Package uk.ac.manchester.spinnaker.alloc

Class SpallocProperties.OpenIDProperties

java.lang.Object
uk.ac.manchester.spinnaker.alloc.SpallocProperties.OpenIDProperties
Enclosing class:
SpallocProperties
public static class SpallocProperties.OpenIDProperties
extends Object
OpenID-related security properties. Required for allowing people to use HBP/EBRAINS identities.

  • Constructor Details

    • OpenIDProperties

      public OpenIDProperties​(@DefaultValue("false") boolean enable, Set<String> scopes, @DefaultValue("") String registrationId, @DefaultValue("") String id, @DefaultValue("") String secret, @DefaultValue("/") String introspection, @DefaultValue("/") String userinfo, @DefaultValue("/") String auth, @DefaultValue("") String authGrantType, @DefaultValue("/") String token, @DefaultValue("/") String jwkSet, @DefaultValue("/") String issuer, @DefaultValue("/") String redirect, @DefaultValue("openid.") String usernamePrefix, @DefaultValue("PKCS12") String truststoreType, @DefaultValue("classpath:/truststore.p12") Resource truststorePath, @DefaultValue("") String truststorePassword)
      Parameters:
      enable - Whether to enable OIDC authentication. Required for allowing people to use HBP/EBRAINS identities.
      scopes - The scopes desired. Referred to elsewhere in the configuration file.
      registrationId - The ID of the registration of the client.
      id - The application installation identity. Required for allowing people to use HBP/EBRAINS identities.
      secret - The application installation secret. Required for allowing people to use HBP/EBRAINS identities.
      introspection - Location of the OpenID Opaque Token Introspection service. Resolved with respect to domain (if that is given and non-empty).
      userinfo - Location of the OpenID User Info service. Resolved with respect to domain (if that is given and non-empty).
      auth - Location of the OpenID Authentication service.
      authGrantType - The OpenID authorization grant type.
      token - Location of the OpenID token service.
      jwkSet - Location of the OpenID JWK Set service.
      issuer - Location of the OpenID issuer service.
      redirect - Location to redirect users back to after authentication.
      usernamePrefix - Prefix for user names originating from OpenID auto-registration.
      truststoreType - What kind of truststore is it.
      truststorePath - Where the truststore is.
      truststorePassword - How to unlock the truststore.

  • Method Details

    • isEnable

      public boolean isEnable()
      Whether to enable OIDC authentication. Required for allowing people to use HBP/EBRAINS identities.
      Returns:
      Whether to enable OIDC authentication.

    • getRegistrationId

      public String getRegistrationId()
      The registration ID of the client.
      Returns:
      The registration ID.

    • getId

      public String getId()
      The application installation identity. Required for allowing people to use HBP/EBRAINS identities.
      Returns:
      The application installation identity.

    • getSecret

      public String getSecret()
      The application installation secret. Required for allowing people to use HBP/EBRAINS identities.
      Returns:
      The application installation secret.

    • getIntrospection

      public String getIntrospection()
      Location of the OpenID Opaque Token Introspection service.
      Returns:
      The Introspection location.

    • getUserinfo

      public String getUserinfo()
      Location of the OpenID User Information service.
      Returns:
      The Userinfo location.

    • getUsernamePrefix

      @NotNull public @NotNull String getUsernamePrefix()
      Prefix for user names originating from OpenID auto-registration. Not a good idea to modify this frequently!
      Returns:
      Prefix for user names originating from OpenID auto-registration.

    • getScopes

      @NotEmpty public @NotEmpty Set<String> getScopes()
      The scopes desired. Referred to elsewhere in the configuration file.
      Returns:
      The OpenID scopes.

    • getTruststoreType

      @NotNull public @NotNull String getTruststoreType()
      What kind of truststore is it.
      Returns:
      truststore type (default: PKCS12)

    • getTruststorePath

      @NotNull public @NotNull Resource getTruststorePath()
      Where the truststore is.
      Returns:
      truststore location

    • getTruststorePassword

      @NotNull public @NotNull String getTruststorePassword()
      How to unlock the truststore. This is not considered to be actually secret, but rather just a technical requirement of the truststore format.
      Returns:
      password for truststore

    • getAuth

      public String getAuth()
      Returns:
      the OIDC Authorization End-point URL.

    • getToken

      public String getToken()
      Returns:
      the OIDC Token End-point URL.

    • getJwkSet

      public String getJwkSet()
      Returns:
      the OIDC JWK Set URL.

    • getIssuer

      public String getIssuer()
      Returns:
      The OIDC issuer URL.

    • getRedirect

      public String getRedirect()
      Returns:
      the redirect URL to return to.

    • getAuthGrantType

      public AuthorizationGrantType getAuthGrantType()
      Returns:
      the OIDC Authorization grant type.