Refine search
boolean compatibility = !isVersion2(); if (!compatibility && !hasParameter("openid.op_endpoint")) { throw new MessageException( "openid.op_endpoint is required in OpenID auth responses", if (getReturnTo() != null) { new URL(getReturnTo()); "Invalid return_to: " + getReturnTo(), OpenIDException.AUTH_ERROR, e); if (isVersion2() && getOpEndpoint() != null) { new URL(getOpEndpoint()); "Invalid op_endpoint: " + getOpEndpoint(), OpenIDException.AUTH_ERROR, e); if (!MODE_IDRES.equals(getMode())) { throw new MessageException( "Invalid openid.mode value in auth response: " + getMode(), OpenIDException.AUTH_ERROR); if (!hasParameter("openid.identity")) { Iterator iter = getExtensions().iterator(); while (iter.hasNext()) { String typeUri = iter.next().toString();
new ParameterList(httpReq.getParameterMap()); VerificationResult verification = manager.verify( receivingURL.toString(), response, discovered); session.setAttribute("openid_identifier", authSuccess.getIdentity()); if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); session.setAttribute("emailFromFetch", fetchResp.getAttributeValues("email").get(0)); if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) { SRegResponse sregResp = (SRegResponse) authSuccess.getExtension(SRegMessage.OPENID_NS_SREG); session.setAttribute("emailFromSReg", sregResp.getAttributeValue("email"));
/** * Signs an AuthSuccess message, using the association identified by the * handle specified within the message. * * @param authSuccess The Authentication Success message to be signed. * * @throws ServerException If the Association corresponding to the handle * in the @authSuccess cannot be retrieved from * the store. * @throws AssociationException If the signature cannot be computed. * */ public void sign(AuthSuccess authSuccess) throws ServerException, AssociationException { String handle = authSuccess.getHandle(); // try shared associations first, then private Association assoc = _sharedAssociations.load(handle); if (assoc == null) assoc = _privateAssociations.load(handle); if (assoc == null) throw new ServerException( "No association found for handle: " + handle); authSuccess.setSignature(assoc.sign(authSuccess.getSignedText())); }
// enable oauth ext for openid4java (do once) Message.addExtensionFactory(OAuthMessage.class); // add oauth extension to open-id request AuthRequest authReq = ...; OAuthRequest oauthRequest = OAuthRequest.createOAuthRequest(); oauthRequest.setScopes("oauth scope"); oauthRequest.setConsumer("oauth consumer key"); authReq.addExtension(oauthRequest); // extract oauth request token from open-id response AuthSuccess authSuccess = ...; if (authSuccess.hasExtension(OAuthMessage.OPENID_NS_OAUTH)) { OAuthResponse oauthRes = (OAuthResponse) authSuccess .getExtension(OAuthMessage.OPENID_NS_OAUTH); // use this request token (without secret and verifier) and your oauth lib // to get oauth access token String oauthRequestToken = oauthRes.getRequestToken(); }
/** * Verifies the dicovery information matches the data received in a * authentication response from an OpenID Provider. * * @param authResp The authentication response to be verified. * @param discovered The discovery information obtained earlier during * the discovery stage, associated with the * identifier(s) in the request. Stateless operation * is assumed if null. * @return The discovery information associated with the * claimed identifier, that can be used further in * the verification process. Null if the discovery * on the claimed identifier does not match the data * in the assertion. */ private DiscoveryInformation verifyDiscovered(AuthSuccess authResp, DiscoveryInformation discovered) throws DiscoveryException { if (authResp == null || authResp.getIdentity() == null) { _log.info("Assertion is not about an identifier"); return null; } if (authResp.isVersion2()) return verifyDiscovered2(authResp, discovered); else return verifyDiscovered1(authResp, discovered); }
new URL(opEndpoint); } catch (MalformedURLException e) { String errMsg = "Invalid OP-endpoint configured; " + AuthSuccess response = AuthSuccess.createAuthSuccess( opEndpoint, claimed, id, !isVersion2, authReq.getReturnTo(), response.setSignFields(_signFields); response.setSignExtensions(_signExtensions); response.setSignature(assoc.sign(response.getSignedText())); response.getReturnTo());
_discovery.parseIdentifier(authResp.getClaimed()) : //may have frag String handle = authResp.getHandle(); URL op = discovered.getOPEndpoint(); Association assoc = _associations.load(op.toString(), handle); String text = authResp.getSignedText(); String signature = authResp.getSignature(); ParameterList responseParams = new ParameterList(); int respCode = call(op.toString(), vrfy, responseParams); if (HttpStatus.SC_OK == respCode) _associations.remove(op.toString(), invalidateHandle); _log.error("Verification failed for: " + authResp.getClaimed() + " reason: " + result.getStatusMsg());
throws DiscoveryException if (authResp == null || ! authResp.isVersion2() || authResp.getIdentity() == null || authResp.getClaimed() == null) String assertId = authResp.getIdentity(); _discovery.parseIdentifier(authResp.getClaimed(), true); String respEndpoint = authResp.getOpEndpoint(); ! service.getOPEndpoint().toString().equals(respEndpoint) ) continue; service.getOPEndpoint().toString(), authResp.getHandle());
throws DiscoveryException if ( authResp == null || authResp.isVersion2() || authResp.getIdentity() == null ) String assertId = authResp.getIdentity(); service.getOPEndpoint().toString(), authResp.getHandle());
String openIdMode = authParams.getParameterValue("openid.mode"); if ((openIdMode != null) && openIdMode.equals("id_res")) AuthSuccess authResponse = AuthSuccess.createAuthSuccess(authParams); if ((authResponse != null) && authResponse.isVersion2() && (authResponse.getIdentity() != null) && (authResponse.getClaimed() != null)) String providerId = authResponse.getIdentity(); Identifier responseClaimedId = openIDStep2ConsumerManager.getDiscovery().parseIdentifier(authResponse.getClaimed(), true); String responseEndpoint = authResponse.getOpEndpoint(); if (discovered.isVersion2() && discovered.hasClaimedIdentifier() && discovered.getClaimedIdentifier().equals(responseClaimedId) && discovered.getOPEndpoint().equals(responseEndpoint)) List<SecureDiscoveryInformation> discoveredInfos = openIDStep2ConsumerManager.getDiscovery().discover(responseClaimedId); if ((version != null) && version.equals(DiscoveryInformation.OPENID2_OP) && discoveredInfo.isVersion2() && discoveredInfo.getOPEndpoint().equals(responseEndpoint)) if (openIDStep2ConsumerManager.getPrivateAssociationStore().load(discoveredInfo.getOPEndpoint().toString(), authResponse.getHandle()) != null)
ParameterList authResponseParams = new ParameterList(request.getParameterMap()); VerificationResult verificationResult = consumerManager.verify(returnToURL, authResponseParams, discovered); if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { String[] attrArray = attributesRequestor.getRequestedAttributes(authSuccess.getIdentity()); FetchResponse fetchResp; try { fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); } catch (MessageException e) { fetchResp = new YahooFetchResponse(authSuccess.getParameterMap()); String claimUri = attributesRequestor.getTypeURI(authSuccess.getIdentity(), attr); List attributeValues = fetchResp.getAttributeValuesByTypeUri(claimUri); authenticatedSubject.setAuthenticatedSubjectIdentifier(authSuccess.getClaimed()); context.setSubject(authenticatedSubject);
discoveries = providerOpenIDConsumerManager.getDiscovery().discover(providerIdentifier); discoveries = providerOpenIDConsumerManager.discover(userSuppliedDiscoveryString); discovered = providerOpenIDConsumerManager.associate(discoveries); ParameterList authParams = new ParameterList(request.getParameterMap()); if (authResponse.hasExtension(AxMessage.OPENID_NS_AX)) FetchResponse axResponse = (FetchResponse)authResponse.getExtension(AxMessage.OPENID_NS_AX); email = axResponse.getAttributeValue("email"); fullName = axResponse.getAttributeValue("fullname"); if (authResponse.hasExtension(SRegMessage.OPENID_NS_SREG)) SRegResponse sregResponse = (SRegResponse)authResponse.getExtension(SRegMessage.OPENID_NS_SREG); email = sregResponse.getAttributeValue("email"); fullName = sregResponse.getAttributeValue("fullname");
