Package org.forgerock.openidconnect.ssoprovider

Class OpenIdConnectSSOProvider

  • All Implemented Interfaces:
    SSOProvider, SSOProviderPlugin
    @Singleton
public class OpenIdConnectSSOProvider
extends Object
implements SSOProviderPlugin
    Implements an SSOProvider that accepts OpenID Connect ID Tokens issued by this instance of OpenAM and treats them as SSOTokens. It does this by looking up the session associated with the ID Token and using that. If storing OPS tokens is disabled then this will not work and ID Tokens will not be accepted as valid sessions.

    All methods here apart from createToken and isApplicable throw UnsupportedOperationException as they should never be called: all tokens will ultimately be created by a different SSOProvider, which will handle all methods after creation.

    Since:
    14.0.0

    • Method Detail

      • isApplicable

        public boolean isApplicable​(jakarta.servlet.http.HttpServletRequest request)
        Description copied from interface: SSOProviderPlugin
        Determines whether this SSOProvider is applicable to the given servlet request.
        Specified by:
        isApplicable in interface SSOProviderPlugin
        Parameters:
        request - the request to check.
        Returns:
        true if the request contains an SSOToken that can be handled by this provider.

      • isApplicable

        public boolean isApplicable​(String tokenId)
        Description copied from interface: SSOProviderPlugin
        Determines whether this SSOProvider is applicable to the given token id.
        Specified by:
        isApplicable in interface SSOProviderPlugin
        Parameters:
        tokenId - the token id.
        Returns:
        true if the given token id can be parsed by this provider.

      • createSSOToken

        public SSOToken createSSOToken​(jakarta.servlet.http.HttpServletRequest request)
                        throws SSOException
        Description copied from interface: SSOProvider
        Creates an SSOToken.
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        request - HttpServletRequest
        Returns:
        SSOToken
        Throws:
        SSOException - is thrown if the SSOToken can't be created.

      • createSSOToken

        public SSOToken createSSOToken​(Principal user,
                               String password)
                        throws SSOException
        Description copied from interface: SSOProvider
        Creates an SSOToken.
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        user - Principal representing a user or service
        password - LDAP password of the user or service
        Returns:
        SSOToken
        Throws:
        SSOException - is thrown if the SSOToken can't be created.

      • createSSOToken

        public SSOToken createSSOToken​(String idToken,
                               boolean invokedByAuth,
                               boolean possiblyResetIdleTime)
                        throws SSOException
        Description copied from interface: SSOProvider
        Creates an SSOToken.
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        idToken - String representing the SSOToken Id
        invokedByAuth - boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() API.
        possiblyResetIdleTime - If true, the idle time of the token/session may be reset to zero. If false, the idle time will never be reset.
        Returns:
        SSOToken
        Throws:
        SSOException - is thrown if the SSOToken can't be created.

      • createSSOToken

        public SSOToken createSSOToken​(String idToken,
                               String clientIP)
                        throws SSOException
        Description copied from interface: SSOProvider
        Creates an SSOToken.
        Specified by:
        createSSOToken in interface SSOProvider
        Parameters:
        idToken - representing the SSOToken Id
        clientIP - representing the IP address of the client
        Returns:
        SSOToken
        Throws:
        SSOException - is thrown if the SSOToken can't be created.

      • destroyToken

        public void destroyToken​(SSOToken token)
                  throws SSOException
        Description copied from interface: SSOProvider
        Destroys an SSOToken.
        Specified by:
        destroyToken in interface SSOProvider
        Parameters:
        token - The SSOToken object to be destroyed
        Throws:
        SSOException - is thrown if the SSOToken can't be destroyed.

      • isValidToken

        public boolean isValidToken​(SSOToken token)
        Description copied from interface: SSOProvider
        Checks if an SSOToken is valid or not. Your token may be refreshed.
        Specified by:
        isValidToken in interface SSOProvider
        Parameters:
        token - The SSOToken object to be validated.
        Returns:
        true or false, true if the token is valid

      • isValidToken

        public boolean isValidToken​(SSOToken token,
                            boolean refresh)
        Description copied from interface: SSOProvider
        Checks if an SSOToken is valid or not.
        Specified by:
        isValidToken in interface SSOProvider
        Parameters:
        token - The SSOToken object to be validated.
        refresh - Refresh the token only if this flag is set to true.
        Returns:
        true if the token is valid, false otherwise

      • refreshSession

        public void refreshSession​(SSOToken token)
                    throws SSOException
        Description copied from interface: SSOProvider
        Refresh the Session corresponding to the SSOToken from the Session Server, always resetting the idle time.
        Specified by:
        refreshSession in interface SSOProvider
        Parameters:
        token - SSOToken
        Throws:
        SSOException - thrown if the session cannot be refreshed for the token

      • refreshSession

        public void refreshSession​(SSOToken token,
                           boolean resetIdle)
                    throws SSOException
        Description copied from interface: SSOProvider
        Refresh the Session corresponding to the SSOToken from the Session Server, but only optionally resetting the idle time.
        Specified by:
        refreshSession in interface SSOProvider
        Parameters:
        token - SSOToken
        resetIdle - if true, reset the idle time to zero, if false, do not do this.
        Throws:
        SSOException - thrown if the session cannot be refreshed for the token

      • destroyToken

        public void destroyToken​(SSOToken destroyer,
                         SSOToken destroyed)
                  throws SSOException
        Description copied from interface: SSOProvider
        Destroys an SSOToken.
        Specified by:
        destroyToken in interface SSOProvider
        Parameters:
        destroyer - The SSOToken object used to authorize the operation
        destroyed - The SSOToken object to be destroyed.
        Throws:
        SSOException - thrown if the there was an error during communication with session service.

      • logout

        public void logout​(SSOToken token)
            throws SSOException
        Description copied from interface: SSOProvider
        Logs out of the session underlying this SSOToken.
        Specified by:
        logout in interface SSOProvider
        Parameters:
        token - the sso token to log out.
        Throws:
        SSOException - if an error occurs during logout.

      • getValidSessions

        public Set<SSOToken> getValidSessions​(SSOToken requester,
                                      String server)
                               throws SSOException
        Description copied from interface: SSOProvider
        Returns valid Sessions.
        Specified by:
        getValidSessions in interface SSOProvider
        Parameters:
        requester - The SSOToken object used to authorize the operation
        server - The server for which the valid sessions are to be retrieved
        Returns:
        Set The set of Valid Sessions
        Throws:
        SSOException - thrown if the there was an error during communication with session service.