org.forgerock.openidconnect.ssoprovider

Class OpenIdConnectSSOProvider

java.lang.Object

org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOProvider

All Implemented Interfaces:

SSOProvider, SSOProviderPlugin

@Singleton
public class OpenIdConnectSSOProvider
extends Object
implements SSOProviderPlugin

Implements an SSOProvider that accepts OpenID Connect ID Tokens issued by this instance of OpenAM and treats them as SSOTokens. It does this by looking up the session associated with the ID Token and using that. If storing OPS tokens is disabled then this will not work and ID Tokens will not be accepted as valid sessions.

All methods here apart from createToken and isApplicable throw UnsupportedOperationException as they should never be called: all tokens will ultimately be created by a different SSOProvider, which will handle all methods after creation.

Since:

14.0.0

Method Summary

Modifier and Type	Method and Description
SSOToken	createSSOToken(javax.servlet.http.HttpServletRequest request) Creates an SSOToken.
SSOToken	createSSOToken(Principal user, String password) Creates an SSOToken.
SSOToken	createSSOToken(String idToken) Creates an SSOToken.
SSOToken	createSSOToken(String idToken, boolean invokedByAuth, boolean possiblyResetIdleTime) Creates an SSOToken.
SSOToken	createSSOToken(String idToken, String clientIP) Creates an SSOToken.
void	destroyToken(SSOToken token) Destroys an SSOToken.
void	destroyToken(SSOToken destroyer, SSOToken destroyed) Destroys an SSOToken.
Set<SSOToken>	getValidSessions(SSOToken requester, String server) Returns valid Sessions.
boolean	isApplicable(javax.servlet.http.HttpServletRequest request) Determines whether this SSOProvider is applicable to the given servlet request.
boolean	isApplicable(String tokenId) Determines whether this SSOProvider is applicable to the given token id.
boolean	isValidToken(SSOToken token) Checks if an SSOToken is valid or not.
boolean	isValidToken(SSOToken token, boolean refresh) Checks if an SSOToken is valid or not.
void	logout(SSOToken token) Logs out of the session underlying this SSOToken.
void	refreshSession(SSOToken token) Refresh the Session corresponding to the SSOToken from the Session Server, always resetting the idle time.
void	refreshSession(SSOToken token, boolean resetIdle) Refresh the Session corresponding to the SSOToken from the Session Server, but only optionally resetting the idle time.
void	validateToken(SSOToken token) Checks if the SSOToken is valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

isApplicable

public boolean isApplicable(javax.servlet.http.HttpServletRequest request)

Description copied from interface: SSOProviderPlugin

Determines whether this SSOProvider is applicable to the given servlet request.

Specified by:

isApplicable in interface SSOProviderPlugin

Parameters:

request - the request to check.

Returns:

true if the request contains an SSOToken that can be handled by this provider.

isApplicable

public boolean isApplicable(String tokenId)

Description copied from interface: SSOProviderPlugin

Determines whether this SSOProvider is applicable to the given token id.

Specified by:

isApplicable in interface SSOProviderPlugin

Parameters:

tokenId - the token id.

Returns:

true if the given token id can be parsed by this provider.

createSSOToken

public SSOToken createSSOToken(javax.servlet.http.HttpServletRequest request)
                        throws SSOException

Description copied from interface: SSOProvider

Creates an SSOToken.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

request - HttpServletRequest

Returns:

SSOToken

Throws:

SSOException - is thrown if the SSOToken can't be created.

createSSOToken

public SSOToken createSSOToken(Principal user,
                               String password)
                        throws SSOException

Description copied from interface: SSOProvider

Creates an SSOToken.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

user - Principal representing a user or service

password - LDAP password of the user or service

Returns:

SSOToken

Throws:

SSOException - is thrown if the SSOToken can't be created.

createSSOToken

public SSOToken createSSOToken(String idToken)
                        throws SSOException

Description copied from interface: SSOProvider

Creates an SSOToken.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

idToken - String representing the SSOToken Id

Returns:

SSOToken

Throws:

SSOException - is thrown if the SSOToken can't be created.

createSSOToken

public SSOToken createSSOToken(String idToken,
                               boolean invokedByAuth,
                               boolean possiblyResetIdleTime)
                        throws SSOException

Description copied from interface: SSOProvider

Creates an SSOToken.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

idToken - String representing the SSOToken Id

invokedByAuth - boolean flag indicating that this method has been invoked by the AuthContext.getSSOToken() API.

possiblyResetIdleTime - If true, the idle time of the token/session may be reset to zero. If false, the idle time will never be reset.

