Package org.apereo.cas.services

Class PairwiseOidcRegisteredServiceUsernameAttributeProvider

java.lang.Object

org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

org.apereo.cas.services.PairwiseOidcRegisteredServiceUsernameAttributeProvider

All Implemented Interfaces:

Serializable, org.apereo.cas.services.RegisteredServiceUsernameAttributeProvider

public class PairwiseOidcRegisteredServiceUsernameAttributeProvider
extends org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

This is PairwiseOidcRegisteredServiceUsernameAttributeProvider. This provides a different sub value to each Client, so as not to enable Clients to correlate the End-User's activities without permission. When pairwise Subject Identifiers are used, the OpenID Provider MUST calculate a unique sub (subject) value for each Sector Identifier. The Subject Identifier value MUST NOT be reversible by any party other than the OpenID Provider.

If the client has not provided a value for sector_identifier_uri in dynamic client Registration, the sector identifier used for pairwise identifier calculation is the host component of the registered redirect_uri. If there are multiple host names in the registered redirect_uris, the Client MUST register a sector_identifier_uri. When a sector_identifier_uri is provided, the host component of that URL is used as the sector identifier for the pairwise identifier calculation. The value of the sector_identifier_uri MUST be a URL using the https scheme that points to a JSON file containing an array of redirect_uri values. The values of the registered redirect_uris MUST be included in the elements of the array.

Since:

5.2.0

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
PairwiseOidcRegisteredServiceUsernameAttributeProvider()

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
org.apereo.cas.authentication.principal.PersistentIdGenerator	getPersistentIdGenerator()
int	hashCode()
String	resolveUsernameInternal(org.apereo.cas.services.RegisteredServiceUsernameProviderContext context)
void	setPersistentIdGenerator(org.apereo.cas.authentication.principal.PersistentIdGenerator persistentIdGenerator)

Methods inherited from class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

getCanonicalizationMode, getRemovePattern, getScope, initialize, isEncryptUsername, resolveUsername, setCanonicalizationMode, setEncryptUsername, setRemovePattern, setScope

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PairwiseOidcRegisteredServiceUsernameAttributeProvider

public PairwiseOidcRegisteredServiceUsernameAttributeProvider()

Method Details

resolveUsernameInternal

public String resolveUsernameInternal(org.apereo.cas.services.RegisteredServiceUsernameProviderContext context)

getPersistentIdGenerator

public org.apereo.cas.authentication.principal.PersistentIdGenerator getPersistentIdGenerator()

equals

public boolean equals(Object o)

Overrides:

equals in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

hashCode

public int hashCode()

Overrides:

hashCode in class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider

setPersistentIdGenerator

public void setPersistentIdGenerator(org.apereo.cas.authentication.principal.PersistentIdGenerator persistentIdGenerator)