Commit 56bdd9fd authored by michael.simon's avatar michael.simon
Browse files

now really fix oidc login

parent a59410f7
...@@ -290,6 +290,14 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -290,6 +290,14 @@ public class OidcOpLoginImpl implements OidcOpLogin {
throw new OidcAuthenticationException("No identity attached to flow state."); throw new OidcAuthenticationException("No identity attached to flow state.");
} }
UserEntity user;
if (identity.getUsers().size() == 1) {
user = identity.getUsers().iterator().next();
}
else {
user = identity.getPrefUser();
}
RegistryEntity registry = flowState.getRegistry(); RegistryEntity registry = flowState.getRegistry();
/* /*
...@@ -307,7 +315,7 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -307,7 +315,7 @@ public class OidcOpLoginImpl implements OidcOpLogin {
.claim("nonce", flowState.getNonce()) .claim("nonce", flowState.getNonce())
.audience(flowState.getClientConfiguration().getName()) .audience(flowState.getClientConfiguration().getName())
.issueTime(new Date()) .issueTime(new Date())
.subject(flowState.getUser().getEppn()) .subject(user.getEppn())
.build(); .build();
for (ServiceOidcClientEntity serviceOidcClient : serviceOidcClientList) { for (ServiceOidcClientEntity serviceOidcClient : serviceOidcClientList) {
...@@ -323,8 +331,8 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -323,8 +331,8 @@ public class OidcOpLoginImpl implements OidcOpLogin {
Invocable invocable = (Invocable) engine; Invocable invocable = (Invocable) engine;
invocable.invokeFunction("buildTokenStatement", scriptingEnv, claimsBuilder, identity, registry, invocable.invokeFunction("buildTokenStatement", scriptingEnv, claimsBuilder, user, registry,
serviceOidcClient.getService(), logger); serviceOidcClient.getService(), logger, identity);
} catch (NoSuchMethodException | ScriptException e) { } catch (NoSuchMethodException | ScriptException e) {
logger.warn("Script execution failed. Continue with other scripts.", e); logger.warn("Script execution failed. Continue with other scripts.", e);
} }
...@@ -389,10 +397,19 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -389,10 +397,19 @@ public class OidcOpLoginImpl implements OidcOpLogin {
} }
List<ServiceOidcClientEntity> serviceOidcClientList = serviceOidcClientDao.findByClientConfig(clientConfig); List<ServiceOidcClientEntity> serviceOidcClientList = serviceOidcClientDao.findByClientConfig(clientConfig);
UserEntity user = flowState.getUser();
if (user == null) { IdentityEntity identity = flowState.getIdentity();
throw new OidcAuthenticationException("No user attached to flow state.");
if (identity == null) {
throw new OidcAuthenticationException("No identity attached to flow state.");
}
UserEntity user;
if (identity.getUsers().size() == 1) {
user = identity.getUsers().iterator().next();
}
else {
user = identity.getPrefUser();
} }
RegistryEntity registry = flowState.getRegistry(); RegistryEntity registry = flowState.getRegistry();
...@@ -413,7 +430,7 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -413,7 +430,7 @@ public class OidcOpLoginImpl implements OidcOpLogin {
Invocable invocable = (Invocable) engine; Invocable invocable = (Invocable) engine;
invocable.invokeFunction("buildClaimsStatement", scriptingEnv, claimsBuilder, user, registry, invocable.invokeFunction("buildClaimsStatement", scriptingEnv, claimsBuilder, user, registry,
serviceOidcClient.getService(), logger); serviceOidcClient.getService(), logger, identity);
} catch (NoSuchMethodException | ScriptException e) { } catch (NoSuchMethodException | ScriptException e) {
logger.warn("Script execution failed. Continue with other scripts.", e); logger.warn("Script execution failed. Continue with other scripts.", e);
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment