Class DefaultOIDCUserInfoConfiguration
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
-
- net.shibboleth.idp.profile.config.AbstractProfileConfiguration
-
- net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2ClientAuthenticableProfileConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2TokenValidatingConfiguration
-
- net.shibboleth.oidc.profile.config.impl.DefaultOIDCUserInfoConfiguration
-
- All Implemented Interfaces:
net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration,net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration,net.shibboleth.idp.profile.config.ConditionalProfileConfiguration,net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration,net.shibboleth.idp.profile.config.ProfileConfiguration,OIDCProfileConfiguration,OIDCUserInfoConfiguration,OAuth2ClientAuthenticableClientProfileConfiguration,OAuth2ClientAuthenticableProfileConfiguration,OAuth2ProfileConfiguration,OAuth2TokenEncryptionProfileConfiguration,OAuth2TokenValidatingProfileConfiguration,Component,DestructableComponent,IdentifiableComponent,IdentifiedComponent,InitializableComponent
public class DefaultOIDCUserInfoConfiguration extends AbstractOAuth2TokenValidatingConfiguration implements OIDCUserInfoConfiguration
Implementation of a profile configuration for the OpenID Connect core protocol userinfo endpoint.
-
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,Set<String>>deniedUserInfoAttributesLookupStrategyLookup function to supply attribute IDs to omit from UserInfo token.private Predicate<ProfileRequestContext>encryptionOptionalPredicateWhether encryption is optional in the face of no key, etc.private Predicate<ProfileRequestContext>resolveAttributesPredicateWhether attributes should be resolved in the course of the profile.-
Fields inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration
DEFAULT_DISALLOWED_FEATURES
-
Fields inherited from interface net.shibboleth.oidc.profile.config.OIDCUserInfoConfiguration
PROFILE_ID, PROTOCOL_URI
-
-
Constructor Summary
Constructors Constructor Description DefaultOIDCUserInfoConfiguration()Constructor.DefaultOIDCUserInfoConfiguration(String profileId)Creates a new configuration instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<String>getDeniedUserInfoAttributes(ProfileRequestContext profileRequestContext)booleanisEncryptionOptional(ProfileRequestContext profileRequestContext)booleanisResolveAttributes(ProfileRequestContext profileRequestContext)voidsetDeniedUserInfoAttributes(Collection<String> attributes)Set the set of attribute IDs which should be omitted from the UserInfo token.voidsetDeniedUserInfoAttributesLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)Set a lookup strategy for the set of attribute IDs which should be omitted from the UserInfo token.voidsetEncryptionOptional(boolean flag)Set whether encryption is optional in the face of a missing key, etc.voidsetEncryptionOptionalPredicate(Predicate<ProfileRequestContext> condition)Set a condition to determine whether encryption is optional in the face of a missing key, etc.voidsetResolveAttributes(boolean flag)Set whether attributes should be resolved during the profile.voidsetResolveAttributesPredicate(Predicate<ProfileRequestContext> condition)Set a condition to determine whether attributes should be resolved during the profile.-
Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2TokenValidatingConfiguration
getIssuedClaimsValidator, getIssuer, setIssuedClaimsValidator, setIssuedClaimsValidatorLookupStrategy, setIssuer, setIssuerLookupStrategy
-
Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2ClientAuthenticableProfileConfiguration
getAuthenticationFlows, getClaimsValidator, getClientCredential, getClientId, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, getTokenEndpointAuthMethod, getTokenEndpointAuthMethods, isForceAuthn, setAuthenticationFlows, setAuthenticationFlowsLookupStrategy, setClaimsValidator, setClaimsValidatorLookupStrategy, setClientCredential, setClientCredentialLookupStrategy, setClientId, setClientIdLookupStrategy, setDefaultAuthenticationMethods, setDefaultAuthenticationMethodsLookupStrategy, setForceAuthn, setForceAuthnPredicate, setPostAuthenticationFlows, setPostAuthenticationFlowsLookupStrategy, setProxyCount, setProxyCountLookupStrategy, setTokenEndpointAuthMethod, setTokenEndpointAuthMethodLookupStrategy, setTokenEndpointAuthMethods, setTokenEndpointAuthMethodsLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
getActivationCondition, setActivationCondition
-
Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration
equals, getDisallowedFeatures, getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setInboundInterceptorFlowsLookupStrategy, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setOutboundInterceptorFlowsLookupStrategy, setSecurityConfiguration, setSecurityConfigurationLookupStrategy
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
doInitialize, getId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
getAuthenticationFlows, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, isForceAuthn, isLocal
-
Methods inherited from interface net.shibboleth.idp.profile.config.ConditionalProfileConfiguration
getActivationCondition
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2ClientAuthenticableProfileConfiguration
getClaimsValidator, getTokenEndpointAuthMethods
-
Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenValidatingProfileConfiguration
getIssuedClaimsValidator
-
-
-
-
Field Detail
-
resolveAttributesPredicate
@Nonnull private Predicate<ProfileRequestContext> resolveAttributesPredicate
Whether attributes should be resolved in the course of the profile.
-
encryptionOptionalPredicate
@Nonnull private Predicate<ProfileRequestContext> encryptionOptionalPredicate
Whether encryption is optional in the face of no key, etc.
-
deniedUserInfoAttributesLookupStrategy
@Nonnull private Function<ProfileRequestContext,Set<String>> deniedUserInfoAttributesLookupStrategy
Lookup function to supply attribute IDs to omit from UserInfo token.
-
-
Method Detail
-
isResolveAttributes
public boolean isResolveAttributes(@Nullable ProfileRequestContext profileRequestContext)- Specified by:
isResolveAttributesin interfacenet.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration
-
setResolveAttributes
public void setResolveAttributes(boolean flag)
Set whether attributes should be resolved during the profile.- Parameters:
flag- flag to set
-
setResolveAttributesPredicate
public void setResolveAttributesPredicate(@Nonnull Predicate<ProfileRequestContext> condition)Set a condition to determine whether attributes should be resolved during the profile.- Parameters:
condition- condition to set
-
isEncryptionOptional
public boolean isEncryptionOptional(@Nullable ProfileRequestContext profileRequestContext)- Specified by:
isEncryptionOptionalin interfaceOAuth2TokenEncryptionProfileConfiguration
-
setEncryptionOptional
public void setEncryptionOptional(boolean flag)
Set whether encryption is optional in the face of a missing key, etc.- Parameters:
flag- flag to set
-
setEncryptionOptionalPredicate
public void setEncryptionOptionalPredicate(@Nonnull Predicate<ProfileRequestContext> condition)Set a condition to determine whether encryption is optional in the face of a missing key, etc.- Parameters:
condition- condition to set
-
getDeniedUserInfoAttributes
@Nonnull @NonnullElements @NotLive public Set<String> getDeniedUserInfoAttributes(@Nullable ProfileRequestContext profileRequestContext)
- Specified by:
getDeniedUserInfoAttributesin interfaceOIDCUserInfoConfiguration
-
setDeniedUserInfoAttributes
public void setDeniedUserInfoAttributes(@Nullable @NonnullElements Collection<String> attributes)
Set the set of attribute IDs which should be omitted from the UserInfo token.Default behavior is to include all claims, but omiited claims also affect the set that may need to be embedded for recovery into the access/refresh tokens.
- Parameters:
attributes- the attribute IDs to omit from UserInfo token
-
setDeniedUserInfoAttributesLookupStrategy
public void setDeniedUserInfoAttributesLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)Set a lookup strategy for the set of attribute IDs which should be omitted from the UserInfo token.- Parameters:
strategy- lookup strategy
-
-