Class BasePac4jOidcClientProperties
java.lang.Object
org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
org.apereo.cas.configuration.model.support.pac4j.Pac4jIdentifiableClientProperties
org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties
- All Implemented Interfaces:
Serializable
,CasFeatureModule
- Direct Known Subclasses:
Pac4jAppleOidcClientProperties
,Pac4jAzureOidcClientProperties
,Pac4jGenericOidcClientProperties
,Pac4jGoogleOidcClientProperties
,Pac4jKeyCloakOidcClientProperties
@RequiresModule(name="cas-server-support-pac4j-webflow")
public abstract class BasePac4jOidcClientProperties
extends Pac4jIdentifiableClientProperties
This is
BasePac4jOidcClientProperties
.- Since:
- 5.2.0
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
Pac4jBaseClientProperties.CallbackUrlTypes
Nested classes/interfaces inherited from interface org.apereo.cas.configuration.features.CasFeatureModule
CasFeatureModule.FeatureCatalog
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionThe preferred client authentication method that will be chosen for token requests.Read timeout of the OIDC client.Custom parameters to send along in authZ requests, etc.The discovery endpoint to locate the provide metadata.Logout url used for this provider.List arbitrary mappings of claims when fetching user profiles.Clock skew in order to account for drift, when validating id tokens.The JWS algorithm to use forcefully when validating ID tokens.Connect timeout of the OIDC client.The response mode specifies how the result of the authorization request is formatted.The response type tells the authorization server which grant to execute.getScope()
Requested scope(s).Control the list of supported client authentication methods that can be accepted and understood by this integration.Default time period advance (in seconds) for considering an access token expired.boolean
Whether unsigned id tokens issued as plain JWTs are accepted.boolean
Disable PKCE support for the provider.boolean
Checks if sessions expire with token expiration.boolean
If enabled, try to process the access token as a JWT and include its claims in the profile.boolean
Whether an initial nonce should be to used initially for replay attack mitigation.setAllowUnsignedIdTokens
(boolean allowUnsignedIdTokens) Whether unsigned id tokens issued as plain JWTs are accepted.setClientAuthenticationMethod
(String clientAuthenticationMethod) The preferred client authentication method that will be chosen for token requests.setConnectTimeout
(String connectTimeout) Read timeout of the OIDC client.setCustomParams
(Map<String, String> customParams) Custom parameters to send along in authZ requests, etc.setDisablePkce
(boolean disablePkce) Disable PKCE support for the provider.setDiscoveryUri
(String discoveryUri) The discovery endpoint to locate the provide metadata.setExpireSessionWithToken
(boolean expireSessionWithToken) Checks if sessions expire with token expiration.setIncludeAccessTokenClaims
(boolean includeAccessTokenClaims) If enabled, try to process the access token as a JWT and include its claims in the profile.setLogoutUrl
(String logoutUrl) Logout url used for this provider.setMappedClaims
(List<String> mappedClaims) List arbitrary mappings of claims when fetching user profiles.setMaxClockSkew
(String maxClockSkew) Clock skew in order to account for drift, when validating id tokens.setPreferredJwsAlgorithm
(String preferredJwsAlgorithm) The JWS algorithm to use forcefully when validating ID tokens.setReadTimeout
(String readTimeout) Connect timeout of the OIDC client.setResponseMode
(String responseMode) The response mode specifies how the result of the authorization request is formatted.setResponseType
(String responseType) The response type tells the authorization server which grant to execute.Requested scope(s).setSupportedClientAuthenticationMethods
(String supportedClientAuthenticationMethods) Control the list of supported client authentication methods that can be accepted and understood by this integration.setTokenExpirationAdvance
(String tokenExpirationAdvance) Default time period advance (in seconds) for considering an access token expired.setUseNonce
(boolean useNonce) Whether an initial nonce should be to used initially for replay attack mitigation.Methods inherited from class org.apereo.cas.configuration.model.support.pac4j.Pac4jIdentifiableClientProperties
getId, getSecret, setId, setSecret
Methods inherited from class org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
getAutoRedirectType, getCallbackUrl, getCallbackUrlType, getClientName, getCssClass, getDisplayName, getPrincipalIdAttribute, isEnabled, setAutoRedirectType, setCallbackUrl, setCallbackUrlType, setClientName, setCssClass, setDisplayName, setEnabled, setPrincipalIdAttribute
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apereo.cas.configuration.features.CasFeatureModule
isDefined, isUndefined
-
Constructor Details
-
BasePac4jOidcClientProperties
public BasePac4jOidcClientProperties()
-
-
Method Details
-
getDiscoveryUri
The discovery endpoint to locate the provide metadata. -
getLogoutUrl
Logout url used for this provider. -
isUseNonce
public boolean isUseNonce()Whether an initial nonce should be to used initially for replay attack mitigation. -
isDisablePkce
public boolean isDisablePkce()Disable PKCE support for the provider. -
getScope
Requested scope(s). -
