLIENT_SECRET + "=" + op.getClientSecret()
- + "&" + OIDCConstants.REDIRECT_URI + "=" + redirectURI
- + "&" + OIDCConstants.GRANT_TYPE + "=authorization_code";
- TokenEndpointResponse tokenEndpointResponse = getOIDCTokens(op.getTokenEndpoint(), body);
+ String body = OAuthConstants.AUTHORIZATION_CODE_VALUE + "=" + authorizationCode
+ + "&" + OAuthConstants.CLIENT_ID + "=" + op.getClientID()
+ + "&" + OAuthConstants.CLIENT_SECRET + "=" + op.getClientSecret()
+ + "&" + OAuthConstants.REDIRECT_URI + "=" + redirectURI
+ + "&" + OAuthConstants.GRANT_TYPE + "=" + OAuthConstants.AUTHORIZATION_CODE_GRANT;
+ TokenEndpointResponse tokenEndpointResponse;
+ try {
+ tokenEndpointResponse = getOIDCTokens(op.getTokenEndpoint(), body);
+ } catch (IOException e) {
+ LOG.error("Unexpected response for OIDC Tokens", e);
+
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
+ sce.getElements().add("Unexpected response for OIDC Tokens: " + e.getMessage());
+ throw sce;
+ }
// 1. get OpenID Connect tokens
Consumer consumer = new Consumer(op.getClientID(), op.getClientSecret());
// 2. validate token
+ LOG.debug("Id Token to be validated: {}", tokenEndpointResponse.getIdToken());
IdToken idToken = getValidatedIdToken(op, consumer, tokenEndpointResponse.getIdToken());
// 3. extract user information
@@ -152,7 +164,7 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
responseTO.setName(userInfo.getName());
responseTO.setSubject(userInfo.getSubject());
- String keyValue = null;
+ String keyValue = userInfo.getEmail();
for (OIDCProviderItem item : op.getItems()) {
AttrTO attrTO = new AttrTO();
attrTO.setSchema(item.getExtAttrName());
@@ -278,7 +290,14 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
break;
default:
- LOG.warn("Unsupported: {} ", item.getExtAttrName());
+ String value = userInfo.getClaim(item.getExtAttrName()) == null
+ ? null
+ : userInfo.getClaim(item.getExtAttrName()).toString();
+ attrTO.getValues().add(value);
+ responseTO.getAttrs().add(attrTO);
+ if (item.isConnObjectKey()) {
+ keyValue = value;
+ }
}
}
@@ -302,7 +321,9 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
}
});
} else {
- throw new NotFoundException("User matching the provided value " + keyValue);
+ throw new NotFoundException(keyValue == null
+ ? "User marching the provided claims"
+ : "User matching the provided value " + keyValue);
}
} else if (matchingUsers.size() > 1) {
throw new IllegalArgumentException("Several users match the provided value " + keyValue);
@@ -348,32 +369,30 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
return responseTO;
}
- private TokenEndpointResponse getOIDCTokens(final String url, final String body) {
- String oidcTokens = WebClient.create(url).
+ private TokenEndpointResponse getOIDCTokens(final String url, final String body) throws IOException {
+ Response response = WebClient.create(url, Arrays.asList(new JacksonJsonProvider())).
type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON).
- post(body).
- readEntity(String.class);
- TokenEndpointResponse endpointResponse = null;
- try {
- endpointResponse = MAPPER.readValue(oidcTokens, TokenEndpointResponse.class);
- } catch (Exception e) {
- LOG.error("While getting the Tokens from the OP", e);
+ post(body);
+ if (response.getStatus() != Response.Status.OK.getStatusCode()) {
+ LOG.error("Unexpected response from OIDC Provider: {}\n{}\n{}",
+ response.getStatus(), response.getHeaders(),
+ IOUtils.toString((InputStream) response.getEntity()));
+
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
- sce.getElements().add(e.getMessage());
+ sce.getElements().add("Unexpected response from OIDC Provider");
throw sce;
}
- return endpointResponse;
+
+ return response.readEntity(TokenEndpointResponse.class);
}
private IdToken getValidatedIdToken(final OIDCProvider op, final Consumer consumer, final String jwtIdToken) {
IdTokenReader idTokenReader = new IdTokenReader();
idTokenReader.setClockOffset(10);
idTokenReader.setIssuerId(op.getIssuer());
- WebClient jwkSetClient = WebClient.create(
- op.getJwksUri(), Arrays.asList(new JsonWebKeysProvider())).
- accept(MediaType.APPLICATION_JSON);
- idTokenReader.setJwkSetClient(jwkSetClient);
- IdToken idToken = null;
+ idTokenReader.setJwkSetClient(WebClient.create(op.getJwksUri(), Arrays.asList(new JsonWebKeysProvider())).
+ accept(MediaType.APPLICATION_JSON));
+ IdToken idToken;
try {
idToken = idTokenReader.getIdToken(jwtIdToken, consumer);
} catch (Exception e) {
@@ -394,7 +413,8 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
WebClient userInfoServiceClient = WebClient.create(
op.getUserinfoEndpoint(), Arrays.asList(new JsonMapObjectProvider())).
accept(MediaType.APPLICATION_JSON);
- ClientAccessToken clientAccessToken = new ClientAccessToken("Bearer", accessToken);
+ ClientAccessToken clientAccessToken =
+ new ClientAccessToken(OAuthConstants.BEARER_AUTHORIZATION_SCHEME, accessToken);
UserInfoClient userInfoClient = new UserInfoClient();
userInfoClient.setUserInfoServiceClient(userInfoServiceClient);
UserInfo userInfo = null;
http://git-wip-us.apache.org/repos/asf/syncope/blob/3c439b03/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c75d278..763387a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -366,7 +366,7 @@ under the License.
<connid.googleapps.version>1.4.1</connid.googleapps.version>
<connid.azure.version>1.0.1</connid.azure.version>
- <cxf.version>3.1.15</cxf.version>
+ <cxf.version>3.1.16-SNAPSHOT</cxf.version>
<jackson.version>2.9.5</jackson.version>
[3/4] syncope git commit: [SYNCOPE-1270] Upgrade CXF to get OIDC fix
for Azure + other refinements
Posted by il...@apache.org.
[SYNCOPE-1270] Upgrade CXF to get OIDC fix for Azure + other refinements
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0a8b97ca
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0a8b97ca
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0a8b97ca
Branch: refs/heads/master
Commit: 0a8b97ca38cbccef1b76c322c6e86840370f12a9
Parents: 7cdeb5f
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Tue May 8 11:05:05 2018 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Tue May 8 11:07:10 2018 +0200
----------------------------------------------------------------------
.../syncope/ext/oidcclient/agent/Login.java | 2 +-
.../syncope/common/lib/OIDCConstants.java | 8 +-
.../syncope/core/logic/OIDCClientLogic.java | 82 ++++++++++++--------
pom.xml | 2 +-
4 files changed, 56 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/0a8b97ca/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java b/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
index 36850e4..7906506 100644
--- a/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
+++ b/ext/oidcclient/agent/src/main/java/org/apache/syncope/ext/oidcclient/agent/Login.java
@@ -67,7 +67,7 @@ public class Login extends HttpServlet {
UriBuilder ub = UriBuilder.fromUri(requestTO.getProviderAddress());
ub.queryParam(OIDCConstants.CLIENT_ID, requestTO.getClientId());
ub.queryParam(OIDCConstants.REDIRECT_URI, requestTO.getRedirectURI());
- ub.queryParam(OIDCConstants.RESPOSNSE_TYPE, requestTO.getResponseType());
+ ub.queryParam(OIDCConstants.RESPONSE_TYPE, requestTO.getResponseType());
ub.queryParam(OIDCConstants.SCOPE, requestTO.getScope());
ub.queryParam(OIDCConstants.STATE, requestTO.getState());
response.setHeader("Location", ub.build().toASCIIString());
http://git-wip-us.apache.org/repos/asf/syncope/blob/0a8b97ca/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java b/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
index 12daa0a..b0b406a 100644
--- a/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
+++ b/ext/oidcclient/common-lib/src/main/java/org/apache/syncope/common/lib/OIDCConstants.java
@@ -26,15 +26,13 @@ public final class OIDCConstants {
public static final String SCOPE = "scope";
- public static final String RESPOSNSE_TYPE = "response_type";
-
- public static final String REDIRECT_URI = "redirect_uri";
+ public static final String RESPONSE_TYPE = "response_type";
public static final String STATE = "state";
- public static final String CODE = "code";
+ public static final String REDIRECT_URI = "redirect_uri";
- public static final String GRANT_TYPE = "grant_type";
+ public static final String CODE = "code";
public static final String OP = "op";
http://git-wip-us.apache.org/repos/asf/syncope/blob/0a8b97ca/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java b/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
index 638ae5e..e7b6a15 100644
--- a/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
+++ b/ext/oidcclient/logic/src/main/java/org/apache/syncope/core/logic/OIDCClientLogic.java
@@ -18,9 +18,11 @@
*/
package org.apache.syncope.core.logic;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
import com.fasterxml.uuid.Generators;
import com.fasterxml.uuid.impl.RandomBasedGenerator;
+import java.io.IOException;
+import java.io.InputStream;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
@@ -29,19 +31,21 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
+import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider;
import org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider;
import org.apache.cxf.rs.security.oauth2.client.Consumer;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
import org.apache.cxf.rs.security.oidc.rp.IdTokenReader;
import org.apache.cxf.rs.security.oidc.rp.UserInfoClient;
import org.apache.syncope.common.lib.AbstractBaseBean;
-import org.apache.syncope.common.lib.OIDCConstants;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.AttrTO;
import org.apache.syncope.common.lib.to.OIDCLoginRequestTO;
@@ -69,8 +73,6 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
private static final Encryptor ENCRYPTOR = Encryptor.getInstance();
- private static final ObjectMapper MAPPER = new ObjectMapper();
-
private static final RandomBasedGenerator UUID_GENERATOR = Generators.randomBasedGenerator();
private static final String JWT_CLAIM_OP_ENTITYID = "OP_ENTITYID";
@@ -117,7 +119,7 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
requestTO.setProviderAddress(op.getAuthorizationEndpoint());
requestTO.setClientId(op.getClientID());
requestTO.setScope("openid email profile");
- requestTO.setResponseType("code");
+ requestTO.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
requestTO.setRedirectURI(redirectURI);
requestTO.setState(UUID_GENERATOR.generate().toString());
return requestTO;
@@ -128,17 +130,27 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
OIDCProvider op = getOIDCProvider(opName);
// 1. get OpenID Connect tokens
- String body = OIDCConstants.CODE + "=" + authorizationCode
- + "&" + OIDCConstants.CLIENT_ID + "=" + op.getClientID()
- + "&" + OIDCConstants.CLIENT_SECRET + "=" + op.getClientSecret()
- + "&" + OIDCConstants.REDIRECT_URI + "=" + redirectURI
- + "&" + OIDCConstants.GRANT_TYPE + "=authorization_code";
- TokenEndpointResponse tokenEndpointResponse = getOIDCTokens(op.getTokenEndpoint(), body);
+ String body = OAuthConstants.AUTHORIZATION_CODE_VALUE + "=" + authorizationCode
+ + "&" + OAuthConstants.CLIENT_ID + "=" + op.getClientID()
+ + "&" + OAuthConstants.CLIENT_SECRET + "=" + op.getClientSecret()
+ + "&" + OAuthConstants.REDIRECT_URI + "=" + redirectURI
+ + "&" + OAuthConstants.GRANT_TYPE + "=" + OAuthConstants.AUTHORIZATION_CODE_GRANT;
+ TokenEndpointResponse tokenEndpointResponse;
+ try {
+ tokenEndpointResponse = getOIDCTokens(op.getTokenEndpoint(), body);
+ } catch (IOException e) {
+ LOG.error("Unexpected response for OIDC Tokens", e);
+
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
+ sce.getElements().add("Unexpected response for OIDC Tokens: " + e.getMessage());
+ throw sce;
+ }
// 1. get OpenID Connect tokens
Consumer consumer = new Consumer(op.getClientID(), op.getClientSecret());
// 2. validate token
+ LOG.debug("Id Token to be validated: {}", tokenEndpointResponse.getIdToken());
IdToken idToken = getValidatedIdToken(op, consumer, tokenEndpointResponse.getIdToken());
// 3. extract user information
@@ -152,7 +164,7 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
responseTO.setName(userInfo.getName());
responseTO.setSubject(userInfo.getSubject());
- String keyValue = null;
+ String keyValue = userInfo.getEmail();
for (OIDCProviderItem item : op.getItems()) {
AttrTO attrTO = new AttrTO();
attrTO.setSchema(item.getExtAttrName());
@@ -278,7 +290,14 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
break;
default:
- LOG.warn("Unsupported: {} ", item.getExtAttrName());
+ String value = userInfo.getClaim(item.getExtAttrName()) == null
+ ? null
+ : userInfo.getClaim(item.getExtAttrName()).toString();
+ attrTO.getValues().add(value);
+ responseTO.getAttrs().add(attrTO);
+ if (item.isConnObjectKey()) {
+ keyValue = value;
+ }
}
}
@@ -296,7 +315,9 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
username = AuthContextUtils.execWithAuthContext(AuthContextUtils.getDomain(),
() -> userManager.create(op, responseTO, emailValue));
} else {
- throw new NotFoundException("User matching the provided value " + keyValue);
+ throw new NotFoundException(keyValue == null
+ ? "User marching the provided claims"
+ : "User matching the provided value " + keyValue);
}
} else if (matchingUsers.size() > 1) {
throw new IllegalArgumentException("Several users match the provided value " + keyValue);
@@ -336,32 +357,30 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
return responseTO;
}
- private TokenEndpointResponse getOIDCTokens(final String url, final String body) {
- String oidcTokens = WebClient.create(url).
+ private TokenEndpointResponse getOIDCTokens(final String url, final String body) throws IOException {
+ Response response = WebClient.create(url, Arrays.asList(new JacksonJsonProvider())).
type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON).
- post(body).
- readEntity(String.class);
- TokenEndpointResponse endpointResponse = null;
- try {
- endpointResponse = MAPPER.readValue(oidcTokens, TokenEndpointResponse.class);
- } catch (Exception e) {
- LOG.error("While getting the Tokens from the OP", e);
+ post(body);
+ if (response.getStatus() != Response.Status.OK.getStatusCode()) {
+ LOG.error("Unexpected response from OIDC Provider: {}\n{}\n{}",
+ response.getStatus(), response.getHeaders(),
+ IOUtils.toString((InputStream) response.getEntity()));
+
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
- sce.getElements().add(e.getMessage());
+ sce.getElements().add("Unexpected response from OIDC Provider");
throw sce;
}
- return endpointResponse;
+
+ return response.readEntity(TokenEndpointResponse.class);
}
private IdToken getValidatedIdToken(final OIDCProvider op, final Consumer consumer, final String jwtIdToken) {
IdTokenReader idTokenReader = new IdTokenReader();
idTokenReader.setClockOffset(10);
idTokenReader.setIssuerId(op.getIssuer());
- WebClient jwkSetClient = WebClient.create(
- op.getJwksUri(), Arrays.asList(new JsonWebKeysProvider())).
- accept(MediaType.APPLICATION_JSON);
- idTokenReader.setJwkSetClient(jwkSetClient);
- IdToken idToken = null;
+ idTokenReader.setJwkSetClient(WebClient.create(op.getJwksUri(), Arrays.asList(new JsonWebKeysProvider())).
+ accept(MediaType.APPLICATION_JSON));
+ IdToken idToken;
try {
idToken = idTokenReader.getIdToken(jwtIdToken, consumer);
} catch (Exception e) {
@@ -382,7 +401,8 @@ public class OIDCClientLogic extends AbstractTransactionalLogic<AbstractBaseBean
WebClient userInfoServiceClient = WebClient.create(
op.getUserinfoEndpoint(), Arrays.asList(new JsonMapObjectProvider())).
accept(MediaType.APPLICATION_JSON);
- ClientAccessToken clientAccessToken = new ClientAccessToken("Bearer", accessToken);
+ ClientAccessToken clientAccessToken =
+ new ClientAccessToken(OAuthConstants.BEARER_AUTHORIZATION_SCHEME, accessToken);
UserInfoClient userInfoClient = new UserInfoClient();
userInfoClient.setUserInfoServiceClient(userInfoServiceClient);
UserInfo userInfo = null;
http://git-wip-us.apache.org/repos/asf/syncope/blob/0a8b97ca/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index af12507..c7d4384 100644
--- a/pom.xml
+++ b/pom.xml
@@ -366,7 +366,7 @@ under the License.
<connid.googleapps.version>1.4.1</connid.googleapps.version>
<connid.azure.version>1.0.1</connid.azure.version>
- <cxf.version>3.2.4</cxf.version>
+ <cxf.version>3.2.5-SNAPSHOT</cxf.version>
<jackson.version>2.9.5</jackson.version>
[2/4] syncope git commit: Ensuring order for console extensions
Posted by il...@apache.org.
Ensuring order for console extensions
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/48f54252
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/48f54252
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/48f54252
Branch: refs/heads/2_0_X
Commit: 48f54252c36adf42c7a964adeb01321737239bdc
Parents: 3c439b0
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Tue May 8 11:06:34 2018 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Tue May 8 11:06:34 2018 +0200
----------------------------------------------------------------------
.../java/org/apache/syncope/client/console/pages/OIDCClient.java | 2 +-
.../main/java/org/apache/syncope/client/console/pages/SAML2SP.java | 2 +-
.../java/org/apache/syncope/client/console/pages/SCIMConf.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/48f54252/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java b/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
index f588733..66d2ce0 100644
--- a/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
+++ b/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
@@ -32,7 +32,7 @@ import org.apache.wicket.markup.html.panel.Panel;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.mapper.parameter.PageParameters;
-@ExtPage(label = "OIDC Client", icon = "fa-openid ", listEntitlement = OIDCClientEntitlement.OP_READ, priority = 100)
+@ExtPage(label = "OIDC Client", icon = "fa-openid ", listEntitlement = OIDCClientEntitlement.OP_READ, priority = 200)
public class OIDCClient extends BaseExtPage {
private static final long serialVersionUID = -599601954212606001L;
http://git-wip-us.apache.org/repos/asf/syncope/blob/48f54252/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
index ea0ac93..7163ab9 100644
--- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
@@ -33,7 +33,7 @@ import org.apache.wicket.markup.html.panel.Panel;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.mapper.parameter.PageParameters;
-@ExtPage(label = "SAML 2.0 SP", icon = "fa-sign-in", listEntitlement = SAML2SPEntitlement.IDP_READ, priority = 100)
+@ExtPage(label = "SAML 2.0 SP", icon = "fa-sign-in", listEntitlement = SAML2SPEntitlement.IDP_READ, priority = 300)
public class SAML2SP extends BaseExtPage {
private static final long serialVersionUID = -4837201407211278956L;
http://git-wip-us.apache.org/repos/asf/syncope/blob/48f54252/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
----------------------------------------------------------------------
diff --git a/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java b/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
index bd22f03..ac5a375 100644
--- a/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
+++ b/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
@@ -43,7 +43,7 @@ import org.apache.wicket.model.Model;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.mapper.parameter.PageParameters;
-@ExtPage(label = "SCIM 2.0", icon = "fa-cloud", listEntitlement = SCIMEntitlement.SCIM_CONF_GET, priority = 100)
+@ExtPage(label = "SCIM 2.0", icon = "fa-cloud", listEntitlement = SCIMEntitlement.SCIM_CONF_GET, priority = 400)
public class SCIMConf extends BaseExtPage {
private static final long serialVersionUID = 9128779230455599119L;
[4/4] syncope git commit: Ensuring order for console extensions
Posted by il...@apache.org.
