Package org.apereo.cas.configuration.model.support.oidc

Class OidcDiscoveryProperties

java.lang.Object
org.apereo.cas.configuration.model.support.oidc.OidcDiscoveryProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-oidc") public class OidcDiscoveryProperties extends Object implements Serializable
This is OidcDiscoveryProperties.
Since:
5.0.0
See Also:

  • Constructor Details

    • OidcDiscoveryProperties

      public OidcDiscoveryProperties()

  • Method Details

    • isClaimsParameterSupported

      public boolean isClaimsParameterSupported()
      Specifying whether this provider supports use of the claims parameter.

    • isRequestParameterSupported

      public boolean isRequestParameterSupported()
      Specifying whether this provider supports use of the request parameter.

    • isRequestUriParameterSupported

      public boolean isRequestUriParameterSupported()
      Specifying whether this provider supports use of the request_uri parameter.

    • isAuthorizationResponseIssuerParameterSupported

      public boolean isAuthorizationResponseIssuerParameterSupported()
      Parameter indicating whether the authorization server provides the iss parameter in the authorization response.

    • isTlsClientCertificateBoundAccessTokens

      public boolean isTlsClientCertificateBoundAccessTokens()
      Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.

    • isRequirePushedAuthorizationRequests

      public boolean isRequirePushedAuthorizationRequests()
      Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.

    • getScopes

      public List<String> getScopes()
      List of supported scopes.

    • getClaims

      public List<String> getClaims()
      List of supported claims.

    • getSubjectTypes

      public List<String> getSubjectTypes()
      List of supported subject types.

    • getResponseTypesSupported

      public List<String> getResponseTypesSupported()
      Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter.

    • getResponseModesSupported

      public List<String> getResponseModesSupported()
      Supported response modes.

    • getPromptValuesSupported

      public List<String> getPromptValuesSupported()
      Supported prompt values. If CAS receives a prompt value that it does not support (not declared in the prompt_values_supported metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request.

    • getIntrospectionSupportedAuthenticationMethods

      public List<String> getIntrospectionSupportedAuthenticationMethods()
      Supported authentication methods for introspection.

    • getClaimTypesSupported

      public List<String> getClaimTypesSupported()
      Supported claim types.

    • getGrantTypesSupported

      public List<String> getGrantTypesSupported()
      Supported grant types.

    • getDpopSigningAlgValuesSupported

      public List<String> getDpopSigningAlgValuesSupported()
      A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.

    • getIdTokenSigningAlgValuesSupported

      public List<String> getIdTokenSigningAlgValuesSupported()
      Supported algorithms for id token signing.

    • getIdTokenEncryptionAlgValuesSupported

      public List<String> getIdTokenEncryptionAlgValuesSupported()
      Supported algorithms for id token encryption.

    • getIdTokenEncryptionEncodingValuesSupported

      public List<String> getIdTokenEncryptionEncodingValuesSupported()
      Supported encoding strategies for id token encryption.

    • getIntrospectionSignedResponseAlgValuesSupported

      public List<String> getIntrospectionSignedResponseAlgValuesSupported()
      Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.

    • getIntrospectionEncryptedResponseAlgValuesSupported

      public List<String> getIntrospectionEncryptedResponseAlgValuesSupported()
      Accepted values containing a list of the JWE encryption algorithms (alg values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.

    • getIntrospectionEncryptedResponseEncodingValuesSupported

      public List<String> getIntrospectionEncryptedResponseEncodingValuesSupported()
      Accepted values containing a list of the JWE encryption algorithms (enc values) supported by the introspection endpoint to encrypt the introspection response.

    • getUserInfoSigningAlgValuesSupported

      public List<String> getUserInfoSigningAlgValuesSupported()
      Supported algorithms for user-info signing.

    • getUserInfoEncryptionAlgValuesSupported

      public List<String> getUserInfoEncryptionAlgValuesSupported()
      Supported algorithms for user-info encryption.

    • getUserInfoEncryptionEncodingValuesSupported

      public List<String> getUserInfoEncryptionEncodingValuesSupported()
      Supported encoding strategies for user-info encryption.

    • getTokenEndpointAuthMethodsSupported

      public List<String> getTokenEndpointAuthMethodsSupported()
      List of client authentication methods supported by token endpoint.

    • getCodeChallengeMethodsSupported

      public List<String> getCodeChallengeMethodsSupported()
      List of PKCE code challenge methods supported.

    • getAcrValuesSupported

      public List<String> getAcrValuesSupported()
      List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form of acr_values as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful, acr and amr values are passed back to the relying party as part of the id token.

    • getRequestObjectSigningAlgValuesSupported

      public List<String> getRequestObjectSigningAlgValuesSupported()
      Supported algorithms for request object signing.

    • getRequestObjectEncryptionAlgValuesSupported

      public List<String> getRequestObjectEncryptionAlgValuesSupported()
      Supported algorithms for request object encryption.

    • getRequestObjectEncryptionEncodingValuesSupported

      public List<String> getRequestObjectEncryptionEncodingValuesSupported()
      Supported encoding strategies for request object encryption.

    • setClaimsParameterSupported

      public OidcDiscoveryProperties setClaimsParameterSupported(boolean claimsParameterSupported)
      Specifying whether this provider supports use of the claims parameter.
      Returns:
      this.

    • setRequestParameterSupported

      public OidcDiscoveryProperties setRequestParameterSupported(boolean requestParameterSupported)
      Specifying whether this provider supports use of the request parameter.
      Returns:
      this.

    • setRequestUriParameterSupported

      public OidcDiscoveryProperties setRequestUriParameterSupported(boolean requestUriParameterSupported)
      Specifying whether this provider supports use of the request_uri parameter.
      Returns:
      this.

    • setAuthorizationResponseIssuerParameterSupported

      public OidcDiscoveryProperties setAuthorizationResponseIssuerParameterSupported(boolean authorizationResponseIssuerParameterSupported)
      Parameter indicating whether the authorization server provides the iss parameter in the authorization response.
      Returns:
      this.

    • setTlsClientCertificateBoundAccessTokens

      public OidcDiscoveryProperties setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens)
      Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.
      Returns:
      this.

    • setRequirePushedAuthorizationRequests

      public OidcDiscoveryProperties setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests)
      Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.
      Returns:
      this.

    • setScopes

      public OidcDiscoveryProperties setScopes(List<String> scopes)
      List of supported scopes.
      Returns:
      this.

    • setClaims

      public OidcDiscoveryProperties setClaims(List<String> claims)
      List of supported claims.
      Returns:
      this.

    • setSubjectTypes

      public OidcDiscoveryProperties setSubjectTypes(List<String> subjectTypes)
      List of supported subject types.
      Returns:
      this.

    • setResponseTypesSupported

      public OidcDiscoveryProperties setResponseTypesSupported(List<String> responseTypesSupported)
      Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter.
      Returns:
      this.

    • setResponseModesSupported

      public OidcDiscoveryProperties setResponseModesSupported(List<String> responseModesSupported)
      Supported response modes.
      Returns:
      this.

    • setPromptValuesSupported

      public OidcDiscoveryProperties setPromptValuesSupported(List<String> promptValuesSupported)
      Supported prompt values. If CAS receives a prompt value that it does not support (not declared in the prompt_values_supported metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request.
      Returns:
      this.

    • setIntrospectionSupportedAuthenticationMethods

      public OidcDiscoveryProperties setIntrospectionSupportedAuthenticationMethods(List<String> introspectionSupportedAuthenticationMethods)
      Supported authentication methods for introspection.
      Returns:
      this.

    • setClaimTypesSupported

      public OidcDiscoveryProperties setClaimTypesSupported(List<String> claimTypesSupported)
      Supported claim types.
      Returns:
      this.

    • setGrantTypesSupported

      public OidcDiscoveryProperties setGrantTypesSupported(List<String> grantTypesSupported)
      Supported grant types.
      Returns:
      this.

    • setDpopSigningAlgValuesSupported

      public OidcDiscoveryProperties setDpopSigningAlgValuesSupported(List<String> dpopSigningAlgValuesSupported)
      A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.
      Returns:
      this.

    • setIdTokenSigningAlgValuesSupported

      public OidcDiscoveryProperties setIdTokenSigningAlgValuesSupported(List<String> idTokenSigningAlgValuesSupported)
      Supported algorithms for id token signing.
      Returns:
      this.

    • setIdTokenEncryptionAlgValuesSupported

      public OidcDiscoveryProperties setIdTokenEncryptionAlgValuesSupported(List<String> idTokenEncryptionAlgValuesSupported)
      Supported algorithms for id token encryption.
      Returns:
      this.

    • setIdTokenEncryptionEncodingValuesSupported

      public OidcDiscoveryProperties setIdTokenEncryptionEncodingValuesSupported(List<String> idTokenEncryptionEncodingValuesSupported)
      Supported encoding strategies for id token encryption.
      Returns:
      this.

    • setIntrospectionSignedResponseAlgValuesSupported

      public OidcDiscoveryProperties setIntrospectionSignedResponseAlgValuesSupported(List<String> introspectionSignedResponseAlgValuesSupported)
      Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.
      Returns:
      this.

    • setIntrospectionEncryptedResponseAlgValuesSupported

      public OidcDiscoveryProperties setIntrospectionEncryptedResponseAlgValuesSupported(List<String> introspectionEncryptedResponseAlgValuesSupported)
      Accepted values containing a list of the JWE encryption algorithms (alg values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.
      Returns:
      this.

    • setIntrospectionEncryptedResponseEncodingValuesSupported

      public OidcDiscoveryProperties setIntrospectionEncryptedResponseEncodingValuesSupported(List<String> introspectionEncryptedResponseEncodingValuesSupported)
      Accepted values containing a list of the JWE encryption algorithms (enc values) supported by the introspection endpoint to encrypt the introspection response.
      Returns:
      this.

    • setUserInfoSigningAlgValuesSupported

      public OidcDiscoveryProperties setUserInfoSigningAlgValuesSupported(List<String> userInfoSigningAlgValuesSupported)
      Supported algorithms for user-info signing.
      Returns:
      this.

    • setUserInfoEncryptionAlgValuesSupported

      public OidcDiscoveryProperties setUserInfoEncryptionAlgValuesSupported(List<String> userInfoEncryptionAlgValuesSupported)
      Supported algorithms for user-info encryption.
      Returns:
      this.

    • setUserInfoEncryptionEncodingValuesSupported

      public OidcDiscoveryProperties setUserInfoEncryptionEncodingValuesSupported(List<String> userInfoEncryptionEncodingValuesSupported)
      Supported encoding strategies for user-info encryption.
      Returns:
      this.

    • setTokenEndpointAuthMethodsSupported

      public OidcDiscoveryProperties setTokenEndpointAuthMethodsSupported(List<String> tokenEndpointAuthMethodsSupported)
      List of client authentication methods supported by token endpoint.
      Returns:
      this.

    • setCodeChallengeMethodsSupported

      public OidcDiscoveryProperties setCodeChallengeMethodsSupported(List<String> codeChallengeMethodsSupported)
      List of PKCE code challenge methods supported.
      Returns:
      this.

    • setAcrValuesSupported

      public OidcDiscoveryProperties setAcrValuesSupported(List<String> acrValuesSupported)
      List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form of acr_values as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful, acr and amr values are passed back to the relying party as part of the id token.
      Returns:
      this.

    • setRequestObjectSigningAlgValuesSupported

      public OidcDiscoveryProperties setRequestObjectSigningAlgValuesSupported(List<String> requestObjectSigningAlgValuesSupported)
      Supported algorithms for request object signing.
      Returns:
      this.

    • setRequestObjectEncryptionAlgValuesSupported

      public OidcDiscoveryProperties setRequestObjectEncryptionAlgValuesSupported(List<String> requestObjectEncryptionAlgValuesSupported)
      Supported algorithms for request object encryption.
      Returns:
      this.

    • setRequestObjectEncryptionEncodingValuesSupported

      public OidcDiscoveryProperties setRequestObjectEncryptionEncodingValuesSupported(List<String> requestObjectEncryptionEncodingValuesSupported)
      Supported encoding strategies for request object encryption.
      Returns:
      this.