Package uk.ac.manchester.spinnaker.alloc
Class SpallocProperties.OpenIDProperties
java.lang.Object
uk.ac.manchester.spinnaker.alloc.SpallocProperties.OpenIDProperties
- Enclosing class:
- SpallocProperties
OpenID-related security properties. Required for allowing people to use
HBP/EBRAINS identities.
-
Constructor Summary
ConstructorsConstructorDescriptionOpenIDProperties
(boolean enable, Set<String> scopes, String registrationId, String id, String secret, String introspection, String userinfo, String auth, String authGrantType, String token, String jwkSet, String issuer, String redirect, String usernamePrefix, String truststoreType, Resource truststorePath, String truststorePassword) -
Method Summary
Modifier and TypeMethodDescriptiongetAuth()
getId()
The application installation identity.Location of the OpenID Opaque Token Introspection service.The registration ID of the client.The scopes desired.The application installation secret.getToken()
@NotNull String
How to unlock the truststore.@NotNull Resource
Where the truststore is.@NotNull String
What kind of truststore is it.Location of the OpenID User Information service.@NotNull String
Prefix for user names originating from OpenID auto-registration.boolean
isEnable()
Whether to enable OIDC authentication.
-
Constructor Details
-
OpenIDProperties
@ConstructorBinding public OpenIDProperties(@DefaultValue("false") boolean enable, Set<String> scopes, @DefaultValue("") String registrationId, @DefaultValue("") String id, @DefaultValue("") String secret, @DefaultValue("/") String introspection, @DefaultValue("/") String userinfo, @DefaultValue("/") String auth, @DefaultValue("") String authGrantType, @DefaultValue("/") String token, @DefaultValue("/") String jwkSet, @DefaultValue("/") String issuer, @DefaultValue("/") String redirect, @DefaultValue("openid.") String usernamePrefix, @DefaultValue("PKCS12") String truststoreType, @DefaultValue("classpath:/truststore.p12") Resource truststorePath, @DefaultValue("") String truststorePassword) - Parameters:
enable
- Whether to enable OIDC authentication. Required for allowing people to use HBP/EBRAINS identities.scopes
- The scopes desired. Referred to elsewhere in the configuration file.registrationId
- The ID of the registration of the client.id
- The application installation identity. Required for allowing people to use HBP/EBRAINS identities.secret
- The application installation secret. Required for allowing people to use HBP/EBRAINS identities.introspection
- Location of the OpenID Opaque Token Introspection service. Resolved with respect todomain
(if that is given and non-empty).userinfo
- Location of the OpenID User Info service. Resolved with respect todomain
(if that is given and non-empty).auth
- Location of the OpenID Authentication service.authGrantType
- The OpenID authorization grant type.token
- Location of the OpenID token service.jwkSet
- Location of the OpenID JWK Set service.issuer
- Location of the OpenID issuer service.redirect
- Location to redirect users back to after authentication.usernamePrefix
- Prefix for user names originating from OpenID auto-registration.truststoreType
- What kind of truststore is it.truststorePath
- Where the truststore is.truststorePassword
- How to unlock the truststore.
-
-
Method Details
-
isEnable
public boolean isEnable()Whether to enable OIDC authentication. Required for allowing people to use HBP/EBRAINS identities.- Returns:
- Whether to enable OIDC authentication.
-
getRegistrationId
The registration ID of the client.- Returns:
- The registration ID.
-
getId
The application installation identity. Required for allowing people to use HBP/EBRAINS identities.- Returns:
- The application installation identity.
-
getSecret
The application installation secret. Required for allowing people to use HBP/EBRAINS identities.- Returns:
- The application installation secret.
-
getIntrospection
Location of the OpenID Opaque Token Introspection service.- Returns:
- The Introspection location.
-
getUserinfo
Location of the OpenID User Information service.- Returns:
- The Userinfo location.
-
getUsernamePrefix
Prefix for user names originating from OpenID auto-registration. Not a good idea to modify this frequently!- Returns:
- Prefix for user names originating from OpenID auto-registration.
-
getScopes
The scopes desired. Referred to elsewhere in the configuration file.- Returns:
- The OpenID scopes.
-
getTruststoreType
What kind of truststore is it.- Returns:
- truststore type (default:
PKCS12
)
-
getTruststorePath
Where the truststore is.- Returns:
- truststore location
-
getTruststorePassword
How to unlock the truststore. This is not considered to be actually secret, but rather just a technical requirement of the truststore format.- Returns:
- password for truststore
-
getAuth
- Returns:
- the OIDC Authorization End-point URL.
-
getToken
- Returns:
- the OIDC Token End-point URL.
-
getJwkSet
- Returns:
- the OIDC JWK Set URL.
-
getIssuer
- Returns:
- The OIDC issuer URL.
-
getRedirect
- Returns:
- the redirect URL to return to.
-
getAuthGrantType
- Returns:
- the OIDC Authorization grant type.
-