/** * Create an OpenID Auth Request, using the DiscoveryInformation object return by the openid4java * library. * * <p>This method also uses the Simple Registration Extension to grant the Relying Party (RP). * * @param discoveryInformation The DiscoveryInformation that should have been previously obtained * from a call to performDiscoveryOnUserSuppliedIdentifier(). * @param returnToUrl The URL to which the OP will redirect once the authentication call is * complete. * @return AuthRequest - A "good-to-go" AuthRequest object packed with all kinds of great OpenID * goodies for the OpenID Provider (OP). The caller must take this object and forward it on to * the OP. Or call processAuthRequest() - part of this Service Class. */ public static AuthRequest createOpenIdAuthRequest( DiscoveryInformation discoveryInformation, String returnToUrl) { AuthRequest ret = null; // try { // Create the AuthRequest object ret = getConsumerManager().authenticate(discoveryInformation, returnToUrl); // Create the Simple Registration Request SRegRequest sRegRequest = SRegRequest.createFetchRequest(); FetchRequest ax = FetchRequest.createFetchRequest(); // ax.addAttribute("http://www.w3.org/2006/vcard/ns#role",true); ax.addAttribute("label", "http://www.w3.org/2006/vcard/ns#role", true, 0); sRegRequest.addAttribute("email", false); sRegRequest.addAttribute("fullname", false); sRegRequest.addAttribute("dob", false); sRegRequest.addAttribute("postcode", false); ret.addExtension(sRegRequest); ret.addExtension(ax); } catch (Exception e) { String message = "Exception occurred while building AuthRequest object!"; log.error(message, e); throw new RuntimeException(message, e); } return ret; }
@SuppressWarnings("unchecked") private boolean prepareAndSendAuthRequest( HttpServletRequest request, HttpServletResponse response) throws IOException { // Figure out the service url String authType = request.getParameter(AUTH_TYPE); if (authType == null || authType.length() == 0) { authType = (String) request.getSession().getAttribute(AUTH_TYPE); } determineServiceUrl(authType); String openId = openIdServiceUrl; HttpSession session = request.getSession(true); if (openId != null) { session.setAttribute("openid", openId); List<DiscoveryInformation> discoveries; try { discoveries = openIdConsumerManager.discover(openId); } catch (DiscoveryException e) { throw new RuntimeException(e); } DiscoveryInformation discovered = openIdConsumerManager.associate(discoveries); session.setAttribute("discovery", discovered); try { AuthRequest authReq = openIdConsumerManager.authenticate(discovered, returnURL); // Add in required attributes authReq.addExtension(fetchRequest); String url = authReq.getDestinationUrl(true); response.sendRedirect(url); request.getSession().setAttribute("STATE", STATES.AUTH.name()); return false; } catch (Exception e) { throw new RuntimeException(e); } } return false; }
@Override public void sendRequest( ThemeDisplay themeDisplay, ActionRequest actionRequest, ActionResponse actionResponse) throws PortalException { HttpServletRequest request = PortalUtil.getHttpServletRequest(actionRequest); request = PortalUtil.getOriginalServletRequest(request); HttpServletResponse response = PortalUtil.getHttpServletResponse(actionResponse); HttpSession session = request.getSession(); LiferayPortletResponse liferayPortletResponse = PortalUtil.getLiferayPortletResponse(actionResponse); String openId = ParamUtil.getString(actionRequest, "openId"); PortletURL portletURL = liferayPortletResponse.createActionURL(); portletURL.setParameter(ActionRequest.ACTION_NAME, "/login/openid"); portletURL.setParameter("saveLastPath", Boolean.FALSE.toString()); portletURL.setParameter("mvcRenderCommandName", "/login/openid"); portletURL.setParameter(Constants.CMD, Constants.READ); try { List<DiscoveryInformation> discoveryInformationList = _consumerManager.discover(openId); DiscoveryInformation discoveryInformation = _consumerManager.associate(discoveryInformationList); session.setAttribute(OpenIdWebKeys.OPEN_ID_DISCO, discoveryInformation); AuthRequest authRequest = _consumerManager.authenticate( discoveryInformation, portletURL.toString(), themeDisplay.getPortalURL()); if (_userLocalService.fetchUserByOpenId(themeDisplay.getCompanyId(), openId) != null) { response.sendRedirect(authRequest.getDestinationUrl(true)); return; } String screenName = getScreenName(openId); User user = _userLocalService.fetchUserByScreenName(themeDisplay.getCompanyId(), screenName); if (user != null) { _userLocalService.updateOpenId(user.getUserId(), openId); response.sendRedirect(authRequest.getDestinationUrl(true)); return; } FetchRequest fetchRequest = FetchRequest.createFetchRequest(); OpenIdProvider openIdProvider = _openIdProviderRegistry.getOpenIdProvider(discoveryInformation.getOPEndpoint()); Map<String, String> openIdAXTypes = openIdProvider.getAxTypes(); for (String openIdAXType : openIdAXTypes.keySet()) { fetchRequest.addAttribute(openIdAXType, openIdAXTypes.get(openIdAXType), true); } authRequest.addExtension(fetchRequest); SRegRequest sRegRequest = SRegRequest.createFetchRequest(); sRegRequest.addAttribute(_OPEN_ID_SREG_ATTR_EMAIL, true); sRegRequest.addAttribute(_OPEN_ID_SREG_ATTR_FULLNAME, true); authRequest.addExtension(sRegRequest); response.sendRedirect(authRequest.getDestinationUrl(true)); } catch (ConsumerException ce) { throw new OpenIdServiceException.ConsumerException(ce.getMessage(), ce); } catch (DiscoveryException de) { throw new OpenIdServiceException.DiscoveryException(de.getMessage(), de); } catch (MessageException me) { throw new OpenIdServiceException.MessageException(me.getMessage(), me); } catch (IOException ioe) { throw new SystemException("Unable to communicate with OpenId provider", ioe); } }
/* * This method is called by the application when the user clicks on 'Sign In * with Intuit' button from the Login Page to get the OpenId. */ @RequestMapping(value = "/initialize.htm", method = RequestMethod.GET) public void initialize(final HttpServletRequest request, final HttpServletResponse response) throws IOException { LOG.info("### OpenIdController -> initialize() - started ###"); final List<DiscoveryInformation> discoveries = new ArrayList<DiscoveryInformation>(); final ConsumerManager manager = new ConsumerManager(); manager.setAssociations(new InMemoryConsumerAssociationStore()); manager.setNonceVerifier(new InMemoryNonceVerifier(5000)); manager.setMinAssocSessEnc(AssociationSessionType.DH_SHA256); DiscoveryInformation discovered = null; try { LOG.info("OpenID Provider URL = " + WebUtils.OPENID_PROVIDER_URL); discovered = new DiscoveryInformation(new URL(WebUtils.OPENID_PROVIDER_URL)); } catch (DiscoveryException e) { LOG.error(e.getLocalizedMessage()); } catch (MalformedURLException me) { LOG.error(me.getLocalizedMessage()); } discoveries.add(discovered); final DiscoveryInformation discoveryInfo = manager.associate(discoveries); request.getSession().setAttribute("openid-disc", discoveryInfo); final FetchRequest fetch = FetchRequest.createFetchRequest(); try { fetch.addAttribute("FirstName", "http://axschema.org/namePerson/first", true); fetch.addAttribute("LastName", "http://axschema.org/namePerson/last", true); fetch.addAttribute("Email", "http://axschema.org/contact/email", true); fetch.addAttribute("RealmId", "http://axschema.org/intuit/realmId", true); } catch (MessageException e) { LOG.error(e.getLocalizedMessage()); } fetch.setCount("Email", 3); AuthRequest authReq = null; LOG.info("openIdReturnUrl = " + WebUtils.OPENID_RETURN_URL); try { authReq = manager.authenticate(discoveryInfo, WebUtils.OPENID_RETURN_URL); authReq.addExtension(fetch); } catch (MessageException e) { LOG.error(e.getLocalizedMessage()); } catch (ConsumerException e) { LOG.error(e.getLocalizedMessage()); } final HttpSession session = request.getSession(); LOG.info("Session Id : " + session.getId()); session.setAttribute("consumerManager", manager); LOG.info("authReq.getDestinationUrl: " + authReq.getDestinationUrl(true)); LOG.info("### OpenIdController -> initialize() - completed ###"); response.sendRedirect(authReq.getDestinationUrl(true)); }
public void doStart( StaplerRequest request, StaplerResponse response, @QueryParameter String openid) throws IOException, ServletException { try { // determine a return_to URL where your application will receive // the authentication responses from the OpenID provider // YOU SHOULD CHANGE THIS TO GO TO THE String url = request.getRequestURL().toString(); String returnToUrl = url.substring(0, url.length() - 5 /*start*/) + "return"; // perform discovery on the user-supplied identifier List discoveries = manager.discover(openid); // attempt to associate with an OpenID provider // and retrieve one service endpoint for authentication discovered = manager.associate(discoveries); // store the discovery information in the user's session // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, returnToUrl); // Attribute Exchange example: fetching the 'email' attribute FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute( "email", // attribute alias "http://schema.openid.net/contact/email", // type URI true); // required // see http://code.google.com/apis/accounts/docs/OpenID.html fetch.addAttribute("ff", "http://axschema.org/namePerson/first", true); fetch.addAttribute("ll", "http://axschema.org/namePerson/last", true); // attach the extension to the authentication request authReq.addExtension(fetch); SRegRequest sregReq = SRegRequest.createFetchRequest(); sregReq.addAttribute("fullname", true); sregReq.addAttribute("nickname", true); sregReq.addAttribute("email", true); authReq.addExtension(sregReq); if (!discovered.isVersion2()) { // Option 1: GET HTTP-redirect to the OpenID Provider endpoint // The only method supported in OpenID 1.x // redirect-URL usually limited ~2048 bytes response.sendRedirect(authReq.getDestinationUrl(true)); } else { // Option 2: HTML FORM Redirection // Allows payloads > 2048 bytes // <FORM action="OpenID Provider's service endpoint"> // see samples/formredirection.jsp for a JSP example // authReq.getOPEndpoint(); // build a HTML FORM with the message parameters // authReq.getParameterMap(); RequestDispatcher d = request.getView(this, "formRedirect.jelly"); request.setAttribute("endpoint", authReq.getOPEndpoint()); request.setAttribute("parameters", authReq.getParameterMap()); d.forward(request, response); } } catch (OpenIDException e) { // present error to the user throw new Error(e); } }
/** * Authenticate an user with the provider * * @param adapter protocol adapter * @param providerInfo Information about a provider derived from discovery process * @return * @throws OpenIDDiscoveryException * @throws OpenIDConsumerException * @throws OpenIDMessageException * @throws OpenIDProtocolException */ @SuppressWarnings("unchecked") public boolean authenticate(OpenIDProtocolAdapter adapter, OpenIDProviderInformation providerInfo) throws OpenIDDiscoveryException, OpenIDConsumerException, OpenIDMessageException, OpenIDProtocolException { DiscoveryInformation discovered = providerInfo.get(); // obtain a AuthRequest message to be sent to the OpenID provider try { AuthRequest authReq = consumerManager.authenticate(discovered, adapter.getReturnURL()); // Attribute Exchange example: fetching the 'email' attribute FetchRequest fetch = FetchRequest.createFetchRequest(); SRegRequest sregReq = SRegRequest.createFetchRequest(); OpenIDAttributeMap amap = adapter.getAttributeMap(); if ("1".equals(amap.get("nickname"))) { // fetch.addAttribute("nickname", // "http://schema.openid.net/contact/nickname", false); sregReq.addAttribute("nickname", false); } if ("1".equals(amap.get("email"))) { fetch.addAttribute("email", OpenIDConstants.EMAIL.url(), false); sregReq.addAttribute("email", false); } if ("1".equals(amap.get("fullname"))) { fetch.addAttribute("fullname", OpenIDConstants.FULLNAME.url(), false); sregReq.addAttribute("fullname", false); } if ("1".equals(amap.get("dob"))) { fetch.addAttribute("dob", OpenIDConstants.DOB.url(), true); sregReq.addAttribute("dob", false); } if ("1".equals(amap.get("gender"))) { fetch.addAttribute("gender", OpenIDConstants.GENDER.url(), false); sregReq.addAttribute("gender", false); } if ("1".equals(amap.get("postcode"))) { fetch.addAttribute("postcode", OpenIDConstants.POSTCODE.url(), false); sregReq.addAttribute("postcode", false); } if ("1".equals(amap.get("country"))) { fetch.addAttribute("country", OpenIDConstants.COUNTRY.url(), false); sregReq.addAttribute("country", false); } if ("1".equals(amap.get("language"))) { fetch.addAttribute("language", OpenIDConstants.LANGUAGE.url(), false); sregReq.addAttribute("language", false); } if ("1".equals(amap.get("timezone"))) { fetch.addAttribute("timezone", OpenIDConstants.TIMEZONE.url(), false); sregReq.addAttribute("timezone", false); } // attach the extension to the authentication request if (!sregReq.getAttributes().isEmpty()) { authReq.addExtension(sregReq); } if (!discovered.isVersion2()) { // Option 1: GET HTTP-redirect to the OpenID Provider endpoint // The only method supported in OpenID 1.x // redirect-URL usually limited ~2048 bytes adapter.sendToProvider(1, authReq.getDestinationUrl(true), null); return true; } else { // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) adapter.sendToProvider(2, authReq.getDestinationUrl(false), authReq.getParameterMap()); } } catch (MessageException e) { throw new OpenIDMessageException(e); } catch (ConsumerException e) { throw new OpenIDConsumerException(e); } return false; }
// authentication request public String authRequest( String userSuppliedString, HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException, ServletException { if (OpenIDRealm.instance == null) { ServletOutputStream out = httpResp.getOutputStream(); httpResp.setContentType("text/html; charset=\"UTF-8\""); httpResp.addHeader("pragma", "no-cache"); httpResp.addHeader("Cache-Control", "no-cache"); httpResp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); out.print("<html><head>"); out.print("<title>OpenIDServlet Error</title>"); out.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>"); out.print("<body><div id=\"container\"><h1>Error found</h1>"); out.print("<h2>Message:"); out.print("OpenID realm wasn't initialized."); out.print("</h2>"); // out.print(HTTPUtils.printStackTraceHTML(t)); out.print("</div></body></html>"); return null; } try { String returnAfterAuthentication = httpReq.getParameter("return_to"); // configure the return_to URL where your application will receive // the authentication responses from the OpenID provider String returnToUrl = httpReq.getRequestURL().toString() + "?is_return=true&exist_return=" + returnAfterAuthentication; // perform discovery on the user-supplied identifier List<?