This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new a6625f7c43 [SYNCOPE-1865] Add missing conf parameters for OIDC client
apps (#989)
a6625f7c43 is described below
commit a6625f7c437163e9ecaf755ccb7fbc82f377c332
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Fri Feb 14 18:51:09 2025 +0100
[SYNCOPE-1865] Add missing conf parameters for OIDC client apps (#989)
---
.../clientapps/ClientAppModalPanelBuilder.java | 67 ++++++++++-
.../clientapps/ClientAppDirectoryPanel.properties | 9 ++
.../ClientAppDirectoryPanel_fr_CA.properties | 9 ++
.../ClientAppDirectoryPanel_it.properties | 9 ++
.../ClientAppDirectoryPanel_ja.properties | 9 ++
.../ClientAppDirectoryPanel_pt_BR.properties | 9 ++
.../ClientAppDirectoryPanel_ru.properties | 9 ++
.../syncope/common/lib/to/OIDCRPClientAppTO.java | 116 ++++++++++++++++++-
...OIDCGrantType.java => OIDCApplicationType.java} | 18 ++-
.../syncope/common/lib/types/OIDCGrantType.java | 20 +++-
.../syncope/common/lib/types/OIDCSubjectType.java | 13 ++-
...CGrantType.java => OIDCTokenEncryptionAlg.java} | 31 +++++-
...tType.java => OIDCTokenEncryptionEncoding.java} | 23 +++-
...OIDCGrantType.java => OIDCTokenSigningAlg.java} | 20 +++-
.../persistence/api/entity/am/OIDCRPClientApp.java | 40 +++++++
.../jpa/entity/am/JPAOIDCRPClientApp.java | 123 ++++++++++++++++++++-
.../java/data/ClientAppDataBinderImpl.java | 34 ++++--
.../starter/mapping/OIDCRPClientAppTOMapper.java | 35 +++++-
18 files changed, 545 insertions(+), 49 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index eacc63f097..85950b2392 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -61,10 +61,14 @@ import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.LogoutType;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
@@ -295,8 +299,61 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
clientSecret.setChoices(List.of(RandomStringUtils.secure().nextNumeric(15)));
fields.add(clientSecret.setRequired(true));
+ AjaxTextFieldPanel idTokenIssuer = new AjaxTextFieldPanel(
+ "field", "idTokenIssuer", new
PropertyModel<>(clientAppTO, "idTokenIssuer"), false);
+ fields.add(idTokenIssuer);
+
+ AjaxCheckBoxPanel signIdToken = new AjaxCheckBoxPanel(
+ "field", "signIdToken", new
PropertyModel<>(clientAppTO, "signIdToken"));
+ fields.add(signIdToken);
+ AjaxDropDownChoicePanel<OIDCTokenSigningAlg>
idTokenSigningAlg = new AjaxDropDownChoicePanel<>(
+ "field", "idTokenSigningAlg", new
PropertyModel<>(clientAppTO, "idTokenSigningAlg"), false);
+
idTokenSigningAlg.setChoices(List.of(OIDCTokenSigningAlg.values()));
+ fields.add(idTokenSigningAlg.addRequiredLabel());
+
fields.add(new AjaxCheckBoxPanel(
- "field", "signIdToken", new
PropertyModel<>(clientAppTO, "signIdToken")));
+ "field", "encryptIdToken", new
PropertyModel<>(clientAppTO, "encryptIdToken")));
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionAlg>
idTokenEncryptionAlg =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "idTokenEncryptionAlg",
+ new PropertyModel<>(clientAppTO,
"idTokenEncryptionAlg"),
+ false);
+
idTokenEncryptionAlg.setChoices(List.of(OIDCTokenEncryptionAlg.values()));
+ fields.add(idTokenEncryptionAlg.addRequiredLabel());
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionEncoding>
idTokenEncryptionEncoding =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "idTokenEncryptionEncoding",
+ new PropertyModel<>(clientAppTO,
"idTokenEncryptionEncoding"),
+ false);
+
idTokenEncryptionEncoding.setChoices(List.of(OIDCTokenEncryptionEncoding.values()));
+ fields.add(idTokenEncryptionEncoding);
+
+ AjaxDropDownChoicePanel<OIDCTokenSigningAlg>
userInfoSigningAlg = new AjaxDropDownChoicePanel<>(
+ "field",
+ "userInfoSigningAlg",
+ new PropertyModel<>(clientAppTO,
"userInfoSigningAlg"),
+ false);
+
userInfoSigningAlg.setChoices(List.of(OIDCTokenSigningAlg.values()));
+ fields.add(userInfoSigningAlg);
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionAlg>
userInfoEncryptedResponseAlg =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "userInfoEncryptedResponseAlg",
+ new PropertyModel<>(clientAppTO,
"userInfoEncryptedResponseAlg"),
+ false);
+
userInfoEncryptedResponseAlg.setChoices(List.of(OIDCTokenEncryptionAlg.values()));
+ fields.add(userInfoEncryptedResponseAlg);
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionEncoding>
userInfoEncryptedResponseEncoding =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "userInfoEncryptedResponseEncoding",
+ new PropertyModel<>(clientAppTO,
"userInfoEncryptedResponseEncoding"),
+ false);
+
userInfoEncryptedResponseEncoding.setChoices(List.of(OIDCTokenEncryptionEncoding.values()));
+ fields.add(userInfoEncryptedResponseEncoding);
+
fields.add(new AjaxCheckBoxPanel(
"field", "jwtAccessToken", new
PropertyModel<>(clientAppTO, "jwtAccessToken")));
fields.add(new AjaxCheckBoxPanel(
@@ -307,8 +364,12 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
AjaxDropDownChoicePanel<OIDCSubjectType> subjectType = new
AjaxDropDownChoicePanel<>(
"field", "subjectType", new
PropertyModel<>(clientAppTO, "subjectType"), false);
subjectType.setChoices(List.of(OIDCSubjectType.values()));
- subjectType.addRequiredLabel().setEnabled(true);
- fields.add(subjectType);
+
fields.add(subjectType.addRequiredLabel().setEnabled(true));
+
+ AjaxDropDownChoicePanel<OIDCApplicationType>
applicationType = new AjaxDropDownChoicePanel<>(
+ "field", "applicationType", new
PropertyModel<>(clientAppTO, "applicationType"), false);
+
applicationType.setChoices(List.of(OIDCApplicationType.values()));
+
fields.add(applicationType.addRequiredLabel().setEnabled(true));
AjaxTextFieldPanel redirectUri = new
AjaxTextFieldPanel("panel", "redirectUris", new Model<>());
fields.add(new MultiFieldPanel.Builder<String>(
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
index 734fe671ab..14d8af8023 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
index e1cded71e7..07742eb2a4 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
index a9cb0277f8..7a6e813c79 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Metodo di autenticazione dell'endpoint token
generateRefreshToken=Genera Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=Algoritmo di firma IdToken
+encryptIdToken=Cifra IdToken
+idTokenEncryptionAlg=Algoritmo di cifratura IdToken
+idTokenEncryptionEncoding=Codifica di cifratura IdToken
+applicationType=Tipo applicazione
+userInfoSigningAlg=Algoritmo di firma UserInfo
+userInfoEncryptedResponseAlg=Algoritmo di cifratura risposta UserInfo
+userInfoEncryptedResponseEncoding=Codifica di cifratura risposta UserInfo
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
index 207cc7f18f..4026612504 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
index 65ddf146bb..f8ea1d3017 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
index b49b8abc9f..f2a04216c2 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
@@ -72,3 +72,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
index 04ab489a33..eb77daedd7 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
@@ -26,10 +26,14 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
@Schema(allOf = { ClientAppTO.class })
public class OIDCRPClientAppTO extends ClientAppTO {
@@ -40,7 +44,23 @@ public class OIDCRPClientAppTO extends ClientAppTO {
private String clientSecret;
- private boolean signIdToken;
+ private String idTokenIssuer;
+
+ private boolean signIdToken = true;
+
+ private OIDCTokenSigningAlg idTokenSigningAlg = OIDCTokenSigningAlg.none;
+
+ private boolean encryptIdToken;
+
+ private OIDCTokenEncryptionAlg idTokenEncryptionAlg =
OIDCTokenEncryptionAlg.none;
+
+ private OIDCTokenEncryptionEncoding idTokenEncryptionEncoding;
+
+ private OIDCTokenSigningAlg userInfoSigningAlg;
+
+ private OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg;
