Skip to content

Commit

Permalink
feat(jans-auth-server): added minimum acr properties to dynamic regis…
Browse files Browse the repository at this point in the history
…tration #343
  • Loading branch information
yuriyz committed Nov 26, 2022
1 parent e2817bd commit 53de7e0
Show file tree
Hide file tree
Showing 4 changed files with 103 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,9 @@ public class RegisterRequest extends BaseRequest {
private SignatureAlgorithm tokenEndpointAuthSigningAlg;
private Integer defaultMaxAge;
private List<String> defaultAcrValues;
private Integer minimumAcrLevel;
private Boolean minimumAcrLevelAutoresolve;
private List<String> minimumAcrPriorityList;
private String initiateLoginUri;
private List<String> groups;
private List<String> postLogoutRedirectUris;
Expand Down Expand Up @@ -154,6 +157,7 @@ public RegisterRequest() {
this.grantTypes = new ArrayList<>();
this.contacts = new ArrayList<>();
this.defaultAcrValues = new ArrayList<>();
this.minimumAcrPriorityList = new ArrayList<>();
this.postLogoutRedirectUris = new ArrayList<>();
this.groups = new ArrayList<>();
this.requestUris = new ArrayList<>();
Expand Down Expand Up @@ -1039,6 +1043,60 @@ public void setDefaultMaxAge(Integer defaultMaxAge) {
this.defaultMaxAge = defaultMaxAge;
}

/**
* Gets minimum acr level
*
* @return minimum acr level
*/
public Integer getMinimumAcrLevel() {
return minimumAcrLevel;
}

/**
* Sets minimum acr level
*
* @param minimumAcrLevel minimum acr level
*/
public void setMinimumAcrLevel(Integer minimumAcrLevel) {
this.minimumAcrLevel = minimumAcrLevel;
}

/**
* Gets minimum acr level auto resolve
*
* @return minimum acr level auto resolve
*/
public Boolean getMinimumAcrLevelAutoresolve() {
return minimumAcrLevelAutoresolve;
}

/**
* Sets minimum acr level auto resolve
*
* @param minimumAcrLevelAutoresolve minimum acr level auto resolve
*/
public void setMinimumAcrLevelAutoresolve(Boolean minimumAcrLevelAutoresolve) {
this.minimumAcrLevelAutoresolve = minimumAcrLevelAutoresolve;
}

/**
* Gets minimum acr priority list
*
* @return minimum acr priority list
*/
public List<String> getMinimumAcrPriorityList() {
return minimumAcrPriorityList;
}

/**
* Sets minimum acr priority list
*
* @param minimumAcrPriorityList minimum acr priority list
*/
public void setMinimumAcrPriorityList(List<String> minimumAcrPriorityList) {
this.minimumAcrPriorityList = minimumAcrPriorityList;
}

/**
* Returns the Default requested Authentication Context Class Reference values.
*
Expand Down Expand Up @@ -1379,6 +1437,9 @@ public static RegisterRequest fromJson(JSONObject requestObject) throws JSONExce
result.setPostLogoutRedirectUris(extractListByKey(requestObject, POST_LOGOUT_REDIRECT_URIS.toString()));
result.setGroups(extractListByKey(requestObject, GROUPS.toString()));
result.setDefaultAcrValues(extractListByKey(requestObject, DEFAULT_ACR_VALUES.toString()));
result.setMinimumAcrLevel(integerOrNull(requestObject, MINIMUM_ACR_LEVEL.toString()));
result.setMinimumAcrLevelAutoresolve(requestObject.optBoolean(MINIMUM_ACR_LEVEL_AUTORESOLVE.toString()));
result.setMinimumAcrPriorityList(extractListByKey(requestObject, MINIMUM_ACR_PRIORITY_LIST.toString()));
result.setFrontChannelLogoutUri(requestObject.optString(FRONT_CHANNEL_LOGOUT_URI.toString()));
result.setFrontChannelLogoutSessionRequired(requestObject.optBoolean(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
result.setBackchannelLogoutUris(extractListByKey(requestObject, BACKCHANNEL_LOGOUT_URI.toString()));
Expand Down Expand Up @@ -1588,6 +1649,15 @@ public void getParameters(BiFunction<String, Object, Void> function) {
if (defaultAcrValues != null && !defaultAcrValues.isEmpty()) {
function.apply(DEFAULT_ACR_VALUES.toString(), toJSONArray(defaultAcrValues));
}
if (minimumAcrLevel != null) {
function.apply(MINIMUM_ACR_LEVEL.toString(), minimumAcrLevel.toString());
}
if (minimumAcrLevelAutoresolve != null) {
function.apply(MINIMUM_ACR_LEVEL_AUTORESOLVE.toString(), minimumAcrLevelAutoresolve.toString());
}
if (minimumAcrPriorityList != null) {
function.apply(MINIMUM_ACR_PRIORITY_LIST.toString(), toJSONArray(minimumAcrPriorityList));
}
if (StringUtils.isNotBlank(initiateLoginUri)) {
function.apply(INITIATE_LOGIN_URI.toString(), initiateLoginUri);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,24 @@ public enum RegisterRequestParam {
*/
DEFAULT_ACR_VALUES("default_acr_values"),

