Commit f156c42d authored by michael.simon's avatar michael.simon
Browse files

Add first oidc redirect to op

parent 9f05c8d8
......@@ -15,6 +15,30 @@ public class OidcRpConfigurationEntity extends AbstractBaseEntity {
@Column(name = "name", length = 64)
private String name;
@Column(name = "display_name", length = 256)
private String displayName;
@Column(name = "client_id", length = 512)
private String clientId;
@Column(name = "scopes", length = 1024)
private String scopes;
@Column(name = "secret", length = 512)
private String secret;
@Column(name = "service_url", length = 1024)
private String serviceUrl;
@Column(name = "auth_url", length = 1024)
private String authUrl;
@Column(name = "token_endpoint", length = 1024)
private String tokenEndpoint;
@Column(name = "userinfo_endpoint", length = 1024)
private String userInfoEndpoint;
public String getName() {
return name;
}
......@@ -23,4 +47,68 @@ public class OidcRpConfigurationEntity extends AbstractBaseEntity {
this.name = name;
}
public String getAuthUrl() {
return authUrl;
}
public void setAuthUrl(String authUrl) {
this.authUrl = authUrl;
}
public String getTokenEndpoint() {
return tokenEndpoint;
}
public void setTokenEndpoint(String tokenEndpoint) {
this.tokenEndpoint = tokenEndpoint;
}
public String getUserInfoEndpoint() {
return userInfoEndpoint;
}
public void setUserInfoEndpoint(String userInfoEndpoint) {
this.userInfoEndpoint = userInfoEndpoint;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getScopes() {
return scopes;
}
public void setScopes(String scopes) {
this.scopes = scopes;
}
public String getSecret() {
return secret;
}
public void setSecret(String secret) {
this.secret = secret;
}
public String getServiceUrl() {
return serviceUrl;
}
public void setServiceUrl(String serviceUrl) {
this.serviceUrl = serviceUrl;
}
public String getDisplayName() {
return displayName;
}
public void setDisplayName(String displayName) {
this.displayName = displayName;
}
}
package edu.kit.scc.webreg.service.oidc.client;
import java.io.Serializable;
import javax.servlet.http.HttpServletResponse;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
public interface OidcClientRedirectService extends Serializable {
void redirectClient(Long oidcRelyingPartyId, HttpServletResponse response) throws OidcAuthenticationException;
}
package edu.kit.scc.webreg.service.oidc.client;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import com.nimbusds.oauth2.sdk.AuthorizationRequest;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.State;
import edu.kit.scc.webreg.dao.oidc.OidcRpConfigurationDao;
import edu.kit.scc.webreg.entity.oidc.OidcRpConfigurationEntity;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
@Stateless
public class OidcClientRedirectServiceImpl implements OidcClientRedirectService {
private static final long serialVersionUID = 1L;
@Inject
private Logger logger;
@Inject
private OidcRpConfigurationDao rpConfigDao;
@Override
public void redirectClient(Long oidcRelyingPartyId, HttpServletResponse response) throws OidcAuthenticationException {
OidcRpConfigurationEntity rpConfig = rpConfigDao.findById(oidcRelyingPartyId);
try {
URI authzEndpoint = new URI(rpConfig.getAuthUrl());
ClientID clientID = new ClientID(rpConfig.getClientId());
Scope scope = new Scope("openid", "profile", "email");
URI callback = new URI("https://bwidm.scc.kit.edu/rpoidc/callback");
State state = new State();
AuthorizationRequest request = new AuthorizationRequest.Builder(
new ResponseType(ResponseType.Value.CODE), clientID)
.scope(scope)
.state(state)
.redirectionURI(callback)
.endpointURI(authzEndpoint)
.build();
URI requestURI = request.toURI();
logger.info("Sending OIDC Client to uri: {}", requestURI);
response.sendRedirect(requestURI.toString());
} catch (URISyntaxException | IOException e) {
logger.warn("Exception while building oidc request and redirect: {}", e.getMessage());
throw new OidcAuthenticationException(e);
}
}
}
......@@ -45,6 +45,8 @@ public class SessionManager implements Serializable {
private Long spId;
private Long oidcRelyingPartyId;
private Map<String, List<Object>> attributeMap;
private String persistentId;
......@@ -297,4 +299,12 @@ public class SessionManager implements Serializable {
public void setIdentityId(Long identityId) {
this.identityId = identityId;
}
public Long getOidcRelyingPartyId() {
return oidcRelyingPartyId;
}
public void setOidcRelyingPartyId(Long oidcRelyingPartyId) {
this.oidcRelyingPartyId = oidcRelyingPartyId;
}
}
......@@ -111,6 +111,17 @@ public class DiscoveryLoginBean implements Serializable {
"Bitte wählen Sie Ihre Heimatorganisation");
}
}
public void oidcLogin() {
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
sessionManager.setOidcRelyingPartyId(50080514L);
try {
externalContext.redirect("/rpoidc/login");
} catch (IOException e) {
messageGenerator.addErrorMessage("Ein Fehler ist aufgetreten",
e.toString());
}
}
public void updateIdpList() {
if (selectedFederation == null) {
......
......@@ -41,7 +41,7 @@ public class EditOidcRpConfigurationBean implements Serializable {
public String save() {
service.save(entity);
return "show-op-config.xhtml?faces-redirect=true&id=" + entity.getId();
return "show-rp-config.xhtml?faces-redirect=true&id=" + entity.getId();
}
public OidcRpConfigurationEntity getEntity() {
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.sec;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import edu.kit.scc.webreg.service.oidc.client.OidcClientRedirectService;
import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
import edu.kit.scc.webreg.session.SessionManager;
@Named
@WebServlet(urlPatterns = { "/rpoidc/login" })
public class OidcClientRedirectHandlerServlet implements Servlet {
@Inject
private Logger logger;
@Inject
private SessionManager session;
@Inject
private OidcClientRedirectService redirectService;
@Override
public void init(ServletConfig config) throws ServletException {
}
@Override
public void service(ServletRequest servletRequest, ServletResponse servletResponse)
throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (session == null || session.getOidcRelyingPartyId() == null) {
logger.debug("Client session from {} not established. Sending client back to welcome page",
request.getRemoteAddr());
response.sendRedirect("/welcome/index.xhtml");
return;
}
try {
redirectService.redirectClient(session.getOidcRelyingPartyId(), response);
} catch (OidcAuthenticationException e) {
throw new ServletException("Problems encountered");
}
}
@Override
public ServletConfig getServletConfig() {
return null;
}
@Override
public String getServletInfo() {
return null;
}
@Override
public void destroy() {
}
}
......@@ -111,6 +111,7 @@ public class SecurityFilter implements Filter {
path.startsWith("/logout/") ||
path.startsWith("/error/") ||
path.startsWith("/oidc/") ||
path.startsWith("/rpoidc/") ||
path.startsWith("/ferest/") ||
path.startsWith("/rest/otp/simplecheck/") ||
path.equals("/favicon.ico")
......
......@@ -34,6 +34,30 @@
<bw:inputText id="entityIdField" label="#{messages.name}"
value="#{editOidcRpConfigurationBean.entity.name}" required="true" />
<bw:inputText id="displayNameField" label="#{messages.displayName}"
value="#{editOidcRpConfigurationBean.entity.displayName}" required="false" />
<bw:inputText id="clientIdField" label="#{messages.clientId}"
value="#{editOidcRpConfigurationBean.entity.clientId}" required="false" />
<bw:inputText id="secretField" label="#{messages.secret}"
value="#{editOidcRpConfigurationBean.entity.secret}" required="false" />
<bw:inputText id="scopesField" label="#{messages.scopes}"
value="#{editOidcRpConfigurationBean.entity.scopes}" required="false" />
<bw:inputText id="serviceUrlField" label="#{messages.serviceUrl}"
value="#{editOidcRpConfigurationBean.entity.serviceUrl}" required="false" />
<bw:inputText id="authUrlField" label="#{messages.authUrl}"
value="#{editOidcRpConfigurationBean.entity.authUrl}" required="false" />
<bw:inputText id="tokenEndpointField" label="#{messages.tokenEndpoint}"
value="#{editOidcRpConfigurationBean.entity.tokenEndpoint}" required="false" />
<bw:inputText id="userInfoEndpointField" label="#{messages.userInfoEndpoint}"
value="#{editOidcRpConfigurationBean.entity.userInfoEndpoint}" required="false" />
</p:panelGrid>
<h:commandButton id="save" action="#{editOidcRpConfigurationBean.save}" value="#{messages.save}"/>
</p:panel>
......
......@@ -34,6 +34,21 @@
<h:outputText value="#{messages.name}:"/>
<h:outputText value="#{showOidcRpConfigurationBean.entity.name}"/>
<h:outputText value="#{messages.displayName}:"/>
<h:outputText value="#{showOidcRpConfigurationBean.entity.displayName}"/>
<h:outputText value="#{messages.clientId}:"/>
<h:outputText value="#{showOidcRpConfigurationBean.entity.clientId}"/>
<h:outputText value="#{messages.secret}:"/>
<h:outputText value="#{showOidcRpConfigurationBean.entity.secret}"/>
<h:outputText value="#{messages.scopes}:"/>
<h:outputText value="#{showOidcRpConfigurationBean.entity.scopes}"/>
<h:outputText value="#{messages.serviceUrl}:"/>
<h:outputText value="#{showOidcRpConfigurationBean.entity.serviceUrl}"/>
</p:panelGrid>
<h:link outcome="edit-rp-config.xhtml" value="#{messages.edit}">
<f:param name="id" value="#{showOidcRpConfigurationBean.entity.id}"/>
......
......@@ -60,6 +60,10 @@
update=":form" />
</p:panel>
<p:panel header="OIDC Test">
<p:commandButton id="oidcLogin" action="#{discoveryLoginBean.oidcLogin()}" value="#{messages.proceed}"
immediate="true"/>
</p:panel>
</h:form>
</ui:define>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment