org.openid4java.message.AuthRequest Java Examples

The following examples show how to use org.openid4java.message.AuthRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ConsumerServlet.java    From openid4java with Apache License 2.0 6 votes vote down vote up
/**
 * Simple Registration Extension example.
 * 
 * @param httpReq
 * @param authReq
 * @throws MessageException
 * @see <a href="http://code.google.com/p/openid4java/wiki/SRegHowTo">Simple Registration HowTo</a>
 * @see <a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html">OpenID Simple Registration Extension 1.0</a>
 */
private void addSimpleRegistrationToAuthRequest(HttpServletRequest httpReq,
		AuthRequest authReq) throws MessageException {
	// Attribute Exchange example: fetching the 'email' attribute
	// FetchRequest fetch = FetchRequest.createFetchRequest();
	SRegRequest sregReq = SRegRequest.createFetchRequest();

	String[] attributes = { "nickname", "email", "fullname", "dob",
			"gender", "postcode", "country", "language", "timezone" };
	for (int i = 0, l = attributes.length; i < l; i++) {
		String attribute = attributes[i];
		String value = httpReq.getParameter(attribute);
		if (OPTIONAL_VALUE.equals(value)) {
			sregReq.addAttribute(attribute, false);
		} else if (REQUIRED_VALUE.equals(value)) {
			sregReq.addAttribute(attribute, true);
		}
	}

	// attach the extension to the authentication request
	if (!sregReq.getAttributes().isEmpty()) {
		authReq.addExtension(sregReq);
	}
}
 
Example #2
Source File: ConsumerServlet.java    From openid4java with Apache License 2.0 6 votes vote down vote up
/**
 * Attribute exchange example.
 * 
 * @param httpReq
 * @param authReq
 * @throws MessageException
 * @see <a href="http://code.google.com/p/openid4java/wiki/AttributeExchangeHowTo">Attribute Exchange HowTo</a>
 * @see <a href="http://openid.net/specs/openid-attribute-exchange-1_0.html">OpenID Attribute Exchange 1.0 - Final</a>
 */
private void addAttributeExchangeToAuthRequest(HttpServletRequest httpReq,
		AuthRequest authReq) throws MessageException {
	String[] aliases = httpReq.getParameterValues("alias");
	String[] typeUris = httpReq.getParameterValues("typeUri");
	String[] counts = httpReq.getParameterValues("count");
	FetchRequest fetch = FetchRequest.createFetchRequest();
	for (int i = 0, l = typeUris == null ? 0 : typeUris.length; i < l; i++) {
		String typeUri = typeUris[i];
		if (StringUtils.isNotBlank(typeUri)) {
			String alias = aliases[i];
			boolean required = httpReq.getParameter("required" + i) != null;
			int count = NumberUtils.toInt(counts[i], 1);
			fetch.addAttribute(alias, typeUri, required, count);
		}
	}
	authReq.addExtension(fetch);
}
 
Example #3
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an OpenID Token. Depending of the global config, either a token
 * for the valid user or for the attacker is created.
 *
 * @param authRequest
 *
 * @return
 *
 * @throws MessageException
 * @throws ServerException
 * @throws AssociationException
 */
private AttackParameterKeeper processTokenRequest(final AuthRequest authRequest) throws OpenIdAttackerServerException {
    final String userSelId = getValidUser().getIdentifier();
    final String userSelClaimed = getValidUser().getClaimedId();
    final Message token = serverManager.authResponse(authRequest, userSelId, userSelClaimed, true, false);
    if (token instanceof AuthSuccess) {
        try {
            processAxExtension(token, authRequest);
            processSRegExtension(token, authRequest);
            generateSignatureForValidValues((AuthSuccess) token);
            generateSignatureForAttackValues();
        } catch (ServerException | MessageException | AssociationException ex) {
            throw new OpenIdAttackerServerException(ex.getMessage());
        }
    } else {
        throw new OpenIdAttackerServerException("Error while creating auth Response");
    }
    return getKeeper();
}
 