Returns:

SSOToken

Throws:

SSOException - is thrown if the SSOToken can't be created.

createSSOToken

public SSOToken createSSOToken(String idToken,
                               String clientIP)
                        throws SSOException

Description copied from interface: SSOProvider

Creates an SSOToken.

Specified by:

createSSOToken in interface SSOProvider

Parameters:

idToken - representing the SSOToken Id

clientIP - representing the IP address of the client

Returns:

SSOToken

Throws:

SSOException - is thrown if the SSOToken can't be created.

destroyToken

public void destroyToken(SSOToken token)
                  throws SSOException

Description copied from interface: SSOProvider

Destroys an SSOToken.

Specified by:

destroyToken in interface SSOProvider

Parameters:

token - The SSOToken object to be destroyed

Throws:

SSOException - is thrown if the SSOToken can't be destroyed.

isValidToken

public boolean isValidToken(SSOToken token)

Description copied from interface: SSOProvider

Checks if an SSOToken is valid or not. Your token may be refreshed.

Specified by:

isValidToken in interface SSOProvider

Parameters:

token - The SSOToken object to be validated.

Returns:

true or false, true if the token is valid

isValidToken

public boolean isValidToken(SSOToken token,
                            boolean refresh)

Description copied from interface: SSOProvider

Checks if an SSOToken is valid or not.

Specified by:

isValidToken in interface SSOProvider

Parameters:

token - The SSOToken object to be validated.

refresh - Refresh the token only if this flag is set to true.

Returns:

true if the token is valid, false otherwise

validateToken

public void validateToken(SSOToken token)
                   throws SSOException

Description copied from interface: SSOProvider

Checks if the SSOToken is valid.

Specified by:

validateToken in interface SSOProvider

Throws:

SSOException - is thrown if the SSOToken is not valid.

refreshSession

public void refreshSession(SSOToken token)
                    throws SSOException

Description copied from interface: SSOProvider

Refresh the Session corresponding to the SSOToken from the Session Server, always resetting the idle time.

Specified by:

refreshSession in interface SSOProvider

Parameters:

token - SSOToken

Throws:

SSOException - thrown if the session cannot be refreshed for the token

refreshSession

public void refreshSession(SSOToken token,
                           boolean resetIdle)
                    throws SSOException

Description copied from interface: SSOProvider

Refresh the Session corresponding to the SSOToken from the Session Server, but only optionally resetting the idle time.

Specified by:

refreshSession in interface SSOProvider

Parameters:

token - SSOToken

resetIdle - if true, reset the idle time to zero, if false, do not do this.

Throws:

SSOException - thrown if the session cannot be refreshed for the token

destroyToken

public void destroyToken(SSOToken destroyer,
                         SSOToken destroyed)
                  throws SSOException

Description copied from interface: SSOProvider

Destroys an SSOToken.

Specified by:

destroyToken in interface SSOProvider

Parameters:

destroyer - The SSOToken object used to authorize the operation

destroyed - The SSOToken object to be destroyed.

Throws:

SSOException - thrown if the there was an error during communication with session service.

logout

public void logout(SSOToken token)
            throws SSOException

Description copied from interface: SSOProvider

Logs out of the session underlying this SSOToken.

Specified by:

logout in interface SSOProvider

Parameters:

token - the sso token to log out.

Throws:

SSOException - if an error occurs during logout.

getValidSessions

public Set<SSOToken> getValidSessions(SSOToken requester,
                                      String server)
                               throws SSOException

Description copied from interface: SSOProvider

Returns valid Sessions.

Specified by:

getValidSessions in interface SSOProvider

Parameters:

requester - The SSOToken object used to authorize the operation

server - The server for which the valid sessions are to be retrieved

Returns:

Set The set of Valid Sessions

Throws:

SSOException - thrown if the there was an error during communication with session service.