Class OidcDiscoveryProperties
java.lang.Object
org.apereo.cas.configuration.model.support.oidc.OidcDiscoveryProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-oidc")
public class OidcDiscoveryProperties
extends Object
implements Serializable
This is
OidcDiscoveryProperties
.- Since:
- 5.0.0
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionList of ACR values supported.List of supported claims.List of the supported verified claims.Supported claim types.List of PKCE code challenge methods supported.Needed whenevidenceSupported
containsdocument
orid_document
.Set containing the validation methods the CAS supports.Set containing the verification methods the CAS supports.A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.Needed when evidence_supported containselectronicrecord
.Set containing all types of identity evidence the OP uses.Supported grant types.Supported algorithms for id token encryption.Supported encoding strategies for id token encryption.Supported algorithms for id token signing.Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response.Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.Supported authentication methods for introspection.Supported prompt values.Supported algorithms for request object encryption.Supported encoding strategies for request object encryption.Supported algorithms for request object signing.Supported response modes.Supported response types.List of supported scopes.List of supported subject types.List of client authentication methods supported by token endpoint.Set containing all supported trust frameworks.Supported algorithms for user-info encryption.Supported encoding strategies for user-info encryption.Supported algorithms for user-info signing.boolean
Parameter indicating whether the authorization server provides theiss
parameter in the authorization response.boolean
Specifying whether this provider supports use of the claims parameter.boolean
Specifying whether this provider supports use of therequest
parameter.boolean
Specifying whether this provider supports use of therequest_uri
parameter.boolean
Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.boolean
Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.boolean
Boolean value indicating support for verified_claims, i.e., the OpenID Connect for Identity Assurance extension.setAcrValuesSupported
(List<String> acrValuesSupported) List of ACR values supported.setAuthorizationResponseIssuerParameterSupported
(boolean authorizationResponseIssuerParameterSupported) Parameter indicating whether the authorization server provides theiss
parameter in the authorization response.List of supported claims.setClaimsInVerifiedClaimsSupported
(Set<String> claimsInVerifiedClaimsSupported) List of the supported verified claims.setClaimsParameterSupported
(boolean claimsParameterSupported) Specifying whether this provider supports use of the claims parameter.setClaimTypesSupported
(List<String> claimTypesSupported) Supported claim types.setCodeChallengeMethodsSupported
(List<String> codeChallengeMethodsSupported) List of PKCE code challenge methods supported.setDocumentsSupported
(Set<String> documentsSupported) Needed whenevidenceSupported
containsdocument
orid_document
.setDocumentsValidationMethodsSupported
(Set<String> documentsValidationMethodsSupported) Set containing the validation methods the CAS supports.setDocumentsVerificationMethodsSupported
(Set<String> documentsVerificationMethodsSupported) Set containing the verification methods the CAS supports.setDpopSigningAlgValuesSupported
(List<String> dpopSigningAlgValuesSupported) A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.setElectronicRecordsSupported
(Set<String> electronicRecordsSupported) Needed when evidence_supported containselectronicrecord
.setEvidenceSupported
(Set<String> evidenceSupported) Set containing all types of identity evidence the OP uses.setGrantTypesSupported
(List<String> grantTypesSupported) Supported grant types.setIdTokenEncryptionAlgValuesSupported
(List<String> idTokenEncryptionAlgValuesSupported) Supported algorithms for id token encryption.setIdTokenEncryptionEncodingValuesSupported
(List<String> idTokenEncryptionEncodingValuesSupported) Supported encoding strategies for id token encryption.setIdTokenSigningAlgValuesSupported
(List<String> idTokenSigningAlgValuesSupported) Supported algorithms for id token signing.setIntrospectionEncryptedResponseAlgValuesSupported
(List<String> introspectionEncryptedResponseAlgValuesSupported) Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.setIntrospectionEncryptedResponseEncodingValuesSupported
(List<String> introspectionEncryptedResponseEncodingValuesSupported) Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response.setIntrospectionSignedResponseAlgValuesSupported
(List<String> introspectionSignedResponseAlgValuesSupported) Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.setIntrospectionSupportedAuthenticationMethods
(List<String> introspectionSupportedAuthenticationMethods) Supported authentication methods for introspection.setPromptValuesSupported
(List<String> promptValuesSupported) Supported prompt values.setRequestObjectEncryptionAlgValuesSupported
(List<String> requestObjectEncryptionAlgValuesSupported) Supported algorithms for request object encryption.setRequestObjectEncryptionEncodingValuesSupported
(List<String> requestObjectEncryptionEncodingValuesSupported) Supported encoding strategies for request object encryption.setRequestObjectSigningAlgValuesSupported
(List<String> requestObjectSigningAlgValuesSupported) Supported algorithms for request object signing.setRequestParameterSupported
(boolean requestParameterSupported) Specifying whether this provider supports use of therequest
parameter.setRequestUriParameterSupported
(boolean requestUriParameterSupported) Specifying whether this provider supports use of therequest_uri
parameter.setRequirePushedAuthorizationRequests
(boolean requirePushedAuthorizationRequests) Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.setResponseModesSupported
(List<String> responseModesSupported) Supported response modes.setResponseTypesSupported
(List<String> responseTypesSupported) Supported response types.List of supported scopes.setSubjectTypes
(List<String> subjectTypes) List of supported subject types.setTlsClientCertificateBoundAccessTokens
(boolean tlsClientCertificateBoundAccessTokens) Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.setTokenEndpointAuthMethodsSupported
(List<String> tokenEndpointAuthMethodsSupported) List of client authentication methods supported by token endpoint.setTrustFrameworksSupported
(Set<String> trustFrameworksSupported) Set containing all supported trust frameworks.setUserInfoEncryptionAlgValuesSupported
(List<String> userInfoEncryptionAlgValuesSupported) Supported algorithms for user-info encryption.setUserInfoEncryptionEncodingValuesSupported
(List<String> userInfoEncryptionEncodingValuesSupported) Supported encoding strategies for user-info encryption.setUserInfoSigningAlgValuesSupported
(List<String> userInfoSigningAlgValuesSupported) Supported algorithms for user-info signing.setVerifiedClaimsSupported
(boolean verifiedClaimsSupported) Boolean value indicating support for verified_claims, i.e., the OpenID Connect for Identity Assurance extension.
-
Constructor Details
-
OidcDiscoveryProperties
public OidcDiscoveryProperties()
-
-
Method Details
-
isClaimsParameterSupported
public boolean isClaimsParameterSupported()Specifying whether this provider supports use of the claims parameter. -
isRequestParameterSupported
public boolean isRequestParameterSupported()Specifying whether this provider supports use of therequest
parameter. -
isRequestUriParameterSupported
public boolean isRequestUriParameterSupported()Specifying whether this provider supports use of therequest_uri
parameter. -
isAuthorizationResponseIssuerParameterSupported
public boolean isAuthorizationResponseIssuerParameterSupported()Parameter indicating whether the authorization server provides theiss
parameter in the authorization response. -
isTlsClientCertificateBoundAccessTokens
public boolean isTlsClientCertificateBoundAccessTokens()Boolean value indicating server support for mutual-TLS client certificate-bound access tokens. -
isRequirePushedAuthorizationRequests
public boolean isRequirePushedAuthorizationRequests()Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method. -
getScopes
List of supported scopes. -
getClaims
List of supported claims. -
getSubjectTypes
List of supported subject types. -
getResponseTypesSupported
Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter. -
getResponseModesSupported
Supported response modes. -
getPromptValuesSupported
Supported prompt values. If CAS receives a prompt value that it does not support (not declared in theprompt_values_supported
metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request. -
getIntrospectionSupportedAuthenticationMethods
Supported authentication methods for introspection. -
getClaimTypesSupported
Supported claim types. -
getGrantTypesSupported
Supported grant types. -
getDpopSigningAlgValuesSupported
A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs. -
getIdTokenSigningAlgValuesSupported
Supported algorithms for id token signing. -
getIdTokenEncryptionAlgValuesSupported
Supported algorithms for id token encryption. -
getIdTokenEncryptionEncodingValuesSupported
Supported encoding strategies for id token encryption. -
getIntrospectionSignedResponseAlgValuesSupported
Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response. -
getIntrospectionEncryptedResponseAlgValuesSupported
Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response. -
getIntrospectionEncryptedResponseEncodingValuesSupported
Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response. -
getUserInfoSigningAlgValuesSupported
Supported algorithms for user-info signing. -
getUserInfoEncryptionAlgValuesSupported
Supported algorithms for user-info encryption. -
getUserInfoEncryptionEncodingValuesSupported