Example #4
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 6 votes vote down vote up
private Message processSRegExtension(Message token, final AuthRequest authRequest) throws MessageException {
    String sregNamespace = detectSRegVersion(authRequest);
    if (sregNamespace != null) {
        MessageExtension ext = authRequest.getExtension(sregNamespace);
        if (ext instanceof SRegRequest) {
            SRegRequest sregReq = (SRegRequest) ext;
            SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, getValidUser().getUserDataMap());
            token.addExtension(sregResp, "sreg");
        } else if (ext instanceof SRegResponse) {
            // what to do here?
        } else {
            final String message = String.format("TODO - Support of '%s'", ext.getClass().getCanonicalName());
            throw new UnsupportedOperationException(message);
        }
    }
    return token;
}
 
Example #5
Source File: OpenIDPape.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * @param authRequest OpenID authentication request
 * @return A set of policies requested
 * @throws IdentityException
 */
public static String[] getAuthenticationPolicies(AuthRequest authRequest) throws IdentityException {

    MessageExtension message = null;
    PapeRequest papeRequest = null;
    List preferredPolicies = null;

    try {
        if (authRequest.hasExtension(PapeMessage.OPENID_NS_PAPE)) {
            message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);

            if (message instanceof PapeRequest) {
                papeRequest = (PapeRequest) message;
                preferredPolicies = papeRequest.getPreferredAuthPoliciesList();
                if (preferredPolicies != null && !preferredPolicies.isEmpty()) {
                    return (String[]) preferredPolicies.toArray(new String[preferredPolicies.size()]);
                }
            }
        }
        return new String[0];
    } catch (MessageException e) {
        throw IdentityException.error("Failed retrieve authentication policies", e);
    }
}
 
Example #6
Source File: OpenIDProviderService.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * @param authRequest
 * @return
 * @throws IdentityException
 */
private List<String> getRequestedAttributes(AuthRequest authRequest) throws IdentityException {
    OpenIDAuthenticationRequest req = null;
    OpenIDExtension extension = null;
    List<String> requiredAttributes = null;

    req = new OpenIDAuthenticationRequest();
    req.setAuthRequest(authRequest);
    requiredAttributes = new ArrayList<String>();

    for (Object alias : authRequest.getExtensions()) {
        req.setExtensionAlias((String) alias);
        extension = OpenIDExtensionFactory.getInstance().getExtension(req);
        if (extension != null) {
            extension.addRequiredAttributes(requiredAttributes);
        }
    }

    return requiredAttributes;
}
 
Example #7
Source File: OpenIDProviderService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Get Profile details of an user
 *
 * @param openId
 * @return
 * @throws IdentityProviderException
 */
public OpenIDUserProfileDTO[] getUserProfiles(String openId, OpenIDParameterDTO[] requredClaims)
        throws IdentityProviderException {
    String userName = null;
    UserRealm realm = null;
    UserStoreManager reader = null;
    String tenatUser = null;
    String domainName = null;

    try {
        userName = OpenIDUtil.getUserName(openId);
        tenatUser = MultitenantUtils.getTenantAwareUsername(userName);
        domainName = MultitenantUtils.getDomainNameFromOpenId(openId);
        realm = IdentityTenantUtil.getRealm(domainName, userName);
        reader = realm.getUserStoreManager();
        String[] profileNames = reader.getProfileNames(tenatUser);
        OpenIDUserProfileDTO[] profileDtoSet = new OpenIDUserProfileDTO[profileNames.length];

        List<String> claimList = null;
        ParameterList paramList = getParameterList(requredClaims);
        AuthRequest authReq =
                AuthRequest.createAuthRequest(paramList, OpenIDProvider.getInstance()
                                                                       .getManager()
                                                                       .getRealmVerifier());

        claimList = getRequestedAttributes(authReq);

        for (int i = 0; i < profileNames.length; i++) {
            OpenIDUserProfileDTO profileDTO = new OpenIDUserProfileDTO();
            OpenIDClaimDTO[] claimSet =
                    getOpenIDClaimValues(openId, profileNames[i], claimList);
            profileDTO.setProfileName(profileNames[i]);
            profileDTO.setClaimSet(claimSet);
            profileDtoSet[i] = profileDTO;
        }
        return profileDtoSet;
    } catch (MalformedURLException | UserStoreException | MessageException | IdentityException e) {
        throw new IdentityProviderException("Error while retrieving user profiles", e);
    }
}
 
Example #8
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
private Message processAxExtension(Message token, final AuthRequest authRequest) throws MessageException {
    if (authRequest.hasExtension(AxMessage.OPENID_NS_AX)) {
        MessageExtension extension = authRequest.getExtension(AxMessage.OPENID_NS_AX);
        if (extension instanceof FetchRequest) {
            final FetchRequest fetchRequest = (FetchRequest) extension;
            final Map userDataMap = getValidUser().getUserDataMap();
            final FetchResponse fetchResponse = FetchResponse.createFetchResponse(fetchRequest, userDataMap);
            token.addExtension(fetchResponse, "ax");
        } else {
            throw new UnsupportedOperationException("TODO: if (ext instanceof StoreRequest)");
        }
    }
    return token;
}
 
Example #9
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
private AuthRequest createAuthenticationRequest(final ParameterList token_parameter) throws OpenIdAttackerServerException {
        AuthRequest authRequest;
        try {
//            authRequest = AuthRequest.createAuthRequest(token_parameter, serverManager.getRealmVerifier());
            authRequest = UnvalidatedAuthRequest.createAuthRequest(token_parameter, serverManager.getRealmVerifier());
        } catch (MessageException ex) {
            throw new OpenIdAttackerServerException(ex);
        }
        return authRequest;
    }
 
Example #10
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
private String detectSRegVersion(final AuthRequest authRequest) {
    String sregNamespace = null;
    if (authRequest.hasExtension(SRegMessage.OPENID_NS_SREG)) {
        sregNamespace = SRegMessage.OPENID_NS_SREG;
    } else if (authRequest.hasExtension(SRegMessage.OPENID_NS_SREG11)) {
        sregNamespace = SRegMessage.OPENID_NS_SREG11;
    }
    return sregNamespace;
}
 
Example #11
Source File: UnvalidatedAuthRequest.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
public static AuthRequest createAuthRequest(ParameterList params,
  RealmVerifier realmVerifier)
  throws MessageException {
    AuthRequest req = new UnvalidatedAuthRequest(params);

    req.setRealmVerifier(realmVerifier);

    // The request must not be validated
    // req.validate();
    if (DEBUG) {
        LOG.debug("Created auth request:\n" + req.keyValueFormEncoding());
    }

    return req;
}
 
Example #12
Source File: OpenIDPape.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public MessageExtension getMessageExtension(String userId, String profileName, OpenIDAuthRequestDTO requestDTO)
        throws IdentityException {

    MessageExtension message = null;
    PapeResponse papeResponse = null;
    AuthRequest authRequest = null;

    try {
        authRequest = request.getAuthRequest();

        if (authRequest != null) {
            message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);

            if (message instanceof PapeRequest) {
                papeResponse = PapeResponse.createPapeResponse();
                if (request.isPhishingResistanceLogin()) {
                    papeResponse.addAuthPolicy(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT);
                    //papeResponse.setNistAuthLevel(1);  TODO
                }
                if (request.isMultifactorLogin()) {
                    papeResponse.addAuthPolicy(PapeMessage.PAPE_POLICY_MULTI_FACTOR);
                    //papeResponse.setNistAuthLevel(2);  TODO
                }
            }
        }
    } catch (MessageException e) {
        log.error("Failed to create message extension for PAPE", e);
        throw IdentityException.error("Failed to create message extension for PAPE", e);
    }

    return papeResponse;
}
 
Example #13
Source File: OpenIDServerManager.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public Message authResponse(AuthRequest authReq, String userSelId, String userSelClaimed,
                            boolean authenticatedAndApproved, String opEndpoint, boolean signNow) {

    if(log.isDebugEnabled()) {
        log.debug("Association handle in AuthRequest : " + authReq.getHandle());
    }
    return super.authResponse(authReq, userSelId, userSelClaimed, authenticatedAndApproved, opEndpoint, signNow);
}
 
