Class OIDCUserInfoConfiguration
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
-
- net.shibboleth.idp.profile.config.AbstractProfileConfiguration
-
- net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2ClientAuthenticableProfileConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2TokenValidatingConfiguration
-
- net.shibboleth.oidc.profile.config.OIDCUserInfoConfiguration
-
- All Implemented Interfaces:
net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration,net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration,net.shibboleth.idp.profile.config.ConditionalProfileConfiguration,net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration,net.shibboleth.idp.profile.config.ProfileConfiguration,OAuth2ProfileConfiguration,Component,DestructableComponent,IdentifiableComponent,IdentifiedComponent,InitializableComponent
public class OIDCUserInfoConfiguration extends AbstractOAuth2TokenValidatingConfiguration implements net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration
Profile configuration for the OpenID Connect core protocol userinfo endpoint.
-
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,Set<String>>deniedUserInfoAttributesLookupStrategyLookup function to supply attribute IDs to omit from UserInfo token.private Predicate<ProfileRequestContext>encryptionOptionalPredicateWhether encryption is optional in the face of no key, etc.static StringPROFILE_IDID for this profile configuration.static StringPROTOCOL_URIOIDC base protocol URI.private Predicate<ProfileRequestContext>resolveAttributesPredicateWhether attributes should be resolved in the course of the profile.
-
Constructor Summary
Constructors Constructor Description OIDCUserInfoConfiguration()Constructor.OIDCUserInfoConfiguration(String profileId)Creates a new configuration instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<String>getDeniedUserInfoAttributes(ProfileRequestContext profileRequestContext)Get the set of attribute IDs which should be omitted from the UserInfo token.booleanisEncryptionOptional(ProfileRequestContext profileRequestContext)Get whether encryption is optional in the face of a missing key, etc.booleanisResolveAttributes(ProfileRequestContext profileRequestContext)voidsetDeniedUserInfoAttributes(Collection<String> attributes)Set the set of attribute IDs which should be omitted from the UserInfo token.voidsetDeniedUserInfoAttributesLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)Set a lookup strategy for the set of attribute IDs which should be omitted from the UserInfo token.voidsetEncryptionOptional(boolean flag)Set whether encryption is optional in the face of a missing key, etc.voidsetEncryptionOptionalPredicate(Predicate<ProfileRequestContext> condition)Set a condition to determine whether encryption is optional in the face of a missing key, etc.voidsetResolveAttributes(boolean flag)Set whether attributes should be resolved during the profile.voidsetResolveAttributesPredicate(Predicate<ProfileRequestContext> condition)Set a condition to determine whether attributes should be resolved during the profile.-
Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2TokenValidatingConfiguration
getIssuedClaimsValidator, getIssuer, setIssuedClaimsValidator, setIssuedClaimsValidatorLookupStrategy, setIssuer, setIssuerLookupStrategy
-
Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2ClientAuthenticableProfileConfiguration
getAuthenticationFlows, getClaimsValidator, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, getTokenEndpointAuthMethods, isForceAuthn, setAuthenticationFlows, setAuthenticationFlowsLookupStrategy, setClaimsValidator, setClaimsValidatorLookupStrategy, setDefaultAuthenticationMethods, setDefaultAuthenticationMethodsLookupStrategy, setForceAuthn, setForceAuthnPredicate, setPostAuthenticationFlows, setPostAuthenticationFlowsLookupStrategy, setProxyCount, setProxyCountLookupStrategy, setTokenEndpointAuthMethods, setTokenEndpointAuthMethodsLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
getActivationCondition, setActivationCondition
-
Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration
equals, getDisallowedFeatures, getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setInboundInterceptorFlowsLookupStrategy, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setOutboundInterceptorFlowsLookupStrategy, setSecurityConfiguration, setSecurityConfigurationLookupStrategy
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
doInitialize, getId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
isLocal
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
-
-
-
Field Detail
-
PROTOCOL_URI
@Nonnull @NotEmpty public static final String PROTOCOL_URI
OIDC base protocol URI.- See Also:
- Constant Field Values
-
PROFILE_ID
@Nonnull @NotEmpty public static final String PROFILE_ID
ID for this profile configuration.- See Also:
- Constant Field Values
-
resolveAttributesPredicate
@Nonnull private Predicate<ProfileRequestContext> resolveAttributesPredicate
Whether attributes should be resolved in the course of the profile.
-
encryptionOptionalPredicate
@Nonnull private Predicate<ProfileRequestContext> encryptionOptionalPredicate
Whether encryption is optional in the face of no key, etc.
-
deniedUserInfoAttributesLookupStrategy
@Nonnull private Function<ProfileRequestContext,Set<String>> deniedUserInfoAttributesLookupStrategy
Lookup function to supply attribute IDs to omit from UserInfo token.
-
-
Method Detail
-
isResolveAttributes
public boolean isResolveAttributes(@Nullable ProfileRequestContext profileRequestContext)- Specified by:
isResolveAttributesin interfacenet.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration
-
setResolveAttributes
public void setResolveAttributes(boolean flag)
Set whether attributes should be resolved during the profile.- Parameters:
flag- flag to set
-
setResolveAttributesPredicate
public void setResolveAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> condition)Set a condition to determine whether attributes should be resolved during the profile.- Parameters:
condition- condition to set
-
isEncryptionOptional
public boolean isEncryptionOptional(@Nullable ProfileRequestContext profileRequestContext)Get whether encryption is optional in the face of a missing key, etc.- Parameters:
profileRequestContext- current profile request context- Returns:
- true iff encryption is optional
-
setEncryptionOptional
public void setEncryptionOptional(boolean flag)
Set whether encryption is optional in the face of a missing key, etc.- Parameters:
flag- flag to set
-
setEncryptionOptionalPredicate
public void setEncryptionOptionalPredicate(@Nonnull Predicate<ProfileRequestContext> condition)Set a condition to determine whether encryption is optional in the face of a missing key, etc.- Parameters:
condition- condition to set
-
getDeniedUserInfoAttributes
@Nonnull @NonnullElements @NotLive public Set<String> getDeniedUserInfoAttributes(@Nullable ProfileRequestContext profileRequestContext)
Get the set of attribute IDs which should be omitted from the UserInfo token.Default behavior is to include all claims, but omiited claims also affect the set that may need to be embedded for recovery into the access/refresh tokens.
- Parameters:
profileRequestContext- profile request context- Returns:
- the attribute IDs to omit from UserInfo token
-
setDeniedUserInfoAttributes
public void setDeniedUserInfoAttributes(@Nullable @NonnullElements Collection<String> attributes)
Set the set of attribute IDs which should be omitted from the UserInfo token.Default behavior is to include all claims, but omiited claims also affect the set that may need to be embedded for recovery into the access/refresh tokens.
- Parameters:
attributes- the attribute IDs to omit from UserInfo token
-
setDeniedUserInfoAttributesLookupStrategy
public void setDeniedUserInfoAttributesLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)Set a lookup strategy for the set of attribute IDs which should be omitted from the UserInfo token.- Parameters:
strategy- lookup strategy
-
-