Package org.apereo.cas.services

Class PairwiseOidcRegisteredServiceUsernameAttributeProvider

  • All Implemented Interfaces:
    java.io.Serializable, org.apereo.cas.services.RegisteredServiceUsernameAttributeProvider
    public class PairwiseOidcRegisteredServiceUsernameAttributeProvider
extends org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider
    This is PairwiseOidcRegisteredServiceUsernameAttributeProvider. This provides a different sub value to each Client, so as not to enable Clients to correlate the End-User's activities without permission. When pairwise Subject Identifiers are used, the OpenID Provider MUST calculate a unique sub (subject) value for each Sector Identifier. The Subject Identifier value MUST NOT be reversible by any party other than the OpenID Provider.

    If the client has not provided a value for sector_identifier_uri in dynamic client Registration, the sector identifier used for pairwise identifier calculation is the host component of the registered redirect_uri. If there are multiple host names in the registered redirect_uris, the Client MUST register a sector_identifier_uri. When a sector_identifier_uri is provided, the host component of that URL is used as the sector identifier for the pairwise identifier calculation. The value of the sector_identifier_uri MUST be a URL using the https scheme that points to a JSON file containing an array of redirect_uri values. The values of the registered redirect_uris MUST be included in the elements of the array.

    Since:
    5.2.0
    See Also:
    Serialized Form

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String resolveUsernameInternal​(org.apereo.cas.authentication.principal.Principal principal, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.services.RegisteredService registeredService)  

      • Methods inherited from class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

        canEqual, encryptResolvedUsername, equals, getCanonicalizationMode, hashCode, initialize, isEncryptUsername, resolveUsername, setCanonicalizationMode, setEncryptUsername

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • PairwiseOidcRegisteredServiceUsernameAttributeProvider

        public PairwiseOidcRegisteredServiceUsernameAttributeProvider()

    • Method Detail

      • resolveUsernameInternal

        public java.lang.String resolveUsernameInternal​(org.apereo.cas.authentication.principal.Principal principal,
                                                org.apereo.cas.authentication.principal.Service service,
                                                org.apereo.cas.services.RegisteredService registeredService)
        Specified by:
        resolveUsernameInternal in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider