Package org.apereo.cas.configuration.model.support.oidc

Class OidcDiscoveryProperties

java.lang.Object
org.apereo.cas.configuration.model.support.oidc.OidcDiscoveryProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-oidc") public class OidcDiscoveryProperties extends Object implements Serializable
This is OidcDiscoveryProperties.
Since:
5.0.0
See Also:

  • Constructor Details

    • OidcDiscoveryProperties

      public OidcDiscoveryProperties()

  • Method Details

    • isClaimsParameterSupported

      public boolean isClaimsParameterSupported()
      Specifying whether this provider supports use of the claims parameter.

    • isRequestParameterSupported

      public boolean isRequestParameterSupported()
      Specifying whether this provider supports use of the request parameter.

    • isRequestUriParameterSupported

      public boolean isRequestUriParameterSupported()
      Specifying whether this provider supports use of the request_uri parameter.

    • isAuthorizationResponseIssuerParameterSupported

      public boolean isAuthorizationResponseIssuerParameterSupported()
      Parameter indicating whether the authorization server provides the iss parameter in the authorization response.

    • isTlsClientCertificateBoundAccessTokens

      public boolean isTlsClientCertificateBoundAccessTokens()
      Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.

    • isRequirePushedAuthorizationRequests

      public boolean isRequirePushedAuthorizationRequests()
      Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.

    • getScopes

      public List<String> getScopes()
      List of supported scopes.

    • getClaims

      public List<String> getClaims()
      List of supported claims.

    • getSubjectTypes

      public List<String> getSubjectTypes()
      List of supported subject types.

    • getResponseTypesSupported

      public List<String> getResponseTypesSupported()
      Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter.

    • getResponseModesSupported

      public List<String> getResponseModesSupported()
      Supported response modes.

    • getPromptValuesSupported

      public List<String> getPromptValuesSupported()
      Supported prompt values. If CAS receives a prompt value that it does not support (not declared in the prompt_values_supported metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request.

    • getIntrospectionSupportedAuthenticationMethods

      public List<String> getIntrospectionSupportedAuthenticationMethods()
      Supported authentication methods for introspection.

    • getClaimTypesSupported

      public List<String> getClaimTypesSupported()
      Supported claim types.

    • getGrantTypesSupported

      public List<String> getGrantTypesSupported()
      Supported grant types.

    • getDpopSigningAlgValuesSupported

      public List<String> getDpopSigningAlgValuesSupported()
      A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.

    • getIdTokenSigningAlgValuesSupported

      public List<String> getIdTokenSigningAlgValuesSupported()
      Supported algorithms for id token signing.

    • getIdTokenEncryptionAlgValuesSupported

      public List<String> getIdTokenEncryptionAlgValuesSupported()
      Supported algorithms for id token encryption.

    • getIdTokenEncryptionEncodingValuesSupported

      public List<String> getIdTokenEncryptionEncodingValuesSupported()
      Supported encoding strategies for id token encryption.

    • getIntrospectionSignedResponseAlgValuesSupported

      public List<String> getIntrospectionSignedResponseAlgValuesSupported()
      Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.

    • getIntrospectionEncryptedResponseAlgValuesSupported

      public List<String> getIntrospectionEncryptedResponseAlgValuesSupported()
      Accepted values containing a list of the JWE encryption algorithms (alg values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.

    • getIntrospectionEncryptedResponseEncodingValuesSupported

      public List<String> getIntrospectionEncryptedResponseEncodingValuesSupported()
      Accepted values containing a list of the JWE encryption algorithms (enc values) supported by the introspection endpoint to encrypt the introspection response.

    • getUserInfoSigningAlgValuesSupported

      public List<String> getUserInfoSigningAlgValuesSupported()
      Supported algorithms for user-info signing.

    • getUserInfoEncryptionAlgValuesSupported

      public List<String> getUserInfoEncryptionAlgValuesSupported()
      Supported algorithms for user-info encryption.

    • getUserInfoEncryptionEncodingValuesSupported

      public List<String> getUserInfoEncryptionEncodingValuesSupported()
      Supported encoding strategies for user-info encryption.

    • getTokenEndpointAuthMethodsSupported

      public List<String> getTokenEndpointAuthMethodsSupported()
      List of client authentication methods supported by token endpoint.

    • getCodeChallengeMethodsSupported

      public List<String> getCodeChallengeMethodsSupported()
      List of PKCE code challenge methods supported.

    • getAcrValuesSupported

      public List<String> getAcrValuesSupported()
      List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form of acr_values as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful, acr and amr values are passed back to the relying party as part of the id token.

    • getRequestObjectSigningAlgValuesSupported

      public List<String> getRequestObjectSigningAlgValuesSupported()
      Supported algorithms for request object signing.

    • getRequestObjectEncryptionAlgValuesSupported

      public List<String> getRequestObjectEncryptionAlgValuesSupported()
      Supported algorithms for request object encryption.

    • getRequestObjectEncryptionEncodingValuesSupported

      public List<String> getRequestObjectEncryptionEncodingValuesSupported()
      Supported encoding strategies for request object encryption.

    • isVerifiedClaimsSupported

      public boolean isVerifiedClaimsSupported()
      Boolean value indicating support for verified_claims, i.e., the OpenID Connect for Identity Assurance extension.

    • getTrustFrameworksSupported

      public Set<String> getTrustFrameworksSupported()
      Set containing all supported trust frameworks. This array must have at least one member.

    • getEvidenceSupported

      public Set<String> getEvidenceSupported()
      Set containing all types of identity evidence the OP uses. This array may have zero or more members.

    • getDocumentsSupported

      public Set<String> getDocumentsSupported()
      Needed when evidenceSupported contains document or id_document. Set containing all identity document types utilized by the CAS for identity verification.

    • getDocumentsValidationMethodsSupported

      public Set<String> getDocumentsValidationMethodsSupported()
      Set containing the validation methods the CAS supports.

    • getDocumentsVerificationMethodsSupported

      public Set<String> getDocumentsVerificationMethodsSupported()
      Set containing the verification methods the CAS supports.

    • getElectronicRecordsSupported

      public Set<String> getElectronicRecordsSupported()
      Needed when evidence_supported contains electronicrecord. Set containing all electronic record types the CAS supports.

    • getClaimsInVerifiedClaimsSupported

      public Set<String> getClaimsInVerifiedClaimsSupported()
      List of the supported verified claims.

    • setClaimsParameterSupported

      public OidcDiscoveryProperties setClaimsParameterSupported(boolean claimsParameterSupported)
      Specifying whether this provider supports use of the claims parameter.
      Returns:
      this.

    • setRequestParameterSupported

      public OidcDiscoveryProperties setRequestParameterSupported(boolean requestParameterSupported)
      Specifying whether this provider supports use of the request parameter.
      Returns:
      this.

    • setRequestUriParameterSupported

      public OidcDiscoveryProperties setRequestUriParameterSupported(boolean requestUriParameterSupported)
      Specifying whether this provider supports use of the request_uri parameter.
      Returns:
      this.

    • setAuthorizationResponseIssuerParameterSupported

      public OidcDiscoveryProperties setAuthorizationResponseIssuerParameterSupported(boolean authorizationResponseIssuerParameterSupported)
      Parameter indicating whether the authorization server provides the iss parameter in the authorization response.
      Returns:
      this.

    • setTlsClientCertificateBoundAccessTokens

      public OidcDiscoveryProperties setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens)
      Boolean value indicating server support for mutual-TLS client certificate-bound access tokens.
      Returns:
      this.

    • setRequirePushedAuthorizationRequests

      public OidcDiscoveryProperties setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests)
      Boolean parameter indicating whether the authorization server (CAS) accepts authorization request data only via the pushed authorization request method.
      Returns:
      this.

    • setScopes

      public OidcDiscoveryProperties setScopes(List<String> scopes)
      List of supported scopes.
      Returns:
      this.

    • setClaims

      public OidcDiscoveryProperties setClaims(List<String> claims)
      List of supported claims.
      Returns:
      this.

    • setSubjectTypes

      public OidcDiscoveryProperties setSubjectTypes(List<String> subjectTypes)
      List of supported subject types.
      Returns:
      this.

    • setResponseTypesSupported

      public OidcDiscoveryProperties setResponseTypesSupported(List<String> responseTypesSupported)
      Supported response types. The Response Mode request parameter response_mode informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. Each Response Type value also defines a default Response Mode mechanism to be used, if no Response Mode is specified using the request parameter.
      Returns:
      this.

    • setResponseModesSupported

      public OidcDiscoveryProperties setResponseModesSupported(List<String> responseModesSupported)
      Supported response modes.
      Returns:
      this.

    • setPromptValuesSupported

      public OidcDiscoveryProperties setPromptValuesSupported(List<String> promptValuesSupported)
      Supported prompt values. If CAS receives a prompt value that it does not support (not declared in the prompt_values_supported metadata field) the CAS SHOULD respond with an HTTP 400 (Bad Request) status code and an error value of invalid request.
      Returns:
      this.

    • setIntrospectionSupportedAuthenticationMethods

      public OidcDiscoveryProperties setIntrospectionSupportedAuthenticationMethods(List<String> introspectionSupportedAuthenticationMethods)
      Supported authentication methods for introspection.
      Returns:
      this.

    • setClaimTypesSupported

      public OidcDiscoveryProperties setClaimTypesSupported(List<String> claimTypesSupported)
      Supported claim types.
      Returns:
      this.

    • setGrantTypesSupported

      public OidcDiscoveryProperties setGrantTypesSupported(List<String> grantTypesSupported)
      Supported grant types.
      Returns:
      this.

    • setDpopSigningAlgValuesSupported

      public OidcDiscoveryProperties setDpopSigningAlgValuesSupported(List<String> dpopSigningAlgValuesSupported)
      A array containing a list of the JWS "alg" values supported by the CAS authorization server for DPoP proof JWTs.
      Returns:
      this.

    • setIdTokenSigningAlgValuesSupported

      public OidcDiscoveryProperties setIdTokenSigningAlgValuesSupported(List<String> idTokenSigningAlgValuesSupported)
      Supported algorithms for id token signing.
      Returns:
      this.

    • setIdTokenEncryptionAlgValuesSupported

      public OidcDiscoveryProperties setIdTokenEncryptionAlgValuesSupported(List<String> idTokenEncryptionAlgValuesSupported)
      Supported algorithms for id token encryption.
      Returns:
      this.

    • setIdTokenEncryptionEncodingValuesSupported

      public OidcDiscoveryProperties setIdTokenEncryptionEncodingValuesSupported(List<String> idTokenEncryptionEncodingValuesSupported)
      Supported encoding strategies for id token encryption.
      Returns:
      this.

    • setIntrospectionSignedResponseAlgValuesSupported

      public OidcDiscoveryProperties setIntrospectionSignedResponseAlgValuesSupported(List<String> introspectionSignedResponseAlgValuesSupported)
      Accepted values containing a list of the JWS signing algorithms supported by the introspection endpoint to sign the response.
      Returns:
      this.

    • setIntrospectionEncryptedResponseAlgValuesSupported

      public OidcDiscoveryProperties setIntrospectionEncryptedResponseAlgValuesSupported(List<String> introspectionEncryptedResponseAlgValuesSupported)
      Accepted values containing a list of the JWE encryption algorithms (alg values) supported by the introspection endpoint to encrypt the content encryption key for introspection response.
      Returns:
      this.

    • setIntrospectionEncryptedResponseEncodingValuesSupported

      public OidcDiscoveryProperties setIntrospectionEncryptedResponseEncodingValuesSupported(List<String> introspectionEncryptedResponseEncodingValuesSupported)
      Accepted values containing a list of the JWE encryption algorithms (enc values) supported by the introspection endpoint to encrypt the introspection response.
      Returns:
      this.

    • setUserInfoSigningAlgValuesSupported

      public OidcDiscoveryProperties setUserInfoSigningAlgValuesSupported(List<String> userInfoSigningAlgValuesSupported)
      Supported algorithms for user-info signing.
      Returns:
      this.

    • setUserInfoEncryptionAlgValuesSupported

      public OidcDiscoveryProperties setUserInfoEncryptionAlgValuesSupported(List<String> userInfoEncryptionAlgValuesSupported)
      Supported algorithms for user-info encryption.
      Returns:
      this.

    • setUserInfoEncryptionEncodingValuesSupported

      public OidcDiscoveryProperties setUserInfoEncryptionEncodingValuesSupported(List<String> userInfoEncryptionEncodingValuesSupported)
      Supported encoding strategies for user-info encryption.
      Returns:
      this.

    • setTokenEndpointAuthMethodsSupported

      public OidcDiscoveryProperties setTokenEndpointAuthMethodsSupported(List<String> tokenEndpointAuthMethodsSupported)
      List of client authentication methods supported by token endpoint.
      Returns:
      this.

    • setCodeChallengeMethodsSupported

      public OidcDiscoveryProperties setCodeChallengeMethodsSupported(List<String> codeChallengeMethodsSupported)
      List of PKCE code challenge methods supported.
      Returns:
      this.

    • setAcrValuesSupported

      public OidcDiscoveryProperties setAcrValuesSupported(List<String> acrValuesSupported)
      List of ACR values supported. This discovery element contains a list of the supported acr values supported by this server. Support for authentication context class references is implemented in form of acr_values as part of the original authorization request, which is mostly taken into account by the multifactor authentication features of CAS. Once successful, acr and amr values are passed back to the relying party as part of the id token.
      Returns:
      this.

    • setRequestObjectSigningAlgValuesSupported

      public OidcDiscoveryProperties setRequestObjectSigningAlgValuesSupported(List<String> requestObjectSigningAlgValuesSupported)
      Supported algorithms for request object signing.
      Returns:
      this.

    • setRequestObjectEncryptionAlgValuesSupported

      public OidcDiscoveryProperties setRequestObjectEncryptionAlgValuesSupported(List<String> requestObjectEncryptionAlgValuesSupported)
      Supported algorithms for request object encryption.
      Returns:
      this.

    • setRequestObjectEncryptionEncodingValuesSupported

      public OidcDiscoveryProperties setRequestObjectEncryptionEncodingValuesSupported(List<String> requestObjectEncryptionEncodingValuesSupported)
      Supported encoding strategies for request object encryption.
      Returns:
      this.

    • setVerifiedClaimsSupported

      public OidcDiscoveryProperties setVerifiedClaimsSupported(boolean verifiedClaimsSupported)
      Boolean value indicating support for verified_claims, i.e., the OpenID Connect for Identity Assurance extension.
      Returns:
      this.

    • setTrustFrameworksSupported

      public OidcDiscoveryProperties setTrustFrameworksSupported(Set<String> trustFrameworksSupported)
      Set containing all supported trust frameworks. This array must have at least one member.
      Returns:
      this.

    • setEvidenceSupported

      public OidcDiscoveryProperties setEvidenceSupported(Set<String> evidenceSupported)
      Set containing all types of identity evidence the OP uses. This array may have zero or more members.
      Returns:
      this.

    • setDocumentsSupported

      public OidcDiscoveryProperties setDocumentsSupported(Set<String> documentsSupported)
      Needed when evidenceSupported contains document or id_document. Set containing all identity document types utilized by the CAS for identity verification.
      Returns:
      this.

    • setDocumentsValidationMethodsSupported

      public OidcDiscoveryProperties setDocumentsValidationMethodsSupported(Set<String> documentsValidationMethodsSupported)
      Set containing the validation methods the CAS supports.
      Returns:
      this.

    • setDocumentsVerificationMethodsSupported

      public OidcDiscoveryProperties setDocumentsVerificationMethodsSupported(Set<String> documentsVerificationMethodsSupported)
      Set containing the verification methods the CAS supports.
      Returns:
      this.

    • setElectronicRecordsSupported

      public OidcDiscoveryProperties setElectronicRecordsSupported(Set<String> electronicRecordsSupported)
      Needed when evidence_supported contains electronicrecord. Set containing all electronic record types the CAS supports.
      Returns:
      this.

    • setClaimsInVerifiedClaimsSupported

      public OidcDiscoveryProperties setClaimsInVerifiedClaimsSupported(Set<String> claimsInVerifiedClaimsSupported)
      List of the supported verified claims.
      Returns:
      this.