diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java index 603548a7d1f..697f3780a02 100644 --- a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java @@ -31,6 +31,7 @@ public abstract class AbstractXOAuthIdentityProviderDefinition scopes; private String issuer; + private String responseType = "code"; public URL getAuthUrl() { return authUrl; @@ -130,4 +131,13 @@ public T setIssuer(String issuer) { this.issuer = issuer; return (T) this; } + + public String getResponseType() { + return responseType; + } + + public T setResponseType(String responseType) { + this.responseType = responseType; + return (T) this; + } } diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java index 24c9e9d1e8f..43da58fb09c 100644 --- a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java @@ -18,7 +18,6 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; @@ -27,7 +26,6 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import org.cloudfoundry.identity.uaa.util.JsonUtils; -import org.cloudfoundry.identity.uaa.util.ObjectUtils; import org.springframework.util.StringUtils; import javax.validation.constraints.NotNull; @@ -138,7 +136,7 @@ public IdentityProvider setConfig(T config) { this.type = UAA; } else if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(clazz)) { this.type = OAUTH20; - } else if (XOIDCIdentityProviderDefinition.class.isAssignableFrom(clazz)) { + } else if (OIDCIdentityProviderDefinition.class.isAssignableFrom(clazz)) { this.type = OIDC10; } else if (LdapIdentityProviderDefinition.class.isAssignableFrom(clazz)) { this.type = LDAP; @@ -340,7 +338,7 @@ public IdentityProvider deserialize(JsonParser jp, DeserializationContext ctxt) definition = JsonUtils.readValue(config, RawXOAuthIdentityProviderDefinition.class); break; case OIDC10: - definition = JsonUtils.readValue(config, XOIDCIdentityProviderDefinition.class); + definition = JsonUtils.readValue(config, OIDCIdentityProviderDefinition.class); break; case UAA: definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class); diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOIDCIdentityProviderDefinition.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/OIDCIdentityProviderDefinition.java similarity index 81% rename from model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOIDCIdentityProviderDefinition.java rename to model/src/main/java/org/cloudfoundry/identity/uaa/provider/OIDCIdentityProviderDefinition.java index bb906554aab..4a03bda6f3e 100644 --- a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOIDCIdentityProviderDefinition.java +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/OIDCIdentityProviderDefinition.java @@ -14,7 +14,7 @@ import java.net.URL; -public class XOIDCIdentityProviderDefinition extends AbstractXOAuthIdentityProviderDefinition { +public class OIDCIdentityProviderDefinition extends AbstractXOAuthIdentityProviderDefinition { private URL userInfoUrl; @@ -22,7 +22,7 @@ public URL getUserInfoUrl() { return userInfoUrl; } - public XOIDCIdentityProviderDefinition setUserInfoUrl(URL userInfoUrl) { + public OIDCIdentityProviderDefinition setUserInfoUrl(URL userInfoUrl) { this.userInfoUrl = userInfoUrl; return this; } diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java index 8d1901ee842..828942e232f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java @@ -25,7 +25,7 @@ import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.LdapUtils; @@ -78,7 +78,7 @@ private void addOauthProviders() { IdentityProvider provider = new IdentityProvider(); if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) { provider.setType(OriginKeys.OAUTH20); - } else if(XOIDCIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) { + } else if(OIDCIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) { provider.setType(OriginKeys.OIDC10); } else { throw new IllegalArgumentException("Unknown provider type."); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java index eddd4062b3f..d89da92d29e 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java @@ -196,7 +196,7 @@ public IdentityProvider mapRow(ResultSet rs, int rowNum) throws SQLException { definition = JsonUtils.readValue(config, RawXOAuthIdentityProviderDefinition.class); break; case OriginKeys.OIDC10 : - definition = JsonUtils.readValue(config, XOIDCIdentityProviderDefinition.class); + definition = JsonUtils.readValue(config, OIDCIdentityProviderDefinition.class); break; case OriginKeys.UAA : definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIdentityProviderDefinitionFactoryBean.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIdentityProviderDefinitionFactoryBean.java index 943953edb86..d69b23adf48 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIdentityProviderDefinitionFactoryBean.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIdentityProviderDefinitionFactoryBean.java @@ -1,8 +1,20 @@ +/******************************************************************************* + * Cloud Foundry + * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. + * + * This product is licensed to you under the Apache License, Version 2.0 (the "License"). + * You may not use this product except in compliance with the License. + * + * This product includes a number of subcomponents with + * separate copyright notices and license terms. Your use of these + * subcomponents is subject to the terms and conditions of the + * subcomponent's license, as noted in the LICENSE file. + *******************************************************************************/ package org.cloudfoundry.identity.uaa.provider.oauth; import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; import java.net.MalformedURLException; import java.net.URL; @@ -13,6 +25,7 @@ import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OAUTH20; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OIDC10; import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS; +import static org.springframework.util.StringUtils.hasText; public class OauthIdentityProviderDefinitionFactoryBean { private Map oauthIdpDefinitions = new HashMap<>(); @@ -30,7 +43,7 @@ public OauthIdentityProviderDefinitionFactoryBean(Map definitions) oauthIdpDefinitions.put(alias, oauthIdentityProviderDefinition); } else if(OIDC10.equalsIgnoreCase(type)) { - XOIDCIdentityProviderDefinition oidcIdentityProviderDefinition = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition oidcIdentityProviderDefinition = new OIDCIdentityProviderDefinition(); setCommonProperties(idpDefinitionMap, oidcIdentityProviderDefinition); oidcIdentityProviderDefinition.setUserInfoUrl(idpDefinitionMap.get("userInfoUrl") == null ? null : new URL((String) idpDefinitionMap.get("userInfoUrl"))); oauthIdpDefinitions.put(alias, oidcIdentityProviderDefinition); @@ -57,6 +70,10 @@ private void setCommonProperties(Map idpDefinitionMap, AbstractXOAuthIdentityPro idpDefinition.setIssuer((String) idpDefinitionMap.get("issuer")); idpDefinition.setAttributeMappings((Map) idpDefinitionMap.get(ATTRIBUTE_MAPPINGS)); idpDefinition.setScopes((List) idpDefinitionMap.get("scopes")); + String responseType = (String) idpDefinitionMap.get("responseType"); + if (hasText(responseType)) { + idpDefinition.setResponseType(responseType); + } try { idpDefinition.setAuthUrl(new URL((String)idpDefinitionMap.get("authUrl"))); idpDefinition.setTokenKeyUrl(idpDefinitionMap.get("tokenKeyUrl") == null ? null : new URL((String)idpDefinitionMap.get("tokenKeyUrl"))); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java index e2d47e4b0d1..58c553a7898 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java @@ -26,7 +26,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserPrototype; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -280,7 +280,7 @@ public RestTemplate getRestTemplate(AbstractXOAuthIdentityProviderDefinition con private String getResponseType(AbstractXOAuthIdentityProviderDefinition config) { if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(config.getClass())) { return "token"; - } else if (XOIDCIdentityProviderDefinition.class.isAssignableFrom(config.getClass())) { + } else if (OIDCIdentityProviderDefinition.class.isAssignableFrom(config.getClass())) { return "id_token"; } else { throw new IllegalArgumentException("Unknown type for provider."); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java index 5b7d5f47536..467bbb2f45e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java @@ -27,7 +27,7 @@ import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.util.PredicateMatcher; @@ -244,8 +244,9 @@ public void testRemovedKeystoneBootstrapIsInactive() throws Exception { public void testRemovedOAuthIdentityProviderIsInactive() throws Exception { AbstractXOAuthIdentityProviderDefinition oauthProvider = new RawXOAuthIdentityProviderDefinition(); setCommonProperties(oauthProvider); - AbstractXOAuthIdentityProviderDefinition oidcProvider = new XOIDCIdentityProviderDefinition(); + AbstractXOAuthIdentityProviderDefinition oidcProvider = new OIDCIdentityProviderDefinition(); setCommonProperties(oidcProvider); + oidcProvider.setResponseType("code id_token"); IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); HashMap oauthProviderConfig = new HashMap<>(); @@ -262,6 +263,11 @@ public void testRemovedOAuthIdentityProviderIsInactive() throws Exception { assertNotNull(bootstrapOauthProvider.getLastModified()); assertEquals(provider.getKey(), bootstrapOauthProvider.getType()); assertTrue(bootstrapOauthProvider.isActive()); + if (OIDC10.equals(provider.getKey())) { + assertEquals("code id_token", bootstrapOauthProvider.getConfig().getResponseType()); + } else { + assertEquals("code", bootstrapOauthProvider.getConfig().getResponseType()); + } } bootstrap.setOauthIdpDefinitions(null); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java index 6f6d9bf8440..6fe26e07526 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java @@ -11,7 +11,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.ldap.ExtendedLdapUserDetails; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; @@ -208,7 +208,7 @@ public void acceptInvitePage_for_unverifiedOIDCUser() throws Exception { when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name())); when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name())); - XOIDCIdentityProviderDefinition definition = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition(); definition.setAuthUrl(new URL("https://oidc10.auth.url")); IdentityProvider provider = new IdentityProvider(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java index 5163a58baab..750e6dfa1fd 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java @@ -25,7 +25,7 @@ import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken; import org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -655,7 +655,7 @@ public void we_return_both_oauth_and_oidc_providers() throws Exception { RawXOAuthIdentityProviderDefinition oauthDefinition = new RawXOAuthIdentityProviderDefinition() .setAuthUrl(new URL("http://auth.url")) .setTokenUrl(new URL("http://token.url")); - XOIDCIdentityProviderDefinition oidcDefinition = new XOIDCIdentityProviderDefinition() + OIDCIdentityProviderDefinition oidcDefinition = new OIDCIdentityProviderDefinition() .setAuthUrl(new URL("http://auth.url")) .setTokenUrl(new URL("http://token.url")); @@ -739,7 +739,7 @@ private IdentityProvider createOIDCIdentityProvider(String originKey) throws Mal IdentityProvider oidcIdentityProvider= new IdentityProvider<>(); oidcIdentityProvider.setOriginKey(originKey); oidcIdentityProvider.setType(OriginKeys.OIDC10); - oidcIdentityProvider.setConfig(new XOIDCIdentityProviderDefinition()); + oidcIdentityProvider.setConfig(new OIDCIdentityProviderDefinition()); return oidcIdentityProvider; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerTest.java index b243fe96dc5..60754f1baf1 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerTest.java @@ -29,7 +29,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; import org.cloudfoundry.identity.uaa.provider.JdbcIdentityProviderProvisioning; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; @@ -111,7 +111,7 @@ public class XOAuthAuthenticationManagerTest { private IdentityProvider identityProvider; private Map claims; private HashMap attributeMappings; - private XOIDCIdentityProviderDefinition config; + private OIDCIdentityProviderDefinition config; private String rsaSigningKey; private RsaSigner signer; private Map header; @@ -174,7 +174,7 @@ public void setUp() throws Exception { attributeMappings = new HashMap<>(); - config = new XOIDCIdentityProviderDefinition() + config = new OIDCIdentityProviderDefinition() .setAuthUrl(new URL("http://oidc10.identity.cf-app.com/oauth/authorize")) .setTokenUrl(new URL("http://oidc10.identity.cf-app.com/oauth/token")) .setShowLinkText(true) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java index 08dcaf57a17..9d4cf8b1ee6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java @@ -2,7 +2,7 @@ import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.IdentityProviderConfigValidator; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.junit.Before; import org.junit.Test; @@ -15,7 +15,7 @@ public class XOAuthIdentityProviderConfigValidatorTest { @Before public void setup() throws MalformedURLException { - definition = new XOIDCIdentityProviderDefinition(); + definition = new OIDCIdentityProviderDefinition(); definition.setAuthUrl(new URL("http://oidc10.identity.cf-app.com/oauth/authorize")); definition.setTokenUrl(new URL("http://oidc10.identity.cf-app.com/oauth/token")); definition.setTokenKeyUrl(new URL("http://oidc10.identity.cf-app.com/token_key")); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java index 242171f1590..4e0cb117591 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java @@ -22,7 +22,7 @@ import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.test.UaaTestAccounts; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.hamcrest.Matchers; @@ -220,7 +220,7 @@ private void createOIDCProviderWithRequestedScopes(String issuer, final String u IdentityProvider identityProvider = new IdentityProvider<>(); identityProvider.setName("my oidc provider"); identityProvider.setIdentityZoneId(OriginKeys.UAA); - XOIDCIdentityProviderDefinition config = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition config = new OIDCIdentityProviderDefinition(); config.addAttributeMapping(USER_NAME_ATTRIBUTE_NAME, "user_name"); config.setAuthUrl(new URL(urlBase + "/oauth/authorize")); config.setTokenUrl(new URL(urlBase + "/oauth/token")); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java index 813da25815f..605c7702d2d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java @@ -23,7 +23,7 @@ import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.resources.SearchResults; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember; @@ -736,7 +736,7 @@ public static IdentityProvider createOidcIdentityProvider(String name, String or IdentityProvider identityProvider = new IdentityProvider<>(); identityProvider.setName(name); identityProvider.setIdentityZoneId(OriginKeys.UAA); - XOIDCIdentityProviderDefinition config = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition config = new OIDCIdentityProviderDefinition(); config.addAttributeMapping(USER_NAME_ATTRIBUTE_NAME, "user_name"); config.setAuthUrl(new URL("https://oidc10.identity.cf-app.com/oauth/authorize")); config.setTokenUrl(new URL("https://oidc10.identity.cf-app.com/oauth/token")); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index d6355244cc5..42a5cba7aaf 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -368,6 +368,23 @@ public void testPropertyValuesWhenSetInYaml() throws Exception { assertTrue(uaaIdp.getConfig().isDisableInternalUserManagement()); assertFalse(uaaIdp.isActive()); + IdentityProvider oidcProvider = idpProvisioning.retrieveByOrigin("my-oidc-provider", IdentityZone.getUaa().getId()); + assertNotNull(oidcProvider); + assertEquals("http://my-auth.com", oidcProvider.getConfig().getAuthUrl().toString()); + assertEquals("http://my-token.com", oidcProvider.getConfig().getTokenUrl().toString()); + assertNull(oidcProvider.getConfig().getIssuer()); + assertEquals("my-token-key", oidcProvider.getConfig().getTokenKey()); + assertEquals(true, oidcProvider.getConfig().isShowLinkText()); + assertEquals("uaa", oidcProvider.getConfig().getRelyingPartyId()); + assertEquals("secret", oidcProvider.getConfig().getRelyingPartySecret()); + assertEquals("my-oidc-provider", oidcProvider.getOriginKey()); + assertEquals("first_name", oidcProvider.getConfig().getAttributeMappings().get(GIVEN_NAME_ATTRIBUTE_NAME)); + assertEquals("last_name", oidcProvider.getConfig().getAttributeMappings().get(FAMILY_NAME_ATTRIBUTE_NAME)); + assertTrue(oidcProvider.getConfig().isAddShadowUserOnLogin()); + assertEquals(OIDC10, oidcProvider.getType()); + assertEquals(Collections.singletonList("requested_scope"), oidcProvider.getConfig().getScopes()); + assertEquals("code id_token", oidcProvider.getConfig().getResponseType()); + IdentityProvider oauthProvider = idpProvisioning.retrieveByOrigin("my-oauth-provider", IdentityZone.getUaa().getId()); assertNotNull(oauthProvider); assertEquals("http://my-auth.com", oauthProvider.getConfig().getAuthUrl().toString()); @@ -384,22 +401,7 @@ public void testPropertyValuesWhenSetInYaml() throws Exception { assertEquals(OAUTH20, oauthProvider.getType()); assertEquals(Collections.singletonList("requested_scope"), oauthProvider.getConfig().getScopes()); assertEquals(Collections.singletonList("example.com"), oauthProvider.getConfig().getEmailDomain()); - - IdentityProvider oidcProvider = idpProvisioning.retrieveByOrigin("my-oidc-provider", IdentityZone.getUaa().getId()); - assertNotNull(oidcProvider); - assertEquals("http://my-auth.com", oidcProvider.getConfig().getAuthUrl().toString()); - assertEquals("http://my-token.com", oidcProvider.getConfig().getTokenUrl().toString()); - assertNull(oidcProvider.getConfig().getIssuer()); - assertEquals("my-token-key", oidcProvider.getConfig().getTokenKey()); - assertEquals(true, oidcProvider.getConfig().isShowLinkText()); - assertEquals("uaa", oidcProvider.getConfig().getRelyingPartyId()); - assertEquals("secret", oidcProvider.getConfig().getRelyingPartySecret()); - assertEquals("my-oidc-provider", oidcProvider.getOriginKey()); - assertEquals("first_name", oidcProvider.getConfig().getAttributeMappings().get(GIVEN_NAME_ATTRIBUTE_NAME)); - assertEquals("last_name", oidcProvider.getConfig().getAttributeMappings().get(FAMILY_NAME_ATTRIBUTE_NAME)); - assertTrue(oidcProvider.getConfig().isAddShadowUserOnLogin()); - assertEquals(OIDC10, oidcProvider.getType()); - assertEquals(Collections.singletonList("requested_scope"), oauthProvider.getConfig().getScopes()); + assertEquals("code", oauthProvider.getConfig().getResponseType()); IdentityZoneResolvingFilter filter = context.getBean(IdentityZoneResolvingFilter.class); assertThat(filter.getDefaultZoneHostnames(), containsInAnyOrder(uaa, login, "localhost", "host1.domain.com", "host2", "test3.localhost", "test4.localhost")); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java index 69b1a407717..86126949544 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java @@ -27,7 +27,7 @@ import org.cloudfoundry.identity.uaa.provider.LockoutPolicy; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfiguratorTests; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; @@ -1146,7 +1146,7 @@ public void xOAuthRedirect_onlyOneProvider_noClientContext() throws Exception { IdentityZone identityZone = identityZoneCreationResult.getIdentityZone(); String zoneAdminToken = identityZoneCreationResult.getZoneAdminToken(); - XOIDCIdentityProviderDefinition definition = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition(); definition.setAuthUrl(new URL("http://auth.url")); definition.setTokenUrl(new URL("http://token.url")); @@ -1157,7 +1157,7 @@ public void xOAuthRedirect_onlyOneProvider_noClientContext() throws Exception { definition.setScopes(asList("openid", "roles")); String oauthAlias = "login-oauth-" + generator.generate(); - IdentityProvider oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa"); + IdentityProvider oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa"); oauthIdentityProvider.setConfig(definition); oauthIdentityProvider.setActive(true); @@ -1188,7 +1188,7 @@ public void testLoginHintRedirect() throws Exception { String zoneAdminToken = identityZoneCreationResult.getZoneAdminToken(); - XOIDCIdentityProviderDefinition definition = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition(); definition.setAuthUrl(new URL("http://auth.url")); definition.setTokenUrl(new URL("http://token.url")); @@ -1199,7 +1199,7 @@ public void testLoginHintRedirect() throws Exception { definition.setScopes(asList("openid", "roles")); String oauthAlias = "login-oauth-" + generator.generate(); - IdentityProvider oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa"); + IdentityProvider oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa"); oauthIdentityProvider.setConfig(definition); oauthIdentityProvider.setActive(true); oauthIdentityProvider.getConfig().setEmailDomain(singletonList("example.com")); @@ -1253,7 +1253,7 @@ public void noRedirect_ifProvidersOfDifferentTypesPresent() throws Exception { activeIdentityProvider.setOriginKey(alias); activeIdentityProvider = MockMvcUtils.createIdpUsingWebRequest(getMockMvc(), identityZone.getId(), zoneAdminToken, activeIdentityProvider, status().isCreated()); - XOIDCIdentityProviderDefinition definition = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition(); definition.setAuthUrl(new URL("http://auth.url")); definition.setTokenUrl(new URL("http://token.url")); @@ -1263,7 +1263,7 @@ public void noRedirect_ifProvidersOfDifferentTypesPresent() throws Exception { definition.setShowLinkText(false); String oauthAlias = "login-oauth-" + generator.generate(); - IdentityProvider oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa"); + IdentityProvider oauthIdentityProvider = MultitenancyFixture.identityProvider(oauthAlias, "uaa"); oauthIdentityProvider.setConfig(definition); oauthIdentityProvider.setActive(true); @@ -1968,7 +1968,7 @@ public void idpDiscoveryRedirectsToOIDCProvider() throws Exception { createOtherIdentityZone(zone.getSubdomain(), getMockMvc(), getWebApplicationContext()); String originKey = generator.generate(); - AbstractXOAuthIdentityProviderDefinition definition = new XOIDCIdentityProviderDefinition(); + AbstractXOAuthIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition(); definition.setEmailDomain(asList("test.org")); definition.setAuthUrl(new URL("http://myauthurl.com")); definition.setTokenKey("key"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java index c67779b9f4a..c842e26aa48 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java @@ -24,7 +24,7 @@ import org.cloudfoundry.identity.uaa.provider.PasswordPolicy; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfiguratorTests; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.test.TestApplicationEventListener; @@ -563,7 +563,7 @@ private IdentityProvider getOAuthProvi IdentityProvider identityProvider = new IdentityProvider<>(); identityProvider.setName("my oidc provider"); identityProvider.setIdentityZoneId(OriginKeys.UAA); - XOIDCIdentityProviderDefinition config = new XOIDCIdentityProviderDefinition(); + OIDCIdentityProviderDefinition config = new OIDCIdentityProviderDefinition(); config.addAttributeMapping(USER_NAME_ATTRIBUTE_NAME, "user_name"); config.setAuthUrl(new URL("http://oidc10.identity.cf-app.com/oauth/authorize")); config.setTokenUrl(new URL("http://oidc10.identity.cf-app.com/oauth/token")); diff --git a/uaa/src/test/resources/test/bootstrap/bootstrap-test.yml b/uaa/src/test/resources/test/bootstrap/bootstrap-test.yml index 7dd256deb0b..3f88cec15af 100644 --- a/uaa/src/test/resources/test/bootstrap/bootstrap-test.yml +++ b/uaa/src/test/resources/test/bootstrap/bootstrap-test.yml @@ -63,6 +63,7 @@ login: showLinkText: true relyingPartyId: uaa relyingPartySecret: secret + responseType: code id_token attributeMappings: given_name: first_name family_name: last_name