getPreferredJwsAlgorithm
The JWS algorithm to use forcefully when validating ID tokens. If none is defined, the first algorithm from metadata will be used. -
getMaxClockSkew
Clock skew in order to account for drift, when validating id tokens. -
getCustomParams
Custom parameters to send along in authZ requests, etc. -
getResponseMode
The response mode specifies how the result of the authorization request is formatted. For backward compatibility the default value is empty, which means the default pac4j (empty) response mode is used. Possible values includes "query", "fragment", "form_post", or "web_message" -
getResponseType
The response type tells the authorization server which grant to execute. For backward compatibility the default value is empty, which means the default pac4j ("code") response type is used. Possibles values includes "code", "token" or "id_token". -
getConnectTimeout
Read timeout of the OIDC client. -
getReadTimeout
Connect timeout of the OIDC client. -
isExpireSessionWithToken
public boolean isExpireSessionWithToken()Checks if sessions expire with token expiration. -
getTokenExpirationAdvance
Default time period advance (in seconds) for considering an access token expired. -
getMappedClaims
List arbitrary mappings of claims when fetching user profiles. Uses a "directed list" where the allowed syntax would beclaim->attribute
. -
isAllowUnsignedIdTokens
public boolean isAllowUnsignedIdTokens()Whether unsigned id tokens issued as plain JWTs are accepted. -
isIncludeAccessTokenClaims
public boolean isIncludeAccessTokenClaims()If enabled, try to process the access token as a JWT and include its claims in the profile. Only enable this if there is an agreement between the IdP and CAS about the format of the access token. If not, the token format could change at any time. -
getClientAuthenticationMethod
The preferred client authentication method that will be chosen for token requests. If none is specified, one will be chosen somewhat randomly based on what the OIDC OP supports. -
getSupportedClientAuthenticationMethods
Control the list of supported client authentication methods that can be accepted and understood by this integration. Multiple methods may be specified and separated via a comma. Example might beclient_secret_basic,client_secret_post,client_secret_jwt
. -
setDiscoveryUri
The discovery endpoint to locate the provide metadata.- Returns:
this
.
-
setLogoutUrl
Logout url used for this provider.- Returns:
this
.
-
setUseNonce
Whether an initial nonce should be to used initially for replay attack mitigation.- Returns:
this
.
-
setDisablePkce
Disable PKCE support for the provider.- Returns:
this
.
-
setScope
Requested scope(s).- Returns:
this
.
-
setPreferredJwsAlgorithm
The JWS algorithm to use forcefully when validating ID tokens. If none is defined, the first algorithm from metadata will be used.- Returns:
this
.
-
setMaxClockSkew
Clock skew in order to account for drift, when validating id tokens.- Returns:
this
.
-
setCustomParams
Custom parameters to send along in authZ requests, etc.- Returns:
this
.
-
setResponseMode
The response mode specifies how the result of the authorization request is formatted. For backward compatibility the default value is empty, which means the default pac4j (empty) response mode is used. Possible values includes "query", "fragment", "form_post", or "web_message"- Returns:
this
.
-
setResponseType
The response type tells the authorization server which grant to execute. For backward compatibility the default value is empty, which means the default pac4j ("code") response type is used. Possibles values includes "code", "token" or "id_token".- Returns:
this
.
-
setConnectTimeout
Read timeout of the OIDC client.- Returns:
this
.
-
setReadTimeout
Connect timeout of the OIDC client.- Returns:
this
.
-
setExpireSessionWithToken
Checks if sessions expire with token expiration.- Returns:
this
.
-
setTokenExpirationAdvance
Default time period advance (in seconds) for considering an access token expired.- Returns:
this
.
-
setMappedClaims
List arbitrary mappings of claims when fetching user profiles. Uses a "directed list" where the allowed syntax would beclaim->attribute
.- Returns:
this
.
-
setAllowUnsignedIdTokens
Whether unsigned id tokens issued as plain JWTs are accepted.- Returns:
this
.
-
setIncludeAccessTokenClaims
If enabled, try to process the access token as a JWT and include its claims in the profile. Only enable this if there is an agreement between the IdP and CAS about the format of the access token. If not, the token format could change at any time.- Returns:
this
.
-
setClientAuthenticationMethod
public BasePac4jOidcClientProperties setClientAuthenticationMethod(String clientAuthenticationMethod) The preferred client authentication method that will be chosen for token requests. If none is specified, one will be chosen somewhat randomly based on what the OIDC OP supports.- Returns:
this
.
-
setSupportedClientAuthenticationMethods
public BasePac4jOidcClientProperties setSupportedClientAuthenticationMethods(String supportedClientAuthenticationMethods) Control the list of supported client authentication methods that can be accepted and understood by this integration. Multiple methods may be specified and separated via a comma. Example might beclient_secret_basic,client_secret_post,client_secret_jwt
.- Returns:
this
.
-