org.apereo.cas.support.openid.authentication.principal

Class OpenIdServiceResponseBuilder

java.lang.Object

org.apereo.cas.authentication.principal.AbstractWebApplicationServiceResponseBuilder

org.apereo.cas.support.openid.authentication.principal.OpenIdServiceResponseBuilder

All Implemented Interfaces:

java.io.Serializable, org.apereo.cas.authentication.principal.ResponseBuilder<org.apereo.cas.authentication.principal.WebApplicationService>

public class OpenIdServiceResponseBuilder
extends org.apereo.cas.authentication.principal.AbstractWebApplicationServiceResponseBuilder

Builds responses to Openid authN requests.

Since:

4.2

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
OpenIdServiceResponseBuilder(org.openid4java.message.ParameterList parameterList, java.lang.String openIdPrefixUrl) Instantiates a new Open id service response builder.

Method Summary

Modifier and Type	Method and Description
org.apereo.cas.authentication.principal.Response	build(org.apereo.cas.authentication.principal.WebApplicationService webApplicationService, java.lang.String ticketId) Generates an Openid response.
protected org.apereo.cas.authentication.principal.Response	buildAuthenticationResponse(org.openid4java.server.ServerManager serverManager, OpenIdService service, java.util.Map<java.lang.String,java.lang.String> parameters, boolean associated, boolean successFullAuthentication, java.lang.String id) We sign directly (final 'true') because we don't add extensions response message can be either a DirectError or an AuthSuccess here.
protected java.lang.String	determineIdentity(OpenIdService service, org.apereo.cas.validation.Assertion assertion) Determine identity.
protected org.openid4java.association.Association	getAssociation(org.openid4java.server.ServerManager serverManager) Gets association.
protected boolean	isAssociationValid(org.openid4java.association.Association association) Is association valid.

Methods inherited from class org.apereo.cas.authentication.principal.AbstractWebApplicationServiceResponseBuilder

buildPost, buildRedirect

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenIdServiceResponseBuilder

public OpenIdServiceResponseBuilder(org.openid4java.message.ParameterList parameterList,
                                    java.lang.String openIdPrefixUrl)

Instantiates a new Open id service response builder.

Parameters:

parameterList - the parameter list

openIdPrefixUrl - the open id prefix url

Method Detail

build

public org.apereo.cas.authentication.principal.Response build(org.apereo.cas.authentication.principal.WebApplicationService webApplicationService,
                                                              java.lang.String ticketId)

Generates an Openid response. If no ticketId is found, response is negative. If we have a ticket id, then we check if we have an association. If so, we ask OpenId server manager to generate the answer according with the existing association. If not, we send back an answer with the ticket id as association handle. This will force the consumer to ask a verification, which will validate the service ticket.

Parameters:

ticketId - the service ticket to provide to the service.

webApplicationService - the service requesting an openid response

Returns:

the generated authentication answer

determineIdentity

protected java.lang.String determineIdentity(OpenIdService service,
                                             org.apereo.cas.validation.Assertion assertion)

Determine identity.

Parameters:

service - the service

assertion - the assertion

Returns:

the string

buildAuthenticationResponse

protected org.apereo.cas.authentication.principal.Response buildAuthenticationResponse(org.openid4java.server.ServerManager serverManager,
                                                                                       OpenIdService service,
                                                                                       java.util.Map<java.lang.String,java.lang.String> parameters,
                                                                                       boolean associated,
                                                                                       boolean successFullAuthentication,
                                                                                       java.lang.String id)

We sign directly (final 'true') because we don't add extensions response message can be either a DirectError or an AuthSuccess here. Note: The association handle returned in the Response is either the 'public' created in a previous association, or is a 'private' handle created specifically for the verification step when in non-association mode

Parameters:

serverManager - the server manager

service - the service

parameters - the parameters

associated - the associated

successFullAuthentication - the success full authentication

id - the id

Returns:

response response

getAssociation

protected org.openid4java.association.Association getAssociation(org.openid4java.server.ServerManager serverManager)

Gets association.

Parameters:

serverManager - the server manager

Returns:

the association

isAssociationValid

protected boolean isAssociationValid(org.openid4java.association.Association association)

Is association valid.

Parameters:

association - the association

Returns:

true/false