Class OidcDiscoveryProperties
java.lang.Object
org.apereo.cas.configuration.model.support.oidc.OidcDiscoveryProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-oidc")
public class OidcDiscoveryProperties
extends Object
implements Serializable
This is
OidcDiscoveryProperties
.- Since:
- 5.0.0
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionList of ACR values supported.List of supported claims.Supported claim types.List of PKCE code challenge methods supported.A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.Supported grant types.Supported algorithms for id token encryption.Supported encoding strategies for id token encryption.Supported algorithms for id token signing.Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response.Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.Supported authentication methods for introspection.Supported prompt values.Supported algorithms for request object encryption.Supported encoding strategies for request object encryption.Supported algorithms for request object signing.Supported response modes.Supported response types.List of supported scopes.List of supported subject types.List of client authentication methods supported by token endpoint.Supported algorithms for user-info encryption.Supported encoding strategies for user-info encryption.Supported algorithms for user-info signing.boolean
Parameter indicating whether the authorization server provides theiss
parameter in the authorization response.boolean
Specifying whether this provider supports use of the claims parameter.boolean
Specifying whether this provider supports use of therequest
parameter.boolean
Specifying whether this provider supports use of therequest_uri
parameter.boolean
Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.boolean
Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.setAcrValuesSupported
(List<String> acrValuesSupported) List of ACR values supported.setAuthorizationResponseIssuerParameterSupported
(boolean authorizationResponseIssuerParameterSupported) Parameter indicating whether the authorization server provides theiss
parameter in the authorization response.List of supported claims.setClaimsParameterSupported
(boolean claimsParameterSupported) Specifying whether this provider supports use of the claims parameter.setClaimTypesSupported
(List<String> claimTypesSupported) Supported claim types.setCodeChallengeMethodsSupported
(List<String> codeChallengeMethodsSupported) List of PKCE code challenge methods supported.setDpopSigningAlgValuesSupported
(List<String> dpopSigningAlgValuesSupported) A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.setGrantTypesSupported
(List<String> grantTypesSupported) Supported grant types.setIdTokenEncryptionAlgValuesSupported
(List<String> idTokenEncryptionAlgValuesSupported) Supported algorithms for id token encryption.setIdTokenEncryptionEncodingValuesSupported
(List<String> idTokenEncryptionEncodingValuesSupported) Supported encoding strategies for id token encryption.setIdTokenSigningAlgValuesSupported
(List<String> idTokenSigningAlgValuesSupported) Supported algorithms for id token signing.setIntrospectionEncryptedResponseAlgValuesSupported
(List<String> introspectionEncryptedResponseAlgValuesSupported) Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.setIntrospectionEncryptedResponseEncodingValuesSupported
(List<String> introspectionEncryptedResponseEncodingValuesSupported) Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response.setIntrospectionSignedResponseAlgValuesSupported
(List<String> introspectionSignedResponseAlgValuesSupported) Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.setIntrospectionSupportedAuthenticationMethods
(List<String> introspectionSupportedAuthenticationMethods) Supported authentication methods for introspection.setPromptValuesSupported
(List<String> promptValuesSupported) Supported prompt values.setRequestObjectEncryptionAlgValuesSupported
(List<String> requestObjectEncryptionAlgValuesSupported) Supported algorithms for request object encryption.setRequestObjectEncryptionEncodingValuesSupported
(List<String> requestObjectEncryptionEncodingValuesSupported) Supported encoding strategies for request object encryption.setRequestObjectSigningAlgValuesSupported
(List<String> requestObjectSigningAlgValuesSupported) Supported algorithms for request object signing.setRequestParameterSupported
(boolean requestParameterSupported) Specifying whether this provider supports use of therequest
parameter.setRequestUriParameterSupported
(boolean requestUriParameterSupported) Specifying whether this provider supports use of therequest_uri
parameter.setRequirePushedAuthorizationRequests
(boolean requirePushedAuthorizationRequests) Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.setResponseModesSupported
(List<String> responseModesSupported) Supported response modes.setResponseTypesSupported
(List<String> responseTypesSupported) Supported response types.List of supported scopes.setSubjectTypes
(List<String> subjectTypes) List of supported subject types.setTlsClientCertificateBoundAccessTokens
(boolean tlsClientCertificateBoundAccessTokens) Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.setTokenEndpointAuthMethodsSupported
(List<String> tokenEndpointAuthMethodsSupported) List of client authentication methods supported by token endpoint.setUserInfoEncryptionAlgValuesSupported
(List<String> userInfoEncryptionAlgValuesSupported) Supported algorithms for user-info encryption.setUserInfoEncryptionEncodingValuesSupported
(List<String> userInfoEncryptionEncodingValuesSupported) Supported encoding strategies for user-info encryption.setUserInfoSigningAlgValuesSupported
(List<String> userInfoSigningAlgValuesSupported) Supported algorithms for user-info signing.
-
Constructor Details
-
OidcDiscoveryProperties
public OidcDiscoveryProperties()
-
-
Method Details
-
isClaimsParameterSupported
public boolean isClaimsParameterSupported()Specifying whether this provider supports use of the claims parameter. -
isRequestParameterSupported
public boolean isRequestParameterSupported()Specifying whether this provider supports use of therequest
parameter. -
isRequestUriParameterSupported
public boolean isRequestUriParameterSupported()Specifying whether this provider supports use of therequest_uri
parameter. -
isAuthorizationResponseIssuerParameterSupported
public boolean isAuthorizationResponseIssuerParameterSupported()Parameter indicating whether the authorization server provides theiss
parameter in the authorization response. -
isTlsClientCertificateBoundAccessTokens
public boolean isTlsClientCertificateBoundAccessTokens()Boolean value indicating server support for mutual-TLS client certificate-bound access tokens. -
isRequirePushedAuthorizationRequests
public boolean isRequirePushedAuthorizationRequests()Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method. -
getScopes
List of supported scopes. -
getClaims
List of supported claims. -
getSubjectTypes
List of supported subject types. -
getResponseTypesSupported
Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter. -
getResponseModesSupported
Supported response modes. -
getPromptValuesSupported
Supported prompt values. If CAS receives a prompt value that it does not support (not declared in theprompt_values_supported
metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request. -
getIntrospectionSupportedAuthenticationMethods
Supported authentication methods for introspection. -
getClaimTypesSupported
Supported claim types. -
getGrantTypesSupported
Supported grant types. -
getDpopSigningAlgValuesSupported
A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs. -
getIdTokenSigningAlgValuesSupported
Supported algorithms for id token signing. -
getIdTokenEncryptionAlgValuesSupported
Supported algorithms for id token encryption. -
getIdTokenEncryptionEncodingValuesSupported
Supported encoding strategies for id token encryption. -
getIntrospectionSignedResponseAlgValuesSupported
Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response. -
getIntrospectionEncryptedResponseAlgValuesSupported
Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response. -
getIntrospectionEncryptedResponseEncodingValuesSupported
Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response. -
getUserInfoSigningAlgValuesSupported
Supported algorithms for user-info signing. -
getUserInfoEncryptionAlgValuesSupported
Supported algorithms for user-info encryption. -
getUserInfoEncryptionEncodingValuesSupported
Supported encoding strategies for user-info encryption. -
getTokenEndpointAuthMethodsSupported
List of client authentication methods supported by token endpoint. -
getCodeChallengeMethodsSupported
List of PKCE code challenge methods supported. -
getAcrValuesSupported
List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form ofacr_values
as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful,acr
andamr
values are passed back to the relying party as part of the id token. -
getRequestObjectSigningAlgValuesSupported
Supported algorithms for request object signing. -
getRequestObjectEncryptionAlgValuesSupported
Supported algorithms for request object encryption. -
getRequestObjectEncryptionEncodingValuesSupported
Supported encoding strategies for request object encryption. -
setClaimsParameterSupported
Specifying whether this provider supports use of the claims parameter.- Returns:
this
.
-
setRequestParameterSupported
Specifying whether this provider supports use of therequest
parameter.- Returns:
this
.
-
setRequestUriParameterSupported
public OidcDiscoveryProperties setRequestUriParameterSupported(boolean requestUriParameterSupported) Specifying whether this provider supports use of therequest_uri
parameter.- Returns:
this
.
-
setAuthorizationResponseIssuerParameterSupported
public OidcDiscoveryProperties setAuthorizationResponseIssuerParameterSupported(boolean authorizationResponseIssuerParameterSupported) Parameter indicating whether the authorization server provides theiss
parameter in the authorization response.- Returns:
this
.
-
setTlsClientCertificateBoundAccessTokens
public OidcDiscoveryProperties setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.- Returns:
this
.
-
setRequirePushedAuthorizationRequests
public OidcDiscoveryProperties setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.- Returns:
this
.
-
setScopes
List of supported scopes.- Returns:
this
.
-
setClaims
List of supported claims.- Returns:
this
.
-
setSubjectTypes
List of supported subject types.- Returns:
this
.
-
setResponseTypesSupported
Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter.- Returns:
this
.
-
setResponseModesSupported
Supported response modes.- Returns:
this
.
-
setPromptValuesSupported
Supported prompt values. If CAS receives a prompt value that it does not support (not declared in theprompt_values_supported
metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request.- Returns:
this
.
-
setIntrospectionSupportedAuthenticationMethods
public OidcDiscoveryProperties setIntrospectionSupportedAuthenticationMethods(List<String> introspectionSupportedAuthenticationMethods) Supported authentication methods for introspection.- Returns:
this
.
-
setClaimTypesSupported
Supported claim types.- Returns:
this
.
-
setGrantTypesSupported
Supported grant types.- Returns:
this
.
-
setDpopSigningAlgValuesSupported
public OidcDiscoveryProperties setDpopSigningAlgValuesSupported(List<String> dpopSigningAlgValuesSupported) A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.- Returns:
this
.
-
setIdTokenSigningAlgValuesSupported
public OidcDiscoveryProperties setIdTokenSigningAlgValuesSupported(List<String> idTokenSigningAlgValuesSupported) Supported algorithms for id token signing.- Returns:
this
.
-
setIdTokenEncryptionAlgValuesSupported
public OidcDiscoveryProperties setIdTokenEncryptionAlgValuesSupported(List<String> idTokenEncryptionAlgValuesSupported) Supported algorithms for id token encryption.- Returns:
this
.
-
setIdTokenEncryptionEncodingValuesSupported
public OidcDiscoveryProperties setIdTokenEncryptionEncodingValuesSupported(List<String> idTokenEncryptionEncodingValuesSupported) Supported encoding strategies for id token encryption.- Returns:
this
.
-
setIntrospectionSignedResponseAlgValuesSupported
public OidcDiscoveryProperties setIntrospectionSignedResponseAlgValuesSupported(List<String> introspectionSignedResponseAlgValuesSupported) Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.- Returns:
this
.
-
setIntrospectionEncryptedResponseAlgValuesSupported
public OidcDiscoveryProperties setIntrospectionEncryptedResponseAlgValuesSupported(List<String> introspectionEncryptedResponseAlgValuesSupported) Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.- Returns:
this
.
-
setIntrospectionEncryptedResponseEncodingValuesSupported
public OidcDiscoveryProperties setIntrospectionEncryptedResponseEncodingValuesSupported(List<String> introspectionEncryptedResponseEncodingValuesSupported) Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response.- Returns:
this
.
-
setUserInfoSigningAlgValuesSupported
public OidcDiscoveryProperties setUserInfoSigningAlgValuesSupported(List<String> userInfoSigningAlgValuesSupported) Supported algorithms for user-info signing.- Returns:
this
.
-
setUserInfoEncryptionAlgValuesSupported
public OidcDiscoveryProperties setUserInfoEncryptionAlgValuesSupported(List<String> userInfoEncryptionAlgValuesSupported) Supported algorithms for user-info encryption.- Returns:
this
.
-
setUserInfoEncryptionEncodingValuesSupported
public OidcDiscoveryProperties setUserInfoEncryptionEncodingValuesSupported(List<String> userInfoEncryptionEncodingValuesSupported) Supported encoding strategies for user-info encryption.- Returns:
this
.
-
setTokenEndpointAuthMethodsSupported
public OidcDiscoveryProperties setTokenEndpointAuthMethodsSupported(List<String> tokenEndpointAuthMethodsSupported) List of client authentication methods supported by token endpoint.- Returns:
this
.
-
setCodeChallengeMethodsSupported
public OidcDiscoveryProperties setCodeChallengeMethodsSupported(List<String> codeChallengeMethodsSupported) List of PKCE code challenge methods supported.- Returns:
this
.
-
setAcrValuesSupported
List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form ofacr_values
as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful,acr
andamr
values are passed back to the relying party as part of the id token.- Returns:
this
.
-
setRequestObjectSigningAlgValuesSupported
public OidcDiscoveryProperties setRequestObjectSigningAlgValuesSupported(List<String> requestObjectSigningAlgValuesSupported) Supported algorithms for request object signing.- Returns:
this
.
-
setRequestObjectEncryptionAlgValuesSupported
public OidcDiscoveryProperties setRequestObjectEncryptionAlgValuesSupported(List<String> requestObjectEncryptionAlgValuesSupported) Supported algorithms for request object encryption.- Returns:
this
.
-
setRequestObjectEncryptionEncodingValuesSupported
public OidcDiscoveryProperties setRequestObjectEncryptionEncodingValuesSupported(List<String> requestObjectEncryptionEncodingValuesSupported) Supported encoding strategies for request object encryption.- Returns:
this
.
-