/**
* Integer value which sets minimum acr level.
*/
MINIMUM_ACR_LEVEL("minimum_acr_level"),

/**
* Boolean value,
* - if false and minimumAcrLevel is higher then current acr_values then reject request
* - if true - resolve acr according to either client's minimumAcrPriorityList or AS auth_level_mapping
*/
MINIMUM_ACR_LEVEL_AUTORESOLVE("minimum_acr_level_autoresolve"),

/**
* Array of strings,
* - enables client to specify the acr order of preference, rather then just the next lowest integer value
*/
MINIMUM_ACR_PRIORITY_LIST("minimum_acr_priority_list"),

/**
* URI using the https scheme that the Authorization Server can call to initiate a login at the Client.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,19 @@ public void updateClientFromRequestObject(Client client, RegisterRequest request
client.setInitiateLoginUri(requestObject.getInitiateLoginUri());
}

final Integer minimumAcrLevel = requestObject.getMinimumAcrLevel();
if (minimumAcrLevel != null) {
client.getAttributes().setMinimumAcrLevel(minimumAcrLevel);
}
final Boolean minimumAcrLevelAutoresolve = requestObject.getMinimumAcrLevelAutoresolve();
if (minimumAcrLevelAutoresolve != null) {
client.getAttributes().setMinimumAcrLevelAutoresolve(minimumAcrLevelAutoresolve);
}
final List<String> minimumAcrPriorityList = requestObject.getMinimumAcrPriorityList();
if (minimumAcrPriorityList != null) {
client.getAttributes().setMinimumAcrPriorityList(new ArrayList<>(new HashSet<>(minimumAcrPriorityList)));
}

final List<String> groups = requestObject.getGroups();
if (groups != null && !groups.isEmpty()) {
client.setGroups(new HashSet<>(groups).toArray(new String[0])); // remove duplicates
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@ public Response createClient(String requestParams, HttpServletRequest httpReques
Response.ResponseBuilder builder = Response.status(Response.Status.CREATED);
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpRequest), Action.CLIENT_REGISTRATION);
try {
log.trace("Registration request = {}", requestParams);

final JSONObject requestObject = registerService.parseRequestObjectWithoutValidation(requestParams);
final JSONObject softwareStatement = registerValidator.validateSoftwareStatement(httpRequest, requestObject);
overrideRequestObjectFromSoftwareStatement(requestObject, softwareStatement);
Expand All @@ -112,7 +114,6 @@ public Response createClient(String requestParams, HttpServletRequest httpReques

log.info("Attempting to register client: applicationType = {}, clientName = {}, redirectUris = {}, isSecure = {}, sectorIdentifierUri = {}, defaultAcrValues = {}",
r.getApplicationType(), r.getClientName(), r.getRedirectUris(), securityContext.isSecure(), r.getSectorIdentifierUri(), r.getDefaultAcrValues());
log.trace("Registration request = {}", requestParams);

registerValidator.validatePasswordGrantType(r);
registerValidator.validateDcrAuthorizationWithClientCredentials(r);
Expand Down

0 comments on commit 53de7e0

Please sign in to comment.