> discoveries = manager.discover(userSuppliedString); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication DiscoveryInformation discovered = manager.associate(discoveries); // store the discovery information in the user's session httpReq.getSession().setAttribute("openid-disc", discovered); // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, returnToUrl); if (authReq.getOPEndpoint().indexOf("myopenid.com") > 0) { SRegRequest sregReq = SRegRequest.createFetchRequest(); sregReq.addAttribute(AXSchemaType.FULLNAME.name().toLowerCase(), true); sregReq.addAttribute(AXSchemaType.EMAIL.name().toLowerCase(), true); sregReq.addAttribute(AXSchemaType.COUNTRY.name().toLowerCase(), true); sregReq.addAttribute(AXSchemaType.LANGUAGE.name().toLowerCase(), true); authReq.addExtension(sregReq); } else { FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute( AXSchemaType.FIRSTNAME.getAlias(), AXSchemaType.FIRSTNAME.getNamespace(), true); fetch.addAttribute( AXSchemaType.LASTNAME.getAlias(), AXSchemaType.LASTNAME.getNamespace(), true); fetch.addAttribute(AXSchemaType.EMAIL.getAlias(), AXSchemaType.EMAIL.getNamespace(), true); fetch.addAttribute( AXSchemaType.COUNTRY.getAlias(), AXSchemaType.COUNTRY.getNamespace(), true); fetch.addAttribute( AXSchemaType.LANGUAGE.getAlias(), AXSchemaType.LANGUAGE.getNamespace(), true); // wants up to three email addresses fetch.setCount(AXSchemaType.EMAIL.getAlias(), 3); authReq.addExtension(fetch); } if (!discovered.isVersion2()) { // Option 1: GET HTTP-redirect to the OpenID Provider endpoint // The only method supported in OpenID 1.x // redirect-URL usually limited ~2048 bytes httpResp.sendRedirect(authReq.getDestinationUrl(true)); return null; } else { // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) Object OPEndpoint = authReq.getDestinationUrl(false); ServletOutputStream out = httpResp.getOutputStream(); httpResp.setContentType("text/html; charset=UTF-8"); httpResp.addHeader("pragma", "no-cache"); httpResp.addHeader("Cache-Control", "no-cache"); out.println("<html xmlns=\"http://www.w3.org/1999/xhtml\">"); out.println("<head>"); out.println(" <title>OpenID HTML FORM Redirection</title>"); out.println("</head>"); out.println("<body onload=\"document.forms['openid-form-redirection'].submit();\">"); out.println( " <form name=\"openid-form-redirection\" action=\"" + OPEndpoint + "\" method=\"post\" accept-charset=\"utf-8\">"); Map<String, String> parameterMap = authReq.getParameterMap(); for (Entry<String, String> entry : parameterMap.entrySet()) { out.println( " <input type=\"hidden\" name=\"" + entry.getKey() + "\" value=\"" + entry.getValue() + "\"/>"); } out.println(" <button type=\"submit\">Continue...</button>"); out.println(" </form>"); out.println("</body>"); out.println("</html>"); out.flush(); } } catch (OpenIDException e) { // present error to the user LOG.debug("OpenIDException", e); ServletOutputStream out = httpResp.getOutputStream(); httpResp.setContentType("text/html; charset=\"UTF-8\""); httpResp.addHeader("pragma", "no-cache"); httpResp.addHeader("Cache-Control", "no-cache"); httpResp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); out.print("<html><head>"); out.print("<title>OpenIDServlet Error</title>"); out.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>"); out.print("<body><div id=\"container\"><h1>Error found</h1>"); out.print("<h2>Message:"); out.print(e.getMessage()); out.print("</h2>"); Throwable t = e.getCause(); if (t != null) { // t can be null out.print(HTTPUtils.printStackTraceHTML(t)); } out.print("</div></body></html>"); } return null; }
protected void sendOpenIdRequest( ThemeDisplay themeDisplay, ActionRequest actionRequest, ActionResponse actionResponse) throws Exception { HttpServletRequest request = PortalUtil.getHttpServletRequest(actionRequest); HttpServletResponse response = PortalUtil.getHttpServletResponse(actionResponse); HttpSession session = request.getSession(); LiferayPortletResponse liferayPortletResponse = PortalUtil.getLiferayPortletResponse(actionResponse); String openId = ParamUtil.getString(actionRequest, "openId"); PortletURL portletURL = liferayPortletResponse.createActionURL(); portletURL.setParameter("saveLastPath", Boolean.FALSE.toString()); portletURL.setParameter(Constants.CMD, Constants.READ); portletURL.setParameter("struts_action", "/login/open_id"); List<DiscoveryInformation> discoveryInformationList = _consumerManager.discover(openId); DiscoveryInformation discoveryInformation = _consumerManager.associate(discoveryInformationList); session.setAttribute(OpenIdWebKeys.OPEN_ID_DISCO, discoveryInformation); AuthRequest authRequest = _consumerManager.authenticate( discoveryInformation, portletURL.toString(), themeDisplay.getPortalURL()); if (_userLocalService.fetchUserByOpenId(themeDisplay.getCompanyId(), openId) != null) { response.sendRedirect(authRequest.getDestinationUrl(true)); return; } String screenName = getScreenName(openId); User user = _userLocalService.fetchUserByScreenName(themeDisplay.getCompanyId(), screenName); if (user != null) { _userLocalService.updateOpenId(user.getUserId(), openId); response.sendRedirect(authRequest.getDestinationUrl(true)); return; } FetchRequest fetchRequest = FetchRequest.createFetchRequest(); OpenIdProvider openIdProvider = _openIdProviderRegistry.getOpenIdProvider(discoveryInformation.getOPEndpoint()); Map<String, String> openIdAXTypes = openIdProvider.getAxTypes(); for (String openIdAXType : openIdAXTypes.keySet()) { fetchRequest.addAttribute(openIdAXType, openIdAXTypes.get(openIdAXType), true); } authRequest.addExtension(fetchRequest); SRegRequest sRegRequest = SRegRequest.createFetchRequest(); sRegRequest.addAttribute(_OPEN_ID_SREG_ATTR_EMAIL, true); sRegRequest.addAttribute(_OPEN_ID_SREG_ATTR_FULLNAME, true); authRequest.addExtension(sRegRequest); response.sendRedirect(authRequest.getDestinationUrl(true)); }
@SuppressWarnings("rawtypes") protected void processOpenID( HttpServletRequest request, HttpServletResponse response, String provider, String returnURL, boolean isRegister) { HttpSession session = request.getSession(); session.setAttribute(SA_REGISTRATION, isRegister); session.setAttribute(SA_OPENID_PROVIDER, provider); if (returnURL == null || returnURL.isEmpty()) { returnURL = "/ui/admin"; } session.setAttribute(SA_RETURN_URL, returnURL); if (provider == null || provider.isEmpty()) { provider = DEFAULT_PROVIDER; } log.info("Authentication request for " + provider + (isRegister ? " (registration)" : "")); String responseURL = uriInfo.getBaseUri().toString() + "system/security/response"; try { // perform discovery on the user-supplied identifier List discoveries = manager.discover(provider); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication DiscoveryInformation discovered = manager.associate(discoveries); // store the discovery information in the user's session request.getSession().setAttribute(SA_OPENID_DISC, discovered); // obtain a AuthRequest message to be sent to the OpenID provider AuthRequest authReq = manager.authenticate(discovered, responseURL); if (isRegister) { // Attribute Exchange example: fetching the 'email' attribute FetchRequest fetch = FetchRequest.createFetchRequest(); if (provider.contains("google.com")) { // fetch.addAttribute(AP_EMAIL, "http://axschema.org/contact/email", // false); fetch.addAttribute(AP_FIRST_NAME, "http://axschema.org/namePerson/first", true); fetch.addAttribute(AP_LAST_NAME, "http://axschema.org/namePerson/last", true); } else if (provider.contains("yahoo.com")) { // fetch.addAttribute(AP_EMAIL, "http://axschema.org/contact/email", // false); fetch.addAttribute(AP_FULL_NAME, "http://axschema.org/namePerson", true); } else { // works for myOpenID // fetch.addAttribute(AP_EMAIL, // "http://schema.openid.net/contact/email", false); fetch.addAttribute(AP_FULL_NAME, "http://schema.openid.net/namePerson", true); } // attach the extension to the authentication request authReq.addExtension(fetch); } // For version2 endpoints can do a form-redirect but this is easier, // Relies on payload being less ~ 2k, currently ~ 800 bytes response.sendRedirect(authReq.getDestinationUrl(true)); } catch (Exception e) { throw new WebApplicationException(e); } }