org.openid4java.server

Class ServerManager

java.lang.Object

org.openid4java.server.ServerManager

public class ServerManager
extends Object

Manages OpenID communications with an OpenID Relying Party (Consumer).

Author:

Marius Scurtescu, Johnny Bufu

Constructor Summary

Constructors

Constructor and Description
ServerManager() Constructs a ServerManager with default settings.
ServerManager(RealmVerifierFactory factory)

Method Summary

Methods

Modifier and Type	Method and Description
Message	associationResponse(ParameterList requestParams) Processes a Association Request and returns a Association Response message, according to the request parameters and the preferences configured for the OpenID Provider
Message	authResponse(AuthRequest authReq, String userSelId, String userSelClaimed, boolean authenticatedAndApproved) Processes a Authentication Request received from a consumer site.
Message	authResponse(AuthRequest authReq, String userSelId, String userSelClaimed, boolean authenticatedAndApproved, boolean signNow) Processes a Authentication Request received from a consumer site.
Message	authResponse(AuthRequest auhtReq, String userSelId, String userSelClaimed, boolean authenticatedAndApproved, String opEndpoint) Processes a Authentication Request received from a consumer site.
Message	authResponse(AuthRequest authReq, String userSelId, String userSelClaimed, boolean authenticatedAndApproved, String opEndpoint, boolean signNow) Processes a Authentication Request received from a consumer site.
Message	authResponse(ParameterList requestParams, String userSelId, String userSelClaimed, boolean authenticatedAndApproved) Processes a Authentication Request received from a consumer site.
Message	authResponse(ParameterList requestParams, String userSelId, String userSelClaimed, boolean authenticatedAndApproved, boolean signNow) Processes a Authentication Request received from a consumer site.
Message	authResponse(ParameterList requestParams, String userSelId, String userSelClaimed, boolean authenticatedAndApproved, String opEndpoint) Processes a Authentication Request received from a consumer site.
Message	authResponse(ParameterList requestParams, String userSelId, String userSelClaimed, boolean authenticatedAndApproved, String opEndpoint, boolean signNow) Processes a Authentication Request received from a consumer site, after parsing the request parameters into a valid AuthRequest.
boolean	getEnforceRpId() Gets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.
int	getExpireIn() Gets the expiration time (in seconds) for the generated associations
AssociationSessionType	getMinAssocSessEnc() Gets the minimum level of encryption configured for association sessions.
NonceGenerator	getNonceGenerator() Gets the NonceGenerator used for generating nonce tokens to uniquely identify authentication responses.
String	getOPEndpointUrl() Gets OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.
AssociationSessionType	getPrefAssocSessEnc() Gets the preferred association / session type.
ServerAssociationStore	getPrivateAssociations() Gets the store implementation used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).
RealmVerifier	getRealmVerifier() Gets the RealmVerifier used to verify realms against return_to URLs.
ServerAssociationStore	getSharedAssociations() Gets the store implementation used for keeping track of the generated associations established with consumer sites.
String[]	getSignExtensions()
String	getSignFields() Gets the list of parameters that the OpenID Provider will sign when generating authentication responses.
String	getUserSetupUrl() Gets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.
void	setEnforceRpId(boolean enforceRpId) Sets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.
void	setExpireIn(int _expireIn) Sets the expiration time (in seconds) for the generated associations
void	setMinAssocSessEnc(AssociationSessionType minAssocSessEnc) Configures the minimum level of encryption accepted for association sessions.
void	setNonceGenerator(NonceGenerator nonceGenerator) Sets the NonceGenerator implementation that will be used to generate nonce tokens to uniquely identify authentication responses.
void	setOPEndpointUrl(String opEndpointUrl) Sets the OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.
void	setPrefAssocSessEnc(AssociationSessionType type) Sets the preferred association / session type.
void	setPrivateAssociations(ServerAssociationStore privateAssociations) Sets the store implementation that will be used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).
void	setRealmVerifier(RealmVerifier realmVerifier) Sets the RealmVerifier used to verify realms against return_to URLs.
void	setSharedAssociations(ServerAssociationStore sharedAssociations) Sets the store implementation that will be used for keeping track of the generated associations established with consumer sites.
void	setSignExtensions(String[] extensins)
void	setSignFields(String signFields) Sets the list of parameters that the OpenID Provider will sign when generating authentication responses.
void	setUserSetupUrl(String userSetupUrl) Sets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.
void	sign(AuthSuccess authSuccess) Signs an AuthSuccess message, using the association identified by the handle specified within the message.
Message	verify(ParameterList requestParams) Responds to a verification request from the consumer.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ServerManager

public ServerManager()

Constructs a ServerManager with default settings.

ServerManager

@Inject
public ServerManager(RealmVerifierFactory factory)

Method Detail

getSharedAssociations

public ServerAssociationStore getSharedAssociations()

Gets the store implementation used for keeping track of the generated associations established with consumer sites.

See Also:

ServerAssociationStore

setSharedAssociations

public void setSharedAssociations(ServerAssociationStore sharedAssociations)

Sets the store implementation that will be used for keeping track of the generated associations established with consumer sites.

Parameters:

sharedAssociations - ServerAssociationStore implementation

See Also:

ServerAssociationStore

getPrivateAssociations

public ServerAssociationStore getPrivateAssociations()

Gets the store implementation used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).

See Also:

ServerAssociationStore

setPrivateAssociations

public void setPrivateAssociations(ServerAssociationStore privateAssociations)

Sets the store implementation that will be used for keeping track of the generated private associations (used for signing responses to stateless consumer sites).

Parameters:

privateAssociations - ServerAssociationStore implementation

See Also:

ServerAssociationStore

getMinAssocSessEnc

public AssociationSessionType getMinAssocSessEnc()

Gets the minimum level of encryption configured for association sessions.

Default: no-encryption session, SHA1 MAC association

setMinAssocSessEnc

public void setMinAssocSessEnc(AssociationSessionType minAssocSessEnc)

Configures the minimum level of encryption accepted for association sessions.

Default: no-encryption session, SHA1 MAC association

getNonceGenerator

public NonceGenerator getNonceGenerator()

Gets the NonceGenerator used for generating nonce tokens to uniquely identify authentication responses.

See Also:

NonceGenerator

setNonceGenerator

public void setNonceGenerator(NonceGenerator nonceGenerator)

Sets the NonceGenerator implementation that will be used to generate nonce tokens to uniquely identify authentication responses.

See Also:

NonceGenerator

getPrefAssocSessEnc

public AssociationSessionType getPrefAssocSessEnc()

Gets the preferred association / session type.

setPrefAssocSessEnc

public void setPrefAssocSessEnc(AssociationSessionType type)
                         throws ServerException

Sets the preferred association / session type.

Throws:

ServerException

See Also:

AssociationSessionType

getExpireIn

public int getExpireIn()

Gets the expiration time (in seconds) for the generated associations

setExpireIn

public void setExpireIn(int _expireIn)

Sets the expiration time (in seconds) for the generated associations

getUserSetupUrl

public String getUserSetupUrl()

Gets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.

setUserSetupUrl

public void setUserSetupUrl(String userSetupUrl)

Sets the URL at the OpenID Provider where the user should be directed when a immediate authentication request fails.

getSignFields

public String getSignFields()

Gets the list of parameters that the OpenID Provider will sign when generating authentication responses.

Coma-separated list.

setSignFields

public void setSignFields(String signFields)

Sets the list of parameters that the OpenID Provider will sign when generating authentication responses.

The fields in the list must be coma-separated and must not include the 'openid.' prefix. Fields that are required to be signed are automatically added by the underlying logic, so that a valid message is generated, regardles if they are included in the user-supplied list or not.

getSignExtensions

public String[] getSignExtensions()

setSignExtensions

public void setSignExtensions(String[] extensins)

getRealmVerifier

public RealmVerifier getRealmVerifier()

Gets the RealmVerifier used to verify realms against return_to URLs.

setRealmVerifier

public void setRealmVerifier(RealmVerifier realmVerifier)

Sets the RealmVerifier used to verify realms against return_to URLs.

getEnforceRpId

public boolean getEnforceRpId()

Gets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.

setEnforceRpId

public void setEnforceRpId(boolean enforceRpId)

Sets the flag that instructs the realm verifier to enforce validation of the return URL agains the endpoints discovered from the RP's realm.

getOPEndpointUrl

public String getOPEndpointUrl()

Gets OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.

This is a global setting for the ServerManager; can also be set on a per message basis.

See Also:

authResponse(org.openid4java.message.ParameterList, String, String, boolean, String)

setOPEndpointUrl

public void setOPEndpointUrl(String opEndpointUrl)

Sets the OpenID Provider's endpoint URL, where it accepts OpenID authentication requests.

This is a global setting for the ServerManager; can also be set on a per message basis.

See Also:

authResponse(org.openid4java.message.ParameterList, String, String, boolean, String)

associationResponse

public Message associationResponse(ParameterList requestParams)

Processes a Association Request and returns a Association Response message, according to the request parameters and the preferences configured for the OpenID Provider

Returns:

AssociationResponse upon successfull association, or AssociationError if no association was established

authResponse

public Message authResponse(ParameterList requestParams,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved)

Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:

An signed positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.ParameterList, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest authReq,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved)

Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:

A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(ParameterList requestParams,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved,
                   boolean signNow)

Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:

A positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.ParameterList, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest authReq,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved,
                   boolean signNow)

Processes a Authentication Request received from a consumer site.

Uses ServerManager's global OpenID Provider endpoint URL.

Returns:

A positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(ParameterList requestParams,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved,
                   String opEndpoint)

Processes a Authentication Request received from a consumer site.

Returns:

A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.ParameterList, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest auhtReq,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved,
                   String opEndpoint)

Processes a Authentication Request received from a consumer site.

Returns:

A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(ParameterList requestParams,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved,
                   String opEndpoint,
                   boolean signNow)

Processes a Authentication Request received from a consumer site, after parsing the request parameters into a valid AuthRequest.

Returns:

A signed positive Authentication Response if successfull, or an IndirectError / DirectError message.

See Also:

authResponse(org.openid4java.message.AuthRequest, String, String, boolean, String, boolean)

authResponse

public Message authResponse(AuthRequest authReq,
                   String userSelId,
                   String userSelClaimed,
                   boolean authenticatedAndApproved,
                   String opEndpoint,
                   boolean signNow)

Processes a Authentication Request received from a consumer site.

Parameters:

opEndpoint - The endpoint URL where the OP accepts OpenID authentication requests.

authReq - A valid authentication request.

userSelId - OP-specific Identifier selected by the user at the OpenID Provider; if present it will override the one received in the authentication request.

userSelClaimed - Claimed Identifier selected by the user at the OpenID Provider; if present it will override the one received in the authentication request.

authenticatedAndApproved - Flag indicating that the OP has authenticated the user and the user has approved the authentication transaction

signNow - If true, the returned AuthSuccess will be signed. If false, the signature will not be computed and set - this will have to be performed later, using #sign(org.openid4java.message.Message).

Returns:

• AuthSuccess, if authenticatedAndApproved
• AuthFailure (negative response) if either of authenticatedAndApproved is false;
• A IndirectError or DirectError message if the authentication could not be performed, or
• Null if there was no return_to parameter specified in the AuthRequest.

sign

public void sign(AuthSuccess authSuccess)
          throws ServerException,
                 AssociationException

Signs an AuthSuccess message, using the association identified by the handle specified within the message.

Parameters:

authSuccess - The Authentication Success message to be signed.

Throws:

ServerException - If the Association corresponding to the handle in the @authSuccess cannot be retrieved from the store.

AssociationException - If the signature cannot be computed.

verify

public Message verify(ParameterList requestParams)

Responds to a verification request from the consumer.

Parameters:

requestParams - ParameterList containing the parameters received in a verification request from a consumer site.

Returns:

VerificationResponse to be sent back to the consumer site.