+
+ private OIDCTokenEncryptionEncoding userInfoEncryptedResponseEncoding;
private boolean jwtAccessToken;
@@ -48,7 +68,9 @@ public class OIDCRPClientAppTO extends ClientAppTO {
private boolean generateRefreshToken = true;
- private OIDCSubjectType subjectType;
+ private OIDCSubjectType subjectType = OIDCSubjectType.PUBLIC;
+
+ private OIDCApplicationType applicationType = OIDCApplicationType.WEB;
private final List<String> redirectUris = new ArrayList<>();
@@ -110,6 +132,14 @@ public class OIDCRPClientAppTO extends ClientAppTO {
return supportedResponseTypes;
}
+ public String getIdTokenIssuer() {
+ return idTokenIssuer;
+ }
+
+ public void setIdTokenIssuer(final String idTokenIssuer) {
+ this.idTokenIssuer = idTokenIssuer;
+ }
+
public boolean isSignIdToken() {
return signIdToken;
}
@@ -118,6 +148,62 @@ public class OIDCRPClientAppTO extends ClientAppTO {
this.signIdToken = signIdToken;
}
+ public boolean isEncryptIdToken() {
+ return encryptIdToken;
+ }
+
+ public void setEncryptIdToken(final boolean encryptIdToken) {
+ this.encryptIdToken = encryptIdToken;
+ }
+
+ public OIDCTokenSigningAlg getIdTokenSigningAlg() {
+ return idTokenSigningAlg;
+ }
+
+ public void setIdTokenSigningAlg(final OIDCTokenSigningAlg
idTokenSigningAlg) {
+ this.idTokenSigningAlg = idTokenSigningAlg;
+ }
+
+ public OIDCTokenEncryptionAlg getIdTokenEncryptionAlg() {
+ return idTokenEncryptionAlg;
+ }
+
+ public void setIdTokenEncryptionAlg(final OIDCTokenEncryptionAlg
idTokenEncryptionAlg) {
+ this.idTokenEncryptionAlg = idTokenEncryptionAlg;
+ }
+
+ public OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding() {
+ return idTokenEncryptionEncoding;
+ }
+
+ public void setIdTokenEncryptionEncoding(final OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding) {
+ this.idTokenEncryptionEncoding = idTokenEncryptionEncoding;
+ }
+
+ public OIDCTokenSigningAlg getUserInfoSigningAlg() {
+ return userInfoSigningAlg;
+ }
+
+ public void setUserInfoSigningAlg(final OIDCTokenSigningAlg
userInfoSigningAlg) {
+ this.userInfoSigningAlg = userInfoSigningAlg;
+ }
+
+ public OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg() {
+ return userInfoEncryptedResponseAlg;
+ }
+
+ public void setUserInfoEncryptedResponseAlg(final OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg) {
+ this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
+ }
+
+ public OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding() {
+ return userInfoEncryptedResponseEncoding;
+ }
+
+ public void setUserInfoEncryptedResponseEncoding(final
OIDCTokenEncryptionEncoding encoding) {
+ this.userInfoEncryptedResponseEncoding = encoding;
+ }
+
public OIDCSubjectType getSubjectType() {
return subjectType;
}
@@ -126,6 +212,14 @@ public class OIDCRPClientAppTO extends ClientAppTO {
this.subjectType = subjectType;
}
+ public OIDCApplicationType getApplicationType() {
+ return applicationType;
+ }
+
+ public void setApplicationType(final OIDCApplicationType applicationType) {
+ this.applicationType = applicationType;
+ }
+
public boolean isJwtAccessToken() {
return jwtAccessToken;
}
@@ -205,11 +299,20 @@ public class OIDCRPClientAppTO extends ClientAppTO {
.appendSuper(super.equals(obj))
.append(this.clientId, rhs.clientId)
.append(this.clientSecret, rhs.clientSecret)
+ .append(this.idTokenIssuer, rhs.idTokenIssuer)
.append(this.signIdToken, rhs.signIdToken)
+ .append(this.idTokenSigningAlg, rhs.idTokenSigningAlg)
+ .append(this.encryptIdToken, rhs.encryptIdToken)
+ .append(this.idTokenEncryptionAlg, rhs.idTokenEncryptionAlg)
+ .append(this.idTokenEncryptionEncoding,
rhs.idTokenEncryptionEncoding)
+ .append(this.userInfoSigningAlg, rhs.userInfoSigningAlg)
+ .append(this.userInfoEncryptedResponseAlg,
rhs.userInfoEncryptedResponseAlg)
+ .append(this.userInfoEncryptedResponseEncoding,
rhs.userInfoEncryptedResponseEncoding)
