This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 73ac574b64 [SYNCOPE-1865] Add missing conf parameters for OIDC client
apps (#990)
73ac574b64 is described below
commit 73ac574b64600eb2745528578ec1d4d945265226
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Fri Feb 14 21:38:37 2025 +0100
[SYNCOPE-1865] Add missing conf parameters for OIDC client apps (#990)
---
.../clientapps/ClientAppModalPanelBuilder.java | 67 ++++++++++-
.../clientapps/ClientAppDirectoryPanel.properties | 9 ++
.../ClientAppDirectoryPanel_fr_CA.properties | 9 ++
.../ClientAppDirectoryPanel_it.properties | 9 ++
.../ClientAppDirectoryPanel_ja.properties | 9 ++
.../ClientAppDirectoryPanel_pt_BR.properties | 9 ++
.../ClientAppDirectoryPanel_ru.properties | 9 ++
.../syncope/common/lib/to/OIDCRPClientAppTO.java | 116 ++++++++++++++++++-
...OIDCGrantType.java => OIDCApplicationType.java} | 18 ++-
.../syncope/common/lib/types/OIDCGrantType.java | 22 +++-
.../syncope/common/lib/types/OIDCSubjectType.java | 13 ++-
...CGrantType.java => OIDCTokenEncryptionAlg.java} | 31 +++++-
...tType.java => OIDCTokenEncryptionEncoding.java} | 23 +++-
...OIDCGrantType.java => OIDCTokenSigningAlg.java} | 20 +++-
.../persistence/api/entity/am/OIDCRPClientApp.java | 40 +++++++
.../common/dao/AbstractAnySearchDAO.java | 2 +-
.../jpa/dao/AbstractJPAAnySearchDAO.java | 2 +-
.../jpa/entity/am/JPAOIDCRPClientApp.java | 123 ++++++++++++++++++++-
.../persistence/neo4j/dao/Neo4jAnySearchDAO.java | 25 ++---
.../neo4j/entity/am/Neo4jOIDCRPClientApp.java | 116 ++++++++++++++++++-
.../java/data/ClientAppDataBinderImpl.java | 34 ++++--
.../dao/ElasticsearchAnySearchDAO.java | 6 +-
.../opensearch/dao/OpenSearchAnySearchDAO.java | 6 +-
pom.xml | 2 +-
.../starter/mapping/OIDCRPClientAppTOMapper.java | 35 +++++-
25 files changed, 678 insertions(+), 77 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index 5da5d0340f..8ffcd8311e 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -61,10 +61,14 @@ import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.LogoutType;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
@@ -295,8 +299,61 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
clientSecret.setChoices(List.of(RandomStringUtils.secure().nextNumeric(15)));
fields.add(clientSecret.setRequired(true));
+ AjaxTextFieldPanel idTokenIssuer = new AjaxTextFieldPanel(
+ "field", "idTokenIssuer", new
PropertyModel<>(clientAppTO, "idTokenIssuer"), false);
+ fields.add(idTokenIssuer);
+
+ AjaxCheckBoxPanel signIdToken = new AjaxCheckBoxPanel(
+ "field", "signIdToken", new
PropertyModel<>(clientAppTO, "signIdToken"));
+ fields.add(signIdToken);
+ AjaxDropDownChoicePanel<OIDCTokenSigningAlg>
idTokenSigningAlg = new AjaxDropDownChoicePanel<>(
+ "field", "idTokenSigningAlg", new
PropertyModel<>(clientAppTO, "idTokenSigningAlg"), false);
+
idTokenSigningAlg.setChoices(List.of(OIDCTokenSigningAlg.values()));
+ fields.add(idTokenSigningAlg.addRequiredLabel());
+
fields.add(new AjaxCheckBoxPanel(
- "field", "signIdToken", new
PropertyModel<>(clientAppTO, "signIdToken")));
+ "field", "encryptIdToken", new
PropertyModel<>(clientAppTO, "encryptIdToken")));
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionAlg>
idTokenEncryptionAlg =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "idTokenEncryptionAlg",
+ new PropertyModel<>(clientAppTO,
"idTokenEncryptionAlg"),
+ false);
+
idTokenEncryptionAlg.setChoices(List.of(OIDCTokenEncryptionAlg.values()));
+ fields.add(idTokenEncryptionAlg.addRequiredLabel());
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionEncoding>
idTokenEncryptionEncoding =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "idTokenEncryptionEncoding",
+ new PropertyModel<>(clientAppTO,
"idTokenEncryptionEncoding"),
+ false);
+
idTokenEncryptionEncoding.setChoices(List.of(OIDCTokenEncryptionEncoding.values()));
+ fields.add(idTokenEncryptionEncoding);
+
+ AjaxDropDownChoicePanel<OIDCTokenSigningAlg>
userInfoSigningAlg = new AjaxDropDownChoicePanel<>(
+ "field",
+ "userInfoSigningAlg",
+ new PropertyModel<>(clientAppTO,
"userInfoSigningAlg"),
+ false);
+
userInfoSigningAlg.setChoices(List.of(OIDCTokenSigningAlg.values()));
+ fields.add(userInfoSigningAlg);
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionAlg>
userInfoEncryptedResponseAlg =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "userInfoEncryptedResponseAlg",
+ new PropertyModel<>(clientAppTO,
"userInfoEncryptedResponseAlg"),
+ false);
+
userInfoEncryptedResponseAlg.setChoices(List.of(OIDCTokenEncryptionAlg.values()));
+ fields.add(userInfoEncryptedResponseAlg);
+ AjaxDropDownChoicePanel<OIDCTokenEncryptionEncoding>
userInfoEncryptedResponseEncoding =
+ new AjaxDropDownChoicePanel<>(
+ "field",
+ "userInfoEncryptedResponseEncoding",
+ new PropertyModel<>(clientAppTO,
"userInfoEncryptedResponseEncoding"),
+ false);
+
userInfoEncryptedResponseEncoding.setChoices(List.of(OIDCTokenEncryptionEncoding.values()));
+ fields.add(userInfoEncryptedResponseEncoding);
+
fields.add(new AjaxCheckBoxPanel(
"field", "jwtAccessToken", new
PropertyModel<>(clientAppTO, "jwtAccessToken")));
fields.add(new AjaxCheckBoxPanel(
@@ -307,8 +364,12 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
AjaxDropDownChoicePanel<OIDCSubjectType> subjectType = new
AjaxDropDownChoicePanel<>(
"field", "subjectType", new
PropertyModel<>(clientAppTO, "subjectType"), false);
subjectType.setChoices(List.of(OIDCSubjectType.values()));
- subjectType.addRequiredLabel().setEnabled(true);
- fields.add(subjectType);
+
fields.add(subjectType.addRequiredLabel().setEnabled(true));
+
+ AjaxDropDownChoicePanel<OIDCApplicationType>
applicationType = new AjaxDropDownChoicePanel<>(
+ "field", "applicationType", new
PropertyModel<>(clientAppTO, "applicationType"), false);
+
applicationType.setChoices(List.of(OIDCApplicationType.values()));
+
fields.add(applicationType.addRequiredLabel().setEnabled(true));
AjaxTextFieldPanel redirectUri = new
AjaxTextFieldPanel("panel", "redirectUris", new Model<>());
fields.add(new MultiFieldPanel.Builder<String>(
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
index 734fe671ab..14d8af8023 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
index e1cded71e7..07742eb2a4 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
index a9cb0277f8..7a6e813c79 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Metodo di autenticazione dell'endpoint token
generateRefreshToken=Genera Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=Algoritmo di firma IdToken
+encryptIdToken=Cifra IdToken
+idTokenEncryptionAlg=Algoritmo di cifratura IdToken
+idTokenEncryptionEncoding=Codifica di cifratura IdToken
+applicationType=Tipo applicazione
+userInfoSigningAlg=Algoritmo di firma UserInfo
+userInfoEncryptedResponseAlg=Algoritmo di cifratura risposta UserInfo
+userInfoEncryptedResponseEncoding=Codifica di cifratura risposta UserInfo
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
index 207cc7f18f..4026612504 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
index 65ddf146bb..f8ea1d3017 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
@@ -71,3 +71,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
index b49b8abc9f..f2a04216c2 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
@@ -72,3 +72,12 @@ jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
index 04ab489a33..eb77daedd7 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
@@ -26,10 +26,14 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
@Schema(allOf = { ClientAppTO.class })
public class OIDCRPClientAppTO extends ClientAppTO {
@@ -40,7 +44,23 @@ public class OIDCRPClientAppTO extends ClientAppTO {
private String clientSecret;
- private boolean signIdToken;
+ private String idTokenIssuer;
+
+ private boolean signIdToken = true;
+
+ private OIDCTokenSigningAlg idTokenSigningAlg = OIDCTokenSigningAlg.none;
+
+ private boolean encryptIdToken;
+
+ private OIDCTokenEncryptionAlg idTokenEncryptionAlg =
OIDCTokenEncryptionAlg.none;
+
+ private OIDCTokenEncryptionEncoding idTokenEncryptionEncoding;
+
+ private OIDCTokenSigningAlg userInfoSigningAlg;
+
+ private OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg;
+
+ private OIDCTokenEncryptionEncoding userInfoEncryptedResponseEncoding;
private boolean jwtAccessToken;
@@ -48,7 +68,9 @@ public class OIDCRPClientAppTO extends ClientAppTO {
private boolean generateRefreshToken = true;
- private OIDCSubjectType subjectType;
+ private OIDCSubjectType subjectType = OIDCSubjectType.PUBLIC;
+
+ private OIDCApplicationType applicationType = OIDCApplicationType.WEB;
private final List<String> redirectUris = new ArrayList<>();
@@ -110,6 +132,14 @@ public class OIDCRPClientAppTO extends ClientAppTO {
return supportedResponseTypes;
}
+ public String getIdTokenIssuer() {
+ return idTokenIssuer;
+ }
+
+ public void setIdTokenIssuer(final String idTokenIssuer) {
+ this.idTokenIssuer = idTokenIssuer;
+ }
+
public boolean isSignIdToken() {
return signIdToken;
}
@@ -118,6 +148,62 @@ public class OIDCRPClientAppTO extends ClientAppTO {
this.signIdToken = signIdToken;
}
+ public boolean isEncryptIdToken() {
+ return encryptIdToken;
+ }
+
+ public void setEncryptIdToken(final boolean encryptIdToken) {
+ this.encryptIdToken = encryptIdToken;
+ }
+
+ public OIDCTokenSigningAlg getIdTokenSigningAlg() {
+ return idTokenSigningAlg;
+ }
+
+ public void setIdTokenSigningAlg(final OIDCTokenSigningAlg
idTokenSigningAlg) {
+ this.idTokenSigningAlg = idTokenSigningAlg;
+ }
+
+ public OIDCTokenEncryptionAlg getIdTokenEncryptionAlg() {
+ return idTokenEncryptionAlg;
+ }
+
+ public void setIdTokenEncryptionAlg(final OIDCTokenEncryptionAlg
idTokenEncryptionAlg) {
+ this.idTokenEncryptionAlg = idTokenEncryptionAlg;
+ }
+
+ public OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding() {
+ return idTokenEncryptionEncoding;
+ }
+
+ public void setIdTokenEncryptionEncoding(final OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding) {
+ this.idTokenEncryptionEncoding = idTokenEncryptionEncoding;
+ }
+
+ public OIDCTokenSigningAlg getUserInfoSigningAlg() {
+ return userInfoSigningAlg;
+ }
+
+ public void setUserInfoSigningAlg(final OIDCTokenSigningAlg
userInfoSigningAlg) {
+ this.userInfoSigningAlg = userInfoSigningAlg;
+ }
+
+ public OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg() {
+ return userInfoEncryptedResponseAlg;
+ }
+
+ public void setUserInfoEncryptedResponseAlg(final OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg) {
+ this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
+ }
+
+ public OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding() {
+ return userInfoEncryptedResponseEncoding;
+ }
+
+ public void setUserInfoEncryptedResponseEncoding(final
OIDCTokenEncryptionEncoding encoding) {
+ this.userInfoEncryptedResponseEncoding = encoding;
+ }
+
public OIDCSubjectType getSubjectType() {
return subjectType;
}
@@ -126,6 +212,14 @@ public class OIDCRPClientAppTO extends ClientAppTO {