Example #14
Source File: OpenIdConsumer.java    From jerseyoauth2 with MIT License 4 votes vote down vote up
@SuppressWarnings("unchecked")
public void authRequest(String openidServiceId, String returnToUrl, HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException, ServletException {
	try {
		// --- Forward proxy setup (only if needed) ---
		// ProxyProperties proxyProps = new ProxyProperties();
		// proxyProps.setProxyName("proxy.example.com");
		// proxyProps.setProxyPort(8080);
		// HttpClientFactory.setProxyProperties(proxyProps);

		// perform discovery on the user-supplied identifier
		List<?> discoveries = manager.discover(openidServiceId);

		// attempt to associate with the OpenID provider
		// and retrieve one service endpoint for authentication
		DiscoveryInformation discovered = manager.associate(discoveries);

		// store the discovery information in the user's session
		httpReq.getSession().setAttribute(OpenIdConstants.OPENID_DISC, discovered);

		// obtain a AuthRequest message to be sent to the OpenID provider
		AuthRequest authReq = manager.authenticate(discovered, returnToUrl);

		// Attribute Exchange example: fetching the 'email' attribute
		FetchRequest fetch = FetchRequest.createFetchRequest();
		fetch.addAttribute("email",
		// attribute alias
				"http://schema.openid.net/contact/email", // type URI
				true); // required

		// attach the extension to the authentication request
		authReq.addExtension(fetch);

		if (!discovered.isVersion2()) {
			// Option 1: GET HTTP-redirect to the OpenID Provider endpoint
			// The only method supported in OpenID 1.x
			// redirect-URL usually limited ~2048 bytes
			httpResp.sendRedirect(authReq.getDestinationUrl(true));
		} else {
			// Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)

			sendFormRedirect(httpResp, authReq.getDestinationUrl(false), (Map<String,String>)authReq.getParameterMap());
		}
	} catch (OpenIDException e) {
		e.printStackTrace(System.err);
	}

}
 
Example #15
Source File: OpenIdService.java    From springboot-shiro-cas-mybatis with MIT License 4 votes vote down vote up
/**
 * Generates an Openid response.
 * If no ticketId is found, response is negative.
 * If we have a ticket id, then we check if we have an association.
 * If so, we ask OpenId server manager to generate the answer according with the existing association.
 * If not, we send back an answer with the ticket id as association handle.
 * This will force the consumer to ask a verification, which will validate the service ticket.
 * @param ticketId the service ticket to provide to the service.
 * @return the generated authentication answer
 */
@Override
public Response getResponse(final String ticketId) {
    final Map<String, String> parameters = new HashMap<>();
    if (ticketId != null) {

        final ServerManager manager = (ServerManager) ApplicationContextProvider.getApplicationContext().getBean("serverManager");
        final CentralAuthenticationService cas = ApplicationContextProvider.getApplicationContext()
                                            .getBean("centralAuthenticationService", CentralAuthenticationService.class);
        boolean associated = false;
        boolean associationValid = true;
        try {
            final AuthRequest authReq = AuthRequest.createAuthRequest(requestParameters, manager.getRealmVerifier());
            final Map parameterMap = authReq.getParameterMap();
            if (parameterMap != null && parameterMap.size() > 0) {
                final String assocHandle = (String) parameterMap.get(OpenIdConstants.OPENID_ASSOCHANDLE);
                if (assocHandle != null) {
                    final Association association = manager.getSharedAssociations().load(assocHandle);
                    if (association != null) {
                        associated = true;
                        if (association.hasExpired()) {
                            associationValid = false;
                        }
                    }

                }
            }
        } catch (final MessageException me) {
            LOGGER.error("Message exception : {}", me.getMessage(), me);
        }

        boolean successFullAuthentication = true;
        Assertion assertion = null;
        try {
            if (associated) {
                if (associationValid) {
                    assertion = cas.validateServiceTicket(ticketId, this);
                    LOGGER.info("Validated openid ticket");
                } else {
                    successFullAuthentication = false;
                }
            }
        } catch (final TicketException te) {
            LOGGER.error("Could not validate ticket : {}", te.getMessage(), te);
            successFullAuthentication = false;
        }

        final String id;
        if (assertion != null && OpenIdConstants.OPENID_IDENTIFIERSELECT.equals(this.identity)) {
            id = this.openIdPrefixUrl + '/' + assertion.getPrimaryAuthentication().getPrincipal().getId();
        } else {
            id = this.identity;
        }
        // We sign directly (final 'true') because we don't add extensions
        // response message can be either a DirectError or an AuthSuccess here.
        // Anyway, handling is the same : send the response message
        final Message response = manager.authResponse(requestParameters,
                id,
                id,
                successFullAuthentication,
                true);
        parameters.putAll(response.getParameterMap());
        if (!associated) {
            parameters.put(OpenIdConstants.OPENID_ASSOCHANDLE, ticketId);
        }
    } else {
        parameters.put(OpenIdConstants.OPENID_MODE, OpenIdConstants.CANCEL);
    }
    return DefaultResponse.getRedirectResponse(getOriginalUrl(), parameters);
}
 
Example #16
Source File: OpenIdImpl.java    From socialauth with MIT License 4 votes vote down vote up
private String authRequest(final String userSuppliedString,
		final String returnToUrl) throws IOException {
	try {
		// perform discovery on the user-supplied identifier
		List discoveries = manager.discover(userSuppliedString);

		// attempt to associate with the OpenID provider
		// and retrieve one service endpoint for authentication
		discovered = manager.associate(discoveries);

		// // store the discovery information in the user's session
		// httpReq.getSession().setAttribute("openid-disc", discovered);

		// obtain a AuthRequest message to be sent to the OpenID provider
		AuthRequest authReq = manager.authenticate(discovered, returnToUrl);

		// Attribute Exchange example: fetching the 'email' attribute
		FetchRequest fetch = FetchRequest.createFetchRequest();

		// Using axschema
		fetch.addAttribute("emailax", "http://axschema.org/contact/email",
				true);

		fetch.addAttribute("firstnameax",
				"http://axschema.org/namePerson/first", true);

		fetch.addAttribute("lastnameax",
				"http://axschema.org/namePerson/last", true);

		fetch.addAttribute("fullnameax", "http://axschema.org/namePerson",
				true);

		fetch.addAttribute("email",
				"http://schema.openid.net/contact/email", true);

		// Using schema.openid.net (for compatibility)
		fetch.addAttribute("firstname",
				"http://schema.openid.net/namePerson/first", true);

		fetch.addAttribute("lastname",
				"http://schema.openid.net/namePerson/last", true);

		fetch.addAttribute("fullname",
				"http://schema.openid.net/namePerson", true);

		// attach the extension to the authentication request
		authReq.addExtension(fetch);

		return authReq.getDestinationUrl(true);
	} catch (OpenIDException e) {
		e.printStackTrace();
	}

	return null;
}
 
Example #17
Source File: OpenIDAuthenticationRequest.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public void setAuthRequest(AuthRequest authRequest) {
    this.authRequest = authRequest;
}
 
Example #18
Source File: OpenIDAuthenticationRequest.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public AuthRequest getAuthRequest() {
    return authRequest;
}
 
Example #19
Source File: ConsumerServlet.java    From openid4java with Apache License 2.0 4 votes vote down vote up
public String authRequest(String userSuppliedString,
		HttpServletRequest httpReq, HttpServletResponse httpResp)
		throws IOException, ServletException {
	try {
		// configure the return_to URL where your application will receive
		// the authentication responses from the OpenID provider
		// String returnToUrl = "http://example.com/openid";
		String returnToUrl = httpReq.getRequestURL().toString()
				+ "?is_return=true";

		// perform discovery on the user-supplied identifier
		List discoveries = manager.discover(userSuppliedString);

		// attempt to associate with the OpenID provider
		// and retrieve one service endpoint for authentication
		DiscoveryInformation discovered = manager.associate(discoveries);

		// store the discovery information in the user's session
		httpReq.getSession().setAttribute("openid-disc", discovered);

		// obtain a AuthRequest message to be sent to the OpenID provider
		AuthRequest authReq = manager.authenticate(discovered, returnToUrl);

		// Simple registration example
		addSimpleRegistrationToAuthRequest(httpReq, authReq);