.append(this.jwtAccessToken, rhs.jwtAccessToken)
.append(this.bypassApprovalPrompt, rhs.bypassApprovalPrompt)
.append(this.generateRefreshToken, rhs.generateRefreshToken)
.append(this.subjectType, rhs.subjectType)
+ .append(this.applicationType, rhs.applicationType)
.append(this.redirectUris, rhs.redirectUris)
.append(this.supportedGrantTypes, rhs.supportedGrantTypes)
.append(this.supportedResponseTypes,
rhs.supportedResponseTypes)
@@ -227,11 +330,20 @@ public class OIDCRPClientAppTO extends ClientAppTO {
.appendSuper(super.hashCode())
.append(clientId)
.append(clientSecret)
+ .append(idTokenIssuer)
.append(signIdToken)
+ .append(idTokenSigningAlg)
+ .append(encryptIdToken)
+ .append(idTokenEncryptionAlg)
+ .append(idTokenEncryptionEncoding)
+ .append(userInfoSigningAlg)
+ .append(userInfoEncryptedResponseAlg)
+ .append(userInfoEncryptedResponseEncoding)
.append(jwtAccessToken)
.append(bypassApprovalPrompt)
.append(generateRefreshToken)
.append(subjectType)
+ .append(applicationType)
.append(redirectUris)
.append(supportedGrantTypes)
.append(supportedResponseTypes)
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java
similarity index 75%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java
index 837f80ec3d..9d5f8d1383 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java
@@ -18,11 +18,17 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCApplicationType {
+ WEB("web"),
+ NATIVE("native");
+ private final String externalForm;
+
+ OIDCApplicationType(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
index 837f80ec3d..d97833e4b9 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
@@ -19,10 +19,20 @@
package org.apache.syncope.common.lib.types;
public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+ authorization_code("authorization_code"),
+ password("password"),
+ client_credentials("client_credentials"),
+ refresh_token("refresh_token"),
+ device_code("urn:ietf:params:oauth:grant-type:device_code"),
+ uma_ticket("urn:ietf:params:oauth:grant-type:uma-ticket");
+ private final String externalForm;
+
+ OIDCGrantType(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
index 9a1caeca9b..4fa75b1753 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
@@ -19,7 +19,16 @@
package org.apache.syncope.common.lib.types;
public enum OIDCSubjectType {
- PAIRWISE,
- PUBLIC
+ PUBLIC("public"),
+ PAIRWISE("pairwise");
+ private final String externalForm;
+
+ OIDCSubjectType(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionAlg.java
similarity index 57%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionAlg.java
index 837f80ec3d..0c2b813d7e 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionAlg.java
@@ -18,11 +18,30 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCTokenEncryptionAlg {
+ none("none"),
+ RSA1("RSA1_5"),
+ RSA_OAEP("RSA-OAEP"),
+ RSA_OAEP_256("RSA-OAEP-256"),
+ A128KW("A128KW"),
+ A192KW("A192KW"),
+ A256KW("A256KW"),
+ A128GCMKW("A128GCMKW"),
+ A192GCMKW("A192GCMKW"),
+ A256GCMKW("A256GCMKW"),
+ ECDH_ES("ECDH-ES"),
+ ECDH_ES_A128KW("ECDH-ES+A128KW"),
+ ECDH_ES_A192KW("ECDH-ES+A192KW"),
+ ECDH_ES_A256KW("ECDH-ES+A256KW");
+
+ private final String externalForm;
+
+ OIDCTokenEncryptionAlg(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionEncoding.java
similarity index 66%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionEncoding.java
index 837f80ec3d..6e39797249 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionEncoding.java
@@ -18,11 +18,22 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCTokenEncryptionEncoding {
+ A128CBC_HS256("A128CBC-HS256"),
+ A192CBC_HS384("A192CBC-HS384"),
+ A256CBC_HS512("A256CBC-HS512"),
+ A128GCM("A128GCM"),
+ A192GCM("A192GCM"),
+ A256GCM("A256GCM");
+
+ private final String externalForm;
+
+ OIDCTokenEncryptionEncoding(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenSigningAlg.java
