keycloak-service
公開メンバ関数 | 静的公開変数類 | 非公開メンバ関数 | 静的非公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.protocol.oidc.OIDCWellKnownProvider クラス
org.keycloak.protocol.oidc.OIDCWellKnownProvider の継承関係図
Inheritance graph
org.keycloak.protocol.oidc.OIDCWellKnownProvider 連携図
Collaboration graph

公開メンバ関数

 OIDCWellKnownProvider (KeycloakSession session)
 
Object getConfig ()
 
void close ()
 

静的公開変数類

static final List< String > DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.none.toString(), Algorithm.RS256.toString())
 
static final List< String > DEFAULT_GRANT_TYPES_SUPPORTED = list(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.IMPLICIT, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD, OAuth2Constants.CLIENT_CREDENTIALS)
 
static final List< String > DEFAULT_RESPONSE_TYPES_SUPPORTED = list(OAuth2Constants.CODE, OIDCResponseType.NONE, OIDCResponseType.ID_TOKEN, OIDCResponseType.TOKEN, "id_token token", "code id_token", "code token", "code id_token token")
 
static final List< String > DEFAULT_SUBJECT_TYPES_SUPPORTED = list("public", "pairwise")
 
static final List< String > DEFAULT_RESPONSE_MODES_SUPPORTED = list("query", "fragment", "form_post")
 
static final List< String > DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.RS256.toString())
 
static final List< String > DEFAULT_CLAIMS_SUPPORTED = list("sub", "iss", IDToken.AUTH_TIME, IDToken.NAME, IDToken.GIVEN_NAME, IDToken.FAMILY_NAME, IDToken.PREFERRED_USERNAME, IDToken.EMAIL)
 
static final List< String > DEFAULT_CLAIM_TYPES_SUPPORTED = list("normal")
 
static final List< String > DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED = list(OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256)
 

非公開メンバ関数

List< String > getClientAuthMethodsSupported ()
 
List< String > getSupportedSigningAlgorithms (boolean includeNone)
 

静的非公開メンバ関数

static List< String > list (String... values)
 

非公開変数類

KeycloakSession session
 

詳解

著者
Stian Thorgersen

構築子と解体子

◆ OIDCWellKnownProvider()

org.keycloak.protocol.oidc.OIDCWellKnownProvider.OIDCWellKnownProvider ( KeycloakSession  session)
inline
71  {
72  this.session = session;
73  }
org.keycloak.protocol.oidc.OIDCWellKnownProvider.session
KeycloakSession session
Definition: OIDCWellKnownProvider.java:69

関数詳解

◆ close()

void org.keycloak.protocol.oidc.OIDCWellKnownProvider.close ( )
inline
132  {
133  }

◆ getClientAuthMethodsSupported()

List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.getClientAuthMethodsSupported ( )
inlineprivate
143  {
144  List<String> result = new LinkedList<>();
145 
146  List<ProviderFactory> providerFactories = session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class);
147  for (ProviderFactory factory : providerFactories) {
148  ClientAuthenticatorFactory clientAuthFactory = (ClientAuthenticatorFactory) factory;
149  result.addAll(clientAuthFactory.getProtocolAuthenticatorMethods(OIDCLoginProtocol.LOGIN_PROTOCOL));
150  }
151 
152  return result;
153  }
org.keycloak.protocol.oidc.OIDCWellKnownProvider.session
KeycloakSession session
Definition: OIDCWellKnownProvider.java:69

◆ getConfig()

Object org.keycloak.protocol.oidc.OIDCWellKnownProvider.getConfig ( )
inline

org.keycloak.wellknown.WellKnownProviderを実装しています。

76  {
77  UriInfo uriInfo = session.getContext().getUri();
78  RealmModel realm = session.getContext().getRealm();
79 
80  UriBuilder uriBuilder = RealmsResource.protocolUrl(uriInfo);
81 
82  OIDCConfigurationRepresentation config = new OIDCConfigurationRepresentation();
83  config.setIssuer(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
84  config.setAuthorizationEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "auth").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
85  config.setTokenEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "token").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
86  config.setTokenIntrospectionEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "token").path(TokenEndpoint.class, "introspect").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
87  config.setUserinfoEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "issueUserInfo").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
88  config.setLogoutEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "logout").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
89  config.setJwksUri(uriBuilder.clone().path(OIDCLoginProtocolService.class, "certs").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
90  config.setCheckSessionIframe(uriBuilder.clone().path(OIDCLoginProtocolService.class, "getLoginStatusIframe").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
91  config.setRegistrationEndpoint(RealmsResource.clientRegistrationUrl(uriInfo).path(ClientRegistrationService.class, "provider").build(realm.getName(), OIDCClientRegistrationProviderFactory.ID).toString());
92 
93  config.setIdTokenSigningAlgValuesSupported(getSupportedSigningAlgorithms(false));
94  config.setUserInfoSigningAlgValuesSupported(getSupportedSigningAlgorithms(true));
95  config.setRequestObjectSigningAlgValuesSupported(DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED);
96  config.setResponseTypesSupported(DEFAULT_RESPONSE_TYPES_SUPPORTED);
97  config.setSubjectTypesSupported(DEFAULT_SUBJECT_TYPES_SUPPORTED);
98  config.setResponseModesSupported(DEFAULT_RESPONSE_MODES_SUPPORTED);
99  config.setGrantTypesSupported(DEFAULT_GRANT_TYPES_SUPPORTED);
100 
101  config.setTokenEndpointAuthMethodsSupported(getClientAuthMethodsSupported());
102  config.setTokenEndpointAuthSigningAlgValuesSupported(DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED);
103 
104  config.setClaimsSupported(DEFAULT_CLAIMS_SUPPORTED);
105  config.setClaimTypesSupported(DEFAULT_CLAIM_TYPES_SUPPORTED);
106  config.setClaimsParameterSupported(false);
107 
108  List<ClientScopeModel> scopes = realm.getClientScopes();
109  List<String> scopeNames = new LinkedList<>();
110  for (ClientScopeModel clientScope : scopes) {
111  if (clientScope.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
112  scopeNames.add(clientScope.getName());
113  }
114  }
115  scopeNames.add(0, OAuth2Constants.SCOPE_OPENID);
116  config.setScopesSupported(scopeNames);
117 
118  config.setRequestParameterSupported(true);
119  config.setRequestUriParameterSupported(true);
120 
121  // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
122  config.setCodeChallengeMethodsSupported(DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED);
123 
124  // KEYCLOAK-6771 Certificate Bound Token
125  // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.2
126  config.setTlsClientCertificateBoundAccessTokens(true);
127 
128  return config;
129  }
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED
static final List< String > DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED
Definition: OIDCWellKnownProvider.java:59
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLAIM_TYPES_SUPPORTED
static final List< String > DEFAULT_CLAIM_TYPES_SUPPORTED
Definition: OIDCWellKnownProvider.java:64
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED
static final List< String > DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED
Definition: OIDCWellKnownProvider.java:49
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_GRANT_TYPES_SUPPORTED
static final List< String > DEFAULT_GRANT_TYPES_SUPPORTED
Definition: OIDCWellKnownProvider.java:51
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_RESPONSE_MODES_SUPPORTED
static final List< String > DEFAULT_RESPONSE_MODES_SUPPORTED
Definition: OIDCWellKnownProvider.java:57
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_SUBJECT_TYPES_SUPPORTED
static final List< String > DEFAULT_SUBJECT_TYPES_SUPPORTED
Definition: OIDCWellKnownProvider.java:55
org.keycloak.protocol.oidc.OIDCWellKnownProvider.getClientAuthMethodsSupported
List< String > getClientAuthMethodsSupported()
Definition: OIDCWellKnownProvider.java:143
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_RESPONSE_TYPES_SUPPORTED
static final List< String > DEFAULT_RESPONSE_TYPES_SUPPORTED
Definition: OIDCWellKnownProvider.java:53
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED
static final List< String > DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED
Definition: OIDCWellKnownProvider.java:67
org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLAIMS_SUPPORTED
static final List< String > DEFAULT_CLAIMS_SUPPORTED
Definition: OIDCWellKnownProvider.java:62
org.keycloak.protocol.oidc.OIDCWellKnownProvider.session
KeycloakSession session
Definition: OIDCWellKnownProvider.java:69
org.keycloak.protocol.oidc.OIDCWellKnownProvider.getSupportedSigningAlgorithms
List< String > getSupportedSigningAlgorithms(boolean includeNone)
Definition: OIDCWellKnownProvider.java:155

◆ getSupportedSigningAlgorithms()

List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.getSupportedSigningAlgorithms ( boolean  includeNone)
inlineprivate
155  {
156  List<String> result = new LinkedList<>();
157  for (ProviderFactory s : session.getKeycloakSessionFactory().getProviderFactories(SignatureProvider.class)) {
158  result.add(s.getId());
159  }
160  if (includeNone) {
161  result.add("none");
162  }
163  return result;
164  }
org.keycloak.protocol.oidc.OIDCWellKnownProvider.session
KeycloakSession session
Definition: OIDCWellKnownProvider.java:69

◆ list()

static List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.list ( String...  values)
inlinestaticprivate
135  {
136  List<String> s = new LinkedList<>();
137  for (String v : values) {
138  s.add(v);
139  }
140  return s;
141  }

メンバ詳解

◆ DEFAULT_CLAIM_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLAIM_TYPES_SUPPORTED = list("normal")
static

◆ DEFAULT_CLAIMS_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLAIMS_SUPPORTED = list("sub", "iss", IDToken.AUTH_TIME, IDToken.NAME, IDToken.GIVEN_NAME, IDToken.FAMILY_NAME, IDToken.PREFERRED_USERNAME, IDToken.EMAIL)
static

◆ DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.RS256.toString())
static

◆ DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED = list(OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256)
static

◆ DEFAULT_GRANT_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_GRANT_TYPES_SUPPORTED = list(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.IMPLICIT, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD, OAuth2Constants.CLIENT_CREDENTIALS)
static

◆ DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.none.toString(), Algorithm.RS256.toString())
static

◆ DEFAULT_RESPONSE_MODES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_RESPONSE_MODES_SUPPORTED = list("query", "fragment", "form_post")
static

◆ DEFAULT_RESPONSE_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_RESPONSE_TYPES_SUPPORTED = list(OAuth2Constants.CODE, OIDCResponseType.NONE, OIDCResponseType.ID_TOKEN, OIDCResponseType.TOKEN, "id_token token", "code id_token", "code token", "code id_token token")
static

◆ DEFAULT_SUBJECT_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_SUBJECT_TYPES_SUPPORTED = list("public", "pairwise")
static

◆ session

KeycloakSession org.keycloak.protocol.oidc.OIDCWellKnownProvider.session
private
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分18秒作成 - keycloak-service / 構成:   doxygen 1.8.13