this.subjectType = subjectType;
}
+ public OIDCApplicationType getApplicationType() {
+ return applicationType;
+ }
+
+ public void setApplicationType(final OIDCApplicationType applicationType) {
+ this.applicationType = applicationType;
+ }
+
public boolean isJwtAccessToken() {
return jwtAccessToken;
}
@@ -205,11 +299,20 @@ public class OIDCRPClientAppTO extends ClientAppTO {
.appendSuper(super.equals(obj))
.append(this.clientId, rhs.clientId)
.append(this.clientSecret, rhs.clientSecret)
+ .append(this.idTokenIssuer, rhs.idTokenIssuer)
.append(this.signIdToken, rhs.signIdToken)
+ .append(this.idTokenSigningAlg, rhs.idTokenSigningAlg)
+ .append(this.encryptIdToken, rhs.encryptIdToken)
+ .append(this.idTokenEncryptionAlg, rhs.idTokenEncryptionAlg)
+ .append(this.idTokenEncryptionEncoding,
rhs.idTokenEncryptionEncoding)
+ .append(this.userInfoSigningAlg, rhs.userInfoSigningAlg)
+ .append(this.userInfoEncryptedResponseAlg,
rhs.userInfoEncryptedResponseAlg)
+ .append(this.userInfoEncryptedResponseEncoding,
rhs.userInfoEncryptedResponseEncoding)
.append(this.jwtAccessToken, rhs.jwtAccessToken)
.append(this.bypassApprovalPrompt, rhs.bypassApprovalPrompt)
.append(this.generateRefreshToken, rhs.generateRefreshToken)
.append(this.subjectType, rhs.subjectType)
+ .append(this.applicationType, rhs.applicationType)
.append(this.redirectUris, rhs.redirectUris)
.append(this.supportedGrantTypes, rhs.supportedGrantTypes)
.append(this.supportedResponseTypes,
rhs.supportedResponseTypes)
@@ -227,11 +330,20 @@ public class OIDCRPClientAppTO extends ClientAppTO {
.appendSuper(super.hashCode())
.append(clientId)
.append(clientSecret)
+ .append(idTokenIssuer)
.append(signIdToken)
+ .append(idTokenSigningAlg)
+ .append(encryptIdToken)
+ .append(idTokenEncryptionAlg)
+ .append(idTokenEncryptionEncoding)
+ .append(userInfoSigningAlg)
+ .append(userInfoEncryptedResponseAlg)
+ .append(userInfoEncryptedResponseEncoding)
.append(jwtAccessToken)
.append(bypassApprovalPrompt)
.append(generateRefreshToken)
.append(subjectType)
+ .append(applicationType)
.append(redirectUris)
.append(supportedGrantTypes)
.append(supportedResponseTypes)
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java
similarity index 75%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java
index 837f80ec3d..9d5f8d1383 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java
@@ -18,11 +18,17 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCApplicationType {
+ WEB("web"),
+ NATIVE("native");
+ private final String externalForm;
+
+ OIDCApplicationType(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
index 837f80ec3d..de392c65e6 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
@@ -19,10 +19,22 @@
package org.apache.syncope.common.lib.types;
public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+ authorization_code("authorization_code"),
+ password("password"),
+ client_credentials("client_credentials"),
+ refresh_token("refresh_token"),
+ ciba("urn:openid:params:grant-type:ciba"),
+ token_exchange("urn:ietf:params:oauth:grant-type:token-exchange"),
+ device_code("urn:ietf:params:oauth:grant-type:device_code"),
+ uma_ticket("urn:ietf:params:oauth:grant-type:uma-ticket");
+ private final String externalForm;
+
+ OIDCGrantType(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
index 9a1caeca9b..4fa75b1753 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
@@ -19,7 +19,16 @@
package org.apache.syncope.common.lib.types;
public enum OIDCSubjectType {
- PAIRWISE,
- PUBLIC
+ PUBLIC("public"),
+ PAIRWISE("pairwise");
+ private final String externalForm;
+
+ OIDCSubjectType(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionAlg.java
similarity index 57%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionAlg.java
index 837f80ec3d..0c2b813d7e 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionAlg.java
@@ -18,11 +18,30 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCTokenEncryptionAlg {
+ none("none"),
+ RSA1("RSA1_5"),
+ RSA_OAEP("RSA-OAEP"),
+ RSA_OAEP_256("RSA-OAEP-256"),
+ A128KW("A128KW"),
+ A192KW("A192KW"),
+ A256KW("A256KW"),
+ A128GCMKW("A128GCMKW"),
+ A192GCMKW("A192GCMKW"),
+ A256GCMKW("A256GCMKW"),
+ ECDH_ES("ECDH-ES"),
+ ECDH_ES_A128KW("ECDH-ES+A128KW"),
+ ECDH_ES_A192KW("ECDH-ES+A192KW"),
+ ECDH_ES_A256KW("ECDH-ES+A256KW");
+
+ private final String externalForm;
+
+ OIDCTokenEncryptionAlg(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionEncoding.java
similarity index 66%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionEncoding.java
index 837f80ec3d..6e39797249 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenEncryptionEncoding.java
@@ -18,11 +18,22 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCTokenEncryptionEncoding {
+ A128CBC_HS256("A128CBC-HS256"),
+ A192CBC_HS384("A192CBC-HS384"),
+ A256CBC_HS512("A256CBC-HS512"),
+ A128GCM("A128GCM"),
+ A192GCM("A192GCM"),
+ A256GCM("A256GCM");
+
+ private final String externalForm;
+
+ OIDCTokenEncryptionEncoding(final String external) {
+ this.externalForm = external;
+ }
+
+ public String getExternalForm() {
+ return externalForm;
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenSigningAlg.java
similarity index 82%
copy from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
copy to
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenSigningAlg.java
index 837f80ec3d..0751147b95 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCGrantType.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCTokenSigningAlg.java
@@ -18,11 +18,19 @@
*/
package org.apache.syncope.common.lib.types;
-public enum OIDCGrantType {
- authorization_code,
- password,
- client_credentials,
- refresh_token,
- device_code;
+public enum OIDCTokenSigningAlg {
+ none,
+ RS256,
+ RS384,
+ RS512,
+ PS256,
+ PS384,
+ PS512,
+ ES256,
+ ES384,
+ ES512,
+ HS256,
+ HS384,
+ HS512;
}
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
index ddcfc8ce02..6eb3a3b655 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
@@ -19,10 +19,14 @@
package org.apache.syncope.core.persistence.api.entity.am;
import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
public interface OIDCRPClientApp extends ClientApp {
@@ -42,10 +46,42 @@ public interface OIDCRPClientApp extends ClientApp {
Set<String> getScopes();
+ String getIdTokenIssuer();
+
+ void setIdTokenIssuer(String idTokenIssuer);
+
boolean isSignIdToken();
void setSignIdToken(boolean signIdToken);
+ OIDCTokenSigningAlg getIdTokenSigningAlg();
+
+ void setIdTokenSigningAlg(OIDCTokenSigningAlg idTokenSigningAlg);
+
+ boolean isEncryptIdToken();
+
+ void setEncryptIdToken(boolean encryptIdToken);
+
+ OIDCTokenEncryptionAlg getIdTokenEncryptionAlg();
+
+ void setIdTokenEncryptionAlg(OIDCTokenEncryptionAlg idTokenEncryptionAlg);
+
+ OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding();
+
+ void setIdTokenEncryptionEncoding(OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding);
+
+ OIDCTokenSigningAlg getUserInfoSigningAlg();
+
+ void setUserInfoSigningAlg(OIDCTokenSigningAlg userInfoSigningAlg);
+
+ OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg();
+
+ void setUserInfoEncryptedResponseAlg(OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg);
+
+ OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding();
+
+ void setUserInfoEncryptedResponseEncoding(OIDCTokenEncryptionEncoding
encoding);
+
boolean isJwtAccessToken();
void setJwtAccessToken(boolean jwtAccessToken);
@@ -62,6 +98,10 @@ public interface OIDCRPClientApp extends ClientApp {
void setSubjectType(OIDCSubjectType subjectType);
+ OIDCApplicationType getApplicationType();
+
+ void setApplicationType(OIDCApplicationType applicationType);
+
String getJwks();
void setJwks(String jwks);
diff --git
a/core/persistence-common/src/main/java/org/apache/syncope/core/persistence/common/dao/AbstractAnySearchDAO.java
b/core/persistence-common/src/main/java/org/apache/syncope/core/persistence/common/dao/AbstractAnySearchDAO.java
index 082ce0aafa..fb3c3731a2 100644
---
a/core/persistence-common/src/main/java/org/apache/syncope/core/persistence/common/dao/AbstractAnySearchDAO.java
+++
b/core/persistence-common/src/main/java/org/apache/syncope/core/persistence/common/dao/AbstractAnySearchDAO.java
@@ -237,7 +237,7 @@ public abstract class AbstractAnySearchDAO implements
AnySearchDAO {
Pageable pageable,
AnyTypeKind kind);
- protected Pair<PlainSchema, PlainAttrValue> check(final AttrCond cond,
final AnyTypeKind kind) {
+ protected Pair<PlainSchema, PlainAttrValue> check(final AttrCond cond) {
PlainSchema schema = plainSchemaDAO.findById(cond.getSchema()).
orElseThrow(() -> new IllegalArgumentException("Invalid schema
" + cond.getSchema()));
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractJPAAnySearchDAO.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractJPAAnySearchDAO.java
index 5dad3a5461..8a397077c1 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractJPAAnySearchDAO.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/AbstractJPAAnySearchDAO.java
@@ -234,7 +234,7 @@ abstract class AbstractJPAAnySearchDAO extends
AbstractAnySearchDAO {
map(anyCond -> getQuery(anyCond, not, parameters,
svs)).
or(() -> cond.asLeaf(AttrCond.class).
map(attrCond -> {
- Pair<PlainSchema, PlainAttrValue> checked =
check(attrCond, svs.anyTypeKind);
+ Pair<PlainSchema, PlainAttrValue> checked =
check(attrCond);
Pair<Boolean, AnySearchNode> query =
getQuery(attrCond, not, checked, parameters, svs);
if (query.getLeft()) {
plainSchemas.add(checked.getLeft().getKey());
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
index e1c7bbe824..0ced79e62d 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
@@ -33,10 +33,14 @@ import jakarta.persistence.Table;
import jakarta.persistence.Transient;
import java.util.HashSet;
import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.core.persistence.api.entity.am.OIDCRPClientApp;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
@@ -68,7 +72,29 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
private String clientSecret;
- private boolean signIdToken;
+ private String idTokenIssuer;
+
+ private boolean signIdToken = true;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenSigningAlg idTokenSigningAlg = OIDCTokenSigningAlg.none;
+
+ private boolean encryptIdToken;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionAlg idTokenEncryptionAlg =
OIDCTokenEncryptionAlg.none;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionEncoding idTokenEncryptionEncoding;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenSigningAlg userInfoSigningAlg;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCTokenEncryptionEncoding userInfoEncryptedResponseEncoding;
private boolean jwtAccessToken;
@@ -77,7 +103,10 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
private boolean generateRefreshToken = true;
@Enumerated(EnumType.STRING)
- private OIDCSubjectType subjectType;
+ private OIDCSubjectType subjectType = OIDCSubjectType.PUBLIC;
+
+ @Enumerated(EnumType.STRING)
+ private OIDCApplicationType applicationType = OIDCApplicationType.WEB;
@Lob
private String redirectUris;
@@ -138,6 +167,16 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.clientSecret = clientSecret;
}
+ @Override
+ public String getIdTokenIssuer() {
+ return idTokenIssuer;
+ }
+
+ @Override
+ public void setIdTokenIssuer(final String idTokenIssuer) {
+ this.idTokenIssuer = idTokenIssuer;
+ }
+
@Override
public boolean isSignIdToken() {
return signIdToken;
@@ -148,6 +187,76 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.signIdToken = signIdToken;
}
+ @Override
+ public OIDCTokenSigningAlg getIdTokenSigningAlg() {
+ return idTokenSigningAlg;
+ }
+
+ @Override
+ public void setIdTokenSigningAlg(final OIDCTokenSigningAlg
idTokenSigningAlg) {
+ this.idTokenSigningAlg = idTokenSigningAlg;
+ }
+
+ @Override
+ public boolean isEncryptIdToken() {
+ return encryptIdToken;
+ }
+
+ @Override
+ public void setEncryptIdToken(final boolean encryptIdToken) {
+ this.encryptIdToken = encryptIdToken;
+ }
+
+ @Override
+ public OIDCTokenEncryptionAlg getIdTokenEncryptionAlg() {
+ return idTokenEncryptionAlg;
+ }
+
+ @Override
+ public void setIdTokenEncryptionAlg(final OIDCTokenEncryptionAlg
idTokenEncryptionAlg) {
+ this.idTokenEncryptionAlg = idTokenEncryptionAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding() {
+ return idTokenEncryptionEncoding;
+ }
+
+ @Override
+ public void setIdTokenEncryptionEncoding(final OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding) {
+ this.idTokenEncryptionEncoding = idTokenEncryptionEncoding;
+ }
+
+ @Override
+ public OIDCTokenSigningAlg getUserInfoSigningAlg() {
+ return userInfoSigningAlg;
+ }
+
+ @Override
+ public void setUserInfoSigningAlg(final OIDCTokenSigningAlg
userInfoSigningAlg) {
+ this.userInfoSigningAlg = userInfoSigningAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg() {
+ return userInfoEncryptedResponseAlg;
+ }
+
+ @Override
+ public void setUserInfoEncryptedResponseAlg(final OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg) {
+ this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding() {
+ return userInfoEncryptedResponseEncoding;
+ }
+
+ @Override
+ public void setUserInfoEncryptedResponseEncoding(final
OIDCTokenEncryptionEncoding encoding) {
+ this.userInfoEncryptedResponseEncoding = encoding;
+ }
+
@Override
public boolean isJwtAccessToken() {
return jwtAccessToken;
@@ -188,6 +297,16 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.subjectType = subjectType;
}
+ @Override
+ public OIDCApplicationType getApplicationType() {
+ return applicationType;
+ }
+
+ @Override
+ public void setApplicationType(final OIDCApplicationType applicationType) {
+ this.applicationType = applicationType;
+ }
+
@Override
public Set<OIDCGrantType> getSupportedGrantTypes() {
return supportedGrantTypesSet;
diff --git
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/dao/Neo4jAnySearchDAO.java
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/dao/Neo4jAnySearchDAO.java
index f9c99dff7c..3ae751c2ff 100644
---
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/dao/Neo4jAnySearchDAO.java
+++
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/dao/Neo4jAnySearchDAO.java
@@ -383,7 +383,6 @@ public class Neo4jAnySearchDAO extends AbstractAnySearchDAO
{
}
protected void fillAttrQuery(
- final AnyUtils anyUtils,
final TextStringBuilder query,
final PlainAttrValue attrValue,
final PlainSchema schema,
@@ -393,16 +392,16 @@ public class Neo4jAnySearchDAO extends
AbstractAnySearchDAO {
if (not && cond.getType() == AttrCond.Type.ISNULL) {
cond.setType(AttrCond.Type.ISNOTNULL);
- fillAttrQuery(anyUtils, query, attrValue, schema, cond, true,
parameters);
+ fillAttrQuery(query, attrValue, schema, cond, true, parameters);
return;
}
if (not) {
if (schema.isUniqueConstraint()) {
- fillAttrQuery(anyUtils, query, attrValue, schema, cond, false,
parameters);
+ fillAttrQuery(query, attrValue, schema, cond, false,
parameters);
query.replaceFirst("WHERE", "WHERE NOT(");
query.append(')');
} else {
- fillAttrQuery(anyUtils, query, attrValue, schema, cond, false,
parameters);
+ fillAttrQuery(query, attrValue, schema, cond, false,
parameters);
query.replaceAll("any(", schema.getKey() + " IS NULL OR
none(");
}
return;
@@ -513,7 +512,7 @@ public class Neo4jAnySearchDAO extends AbstractAnySearchDAO
{
final TextStringBuilder query,
final PlainAttrValue attrValue,
final PlainSchema schema,
- final AttrCond cond,
+ final AnyCond cond,
final boolean not,
final Map<String, Object> parameters) {
@@ -672,23 +671,17 @@ public class Neo4jAnySearchDAO extends
AbstractAnySearchDAO {
TextStringBuilder query = new TextStringBuilder("MATCH (n) WHERE ");
- plainSchemaDAO.findById(cond.getSchema()).ifPresentOrElse(
- schema -> fillAttrQuery(
- anyUtilsFactory.getInstance(kind),
- query, checked.getMiddle(), checked.getLeft(),
checked.getRight(), not, parameters),
- () -> fillAttrQuery(
- query, checked.getMiddle(), checked.getLeft(),
checked.getRight(), not, parameters));
+ fillAttrQuery(query, checked.getMiddle(), checked.getLeft(),
checked.getRight(), not, parameters);
return Pair.of(query.toString(), checked.getRight().getSchema());
}
protected Pair<String, PlainSchema> getQuery(
- final AnyTypeKind kind,
final AttrCond cond,
final boolean not,
final Map<String, Object> parameters) {
- Pair<PlainSchema, PlainAttrValue> checked = check(cond, kind);