similarity index 82%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenSigningAlg.java
index 837f80ec3d..0751147b95 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenSigningAlg.java
@@ -18,11 +18,19 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCTokenSigningAlg {
+ none,
+ RS256,
+ RS384,
+ RS512,
+ PS256,
+ PS384,
+ PS512,
+ ES256,
+ ES384,
+ ES512,
+ HS256,
+ HS384,
+ HS512;
}
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
index ddcfc8ce02..6eb3a3b655 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
@@ -19,10 +19,14 @@
package org.apache.syncope.core.persistence.api.entity.am;
import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
public interface OIDCRPClientApp extends ClientApp {
@@ -42,10 +46,42 @@ public interface OIDCRPClientApp extends ClientApp {
Set<String> getScopes();
+ String getIdTokenIssuer();
+
+ void setIdTokenIssuer(String idTokenIssuer);
+
boolean isSignIdToken();
void setSignIdToken(boolean signIdToken);
+ OIDCTokenSigningAlg getIdTokenSigningAlg();
+
+ void setIdTokenSigningAlg(OIDCTokenSigningAlg idTokenSigningAlg);
+
+ boolean isEncryptIdToken();
+
+ void setEncryptIdToken(boolean encryptIdToken);
+
+ OIDCTokenEncryptionAlg getIdTokenEncryptionAlg();
+
+ void setIdTokenEncryptionAlg(OIDCTokenEncryptionAlg idTokenEncryptionAlg);
+
+ OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding();
+
+ void setIdTokenEncryptionEncoding(OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding);
+
+ OIDCTokenSigningAlg getUserInfoSigningAlg();
+
+ void setUserInfoSigningAlg(OIDCTokenSigningAlg userInfoSigningAlg);
+
+ OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg();
+
+ void setUserInfoEncryptedResponseAlg(OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg);
+
+ OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding();
+
+ void setUserInfoEncryptedResponseEncoding(OIDCTokenEncryptionEncoding
encoding);
+
boolean isJwtAccessToken();
void setJwtAccessToken(boolean jwtAccessToken);
@@ -62,6 +98,10 @@ public interface OIDCRPClientApp extends ClientApp {
void setSubjectType(OIDCSubjectType subjectType);
+ OIDCApplicationType getApplicationType();
+
+ void setApplicationType(OIDCApplicationType applicationType);
+
String getJwks();
void setJwks(String jwks);
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
index 75c1771bc3..7c2566c078 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
@@ -33,10 +33,14 @@ import javax.persistence.PrePersist;
import javax.persistence.PreUpdate;
import javax.persistence.Table;
import javax.persistence.Transient;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.core.persistence.api.entity.am.OIDCRPClientApp;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
@@ -68,7 +72,29 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
private String clientSecret;
- private boolean signIdToken;
+ private String idTokenIssuer;
+
+ private boolean signIdToken = true;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenSigningAlg idTokenSigningAlg = OIDCTokenSigningAlg.none;
+
+ private boolean encryptIdToken;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionAlg idTokenEncryptionAlg =
OIDCTokenEncryptionAlg.none;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionEncoding idTokenEncryptionEncoding;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenSigningAlg userInfoSigningAlg;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionEncoding userInfoEncryptedResponseEncoding;
private boolean jwtAccessToken;
@@ -77,7 +103,10 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
private boolean generateRefreshToken = true;
@Enumerated(EnumType.STRING)
- private OIDCSubjectType subjectType;
+ private OIDCSubjectType subjectType = OIDCSubjectType.PUBLIC;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCApplicationType applicationType = OIDCApplicationType.WEB;
@Lob
private String redirectUris;
@@ -138,6 +167,16 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.clientSecret = clientSecret;
}
+ @Override
+ public String getIdTokenIssuer() {
+ return idTokenIssuer;
+ }
+
+ @Override
+ public void setIdTokenIssuer(final String idTokenIssuer) {
+ this.idTokenIssuer = idTokenIssuer;
+ }
+
@Override
public boolean isSignIdToken() {
return signIdToken;
@@ -148,6 +187,76 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.signIdToken = signIdToken;
}
+ @Override
+ public OIDCTokenSigningAlg getIdTokenSigningAlg() {
+ return idTokenSigningAlg;
+ }
+
+ @Override
+ public void setIdTokenSigningAlg(final OIDCTokenSigningAlg
idTokenSigningAlg) {
+ this.idTokenSigningAlg = idTokenSigningAlg;
+ }
+
+ @Override
+ public boolean isEncryptIdToken() {
+ return encryptIdToken;
+ }
+
+ @Override
+ public void setEncryptIdToken(final boolean encryptIdToken) {
+ this.encryptIdToken = encryptIdToken;
+ }
+
+ @Override
+ public OIDCTokenEncryptionAlg getIdTokenEncryptionAlg() {
+ return idTokenEncryptionAlg;
+ }
+
+ @Override
+ public void setIdTokenEncryptionAlg(final OIDCTokenEncryptionAlg
idTokenEncryptionAlg) {
+ this.idTokenEncryptionAlg = idTokenEncryptionAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding() {
+ return idTokenEncryptionEncoding;
+ }
+
+ @Override
+ public void setIdTokenEncryptionEncoding(final OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding) {
+ this.idTokenEncryptionEncoding = idTokenEncryptionEncoding;
+ }
+
+ @Override
+ public OIDCTokenSigningAlg getUserInfoSigningAlg() {
+ return userInfoSigningAlg;
+ }
+
+ @Override
+ public void setUserInfoSigningAlg(final OIDCTokenSigningAlg
userInfoSigningAlg) {
+ this.userInfoSigningAlg = userInfoSigningAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg() {
+ return userInfoEncryptedResponseAlg;
+ }
+
+ @Override
+ public void setUserInfoEncryptedResponseAlg(final OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg) {
+ this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding() {
+ return userInfoEncryptedResponseEncoding;
+ }
+
+ @Override
+ public void setUserInfoEncryptedResponseEncoding(final
OIDCTokenEncryptionEncoding encoding) {
+ this.userInfoEncryptedResponseEncoding = encoding;
+ }
+
@Override
public boolean isJwtAccessToken() {
return jwtAccessToken;
@@ -188,6 +297,16 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.subjectType = subjectType;
}
+ @Override
+ public OIDCApplicationType getApplicationType() {
+ return applicationType;
+ }
+
+ @Override
+ public void setApplicationType(final OIDCApplicationType applicationType) {
+ this.applicationType = applicationType;
+ }
+
@Override
public Set<OIDCGrantType> getSupportedGrantTypes() {
return supportedGrantTypesSet;
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index b3ead637ce..c367c66c63 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -104,13 +104,13 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
protected SAML2SPClientApp doCreate(final SAML2SPClientAppTO clientAppTO) {
SAML2SPClientApp saml2sp =
entityFactory.newEntity(SAML2SPClientApp.class);
- update(saml2sp, clientAppTO);
+ doUpdate(saml2sp, clientAppTO);
return saml2sp;
}
protected CASSPClientApp doCreate(final CASSPClientAppTO clientAppTO) {
CASSPClientApp saml2sp = entityFactory.newEntity(CASSPClientApp.class);
- update(saml2sp, clientAppTO);
+ doUpdate(saml2sp, clientAppTO);
return saml2sp;
}
@@ -215,20 +215,29 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
protected OIDCRPClientApp doCreate(final OIDCRPClientAppTO clientAppTO) {
OIDCRPClientApp oidcrp =
entityFactory.newEntity(OIDCRPClientApp.class);
- update(oidcrp, clientAppTO);
+ doUpdate(oidcrp, clientAppTO);
return oidcrp;
}
protected void doUpdate(final OIDCRPClientApp clientApp, final
OIDCRPClientAppTO clientAppTO) {
copyToEntity(clientApp, clientAppTO);
- clientApp.setClientSecret(clientAppTO.getClientSecret());
clientApp.setClientId(clientAppTO.getClientId());
+ clientApp.setClientSecret(clientAppTO.getClientSecret());
+ clientApp.setIdTokenIssuer(clientAppTO.getIdTokenIssuer());
clientApp.setSignIdToken(clientAppTO.isSignIdToken());
+ clientApp.setIdTokenSigningAlg(clientAppTO.getIdTokenSigningAlg());
+ clientApp.setEncryptIdToken(clientAppTO.isEncryptIdToken());
+
clientApp.setIdTokenEncryptionAlg(clientAppTO.getIdTokenEncryptionAlg());
+
clientApp.setIdTokenEncryptionEncoding(clientAppTO.getIdTokenEncryptionEncoding());
+ clientApp.setUserInfoSigningAlg(clientAppTO.getUserInfoSigningAlg());
+
clientApp.setUserInfoEncryptedResponseAlg(clientAppTO.getUserInfoEncryptedResponseAlg());
+
clientApp.setUserInfoEncryptedResponseEncoding(clientAppTO.getUserInfoEncryptedResponseEncoding());
clientApp.setJwtAccessToken(clientAppTO.isJwtAccessToken());
clientApp.setBypassApprovalPrompt(clientAppTO.isBypassApprovalPrompt());
clientApp.setGenerateRefreshToken(clientAppTO.isGenerateRefreshToken());
clientApp.setSubjectType(clientAppTO.getSubjectType());
+ clientApp.setApplicationType(clientAppTO.getApplicationType());
clientApp.getRedirectUris().clear();
clientApp.getRedirectUris().addAll(clientAppTO.getRedirectUris());
clientApp.getSupportedGrantTypes().clear();
@@ -249,16 +258,27 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
clientAppTO.setClientId(clientApp.getClientId());
clientAppTO.setClientSecret(clientApp.getClientSecret());
+ clientAppTO.setIdTokenIssuer(clientApp.getIdTokenIssuer());
clientAppTO.setSignIdToken(clientApp.isSignIdToken());
+ clientAppTO.setIdTokenSigningAlg(clientApp.getIdTokenSigningAlg());
+ clientAppTO.setEncryptIdToken(clientApp.isEncryptIdToken());
+
clientAppTO.setIdTokenEncryptionAlg(clientApp.getIdTokenEncryptionAlg());
+
clientAppTO.setIdTokenEncryptionEncoding(clientApp.getIdTokenEncryptionEncoding());
+ clientAppTO.setUserInfoSigningAlg(clientApp.getUserInfoSigningAlg());
+
clientAppTO.setUserInfoEncryptedResponseAlg(clientApp.getUserInfoEncryptedResponseAlg());
+
clientAppTO.setUserInfoEncryptedResponseEncoding(clientApp.getUserInfoEncryptedResponseEncoding());
+ clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
+
clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
+
clientAppTO.setGenerateRefreshToken(clientApp.isGenerateRefreshToken());
clientAppTO.setSubjectType(clientApp.getSubjectType());
+ clientAppTO.setApplicationType(clientApp.getApplicationType());
clientAppTO.getRedirectUris().addAll(clientApp.getRedirectUris());
+ clientAppTO.getSupportedGrantTypes().clear();
clientAppTO.getSupportedGrantTypes().addAll(clientApp.getSupportedGrantTypes());
+ clientAppTO.getSupportedResponseTypes().clear();
clientAppTO.getSupportedResponseTypes().addAll(clientApp.getSupportedResponseTypes());
clientAppTO.getScopes().addAll(clientApp.getScopes());
clientAppTO.setLogoutUri(clientApp.getLogoutUri());
- clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
-
clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
-
clientAppTO.setGenerateRefreshToken(clientApp.isGenerateRefreshToken());
clientAppTO.setJwks(clientApp.getJwks());
clientAppTO.setJwksUri(clientApp.getJwksUri());
clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index 894e46e923..9e2ed96d50 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -29,6 +29,8 @@ import org.apache.syncope.common.lib.to.ClientAppTO;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.common.lib.wa.WAClientApp;
import org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
@@ -71,17 +73,41 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
OIDCRPClientAppTO rp =
OIDCRPClientAppTO.class.cast(clientApp.getClientAppTO());
OidcRegisteredService service = new OidcRegisteredService();
+
setCommon(service, rp);
service.setServiceId(rp.getRedirectUris().stream().
filter(Objects::nonNull).
collect(Collectors.joining("|")));
+
service.setClientId(rp.getClientId());
service.setClientSecret(rp.getClientSecret());
+
+ service.setIdTokenIssuer(rp.getIdTokenIssuer());
service.setSignIdToken(rp.isSignIdToken());
- if (!service.isSignIdToken()) {
- service.setIdTokenSigningAlg("none");
+ if (service.isSignIdToken()) {
+ Optional.ofNullable(rp.getIdTokenSigningAlg()).
+ filter(v -> v != OIDCTokenSigningAlg.none).
+ ifPresent(v -> service.setIdTokenSigningAlg(v.name()));
+ } else {
+ service.setIdTokenSigningAlg(OIDCTokenSigningAlg.none.name());
}
+ service.setEncryptIdToken(rp.isEncryptIdToken());
+ if (service.isEncryptIdToken()) {
+ Optional.ofNullable(rp.getIdTokenEncryptionAlg()).
+ filter(v -> v != OIDCTokenEncryptionAlg.none).
+ ifPresent(v ->
service.setIdTokenEncryptionAlg(v.getExternalForm()));
+ Optional.ofNullable(rp.getIdTokenEncryptionEncoding()).
+ ifPresent(v ->
service.setIdTokenEncryptionEncoding(v.getExternalForm()));
+ } else {
+
service.setIdTokenEncryptionAlg(OIDCTokenEncryptionAlg.none.getExternalForm());
+ }
+ Optional.ofNullable(rp.getUserInfoSigningAlg()).ifPresent(v ->
service.setUserInfoSigningAlg(v.name()));
+ Optional.ofNullable(rp.getUserInfoEncryptedResponseAlg()).
+ ifPresent(v ->
service.setUserInfoEncryptedResponseAlg(v.getExternalForm()));
+ Optional.ofNullable(rp.getUserInfoEncryptedResponseEncoding()).
+ ifPresent(v ->
service.setUserInfoEncryptedResponseEncoding(v.getExternalForm()));
+
service.setJwtAccessToken(rp.isJwtAccessToken());
service.setBypassApprovalPrompt(rp.isBypassApprovalPrompt());
service.setGenerateRefreshToken(rp.isGenerateRefreshToken());
@@ -90,11 +116,12 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
} else {
service.setJwks(rp.getJwks());
}
+ Optional.ofNullable(rp.getSubjectType()).ifPresent(v ->
service.setSubjectType(v.getExternalForm()));
+ Optional.ofNullable(rp.getApplicationType()).ifPresent(v ->
service.setApplicationType(v.getExternalForm()));
service.setSupportedGrantTypes(rp.getSupportedGrantTypes().stream().
- map(OIDCGrantType::name).collect(Collectors.toSet()));
+
map(OIDCGrantType::getExternalForm).collect(Collectors.toSet()));
service.setSupportedResponseTypes(rp.getSupportedResponseTypes().stream().
map(OIDCResponseType::getExternalForm).collect(Collectors.toSet()));
- Optional.ofNullable(rp.getSubjectType()).ifPresent(st ->
service.setSubjectType(st.name()));
service.setLogoutUrl(rp.getLogoutUri());
service.setTokenEndpointAuthenticationMethod(rp.getTokenEndpointAuthenticationMethod().name());
