Package net.shibboleth.idp.plugin.oidc.op.profile.impl
Profile action implementations related to OIDC.
-
Class Summary Class Description AbstractBuildErrorResponseFromEvent<T extends com.nimbusds.oauth2.sdk.ErrorResponse> This action is extended by error response actions.AbstractInitializeOutboundResponseMessageContext Action that adds an outboundMessageContextand related OIDC contexts to theProfileRequestContext.AbstractOIDCAuthenticationRequestAction Abstract class for actions performing actions onAuthenticationRequestfound viaInOutOperationContext.getInboundMessageContext()andMessageContext.getMessage().AbstractOIDCAuthenticationResponseAction Abstract class for actions performing actions onOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().AbstractOIDCClientMetadataPopulationAction Abstract action for populating metadata from theClientRegistrationRequestmessage to the response message.AbstractOIDCRequestAction<T> Abstract class for actions performing actions on a oidc request found viaInOutOperationContext.getInboundMessageContext()andMessageContext.getMessage().AbstractOIDCResponseAction Abstract class for actions performing actions onOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().AbstractOIDCSigningResponseAction Abstract action to be extended by oidc response actions requiring signing parameters.AbstractOIDCTokenRequestAction Abstract class for actions performing actions onTokenRequestfound viaInOutOperationContext.getInboundMessageContext()andMessageContext.getMessage().AbstractOIDCTokenResponseAction Abstract class for actions performing actions onOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().AbstractSignJWTAction Abstract action for signing JWT.AddAccessTokenHashToIDToken Action that adds access token hash claim to aIDTokenClaimsSet.AddAcrToIDToken Action that adds acr claim to aIDTokenClaimsSet.AddApplicationTypeToClientMetadata Adds the application_type to theOIDCClientRegistrationResponseContext.AddAttributesToClaimsSet Action that adds claims to aClaimsSet.AddAuthorizationCodeHashToIDToken Action that adds authorization code hash claim to aIDTokenClaimsSet.AddAuthTimeToIDToken Action that adds auth_time claim to aIDTokenClaimsSet.AddClientNameToClientMetadata Adds client name from the input metadata to the outputOIDCClientMetadata.AddContactsToClientMetadata Adds the contents of the contacts attribute from the input metadata to the outputOIDCClientMetadata.AddGrantTypeToClientMetadata An action that adds the grant_type to the client metadata.AddIDTokenShell Action that creates aIDTokenClaimsSetobject shell, and sets it to work contextOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().AddJwksToClientMetadata An action that adds the jwks or jwks_uri to the client metadata, if one of those were defined in the request.AddLogoUrisToClientMetadata This action adds the logo_uri(s) to the client metadata.AddMetadataStatementToClientMetadata An action that adds the trusted metadata_statement chain (containing OP's signed key) to the metadata_statement claim in the response metadata.AddNonceToIDToken Action that adds nonce claim to aIDTokenClaimsSet.AddPolicyUrisToClientMetadata This action adds the policy_uri(s) to the client metadata.AddRedirectUrisToClientMetadata Adds the (mandatory) redirect_uris to the outputOIDCClientMetadata.AddRemainingClaimsToClientMetadata Adds the remaining claims from the input metadata to the outputOIDCClientMetadata, which haven't been added there already, but which are recognized in the metadata policy.AddRequestObjectSecurityConfigurationToClientMetadata Verifies and adds the request object configuration details (request_object_signing_alg, request_object_encryption_alg and request_object_encryption_enc) to the client metadata.AddResponseTypesToClientMetadata An action that adds response_types to the OIDC client metadata.AddScopeToClientMetadata Adds theScopefrom the input metadata to the outputOIDCClientMetadata.AddSecurityConfigurationToClientMetadata Verifies and adds the security configuration details (*_response_alg and *_response_enc) to the client metadata.AddSubjectTypeToClientMetadata An action that adds the subject_type to the client metadata.AddTokenDeliveryAttributesToClaimsSet Action that adds claims to aClaimsSet.AddTokenEndpointAuthMethodsToClientMetadata An action that adds the token_endpoint_auth_method to the client metadata.AddTosUrisToClientMetadata This action adds the tos_uri(s) to the client metadata.BuildAuthenticationErrorResponseFromEvent This action reads an event from the configuredEventContextlookup strategy, constructs an OIDC authentication error response message and attaches it as the outbound message.BuildClientInformation An action that uses the information fromOIDCClientRegistrationResponseContextattached to the message context for creating a newClientInformationResponse.BuildJSONErrorResponseFromEvent This action reads an event from the configuredEventContextlookup strategy, constructs a json error response message and attaches it as the outbound message.BuildRegistrationErrorResponseFromEvent This action reads an event from the configuredEventContextlookup strategy, constructs an OIDC client registration error response message and attaches it as the outbound message.BuildTokenErrorResponseFromEvent This action reads an event from the configuredEventContextlookup strategy, constructs an OIDC token error response message and attaches it as the outbound message.CheckRedirectURIs The action that verifies the redirect_uris from the request.DecryptRequestObject Action decrypts request object if it is encrypted.EncryptProcessedToken Action that serves both id token and user info response encryption.FormOutboundAuthenticationResponseMessage Action that forms outbound message based on request and response context.FormOutboundDiscoveryResponse This action builds a response for the OP configuration discovery request.FormOutboundKeySetResponseMessage Action that forms outbound message containing keyset.FormOutboundTokenResponseMessage Action that forms outbound message based on token request and response context.GenerateClientID Creates the client ID for the registration.GenerateClientSecret Creates a new client secret with theIdentifierGenerationStrategyattached to this action.InitializeAuthenticationContext An action that creates anAuthenticationContextand attaches it to the currentProfileRequestContext.InitializeOutboundAuthenticationResponseMessageContext Action that adds an outboundMessageContextand related OIDC contexts to theProfileRequestContextbased on the identity of a relying party accessed via a lookup strategy, by default an immediate child of the profile request context.InitializeOutboundRegistrationResponseMessageContext Action that adds an outboundMessageContextand related OIDC context to theProfileRequestContext.InitializeOutboundResponseMessageContext InitializeOutboundTokenResponseMessageContext Action that adds an outboundMessageContextand related OIDC contexts to theProfileRequestContextnot knowing the relying party yet.InitializeRegistrationMetadataPolicyContext Initializes theOIDCClientRegistrationMetadataPolicyContextand attaches it as a subcontext for the incomingMessageContext.InitializeRelyingPartyContext Action that adds aRelyingPartyContextto the currentProfileRequestContexttree via a creation function.InitializeSubjectContext An action that creates anSubjectContextand attaches it to the currentProfileRequestContext.InitializeUnverifiedRelyingPartyContext Action that adds aRelyingPartyContextto the currentProfileRequestContexttree via a creation function.ManipulateClaimsForIDToken An action that can be used for manipulating id_token claims via configurable strategy (bi-function).OIDCMetadataLookupHandler Handler for inbound OIDC protocol messages that attempts to locate OIDC metadata for a rp, and attaches it with aOIDCMetadataContextas a child of a pre-existing instance ofMessageContext.PopulateOIDCEncryptionParameters Action that resolves and populatesEncryptionParameterson anEncryptionContextcreated/accessed via a lookup function, by default on aRelyingPartyContextchild of the profile request context.PopulateOIDCSignatureSigningParameters Action that resolves and populatesSignatureSigningParameterson aSecurityParametersContextcreated/accessed via a lookup function, by default on the outbound message context.PopulateOIDCSignatureSigningParametersHandler Handler that resolves and populatesSignatureSigningParameterson aSecurityParametersContextcreated/accessed via a lookup function, by default as an immediate child context of the targetMessageContext.ProcessRequestedAuthnContext An action that creates anRequestedPrincipalContextorPreferredPrincipalContextand attaches it to the currentAuthenticationContext.RevokeConsent Action that revokes consent if offline_access scope or prompt with consent is requested.SetAuthenticationContextClassReferenceFromAuthzCodeToResponseContext Action that sets authentication context class reference to work contextOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().SetAuthenticationContextClassReferenceToResponseContext Action that sets authentication context class reference to work contextOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().SetAuthenticationTimeToResponseContext Action that sets authentication instant to work contextOIDCAuthenticationResponseContextlocated underInOutOperationContext.getOutboundMessageContext().SetAuthorizationCodeToResponseContext Action that creates a Authorization Code, and sets it to work contextOIDCAuthenticationResponseContext.getAuthorizationCode()located underInOutOperationContext.getOutboundMessageContext().SetConsentFromTokenToResponseContext Action that locates consent from authorization code / access token.SetConsentToResponseContext Action that checks for adds the currently existing attributes fromAttributeContextfor token delivery.SetRefreshTokenToResponseContext Action that creates a Refresh Token, and sets it to work contextOIDCAuthenticationResponseContext.getRefreshToken()located underInOutOperationContext.getOutboundMessageContext().SetRequestedClaimsToResponseContext Action that sets requested claims to response context.SetRequestedSubjectToResponseContext Action that sets requested sub value to response context.SetRequestObjectToResponseContext Action that stored request object toOIDCAuthenticationResponseContext.SetResponseStatusCodeFromEvent This action reads an event from the configuredEventContextlookup strategy and sets the status code forHttpServletResponseaccording to the attached configuration.SetSectorIdentifierForAttributeResolution An action that setsAttributeResolutionContext.setAttributeRecipientGroupID(java.lang.String)to sector identifier if pairwise subject is requested.SetSubjectToResponseContext Action that locates subject using strategy.SetTokenDeliveryAttributesFromTokenToResponseContext Action that locates any token delivery claims from authorization code / access token.SetTokenDeliveryAttributesToResponseContext Action that checks for any released attributes marked for token delivery.SignIDToken Action that signsIDTokenClaimsSetand sets it toOIDCAuthenticationResponseContext.getProcessedToken().StoreClientInformation An action that stores theClientInformationfrom theOIDCClientRegistrationResponseContextto the associatedClientInformationManager.ValidateCodeChallenge Validates the presence of PKCE code challenge parameter from the incoming authentication request.ValidateGrant Action that validates an authorization grant.ValidateGrantType An action that validates the grant type is registered to the requesting RP.ValidatePKCE Action performs PKCE (https://oauth.net/2/pkce/) validation.ValidateRedirectURI Action that validates redirect uri is expected.ValidateRegistrationAccessToken Action that validates registration access token is a valid one.ValidateRegistrationRequestMetadata Validates the incoming dynamic client registration request against the metadata policy stored in theOIDCClientRegistrationMetadataPolicyContext.ValidateRequestObject Action validates request object in response context.ValidateResponseType An action that validates the requested response_type is registered to the requesting RP.ValidateScope Action that validates requested and previously granted scopes are also registered in client metadata and stores the resulting set in the response context.VerifyRequestedSubjectIdentifier Action verifies that produced subject equals to requested subject if such exists.