Ensuring order for console extensions
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/7efefd57
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/7efefd57
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/7efefd57
Branch: refs/heads/master
Commit: 7efefd570f41f5eec685ddf12d1a84e31d5915ef
Parents: 0a8b97c
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Tue May 8 11:06:34 2018 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Tue May 8 11:07:27 2018 +0200
----------------------------------------------------------------------
.../java/org/apache/syncope/client/console/pages/OIDCClient.java | 2 +-
.../main/java/org/apache/syncope/client/console/pages/SAML2SP.java | 2 +-
.../java/org/apache/syncope/client/console/pages/SCIMConf.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/7efefd57/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
----------------------------------------------------------------------
diff --git a/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java b/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
index f588733..66d2ce0 100644
--- a/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
+++ b/ext/oidcclient/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCClient.java
@@ -32,7 +32,7 @@ import org.apache.wicket.markup.html.panel.Panel;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.mapper.parameter.PageParameters;
-@ExtPage(label = "OIDC Client", icon = "fa-openid ", listEntitlement = OIDCClientEntitlement.OP_READ, priority = 100)
+@ExtPage(label = "OIDC Client", icon = "fa-openid ", listEntitlement = OIDCClientEntitlement.OP_READ, priority = 200)
public class OIDCClient extends BaseExtPage {
private static final long serialVersionUID = -599601954212606001L;
http://git-wip-us.apache.org/repos/asf/syncope/blob/7efefd57/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
index ea0ac93..7163ab9 100644
--- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SP.java
@@ -33,7 +33,7 @@ import org.apache.wicket.markup.html.panel.Panel;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.mapper.parameter.PageParameters;
-@ExtPage(label = "SAML 2.0 SP", icon = "fa-sign-in", listEntitlement = SAML2SPEntitlement.IDP_READ, priority = 100)
+@ExtPage(label = "SAML 2.0 SP", icon = "fa-sign-in", listEntitlement = SAML2SPEntitlement.IDP_READ, priority = 300)
public class SAML2SP extends BaseExtPage {
private static final long serialVersionUID = -4837201407211278956L;
http://git-wip-us.apache.org/repos/asf/syncope/blob/7efefd57/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
----------------------------------------------------------------------
diff --git a/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java b/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
index bd22f03..ac5a375 100644
--- a/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
+++ b/ext/scimv2/client-console/src/main/java/org/apache/syncope/client/console/pages/SCIMConf.java
@@ -43,7 +43,7 @@ import org.apache.wicket.model.Model;
import org.apache.wicket.model.ResourceModel;
import org.apache.wicket.request.mapper.parameter.PageParameters;
-@ExtPage(label = "SCIM 2.0", icon = "fa-cloud", listEntitlement = SCIMEntitlement.SCIM_CONF_GET, priority = 100)
+@ExtPage(label = "SCIM 2.0", icon = "fa-cloud", listEntitlement = SCIMEntitlement.SCIM_CONF_GET, priority = 400)
public class SCIMConf extends BaseExtPage {
private static final long serialVersionUID = 9128779230455599119L;