Supported encoding strategies for user-info encryption. -
getTokenEndpointAuthMethodsSupported
List of client authentication methods supported by token endpoint. -
getCodeChallengeMethodsSupported
List of PKCE code challenge methods supported. -
getAcrValuesSupported
List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form ofacr_values
as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful,acr
andamr
values are passed back to the relying party as part of the id token. -
getRequestObjectSigningAlgValuesSupported
Supported algorithms for request object signing. -
getRequestObjectEncryptionAlgValuesSupported
Supported algorithms for request object encryption. -
getRequestObjectEncryptionEncodingValuesSupported
Supported encoding strategies for request object encryption. -
isVerifiedClaimsSupported
public boolean isVerifiedClaimsSupported()Boolean value indicating support for verified_claims, i.e., the OpenID Connect for Identity Assurance extension. -
getTrustFrameworksSupported
Set containing all supported trust frameworks. This array must have at least one member. -
getEvidenceSupported
Set containing all types of identity evidence the OP uses. This array may have zero or more members. -
getDocumentsSupported
Needed whenevidenceSupported
containsdocument
orid_document
. Set containing all identity document types utilized by the CAS for identity verification. -
getDocumentsValidationMethodsSupported
Set containing the validation methods the CAS supports. -
getDocumentsVerificationMethodsSupported
Set containing the verification methods the CAS supports. -
getElectronicRecordsSupported
Needed when evidence_supported containselectronicrecord
. Set containing all electronic record types the CAS supports. -
getClaimsInVerifiedClaimsSupported
List of the supported verified claims. -
setClaimsParameterSupported
Specifying whether this provider supports use of the claims parameter.- Returns:
this
.
-
setRequestParameterSupported
Specifying whether this provider supports use of therequest
parameter.- Returns:
this
.
-
setRequestUriParameterSupported
public OidcDiscoveryProperties setRequestUriParameterSupported(boolean requestUriParameterSupported) Specifying whether this provider supports use of therequest_uri
parameter.- Returns:
this
.
-
setAuthorizationResponseIssuerParameterSupported
public OidcDiscoveryProperties setAuthorizationResponseIssuerParameterSupported(boolean authorizationResponseIssuerParameterSupported) Parameter indicating whether the authorization server provides theiss
parameter in the authorization response.- Returns:
this
.
-
setTlsClientCertificateBoundAccessTokens
public OidcDiscoveryProperties setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.- Returns:
this
.
-
setRequirePushedAuthorizationRequests
public OidcDiscoveryProperties setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.- Returns:
this
.
-
setScopes
List of supported scopes.- Returns:
this
.
-
setClaims
List of supported claims.- Returns:
this
.
-
setSubjectTypes
List of supported subject types.- Returns:
this
.
-
setResponseTypesSupported
Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter.- Returns:
this
.
-
setResponseModesSupported
Supported response modes.- Returns:
this
.
-
setPromptValuesSupported
Supported prompt values. If CAS receives a prompt value that it does not support (not declared in theprompt_values_supported
metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request.- Returns:
this
.
-
setIntrospectionSupportedAuthenticationMethods
public OidcDiscoveryProperties setIntrospectionSupportedAuthenticationMethods(List<String> introspectionSupportedAuthenticationMethods) Supported authentication methods for introspection.- Returns:
this
.
-
setClaimTypesSupported
Supported claim types.- Returns:
this
.
-
setGrantTypesSupported
Supported grant types.- Returns:
this
.
-
setDpopSigningAlgValuesSupported
public OidcDiscoveryProperties setDpopSigningAlgValuesSupported(List<String> dpopSigningAlgValuesSupported) A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.- Returns:
this
.
-
setIdTokenSigningAlgValuesSupported
public OidcDiscoveryProperties setIdTokenSigningAlgValuesSupported(List<String> idTokenSigningAlgValuesSupported) Supported algorithms for id token signing.- Returns:
this
.
-
setIdTokenEncryptionAlgValuesSupported
public OidcDiscoveryProperties setIdTokenEncryptionAlgValuesSupported(List<String> idTokenEncryptionAlgValuesSupported) Supported algorithms for id token encryption.- Returns:
this
.
-
setIdTokenEncryptionEncodingValuesSupported
public OidcDiscoveryProperties setIdTokenEncryptionEncodingValuesSupported(List<String> idTokenEncryptionEncodingValuesSupported) Supported encoding strategies for id token encryption.- Returns:
this
.
-
setIntrospectionSignedResponseAlgValuesSupported
public OidcDiscoveryProperties setIntrospectionSignedResponseAlgValuesSupported(List<String> introspectionSignedResponseAlgValuesSupported) Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.- Returns:
this
.
-
setIntrospectionEncryptedResponseAlgValuesSupported
public OidcDiscoveryProperties setIntrospectionEncryptedResponseAlgValuesSupported(List<String> introspectionEncryptedResponseAlgValuesSupported) Accepted values containing a list of the JWE encryption algorithms (alg
values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.- Returns:
this
.
-
setIntrospectionEncryptedResponseEncodingValuesSupported
public OidcDiscoveryProperties setIntrospectionEncryptedResponseEncodingValuesSupported(List<String> introspectionEncryptedResponseEncodingValuesSupported) Accepted values containing a list of the JWE encryption algorithms (enc
values) supported by the introspection endpoint to encrypt the introspection response.- Returns:
this
.
-
setUserInfoSigningAlgValuesSupported
public OidcDiscoveryProperties setUserInfoSigningAlgValuesSupported(List<String> userInfoSigningAlgValuesSupported) Supported algorithms for user-info signing.- Returns:
this
.
-
setUserInfoEncryptionAlgValuesSupported
public OidcDiscoveryProperties setUserInfoEncryptionAlgValuesSupported(List<String> userInfoEncryptionAlgValuesSupported) Supported algorithms for user-info encryption.- Returns:
this
.
-
setUserInfoEncryptionEncodingValuesSupported
public OidcDiscoveryProperties setUserInfoEncryptionEncodingValuesSupported(List<String> userInfoEncryptionEncodingValuesSupported) Supported encoding strategies for user-info encryption.- Returns:
this
.
-
setTokenEndpointAuthMethodsSupported
public OidcDiscoveryProperties setTokenEndpointAuthMethodsSupported(List<String> tokenEndpointAuthMethodsSupported) List of client authentication methods supported by token endpoint.- Returns:
this
.
-
setCodeChallengeMethodsSupported
public OidcDiscoveryProperties setCodeChallengeMethodsSupported(List<String> codeChallengeMethodsSupported) List of PKCE code challenge methods supported.- Returns:
this
.
-
setAcrValuesSupported
List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form ofacr_values
as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful,acr
andamr
values are passed back to the relying party as part of the id token.- Returns:
this
.
-
setRequestObjectSigningAlgValuesSupported
public OidcDiscoveryProperties setRequestObjectSigningAlgValuesSupported(List<String> requestObjectSigningAlgValuesSupported) Supported algorithms for request object signing.- Returns:
this
.
-
setRequestObjectEncryptionAlgValuesSupported
public OidcDiscoveryProperties setRequestObjectEncryptionAlgValuesSupported(List<String> requestObjectEncryptionAlgValuesSupported) Supported algorithms for request object encryption.- Returns:
this
.
-
setRequestObjectEncryptionEncodingValuesSupported
public OidcDiscoveryProperties setRequestObjectEncryptionEncodingValuesSupported(List<String> requestObjectEncryptionEncodingValuesSupported) Supported encoding strategies for request object encryption.- Returns:
this
.
-
setVerifiedClaimsSupported
Boolean value indicating support for verified_claims, i.e., the OpenID Connect for Identity Assurance extension.- Returns:
this
.
-
setTrustFrameworksSupported
Set containing all supported trust frameworks. This array must have at least one member.- Returns:
this
.
-
setEvidenceSupported
Set containing all types of identity evidence the OP uses. This array may have zero or more members.- Returns:
this
.
-
setDocumentsSupported
Needed whenevidenceSupported
containsdocument
orid_document
. Set containing all identity document types utilized by the CAS for identity verification.- Returns:
this
.
-
setDocumentsValidationMethodsSupported
public OidcDiscoveryProperties setDocumentsValidationMethodsSupported(Set<String> documentsValidationMethodsSupported) Set containing the validation methods the CAS supports.- Returns:
this
.
-
setDocumentsVerificationMethodsSupported
public OidcDiscoveryProperties setDocumentsVerificationMethodsSupported(Set<String> documentsVerificationMethodsSupported) Set containing the verification methods the CAS supports.- Returns:
this
.
-
setElectronicRecordsSupported
public OidcDiscoveryProperties setElectronicRecordsSupported(Set<String> electronicRecordsSupported) Needed when evidence_supported containselectronicrecord
. Set containing all electronic record types the CAS supports.- Returns:
this
.
-
setClaimsInVerifiedClaimsSupported
public OidcDiscoveryProperties setClaimsInVerifiedClaimsSupported(Set<String> claimsInVerifiedClaimsSupported) List of the supported verified claims.- Returns:
this
.
-