+ Pair<PlainSchema, PlainAttrValue> checked = check(cond);
TextStringBuilder query = new TextStringBuilder("MATCH (n) ");
switch (cond.getType()) {
@@ -699,9 +692,7 @@ public class Neo4jAnySearchDAO extends AbstractAnySearchDAO
{
query.append("WHERE
n.`plainAttrs.").append(checked.getLeft().getKey()).append("` IS NULL");
default ->
- fillAttrQuery(
- anyUtilsFactory.getInstance(kind),
- query, checked.getRight(), checked.getLeft(), cond,
not, parameters);
+ fillAttrQuery(query, checked.getRight(), checked.getLeft(),
cond, not, parameters);
}
return Pair.of(query.toString(), checked.getLeft());
@@ -781,7 +772,7 @@ public class Neo4jAnySearchDAO extends AbstractAnySearchDAO
{
Optional.ofNullable(anyCondResult.getRight()).ifPresent(involvedFields::add);
},
() -> cond.asLeaf(AttrCond.class).ifPresent(leaf -> {
- Pair<String, PlainSchema> attrCondResult =
getQuery(kind, leaf, not, parameters);
+ Pair<String, PlainSchema> attrCondResult =
getQuery(leaf, not, parameters);
query.append(attrCondResult.getLeft());
involvedPlainSchemas.add(attrCondResult.getRight());
if (kind != AnyTypeKind.GROUP
diff --git
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
index 677d2d8f24..2e6d41b6ce 100644
---
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
+++
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
@@ -22,10 +22,14 @@ import com.fasterxml.jackson.core.type.TypeReference;
import jakarta.validation.constraints.NotNull;
import java.util.HashSet;
import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.core.persistence.api.entity.am.OIDCRPClientApp;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
import org.springframework.data.annotation.Transient;
@@ -59,7 +63,23 @@ public class Neo4jOIDCRPClientApp extends AbstractClientApp
implements OIDCRPCli
private String clientSecret;
- private boolean signIdToken;
+ private String idTokenIssuer;
+
+ private boolean signIdToken = true;
+
+ private OIDCTokenSigningAlg idTokenSigningAlg = OIDCTokenSigningAlg.none;
+
+ private boolean encryptIdToken;
+
+ private OIDCTokenEncryptionAlg idTokenEncryptionAlg =
OIDCTokenEncryptionAlg.none;
+
+ private OIDCTokenEncryptionEncoding idTokenEncryptionEncoding;
+
+ private OIDCTokenSigningAlg userInfoSigningAlg;
+
+ private OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg;
+
+ private OIDCTokenEncryptionEncoding userInfoEncryptedResponseEncoding;
private boolean jwtAccessToken;
@@ -67,7 +87,9 @@ public class Neo4jOIDCRPClientApp extends AbstractClientApp
implements OIDCRPCli
private boolean generateRefreshToken = true;
- private OIDCSubjectType subjectType;
+ private OIDCSubjectType subjectType = OIDCSubjectType.PUBLIC;
+
+ private OIDCApplicationType applicationType = OIDCApplicationType.WEB;
private String redirectUris;
@@ -122,6 +144,16 @@ public class Neo4jOIDCRPClientApp extends
AbstractClientApp implements OIDCRPCli
this.clientSecret = clientSecret;
}
+ @Override
+ public String getIdTokenIssuer() {
+ return idTokenIssuer;
+ }
+
+ @Override
+ public void setIdTokenIssuer(final String idTokenIssuer) {
+ this.idTokenIssuer = idTokenIssuer;
+ }
+
@Override
public boolean isSignIdToken() {
return signIdToken;
@@ -132,6 +164,76 @@ public class Neo4jOIDCRPClientApp extends
AbstractClientApp implements OIDCRPCli
this.signIdToken = signIdToken;
}
+ @Override
+ public OIDCTokenSigningAlg getIdTokenSigningAlg() {
+ return idTokenSigningAlg;
+ }
+
+ @Override
+ public void setIdTokenSigningAlg(final OIDCTokenSigningAlg
idTokenSigningAlg) {
+ this.idTokenSigningAlg = idTokenSigningAlg;
+ }
+
+ @Override
+ public boolean isEncryptIdToken() {
+ return encryptIdToken;
+ }
+
+ @Override
+ public void setEncryptIdToken(final boolean encryptIdToken) {
+ this.encryptIdToken = encryptIdToken;
+ }
+
+ @Override
+ public OIDCTokenEncryptionAlg getIdTokenEncryptionAlg() {
+ return idTokenEncryptionAlg;
+ }
+
+ @Override
+ public void setIdTokenEncryptionAlg(final OIDCTokenEncryptionAlg
idTokenEncryptionAlg) {
+ this.idTokenEncryptionAlg = idTokenEncryptionAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding() {
+ return idTokenEncryptionEncoding;
+ }
+
+ @Override
+ public void setIdTokenEncryptionEncoding(final OIDCTokenEncryptionEncoding
idTokenEncryptionEncoding) {
+ this.idTokenEncryptionEncoding = idTokenEncryptionEncoding;
+ }
+
+ @Override
+ public OIDCTokenSigningAlg getUserInfoSigningAlg() {
+ return userInfoSigningAlg;
+ }
+
+ @Override
+ public void setUserInfoSigningAlg(final OIDCTokenSigningAlg
userInfoSigningAlg) {
+ this.userInfoSigningAlg = userInfoSigningAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg() {
+ return userInfoEncryptedResponseAlg;
+ }
+
+ @Override
+ public void setUserInfoEncryptedResponseAlg(final OIDCTokenEncryptionAlg
userInfoEncryptedResponseAlg) {
+ this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
+ }
+
+ @Override
+ public OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding() {
+ return userInfoEncryptedResponseEncoding;
+ }
+
+ @Override
+ public void setUserInfoEncryptedResponseEncoding(final
OIDCTokenEncryptionEncoding encoding) {
+ this.userInfoEncryptedResponseEncoding = encoding;
+ }
+
@Override
public boolean isJwtAccessToken() {
return jwtAccessToken;
@@ -172,6 +274,16 @@ public class Neo4jOIDCRPClientApp extends
AbstractClientApp implements OIDCRPCli
this.subjectType = subjectType;
}
+ @Override
+ public OIDCApplicationType getApplicationType() {
+ return applicationType;
+ }
+
+ @Override
+ public void setApplicationType(final OIDCApplicationType applicationType) {
+ this.applicationType = applicationType;
+ }
+
@Override
public Set<OIDCGrantType> getSupportedGrantTypes() {
return supportedGrantTypesSet;
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index 6610416087..9ffd3d6211 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -104,13 +104,13 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
protected SAML2SPClientApp doCreate(final SAML2SPClientAppTO clientAppTO) {
SAML2SPClientApp saml2sp =
entityFactory.newEntity(SAML2SPClientApp.class);
- update(saml2sp, clientAppTO);
+ doUpdate(saml2sp, clientAppTO);
return saml2sp;
}
protected CASSPClientApp doCreate(final CASSPClientAppTO clientAppTO) {
CASSPClientApp saml2sp = entityFactory.newEntity(CASSPClientApp.class);
- update(saml2sp, clientAppTO);
+ doUpdate(saml2sp, clientAppTO);
return saml2sp;
}
@@ -215,20 +215,29 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
protected OIDCRPClientApp doCreate(final OIDCRPClientAppTO clientAppTO) {
OIDCRPClientApp oidcrp =
entityFactory.newEntity(OIDCRPClientApp.class);
- update(oidcrp, clientAppTO);
+ doUpdate(oidcrp, clientAppTO);
return oidcrp;
}
protected void doUpdate(final OIDCRPClientApp clientApp, final
OIDCRPClientAppTO clientAppTO) {
copyToEntity(clientApp, clientAppTO);
- clientApp.setClientSecret(clientAppTO.getClientSecret());
clientApp.setClientId(clientAppTO.getClientId());
+ clientApp.setClientSecret(clientAppTO.getClientSecret());
+ clientApp.setIdTokenIssuer(clientAppTO.getIdTokenIssuer());
clientApp.setSignIdToken(clientAppTO.isSignIdToken());
+ clientApp.setIdTokenSigningAlg(clientAppTO.getIdTokenSigningAlg());
+ clientApp.setEncryptIdToken(clientAppTO.isEncryptIdToken());
+
clientApp.setIdTokenEncryptionAlg(clientAppTO.getIdTokenEncryptionAlg());
+
clientApp.setIdTokenEncryptionEncoding(clientAppTO.getIdTokenEncryptionEncoding());
+ clientApp.setUserInfoSigningAlg(clientAppTO.getUserInfoSigningAlg());
+
clientApp.setUserInfoEncryptedResponseAlg(clientAppTO.getUserInfoEncryptedResponseAlg());
+
clientApp.setUserInfoEncryptedResponseEncoding(clientAppTO.getUserInfoEncryptedResponseEncoding());
clientApp.setJwtAccessToken(clientAppTO.isJwtAccessToken());
clientApp.setBypassApprovalPrompt(clientAppTO.isBypassApprovalPrompt());
clientApp.setGenerateRefreshToken(clientAppTO.isGenerateRefreshToken());
clientApp.setSubjectType(clientAppTO.getSubjectType());
+ clientApp.setApplicationType(clientAppTO.getApplicationType());
clientApp.getRedirectUris().clear();
clientApp.getRedirectUris().addAll(clientAppTO.getRedirectUris());
clientApp.getSupportedGrantTypes().clear();
@@ -249,16 +258,27 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
clientAppTO.setClientId(clientApp.getClientId());
clientAppTO.setClientSecret(clientApp.getClientSecret());
+ clientAppTO.setIdTokenIssuer(clientApp.getIdTokenIssuer());
clientAppTO.setSignIdToken(clientApp.isSignIdToken());
+ clientAppTO.setIdTokenSigningAlg(clientApp.getIdTokenSigningAlg());
+ clientAppTO.setEncryptIdToken(clientApp.isEncryptIdToken());
+
clientAppTO.setIdTokenEncryptionAlg(clientApp.getIdTokenEncryptionAlg());
+
clientAppTO.setIdTokenEncryptionEncoding(clientApp.getIdTokenEncryptionEncoding());
+ clientAppTO.setUserInfoSigningAlg(clientApp.getUserInfoSigningAlg());
+
clientAppTO.setUserInfoEncryptedResponseAlg(clientApp.getUserInfoEncryptedResponseAlg());
+
clientAppTO.setUserInfoEncryptedResponseEncoding(clientApp.getUserInfoEncryptedResponseEncoding());
+ clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
+
clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
+
clientAppTO.setGenerateRefreshToken(clientApp.isGenerateRefreshToken());
clientAppTO.setSubjectType(clientApp.getSubjectType());
+ clientAppTO.setApplicationType(clientApp.getApplicationType());
clientAppTO.getRedirectUris().addAll(clientApp.getRedirectUris());
+ clientAppTO.getSupportedGrantTypes().clear();
clientAppTO.getSupportedGrantTypes().addAll(clientApp.getSupportedGrantTypes());
+ clientAppTO.getSupportedResponseTypes().clear();
clientAppTO.getSupportedResponseTypes().addAll(clientApp.getSupportedResponseTypes());
clientAppTO.getScopes().addAll(clientApp.getScopes());
clientAppTO.setLogoutUri(clientApp.getLogoutUri());
- clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
-
clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
-
clientAppTO.setGenerateRefreshToken(clientApp.isGenerateRefreshToken());
clientAppTO.setJwks(clientApp.getJwks());
clientAppTO.setJwksUri(clientApp.getJwksUri());
clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());
diff --git
a/ext/elasticsearch/persistence/src/main/java/org/apache/syncope/core/persistence/elasticsearch/dao/ElasticsearchAnySearchDAO.java
b/ext/elasticsearch/persistence/src/main/java/org/apache/syncope/core/persistence/elasticsearch/dao/ElasticsearchAnySearchDAO.java
index b62f2ba4e3..0f8db06f73 100644
---
a/ext/elasticsearch/persistence/src/main/java/org/apache/syncope/core/persistence/elasticsearch/dao/ElasticsearchAnySearchDAO.java
+++
b/ext/elasticsearch/persistence/src/main/java/org/apache/syncope/core/persistence/elasticsearch/dao/ElasticsearchAnySearchDAO.java
@@ -359,7 +359,7 @@ public class ElasticsearchAnySearchDAO extends
AbstractAnySearchDAO {
if (query == null) {
query = cond.asLeaf(AnyCond.class).map(ac -> getQuery(ac,
kind)).
- or(() -> cond.asLeaf(AttrCond.class).map(ac ->
getQuery(ac, kind))).
