You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by mike-jumper <gi...@git.apache.org> on 2017/09/25 20:36:37 UTC
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
GitHub user mike-jumper opened a pull request:
https://github.com/apache/incubator-guacamole-client/pull/192
GUACAMOLE-210: Add support for single sign-on with OpenID Connect
A mere two thousand lines of new code, this tiny pull request adds a new extension, "guacamole-auth-openid", which provides supports for single sign-on with OpenID Connect.
Similar to the existing CAS extension, the OpenID extension requires several properties which define how Guacamole should connect to the OpenID service. When properly configured, the Guacamole login screen will redirect users to the OpenID service, which then generates a token authenticating the user and redirects them back to Guacamole. Once the token has been validated, and the identity of the user has been determined, the user is allowed in.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/incubator-guacamole-client openid-auth
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-guacamole-client/pull/192.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #192
----
commit 67c817af9ff1da7729a03205b929119f6d020027
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-02T03:54:58Z
GUACAMOLE-210: Add stub OAuthAuthenticationProvider.
commit c7d5bd69aa33e8d28c5391176ae7977574c660f7
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-02T07:54:09Z
GUACAMOLE-210: Add OAuth code field generated from configuration info in guacamole.properties. Use Guice.
commit 89f25a9467b62545bd1c114a35bba8680678fcc6
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-02T08:22:08Z
GUACAMOLE-210: Add OAuth code/link field.
commit 77e714b0e15dcbdaa5a0afc261e9a3592a8ee494
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-02T08:36:12Z
GUACAMOLE-210: Stub out authentication (recognize but do not actually use code).
commit 1c6a603a08c9e291205c10e2a38a2e4e53533e24
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-02T08:43:18Z
GUACAMOLE-210: Move classes to reasonable packages.
commit 63b69ad0762676f6f3608cbd889f28b6c94c6c09
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-03T05:10:30Z
GUACAMOLE-210: Use same version of Jersey as the main Guacamole webapp.
commit c20271cb9941854e46e85a5f975e4fa2aa832fea
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-03T05:55:53Z
GUACAMOLE-210: Add remaining endpoint properties.
commit c3c6e0c43b749929ae88d3c40d1da7bad2aa0309
Author: Michael Jumper <mj...@apache.org>
Date: 2016-01-03T06:35:47Z
GUACAMOLE-210: POST code to OAuth service to retrieve token.
commit fdc031338722242e30d1ca0b2e393a4b2ae2e8f0
Author: Michael Jumper <mj...@apache.org>
Date: 2016-06-12T07:14:00Z
GUACAMOLE-210: Migrate to implicit flow (client-side, relies on "id_token"). Update to pre-release 0.9.9-incubating codebase.
commit d27ba44439e702964cb668886ccbc35f740b38e8
Author: Michael Jumper <mj...@apache.org>
Date: 2016-06-13T06:03:47Z
GUACAMOLE-210: Validate the JWT using jose.4.j.
commit 9159ca4289cc1a13d78afdea17067c64b7ea27d8
Author: Michael Jumper <mj...@apache.org>
Date: 2016-06-13T07:01:08Z
GUACAMOLE-210: Use cryptographically-sound nonce generator.
commit faa327824beca658cbf0cb199d1bf049921b03a9
Author: Michael Jumper <mj...@apache.org>
Date: 2016-06-13T09:19:05Z
GUACAMOLE-210: Add missing comment.
commit c5bd3390bfd60c62ea199faa73ef6fb0bb963ffd
Author: Michael Jumper <mj...@apache.org>
Date: 2016-08-15T02:25:11Z
GUACAMOLE-210: Update for recent sharing-related changes to AuthenticationProvider on 0.9.9-incubating (current upstream git).
commit 254639f6e9d4a2f48b971245e69a74ae42ac9dd4
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-19T19:06:49Z
GUACAMOLE-210: Update to 0.9.11-incubating API.
commit 6d46d5cfb8307f2f57e14261855e9a72f555c0c4
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T19:24:33Z
GUACAMOLE-210: Add Apache RAT plugin to guacamole-auth-openid build.
commit 11fb9b3fa432a8e02037e403fbb6f72d6a39a78d
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T19:35:47Z
GUACAMOLE-210: Update to jose4j 0.5.5.
commit a8f97b548ece86e866e5ea96e0e49047270e34b7
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T19:42:19Z
GUACAMOLE-210: Document licenses of bundled dependencies for guacamole-auth-openid.
commit 1034612a47b8fdea4b1e8ee710615d09cd85d06d
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T19:43:35Z
GUACAMOLE-210: Create guacamole-auth-openid bundle .tar.gz as part of build.
commit d04d61225a9f820b99fd1815c5b24205dc1cc8e1
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T20:43:15Z
GUACAMOLE-210: Refactor source referencing OAuth to OpenID. This extension uses OpenID, not OAuth.
commit 82c6048d504965da90b719fa948a9ee5d99edcbd
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T20:45:37Z
GUACAMOLE-210: Move OpenID configuration property definitions into ConfigurationService.
commit b59c1e72335d8585ce32ac9351baf564c469372f
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T21:28:52Z
GUACAMOLE-210: Use empty template if field otherwise has no template.
commit 28cfc39c11838d6972c21ef92d6f07daaad0214e
Author: Michael Jumper <mj...@apache.org>
Date: 2017-02-21T21:29:23Z
GUACAMOLE-210: Remove unnecessary empty template definitions (empty template is the default).
commit 724a6a9737436b6e9a01eb209179e8ff34713758
Author: Michael Jumper <mj...@apache.org>
Date: 2017-08-27T00:52:53Z
GUACAMOLE-210: Update API to 0.9.13-incubating.
commit 187903563b3b9dd0a9721a5dafe5a4a58cb268c0
Author: Michael Jumper <mj...@apache.org>
Date: 2017-08-28T05:36:06Z
GUACAMOLE-210: Add redirect message. Refactor to use minification and pre-cached templates.
commit 4f8c853daa34d85b68e40c54b92a7f09e6eeac73
Author: Michael Jumper <mj...@apache.org>
Date: 2017-08-28T05:58:12Z
GUACAMOLE-210: Re-request ID token if validation or username retrieval fails.
commit aaf1b796f3201916b9a5e8269cefd9b88df183bc
Author: Michael Jumper <mj...@apache.org>
Date: 2017-08-28T06:58:15Z
GUACAMOLE-210: Properly generate and validate nonces.
commit 4dbf9a3f9ed899ca614f74871c05b4cd901b6e73
Author: Michael Jumper <mj...@apache.org>
Date: 2017-08-28T09:04:21Z
GUACAMOLE-210: Add configuration options for scope, clock skew, etc., as well as sensible defaults.
commit 4e459b9f19752559053bac6acd0f25d202a90df8
Author: Michael Jumper <mj...@apache.org>
Date: 2017-09-25T20:09:11Z
GUACAMOLE-210: Implement AuthenticationProvider shutdown() function required due to GUACAMOLE-393.
----
---
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
Posted by mike-jumper <gi...@git.apache.org>.
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/192#discussion_r140970238
--- Diff: extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/AuthenticationProviderService.java ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.openid;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.auth.openid.conf.ConfigurationService;
+import org.apache.guacamole.auth.openid.form.TokenField;
+import org.apache.guacamole.auth.openid.token.NonceService;
+import org.apache.guacamole.auth.openid.token.TokenValidationService;
+import org.apache.guacamole.auth.openid.user.AuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service providing convenience functions for the OpenID AuthenticationProvider
+ * implementation.
+ */
+public class AuthenticationProviderService {
+
+ /**
+ * Logger for this class.
+ */
+ private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class);
+
+ /**
+ * Service for retrieving OpenID configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Service for validating and generating unique nonce values.
+ */
+ @Inject
+ private NonceService nonceService;
+
+ /**
+ * Service for validating received ID tokens.
+ */
+ @Inject
+ private TokenValidationService tokenService;
+
+ /**
+ * Provider for AuthenticatedUser objects.
+ */
+ @Inject
+ private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+ /**
+ * Returns an AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @param credentials
+ * The credentials to use for authentication.