		// Attribute exchange example
		addAttributeExchangeToAuthRequest(httpReq, authReq);

		if (!discovered.isVersion2()) {
			// Option 1: GET HTTP-redirect to the OpenID Provider endpoint
			// The only method supported in OpenID 1.x
			// redirect-URL usually limited ~2048 bytes
			httpResp.sendRedirect(authReq.getDestinationUrl(true));
			return null;
		} else {
			// Option 2: HTML FORM Redirection (Allows payloads >2048 bytes)

			RequestDispatcher dispatcher = getServletContext()
					.getRequestDispatcher("/formredirection.jsp");
			httpReq.setAttribute("prameterMap", httpReq.getParameterMap());
			httpReq.setAttribute("message", authReq);
			// httpReq.setAttribute("destinationUrl", httpResp
			// .getDestinationUrl(false));
			dispatcher.forward(httpReq, httpResp);
		}
	} catch (OpenIDException e) {
		// present error to the user
		throw new ServletException(e);
	}

	return null;
}
 
Example #20
Source File: OpenIdService.java    From cas4.0.x-server-wechat with Apache License 2.0 4 votes vote down vote up
/**
 * Generates an Openid response.
 * If no ticketId is found, response is negative.
 * If we have a ticket id, then we check if we have an association.
 * If so, we ask OpenId server manager to generate the answer according with the existing association.
 * If not, we send back an answer with the ticket id as association handle.
 * This will force the consumer to ask a verification, which will validate the service ticket.
 * @param ticketId the service ticket to provide to the service.
 * @return the generated authentication answer
 */
@Override
public Response getResponse(final String ticketId) {
    final Map<String, String> parameters = new HashMap<String, String>();
    if (ticketId != null) {

        ServerManager manager = (ServerManager) ApplicationContextProvider.getApplicationContext().getBean("serverManager");
        CentralAuthenticationService cas = (CentralAuthenticationService) ApplicationContextProvider.getApplicationContext()
                                            .getBean("centralAuthenticationService");
        boolean associated = false;
        boolean associationValid = true;
        try {
            AuthRequest authReq = AuthRequest.createAuthRequest(requestParameters, manager.getRealmVerifier());
            Map parameterMap = authReq.getParameterMap();
            if (parameterMap != null && parameterMap.size() > 0) {
                String assocHandle = (String) parameterMap.get("openid.assoc_handle");
                if (assocHandle != null) {
                    Association association = manager.getSharedAssociations().load(assocHandle);
                    if (association != null) {
                        associated = true;
                        if (association.hasExpired()) {
                            associationValid = false;
                        }
                    }

                }
            }
        } catch (final MessageException me) {
            LOGGER.error("Message exception : {}", me.getMessage(), me);
        }

        boolean successFullAuthentication = true;
        try {
            if (associated) {
                if (associationValid) {
                    cas.validateServiceTicket(ticketId, this);
                    LOGGER.info("Validated openid ticket");
                } else {
                    successFullAuthentication = false;
                }
            }
        } catch (final TicketException te) {
            LOGGER.error("Could not validate ticket : {}", te.getMessage(), te);
            successFullAuthentication = false;
        }

        // We sign directly (final 'true') because we don't add extensions
        // response message can be either a DirectError or an AuthSuccess here.
        // Anyway, handling is the same : send the response message
        Message response = manager.authResponse(requestParameters,
                this.identity,
                this.identity,
                successFullAuthentication,
                true);
        parameters.putAll(response.getParameterMap());
        if (!associated) {
            parameters.put("openid.assoc_handle", ticketId);
        }
    } else {
        parameters.put("openid.mode", "cancel");
    }
    return Response.getRedirectResponse(getOriginalUrl(), parameters);
}
 
Example #21
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 2 votes vote down vote up
/**
 * Creates an OpenID Token. Depending of the global config, either a token
 * for the valid user or for the attacker is created.
 *
 * @param token_parameter
 *
 * @return
 *
 * @throws MessageException
 * @throws ServerException
 * @throws AssociationException
 */
public AttackParameterKeeper processTokenRequest(final ParameterList token_parameter) throws OpenIdAttackerServerException {
    addNamespaceIfNotContained(token_parameter);
    AuthRequest authRequest = createAuthenticationRequest(token_parameter);
    return processTokenRequest(authRequest);
}