+ or(() ->
cond.asLeaf(AttrCond.class).map(this::getQuery)).
orElse(null);
}
@@ -594,8 +594,8 @@ public class ElasticsearchAnySearchDAO extends
AbstractAnySearchDAO {
return query;
}
- protected Query getQuery(final AttrCond cond, final AnyTypeKind kind) {
- Pair<PlainSchema, PlainAttrValue> checked = check(cond, kind);
+ protected Query getQuery(final AttrCond cond) {
+ Pair<PlainSchema, PlainAttrValue> checked = check(cond);
return fillAttrQuery(checked.getLeft(), checked.getRight(), cond);
}
diff --git
a/ext/opensearch/persistence/src/main/java/org/apache/syncope/core/persistence/opensearch/dao/OpenSearchAnySearchDAO.java
b/ext/opensearch/persistence/src/main/java/org/apache/syncope/core/persistence/opensearch/dao/OpenSearchAnySearchDAO.java
index bb9340c417..3ec387e77e 100644
---
a/ext/opensearch/persistence/src/main/java/org/apache/syncope/core/persistence/opensearch/dao/OpenSearchAnySearchDAO.java
+++
b/ext/opensearch/persistence/src/main/java/org/apache/syncope/core/persistence/opensearch/dao/OpenSearchAnySearchDAO.java
@@ -357,7 +357,7 @@ public class OpenSearchAnySearchDAO extends
AbstractAnySearchDAO {
if (query == null) {
query = cond.asLeaf(AnyCond.class).map(ac -> getQuery(ac,
kind)).
- or(() -> cond.asLeaf(AttrCond.class).map(ac ->
getQuery(ac, kind))).
+ or(() ->
cond.asLeaf(AttrCond.class).map(this::getQuery)).
orElse(null);
}
@@ -588,8 +588,8 @@ public class OpenSearchAnySearchDAO extends
AbstractAnySearchDAO {
return query;
}
- protected Query getQuery(final AttrCond cond, final AnyTypeKind kind) {
- Pair<PlainSchema, PlainAttrValue> checked = check(cond, kind);
+ protected Query getQuery(final AttrCond cond) {
+ Pair<PlainSchema, PlainAttrValue> checked = check(cond);
return fillAttrQuery(checked.getLeft(), checked.getRight(), cond);
}
diff --git a/pom.xml b/pom.xml
index 0dd1c47a8c..6dcac368b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -507,7 +507,7 @@ under the License.
<docker.mysql.version>9.0</docker.mysql.version>
<docker.mariadb.version>11</docker.mariadb.version>
<docker.oracle.version>23-slim-faststart</docker.oracle.version>
- <docker.neo4j.version>5.26.1</docker.neo4j.version>
+ <docker.neo4j.version>5.26.2</docker.neo4j.version>
<jdbc.postgresql.version>42.7.5</jdbc.postgresql.version>
<jdbc.mysql.version>9.2.0</jdbc.mysql.version>
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index 2ae5e10c37..0f5e528c0e 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -28,6 +28,8 @@ import org.apache.syncope.common.lib.to.ClientAppTO;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.common.lib.wa.WAClientApp;
import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
import org.apereo.cas.services.ChainingAttributeReleasePolicy;
@@ -63,17 +65,41 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
OIDCRPClientAppTO rp =
OIDCRPClientAppTO.class.cast(clientApp.getClientAppTO());
OidcRegisteredService service = new OidcRegisteredService();
+
setCommon(service, rp);
service.setServiceId(rp.getRedirectUris().stream().
filter(Objects::nonNull).
collect(Collectors.joining("|")));
+
service.setClientId(rp.getClientId());
service.setClientSecret(rp.getClientSecret());
+
+ service.setIdTokenIssuer(rp.getIdTokenIssuer());
service.setSignIdToken(rp.isSignIdToken());
- if (!service.isSignIdToken()) {
- service.setIdTokenSigningAlg("none");
+ if (service.isSignIdToken()) {
+ Optional.ofNullable(rp.getIdTokenSigningAlg()).
+ filter(v -> v != OIDCTokenSigningAlg.none).
+ ifPresent(v -> service.setIdTokenSigningAlg(v.name()));
+ } else {
+ service.setIdTokenSigningAlg(OIDCTokenSigningAlg.none.name());
}
+ service.setEncryptIdToken(rp.isEncryptIdToken());
+ if (service.isEncryptIdToken()) {
+ Optional.ofNullable(rp.getIdTokenEncryptionAlg()).
+ filter(v -> v != OIDCTokenEncryptionAlg.none).
+ ifPresent(v ->
service.setIdTokenEncryptionAlg(v.getExternalForm()));
+ Optional.ofNullable(rp.getIdTokenEncryptionEncoding()).
+ ifPresent(v ->
service.setIdTokenEncryptionEncoding(v.getExternalForm()));
+ } else {
+
service.setIdTokenEncryptionAlg(OIDCTokenEncryptionAlg.none.getExternalForm());
+ }
+ Optional.ofNullable(rp.getUserInfoSigningAlg()).ifPresent(v ->
service.setUserInfoSigningAlg(v.name()));
+ Optional.ofNullable(rp.getUserInfoEncryptedResponseAlg()).
+ ifPresent(v ->
service.setUserInfoEncryptedResponseAlg(v.getExternalForm()));
+ Optional.ofNullable(rp.getUserInfoEncryptedResponseEncoding()).
+ ifPresent(v ->
service.setUserInfoEncryptedResponseEncoding(v.getExternalForm()));
+
service.setJwtAccessToken(rp.isJwtAccessToken());
service.setBypassApprovalPrompt(rp.isBypassApprovalPrompt());
service.setGenerateRefreshToken(rp.isGenerateRefreshToken());
@@ -82,11 +108,12 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
} else {
service.setJwks(rp.getJwks());
}
+ Optional.ofNullable(rp.getSubjectType()).ifPresent(v ->
service.setSubjectType(v.getExternalForm()));
+ Optional.ofNullable(rp.getApplicationType()).ifPresent(v ->
service.setApplicationType(v.getExternalForm()));
service.setSupportedGrantTypes(rp.getSupportedGrantTypes().stream().
- map(OIDCGrantType::name).collect(Collectors.toSet()));
+
map(OIDCGrantType::getExternalForm).collect(Collectors.toSet()));
service.setSupportedResponseTypes(rp.getSupportedResponseTypes().stream().
map(OIDCResponseType::getExternalForm).collect(Collectors.toSet()));
- Optional.ofNullable(rp.getSubjectType()).ifPresent(st ->
service.setSubjectType(st.name()));
service.setLogoutUrl(rp.getLogoutUri());
service.setTokenEndpointAuthenticationMethod(rp.getTokenEndpointAuthenticationMethod().name());
