Commit 2a58d66c authored by ls1947's avatar ls1947
Browse files

Allow OIDC OP without attached service

parent d306cbb1
......@@ -169,48 +169,54 @@ public class OidcOpLoginImpl implements OidcOpLogin {
OidcClientConfigurationEntity clientConfig = flowState.getClientConfiguration();
List<ServiceOidcClientEntity> serviceOidcClientList = serviceOidcClientDao.findByClientConfig(clientConfig);
/*
* Allow OIDC config without service
*/
if (serviceOidcClientList.size() == 0) {
throw new OidcAuthenticationException("no service is connected to client configuration");
throw new OidcAuthenticationException("no script is connected to client configuration");
}
RegistryEntity registry = null;
for (ServiceOidcClientEntity serviceOidcClient : serviceOidcClientList) {
ServiceEntity service = serviceOidcClient.getService();
logger.debug("Service for RP found: {}", service);
registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry != null) {
List<Object> objectList = checkRules(user, service, registry);
List<OverrideAccess> overrideAccessList = extractOverideAccess(objectList);
List<UnauthorizedUser> unauthorizedUserList = extractUnauthorizedUser(objectList);
if (service != null) {
logger.debug("Service for RP found: {}", service);
if (overrideAccessList.size() == 0 && unauthorizedUserList.size() > 0) {
return "/user/check-access.xhtml?regId=" + registry.getId();
}
}
else {
registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.LOST_ACCESS);
registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.ACTIVE);
if (registry != null) {
logger.info("Registration for user {} and service {} in state LOST_ACCESS, checking again",
user.getEppn(), service.getName());
List<Object> objectList = checkRules(user, service, registry);
List<OverrideAccess> overrideAccessList = extractOverideAccess(objectList);
List<UnauthorizedUser> unauthorizedUserList = extractUnauthorizedUser(objectList);
if (overrideAccessList.size() == 0 && unauthorizedUserList.size() > 0) {
logger.info("Registration for user {} and service {} in state LOST_ACCESS stays, redirecting to check page",
user.getEppn(), service.getName());
return "/user/check-access.xhtml?regId=" + registry.getId();
}
}
else {
logger.info("No active registration for user {} and service {}, redirecting to register page",
user.getEppn(), service.getName());
session.setOriginalRequestPath("/oidc/realms/" + opConfig.getRealm() + "/protocol/openid-connect/auth/return");
return "/user/register-service.xhtml?serviceId=" + service.getId();
registry = registryDao.findByServiceAndUserAndStatus(service, user, RegistryStatus.LOST_ACCESS);
if (registry != null) {
logger.info("Registration for user {} and service {} in state LOST_ACCESS, checking again",
user.getEppn(), service.getName());
List<Object> objectList = checkRules(user, service, registry);
List<OverrideAccess> overrideAccessList = extractOverideAccess(objectList);
List<UnauthorizedUser> unauthorizedUserList = extractUnauthorizedUser(objectList);
if (overrideAccessList.size() == 0 && unauthorizedUserList.size() > 0) {
logger.info("Registration for user {} and service {} in state LOST_ACCESS stays, redirecting to check page",
user.getEppn(), service.getName());
return "/user/check-access.xhtml?regId=" + registry.getId();
}
}
else {
logger.info("No active registration for user {} and service {}, redirecting to register page",
user.getEppn(), service.getName());
session.setOriginalRequestPath("/oidc/realms/" + opConfig.getRealm() + "/protocol/openid-connect/auth/return");
return "/user/register-service.xhtml?serviceId=" + service.getId();
}
}
}
}
......@@ -262,9 +268,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
RegistryEntity registry = flowState.getRegistry();
if (registry == null) {
throw new OidcAuthenticationException("No registry attached to flow state.");
}
/*
* allow for no registry
*/
// if (registry == null) {
// throw new OidcAuthenticationException("No registry attached to flow state.");
// }
List<ServiceOidcClientEntity> serviceOidcClientList = serviceOidcClientDao.findByClientConfig(clientConfig);
......@@ -364,9 +373,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
RegistryEntity registry = flowState.getRegistry();
if (registry == null) {
throw new OidcAuthenticationException("No registry attached to flow state.");
}
/*
* allow for no registry
*/
// if (registry == null) {
// throw new OidcAuthenticationException("No registry attached to flow state.");
// }
JWTClaimsSet.Builder claimsBuilder = new JWTClaimsSet.Builder();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment