java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction
  - - org.opensaml.profile.action.AbstractConditionalProfileAction
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.authn.AbstractAuthenticationAction
        
        net.shibboleth.idp.plugin.oidc.op.authn.impl.ValidateClientAuthenticationType

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
```
public class ValidateClientAuthenticationType
extends net.shibboleth.idp.authn.AbstractAuthenticationAction
```
Validates the client authentication type with the token_endpoint_auth_method stored in the client's metadata and the profile configuration.
In the absence of metadata, the profile configuration is used alone.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.ACCESS_DENIED

Precondition:

OIDCMetadataContext is available, AuthenticationContext.getSubcontext(OAuth2ClientAuthenticationContext.class) != null

Field Summary

Fields
Modifier and Type	Field	Description
`private com.nimbusds.oauth2.sdk.auth.ClientAuthentication`	`clientAuthentication`	The extracted client authentication information.
`private Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>`	`enabledMethods`	Enabled client authn methods.
`private org.slf4j.Logger`	`log`	Class logger.
`private net.shibboleth.oidc.metadata.context.OIDCMetadataContext`	`oidcMetadataContext`	The attached OIDC metadata context.
`private Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext>`	`oidcMetadataContextLookupStrategy`	Strategy that will return `OIDCMetadataContext`.
`private Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>>`	`tokenEndpointAuthMethodsLookupStrategy`	Strategy to obtain enabled token endpoint authentication methods.

Constructor Summary

Constructors
Constructor Description

ValidateClientAuthenticationType()
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext, net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)`
`private String`	`getClientID()`	Parses the client ID from OIDC metadata or client authentication, if exists.
`void`	`setOIDCMetadataContextLookupStrategy(Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext> strategy)`	Set the strategy used to return the `OIDCMetadataContext`.
`void`	`setTokenEndpointAuthMethodsLookupStrategy(Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>> strategy)`	Set strategy to obtain enabled token endpoint authentication methods.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

oidcMetadataContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext> oidcMetadataContextLookupStrategy

Strategy that will return OIDCMetadataContext.

tokenEndpointAuthMethodsLookupStrategy

@Nullable
private Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>> tokenEndpointAuthMethodsLookupStrategy

Strategy to obtain enabled token endpoint authentication methods.

oidcMetadataContext

@Nullable
private net.shibboleth.oidc.metadata.context.OIDCMetadataContext oidcMetadataContext

The attached OIDC metadata context.

clientAuthentication

@Nullable
private com.nimbusds.oauth2.sdk.auth.ClientAuthentication clientAuthentication

The extracted client authentication information.

enabledMethods

@Nullable
@NonnullElements
private Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod> enabledMethods

Enabled client authn methods.

Constructor Detail
- ValidateClientAuthenticationType
```
public ValidateClientAuthenticationType()
```
  Constructor.

Method Detail

setOIDCMetadataContextLookupStrategy

public void setOIDCMetadataContextLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext> strategy)

Set the strategy used to return the OIDCMetadataContext.

Parameters:: strategy - The lookup strategy.

setTokenEndpointAuthMethodsLookupStrategy

public void setTokenEndpointAuthMethodsLookupStrategy(@Nonnull
                                                      Function<ProfileRequestContext,Set<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod>> strategy)

Set strategy to obtain enabled token endpoint authentication methods.

Parameters:: strategy - What to set.

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext,
                               @Nonnull
                               net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)

Overrides:: doPreExecute in class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext,
                         @Nonnull
                         net.shibboleth.idp.authn.context.AuthenticationContext authenticationContext)

Overrides:: doExecute in class net.shibboleth.idp.authn.AbstractAuthenticationAction

getClientID
```
@Nullable
private String getClientID()
```
Parses the client ID from OIDC metadata or client authentication, if exists.

Returns:

client ID, or null it it couldn't be found.

Class ValidateClientAuthenticationType

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent