Package org.apereo.cas.configuration.model.support.pac4j.oidc

Class BasePac4jOidcClientProperties

java.lang.Object
org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties
org.apereo.cas.configuration.model.support.pac4j.Pac4jIdentifiableClientProperties
org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties
All Implemented Interfaces:
Serializable, CasFeatureModule
Direct Known Subclasses:
Pac4jAppleOidcClientProperties, Pac4jAzureOidcClientProperties, Pac4jGenericOidcClientProperties, Pac4jGoogleOidcClientProperties, Pac4jKeyCloakOidcClientProperties
@RequiresModule(name="cas-server-support-pac4j-webflow") public abstract class BasePac4jOidcClientProperties extends Pac4jIdentifiableClientProperties
This is BasePac4jOidcClientProperties.
Since:
5.2.0
See Also:

  • Constructor Details

    • BasePac4jOidcClientProperties

      public BasePac4jOidcClientProperties()

  • Method Details

    • getDiscoveryUri

      public String getDiscoveryUri()
      The discovery endpoint to locate the provide metadata.

    • getLogoutUrl

      public String getLogoutUrl()
      Logout url used for this provider.

    • isUseNonce

      public boolean isUseNonce()
      Whether an initial nonce should be to used initially for replay attack mitigation.

    • isDisablePkce

      public boolean isDisablePkce()
      Disable PKCE support for the provider.

    • getScope

      public String getScope()
      Requested scope(s).

    • getPreferredJwsAlgorithm

      public String getPreferredJwsAlgorithm()
      The JWS algorithm to use forcefully when validating ID tokens. If none is defined, the first algorithm from metadata will be used.

    • getMaxClockSkew

      public String getMaxClockSkew()
      Clock skew in order to account for drift, when validating id tokens.

    • getCustomParams

      public Map<String,String> getCustomParams()
      Custom parameters to send along in authZ requests, etc.

    • getResponseMode

      public String getResponseMode()
      The response mode specifies how the result of the authorization request is formatted. For backward compatibility the default value is empty, which means the default pac4j (empty) response mode is used. Possible values includes "query", "fragment", "form_post", or "web_message"

    • getResponseType

      public String getResponseType()
      The response type tells the authorization server which grant to execute. For backward compatibility the default value is empty, which means the default pac4j ("code") response type is used. Possibles values includes "code", "token" or "id_token".

    • getConnectTimeout

      public String getConnectTimeout()
      Read timeout of the OIDC client.

    • getReadTimeout

      public String getReadTimeout()
      Connect timeout of the OIDC client.

    • isExpireSessionWithToken

      public boolean isExpireSessionWithToken()
      Checks if sessions expire with token expiration.

    • getTokenExpirationAdvance

      public String getTokenExpirationAdvance()
      Default time period advance (in seconds) for considering an access token expired.

    • getMappedClaims

      public List<String> getMappedClaims()
      List arbitrary mappings of claims when fetching user profiles. Uses a "directed list" where the allowed syntax would be claim->attribute.

    • isAllowUnsignedIdTokens

      public boolean isAllowUnsignedIdTokens()
      Whether unsigned id tokens issued as plain JWTs are accepted.

    • isIncludeAccessTokenClaims

      public boolean isIncludeAccessTokenClaims()
      If enabled, try to process the access token as a JWT and include its claims in the profile. Only enable this if there is an agreement between the IdP and CAS about the format of the access token. If not, the token format could change at any time.

    • getClientAuthenticationMethod

      public String getClientAuthenticationMethod()
      The preferred client authentication method that will be chosen for token requests. If none is specified, one will be chosen somewhat randomly based on what the OIDC OP supports.

    • getSupportedClientAuthenticationMethods

      public String getSupportedClientAuthenticationMethods()
      Control the list of supported client authentication methods that can be accepted and understood by this integration. Multiple methods may be specified and separated via a comma. Example might be client_secret_basic,client_secret_post,client_secret_jwt.

    • setDiscoveryUri

      public BasePac4jOidcClientProperties setDiscoveryUri(String discoveryUri)
      The discovery endpoint to locate the provide metadata.
      Returns:
      this.

    • setLogoutUrl

      public BasePac4jOidcClientProperties setLogoutUrl(String logoutUrl)
      Logout url used for this provider.
      Returns:
      this.

    • setUseNonce

      public BasePac4jOidcClientProperties setUseNonce(boolean useNonce)
      Whether an initial nonce should be to used initially for replay attack mitigation.
      Returns:
      this.

    • setDisablePkce

      public BasePac4jOidcClientProperties setDisablePkce(boolean disablePkce)
      Disable PKCE support for the provider.
      Returns:
      this.

    • setScope

      public BasePac4jOidcClientProperties setScope(String scope)
      Requested scope(s).
      Returns:
      this.

    • setPreferredJwsAlgorithm

      public BasePac4jOidcClientProperties setPreferredJwsAlgorithm(String preferredJwsAlgorithm)
      The JWS algorithm to use forcefully when validating ID tokens. If none is defined, the first algorithm from metadata will be used.
      Returns:
      this.

    • setMaxClockSkew

      public BasePac4jOidcClientProperties setMaxClockSkew(String maxClockSkew)
      Clock skew in order to account for drift, when validating id tokens.
      Returns:
      this.

    • setCustomParams

      public BasePac4jOidcClientProperties setCustomParams(Map<String,String> customParams)
      Custom parameters to send along in authZ requests, etc.
      Returns:
      this.

    • setResponseMode

      public BasePac4jOidcClientProperties setResponseMode(String responseMode)
      The response mode specifies how the result of the authorization request is formatted. For backward compatibility the default value is empty, which means the default pac4j (empty) response mode is used. Possible values includes "query", "fragment", "form_post", or "web_message"
      Returns:
      this.

    • setResponseType

      public BasePac4jOidcClientProperties setResponseType(String responseType)
      The response type tells the authorization server which grant to execute. For backward compatibility the default value is empty, which means the default pac4j ("code") response type is used. Possibles values includes "code", "token" or "id_token".
      Returns:
      this.

    • setConnectTimeout

      public BasePac4jOidcClientProperties setConnectTimeout(String connectTimeout)
      Read timeout of the OIDC client.
      Returns:
      this.

    • setReadTimeout

      public BasePac4jOidcClientProperties setReadTimeout(String readTimeout)
      Connect timeout of the OIDC client.
      Returns:
      this.

    • setExpireSessionWithToken

      public BasePac4jOidcClientProperties setExpireSessionWithToken(boolean expireSessionWithToken)
      Checks if sessions expire with token expiration.
      Returns:
      this.

    • setTokenExpirationAdvance

      public BasePac4jOidcClientProperties setTokenExpirationAdvance(String tokenExpirationAdvance)
      Default time period advance (in seconds) for considering an access token expired.
      Returns:
      this.

    • setMappedClaims

      public BasePac4jOidcClientProperties setMappedClaims(List<String> mappedClaims)
      List arbitrary mappings of claims when fetching user profiles. Uses a "directed list" where the allowed syntax would be claim->attribute.
      Returns:
      this.

    • setAllowUnsignedIdTokens

      public BasePac4jOidcClientProperties setAllowUnsignedIdTokens(boolean allowUnsignedIdTokens)
      Whether unsigned id tokens issued as plain JWTs are accepted.
      Returns:
      this.

    • setIncludeAccessTokenClaims

      public BasePac4jOidcClientProperties setIncludeAccessTokenClaims(boolean includeAccessTokenClaims)
      If enabled, try to process the access token as a JWT and include its claims in the profile. Only enable this if there is an agreement between the IdP and CAS about the format of the access token. If not, the token format could change at any time.
      Returns:
      this.

    • setClientAuthenticationMethod

      public BasePac4jOidcClientProperties setClientAuthenticationMethod(String clientAuthenticationMethod)
      The preferred client authentication method that will be chosen for token requests. If none is specified, one will be chosen somewhat randomly based on what the OIDC OP supports.
      Returns:
      this.

    • setSupportedClientAuthenticationMethods

      public BasePac4jOidcClientProperties setSupportedClientAuthenticationMethods(String supportedClientAuthenticationMethods)
      Control the list of supported client authentication methods that can be accepted and understood by this integration. Multiple methods may be specified and separated via a comma. Example might be client_secret_basic,client_secret_post,client_secret_jwt.
      Returns:
      this.