lifeCycle = (OpenIDLifecycle) adapter; ParameterList responselist = new ParameterList(parameterMap); VerificationResult verification = this.consumerManager.verify(receivedURL, responselist, discovered); new OpenIDLifecycleEvent(TYPE.SESSION, OP.ADD, CONST.OPENID.get(), authSuccess.getIdentity()), new OpenIDLifecycleEvent(TYPE.SESSION, OP.ADD, CONST.OPENID_CLAIMED.get(), authSuccess.getClaimed()),
if ("cancel".equals(response.getParameterValue("openid.mode"))) { result.setAuthResponse(AuthFailure.createAuthFailure(response)); _log.info("Received auth failure."); if ("setup_needed".equals(response.getParameterValue("openid.mode")) || ("id_res".equals(response.getParameterValue("openid.mode")) && response.hasParameter("openid.user_setup_url"))) { AuthImmediateFailure fail = AuthSuccess authResp = AuthSuccess.createAuthSuccess(response); _log.info("Received positive auth response."); authResp.validate(); if (!verifyReturnTo(receivingUrl, authResp)) { result.setStatusMsg("Return_To URL verification failed."); _log.error("Return_To URL verification failed."); discovered = verifyDiscovered(authResp, discovered); if (discovered == null || !discovered.hasClaimedIdentifier()) { result.setStatusMsg("Discovered information verification failed."); if (!verifyNonce(authResp, discovered)) { result.setStatusMsg("Nonce verification failed."); _log.error("Nonce verification failed.");
private static ParameterList convertAuthSuccessParams(AuthSuccess authResp) { ParameterList params = new ParameterList(authResp.getParameterMap()); params.set(new Parameter("openid.mode", MODE_CHKAUTH)); return params; }
ParameterList parameterList = new ParameterList(request.getParameterMap()); VerificationResult verification = consumerManager.verify( receivingURL.toString(), parameterList, if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { tempUser.setEmailAddress(extractEmailAddress(authSuccess)); tempUser.setFirstName(extractFirstName(authSuccess));
ParameterList parameterList = new ParameterList( request.getParameterMap()); DiscoveryInformation discovered = (DiscoveryInformation) request ConsumerManager consumerManager = AuthenticationRequestServlet .getConsumerManager(request); VerificationResult verificationResult = consumerManager.verify( receivingUrl, parameterList, discovered); Identifier identifier = verificationResult.getVerifiedId(); AuthSuccess authResp = AuthSuccess.createAuthSuccess(parameterList); String returnTo = authResp.getReturnTo(); String requestReturnTo = (String) request .getSession() return; if (!consumerManager.verifyReturnTo(requestReturnTo, authResp)) { showErrorPage("Invalid \"return_to\" in response!", null, request, response);
Iterator iter = extension.getParameters().getParameters().iterator(); while (iter.hasNext()) ((AuthSuccess)this).addSignExtension(typeUri); if ( ((AuthSuccess)this).getSignExtensions().contains(typeUri) ) ((AuthSuccess)this).buildSignedList();
private String extractLastName(AuthSuccess authSuccess) throws MessageException { FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX); return getAttributeValue( fetchResp, "lastname", "", String.class); }
openidResp = AuthSuccess.createAuthSuccess( _opEndpoint, claimedID, claimedID, compat, uriAppliesTo.toString(), nonce, FetchResponse fetchResp = FetchResponse.createFetchResponse(); fetchResp.addAttributes(attrs); openidResp.addExtension(fetchResp); openidResp.setSignature(assoc.sign(openidResp.getSignedText())); } catch (OpenIDException e) { setWstFault(constants, response, try { sha1base64 = Base64.encode( md.digest(openidResp.keyValueFormEncoding().getBytes("utf-8"))); } catch (UnsupportedEncodingException e) { setWstFault(constants, response, "OpenIDToken", omOpenIDNamespace, omRequestedSecurityToken); omOpenIDToken.setText(openidResp.keyValueFormEncoding());