Package org.apereo.cas.services

Class PairwiseOidcRegisteredServiceUsernameAttributeProvider

java.lang.Object
org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider
org.apereo.cas.services.PairwiseOidcRegisteredServiceUsernameAttributeProvider
All Implemented Interfaces:
Serializable, org.apereo.cas.services.RegisteredServiceUsernameAttributeProvider
public class PairwiseOidcRegisteredServiceUsernameAttributeProvider extends org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider
This is PairwiseOidcRegisteredServiceUsernameAttributeProvider. This provides a different sub value to each Client, so as not to enable Clients to correlate the End-User's activities without permission. When pairwise Subject Identifiers are used, the OpenID Provider MUST calculate a unique sub (subject) value for each Sector Identifier. The Subject Identifier value MUST NOT be reversible by any party other than the OpenID Provider.

If the client has not provided a value for sector_identifier_uri in dynamic client Registration, the sector identifier used for pairwise identifier calculation is the host component of the registered redirect_uri. If there are multiple host names in the registered redirect_uris, the Client MUST register a sector_identifier_uri. When a sector_identifier_uri is provided, the host component of that URL is used as the sector identifier for the pairwise identifier calculation. The value of the sector_identifier_uri MUST be a URL using the https scheme that points to a JSON file containing an array of redirect_uri values. The values of the registered redirect_uris MUST be included in the elements of the array.

Since:
5.2.0
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    PairwiseOidcRegisteredServiceUsernameAttributeProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    resolveUsernameInternal(org.apereo.cas.authentication.principal.Principal principal, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.services.RegisteredService registeredService)
     

    Methods inherited from class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

    canEqual, encryptResolvedUsername, equals, getCanonicalizationMode, getRemovePattern, getScope, hashCode, initialize, isEncryptUsername, removePatternFromUsernameIfNecessary, resolveUsername, scopeUsernameIfNecessary, setCanonicalizationMode, setEncryptUsername, setRemovePattern, setScope

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • PairwiseOidcRegisteredServiceUsernameAttributeProvider

      public PairwiseOidcRegisteredServiceUsernameAttributeProvider()

  • Method Details

    • resolveUsernameInternal

      public String resolveUsernameInternal(org.apereo.cas.authentication.principal.Principal principal, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.services.RegisteredService registeredService)
      Specified by:
      resolveUsernameInternal in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider