org.apereo.cas.services

Class PairwiseOidcRegisteredServiceUsernameAttributeProvider

java.lang.Object

org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

org.apereo.cas.services.PairwiseOidcRegisteredServiceUsernameAttributeProvider

All Implemented Interfaces:

java.io.Serializable, org.apereo.cas.services.RegisteredServiceUsernameAttributeProvider

public class PairwiseOidcRegisteredServiceUsernameAttributeProvider
extends org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

This is PairwiseOidcRegisteredServiceUsernameAttributeProvider. This provides a different sub value to each Client, so as not to enable Clients to correlate the End-User's activities without permission. When pairwise Subject Identifiers are used, the OpenID Provider MUST calculate a unique sub (subject) value for each Sector Identifier. The Subject Identifier value MUST NOT be reversible by any party other than the OpenID Provider.

If the client has not provided a value for sector_identifier_uri in dynamic client Registration, the sector identifier used for pairwise identifier calculation is the host component of the registered redirect_uri. If there are multiple host names in the registered redirect_uris, the Client MUST register a sector_identifier_uri. When a sector_identifier_uri is provided, the host component of that URL is used as the sector identifier for the pairwise identifier calculation. The value of the sector_identifier_uri MUST be a URL using the https scheme that points to a JSON file containing an array of redirect_uri values. The values of the registered redirect_uris MUST be included in the elements of the array.

Since:

5.2.0

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
PairwiseOidcRegisteredServiceUsernameAttributeProvider()

Method Summary

Modifier and Type	Method and Description
boolean	equals(java.lang.Object obj)
int	hashCode()
java.lang.String	resolveUsernameInternal(org.apereo.cas.authentication.principal.Principal principal, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.services.RegisteredService registeredService)

Methods inherited from class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

encryptResolvedUsername, getCanonicalizationMode, initialize, isEncryptUsername, resolveUsername, setCanonicalizationMode, setEncryptUsername

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PairwiseOidcRegisteredServiceUsernameAttributeProvider

public PairwiseOidcRegisteredServiceUsernameAttributeProvider()

Method Detail

resolveUsernameInternal

public java.lang.String resolveUsernameInternal(org.apereo.cas.authentication.principal.Principal principal,
                                                org.apereo.cas.authentication.principal.Service service,
                                                org.apereo.cas.services.RegisteredService registeredService)

Specified by:

resolveUsernameInternal in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

equals

public boolean equals(java.lang.Object obj)

Overrides:

equals in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

hashCode

public int hashCode()

Overrides:

hashCode in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider