Class MSEntraJWTSSOProvider
- java.lang.Object
-
- org.apache.syncope.core.spring.security.MSEntraJWTSSOProvider
-
- All Implemented Interfaces:
com.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>,com.nimbusds.jose.JOSEProvider,com.nimbusds.jose.JWSProvider,com.nimbusds.jose.JWSVerifier,JWTSSOProvider
public class MSEntraJWTSSOProvider extends Object implements JWTSSOProvider
JWT authorisation for access tokens issued by Microsoft Entra (formerly Azure) for Microsoft Entra-only applications (v1.0 tokens) cf. https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens
-
-
Field Summary
Fields Modifier and Type Field Description protected StringappIdprotected AuthDataAccessorauthDataAccessorprotected StringauthUsernameprotected DurationclockSkewprotected StringtenantIdprotected UserDAOuserDAOprotected MSEntraAccessTokenJWSVerifierverifier
-
Constructor Summary
Constructors Constructor Description MSEntraJWTSSOProvider(UserDAO userDAO, AuthDataAccessor authDataAccessor, String tenantId, String appId, String authUsername, Duration clockSkew, MSEntraAccessTokenJWSVerifier verifier)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetIssuer()Gives the identifier for the JWT issuer verified by this instance.com.nimbusds.jose.jca.JCAContextgetJCAContext()Pair<User,Set<SyncopeGrantedAuthority>>resolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims)Attempts to resolve the given JWT claims into internalUserand authorities.Set<com.nimbusds.jose.JWSAlgorithm>supportedJWSAlgorithms()booleanverify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature)
-
-
-
Field Detail
-
userDAO
protected final UserDAO userDAO
-
authDataAccessor
protected final AuthDataAccessor authDataAccessor
-
tenantId
protected final String tenantId
-
appId
protected final String appId
-
authUsername
protected final String authUsername
-
clockSkew
protected final Duration clockSkew
-
verifier
protected final MSEntraAccessTokenJWSVerifier verifier
-
-
Constructor Detail
-
MSEntraJWTSSOProvider
public MSEntraJWTSSOProvider(UserDAO userDAO, AuthDataAccessor authDataAccessor, String tenantId, String appId, String authUsername, Duration clockSkew, MSEntraAccessTokenJWSVerifier verifier)
-
-
Method Detail
-
getIssuer
public String getIssuer()
Description copied from interface:JWTSSOProviderGives the identifier for the JWT issuer verified by this instance.- Specified by:
getIssuerin interfaceJWTSSOProvider- Returns:
- identifier for the JWT issuer verified by this instance
-
supportedJWSAlgorithms
public Set<com.nimbusds.jose.JWSAlgorithm> supportedJWSAlgorithms()
- Specified by:
supportedJWSAlgorithmsin interfacecom.nimbusds.jose.JWSProvider
-
getJCAContext
public com.nimbusds.jose.jca.JCAContext getJCAContext()
- Specified by:
getJCAContextin interfacecom.nimbusds.jose.jca.JCAAware<com.nimbusds.jose.jca.JCAContext>
-
verify
public boolean verify(com.nimbusds.jose.JWSHeader header, byte[] signingInput, com.nimbusds.jose.util.Base64URL signature) throws com.nimbusds.jose.JOSEException- Specified by:
verifyin interfacecom.nimbusds.jose.JWSVerifier- Throws:
com.nimbusds.jose.JOSEException
-
resolve
@Transactional(readOnly=true) public Pair<User,Set<SyncopeGrantedAuthority>> resolve(com.nimbusds.jwt.JWTClaimsSet jwtClaims)
Description copied from interface:JWTSSOProviderAttempts to resolve the given JWT claims into internalUserand authorities. IMPORTANT: this is not invoked for theadminsuper-user.- Specified by:
resolvein interfaceJWTSSOProvider- Parameters:
jwtClaims- JWT claims- Returns:
- internal User, with authorities, matching the provided JWT claims, if found; otherwise null
-
-