+ *
+ * @return
+ * An AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while authenticating the user, or if access is
+ * denied.
+ */
+ public AuthenticatedUser authenticateUser(Credentials credentials)
+ throws GuacamoleException {
+
+ String username = null;
--- End diff --
Not exactly. Only the properties of an object have default values. For example:
public class Foo {
private String username; // This is null by default
private int foo; // This is 0 by default
}
but:
public void foo() {
String username; // This is not initialized, and the compiler will warn us if we try to use it
int foo; // This is not initialized either
}
It's good to avoid unnecessary initialization since it allows the compiler to catch cases where we didn't mean to use a variable in a particular place. In this case, initialization is necessary as a catch-all representing that the username could not be retrieved, for any one of several reasons.
---
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
Posted by mike-jumper <gi...@git.apache.org>.
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/192#discussion_r140975468
--- Diff: extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/AuthenticationProviderService.java ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.openid;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.auth.openid.conf.ConfigurationService;
+import org.apache.guacamole.auth.openid.form.TokenField;
+import org.apache.guacamole.auth.openid.token.NonceService;
+import org.apache.guacamole.auth.openid.token.TokenValidationService;
+import org.apache.guacamole.auth.openid.user.AuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service providing convenience functions for the OpenID AuthenticationProvider
+ * implementation.
+ */
+public class AuthenticationProviderService {
+
+ /**
+ * Logger for this class.
+ */
+ private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class);
+
+ /**
+ * Service for retrieving OpenID configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Service for validating and generating unique nonce values.
+ */
+ @Inject
+ private NonceService nonceService;
+
+ /**
+ * Service for validating received ID tokens.
+ */
+ @Inject
+ private TokenValidationService tokenService;
+
+ /**
+ * Provider for AuthenticatedUser objects.
+ */
+ @Inject
+ private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+ /**
+ * Returns an AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @param credentials
+ * The credentials to use for authentication.
+ *
+ * @return
+ * An AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while authenticating the user, or if access is
+ * denied.
+ */
+ public AuthenticatedUser authenticateUser(Credentials credentials)
+ throws GuacamoleException {
+
+ String username = null;
+
+ // Validate OpenID token in request, if present, and derive username
+ HttpServletRequest request = credentials.getRequest();
+ if (request != null) {
+ String token = request.getParameter(TokenField.PARAMETER_NAME);
+ if (token != null)
+ username = tokenService.processUsername(token);
+ }
+
+ // If the username was successfully retrieved from the token, produce
+ // authenticated user
+ if (username != null) {
+
+ // Create corresponding authenticated user
+ AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
+ authenticatedUser.init(username, credentials);
--- End diff --
Good point - I'll fix that.
---
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-guacamole-client/pull/192
---
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
Posted by necouchman <gi...@git.apache.org>.
Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/192#discussion_r140942695
--- Diff: extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/AuthenticationProviderService.java ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.openid;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.auth.openid.conf.ConfigurationService;
+import org.apache.guacamole.auth.openid.form.TokenField;
+import org.apache.guacamole.auth.openid.token.NonceService;
+import org.apache.guacamole.auth.openid.token.TokenValidationService;
+import org.apache.guacamole.auth.openid.user.AuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service providing convenience functions for the OpenID AuthenticationProvider
+ * implementation.
+ */
+public class AuthenticationProviderService {
+
+ /**
+ * Logger for this class.
+ */
+ private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class);
+
+ /**
+ * Service for retrieving OpenID configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Service for validating and generating unique nonce values.
+ */
+ @Inject
+ private NonceService nonceService;
+
+ /**
+ * Service for validating received ID tokens.
+ */
+ @Inject
+ private TokenValidationService tokenService;
+
+ /**
+ * Provider for AuthenticatedUser objects.
+ */
+ @Inject
+ private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+ /**
+ * Returns an AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @param credentials
+ * The credentials to use for authentication.
+ *
+ * @return
+ * An AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while authenticating the user, or if access is
+ * denied.
+ */
+ public AuthenticatedUser authenticateUser(Credentials credentials)
+ throws GuacamoleException {
+
+ String username = null;
--- End diff --
Nitpick, but isn't a Java String already null by default? Any reason to explicitly set it? I'm sure I'm guilty of the same, just curious...
---
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
Posted by necouchman <gi...@git.apache.org>.
Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/192#discussion_r140943338
--- Diff: extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/AuthenticationProviderService.java ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.openid;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.auth.openid.conf.ConfigurationService;
+import org.apache.guacamole.auth.openid.form.TokenField;
+import org.apache.guacamole.auth.openid.token.NonceService;
+import org.apache.guacamole.auth.openid.token.TokenValidationService;
+import org.apache.guacamole.auth.openid.user.AuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service providing convenience functions for the OpenID AuthenticationProvider
+ * implementation.
+ */
+public class AuthenticationProviderService {
+
+ /**
+ * Logger for this class.
+ */
+ private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class);
+
+ /**
+ * Service for retrieving OpenID configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Service for validating and generating unique nonce values.
+ */
+ @Inject
+ private NonceService nonceService;
+
+ /**
+ * Service for validating received ID tokens.
+ */
+ @Inject
+ private TokenValidationService tokenService;
+
+ /**
+ * Provider for AuthenticatedUser objects.
+ */
+ @Inject
+ private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+ /**
+ * Returns an AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @param credentials
+ * The credentials to use for authentication.
+ *
+ * @return
+ * An AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while authenticating the user, or if access is
+ * denied.
+ */
+ public AuthenticatedUser authenticateUser(Credentials credentials)
+ throws GuacamoleException {
+
+ String username = null;
+
+ // Validate OpenID token in request, if present, and derive username
+ HttpServletRequest request = credentials.getRequest();
+ if (request != null) {
+ String token = request.getParameter(TokenField.PARAMETER_NAME);
+ if (token != null)
+ username = tokenService.processUsername(token);
+ }
+
+ // If the username was successfully retrieved from the token, produce
+ // authenticated user
+ if (username != null) {
+
+ // Create corresponding authenticated user
+ AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
+ authenticatedUser.init(username, credentials);
--- End diff --
If this SSO provider works the same as the Header and CAS provider do (Redirect to SSO login, then back to Guacamole, skipping the Guacamole username/password login), then I believe this will encounter the same challenge as those do with the username value (and password value) missing from the credentials object, and, thus, the `${GUAC_USERNAME}` token not functioning correctly.
I'm not sure we ever agreed upon the proper solution for that, but just FYI.
---
[GitHub] incubator-guacamole-client pull request #192: GUACAMOLE-210: Add support for...
Posted by necouchman <gi...@git.apache.org>.
Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/192#discussion_r141045409
--- Diff: extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/AuthenticationProviderService.java ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.openid;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.auth.openid.conf.ConfigurationService;
+import org.apache.guacamole.auth.openid.form.TokenField;
+import org.apache.guacamole.auth.openid.token.NonceService;
+import org.apache.guacamole.auth.openid.token.TokenValidationService;
+import org.apache.guacamole.auth.openid.user.AuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service providing convenience functions for the OpenID AuthenticationProvider
+ * implementation.
+ */
+public class AuthenticationProviderService {
+
+ /**
+ * Logger for this class.
+ */
+ private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class);
+
+ /**
+ * Service for retrieving OpenID configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Service for validating and generating unique nonce values.
+ */
+ @Inject
+ private NonceService nonceService;
+
+ /**
+ * Service for validating received ID tokens.
+ */
+ @Inject
+ private TokenValidationService tokenService;
+
+ /**
+ * Provider for AuthenticatedUser objects.
+ */
+ @Inject
+ private Provider<AuthenticatedUser> authenticatedUserProvider;
+
+ /**
+ * Returns an AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @param credentials
+ * The credentials to use for authentication.
+ *
+ * @return
+ * An AuthenticatedUser representing the user authenticated by the
+ * given credentials.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while authenticating the user, or if access is
+ * denied.
+ */
+ public AuthenticatedUser authenticateUser(Credentials credentials)
+ throws GuacamoleException {
+
+ String username = null;
--- End diff --
Got it, thanks for the clarification.
---