Package org.logevents.util.openid
Class OpenIdConfiguration
- java.lang.Object
-
- org.logevents.util.openid.OpenIdConfiguration
-
public class OpenIdConfiguration extends Object
Supports any standards compliant OpenID Connect provider as identity provider forLogEventsServlet
.To set up authorization with Azure Active Directory
This description assumes that you are member of an organization that uses Active Directory, but that you only want some users to have access to the LogEventsServlet.- Go to the Azure portal and log in with your organization account
- Click "Create a resource" and enter "active directory" to create a new directory. You can name the directory what you want.
- You have to wait a little while for the directory to be created, then click the funnel + book icon to switch to your new directory
- Select "Azure Active Directory" from the menu in your new directory to go to directory management
- Select "App Registration" and "New registration" to create your application
- In the application configuration, you need to find the Application (client) ID, generate a new client secret (under Certificates and secrets) and setup your redirect URI (under Authentication) and use this to configure
WebLogEventObserver
- Set
observer.servlet.openIdIssuer=https://login.microsoftonline.com/{tenantId}/v2.0/
- In the Azure Active Directory menu, you can select "Users" and add a guest user from your organization to add to your limited Active Directory (this feature of Active Directory is known as B2B)
- In the Azure Active Directory menu, you can select "Enterprise Applications" to limited the users that can access the logging application
To set up authorization with Google
- Go to Google API Console
- From the "Select a project" dropdown, click "New project"
- Select "Credentials" from the left menu, click "Create credentials" and select "OAuth client ID"
- Select "Web application" as the type of application and enter the Redirect URI where you would access your
LogEventsServlet
+ "/oauth2callback" (e.g.https://myserver.com/myapp/logs/oauth2callback
- Copy the Client ID and Client secret to your
observer.servlet.clientId
andobserver.servlet.clientSecret
- Set
observer.servlet.openIdIssuer=https://accounts.google.com
-
Important: Your log console is currently open to anyone with a Google Account,
ie. everyone. You have to restrict it with e.g.
observer.servlet.requiredClaim.email_verified=true
andobserver.servlet.requiredClaim.email=alice@example.com, bob@example.com
-
-
Constructor Summary
Constructors Constructor Description OpenIdConfiguration(String openIdIssuer, String clientId, String clientSecret)
OpenIdConfiguration(Configuration configuration)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addRequiredClaim(String claimName, List<String> acceptedValues)
Map<String,String>
createTokenRequestPayload(String code, String defaultRedirectUri)
Map<String,Object>
fetchIdToken(String code, String fallbackRedirectUri)
Complete the login process by fetching ID token from the Identity provider.protected String
getAuthorizationEndpoint()
String
getAuthorizationUrl(String state, String fallbackRedirectUri)
Generate a URL to start the login flow with OpenID Connect.String
getScopes()
protected URL
getTokenEndpoint()
boolean
isAuthorizedToken(Map<String,Object> idToken)
protected Map<String,Object>
postTokenRequest(Map<String,String> formPayload)
static String
randomString(int length)
String
toString()
-
-
-
Constructor Detail
-
OpenIdConfiguration
public OpenIdConfiguration(Configuration configuration)
-
-
Method Detail
-
randomString
public static String randomString(int length)
-
getScopes
public String getScopes()
-
getAuthorizationUrl
public String getAuthorizationUrl(String state, String fallbackRedirectUri) throws IOException
Generate a URL to start the login flow with OpenID Connect. Redirect the web browser to this URL to start the login process.- Throws:
IOException
-
getAuthorizationEndpoint
protected String getAuthorizationEndpoint() throws IOException
- Throws:
IOException
-
fetchIdToken
public Map<String,Object> fetchIdToken(String code, String fallbackRedirectUri) throws IOException
Complete the login process by fetching ID token from the Identity provider. Call this when the web browser returns to theredirect_uri
in your app with the code query parameter.- Throws:
IOException
-
postTokenRequest
protected Map<String,Object> postTokenRequest(Map<String,String> formPayload) throws IOException
- Throws:
IOException
-
createTokenRequestPayload
public Map<String,String> createTokenRequestPayload(String code, String defaultRedirectUri)
-
getTokenEndpoint
protected URL getTokenEndpoint() throws IOException
- Throws:
IOException
-
-