public class AzureAdClient extends OidcClient<AzureAdProfile>
OidcClient
for authenticating againt Microsoft Azure AD. Microsoft Azure
AD provides authentication for multiple tenants, or, when the tenant is not known prior to
authentication, the speciall common-tenant. For a specific tenant, the following discovery URI
must be used:
https://login.microsoftonline.com/tenantid/.well-known/openid-configuration
or
https://login.microsoftonline.com/tenantid/v2.0/.well-known/openid-configuration
for
Azure AD v2.0. Replace tenantid
with the ID of the tenant to authenticate against. To
find this ID, fill in your tenant's domain name. Your tenant ID is the UUID in
authorization_endpoint
.
For authentication against an unknown (or dynamic tenant), use common
as ID.
Authentication against the common endpoint results in a ID token with a issuer
different
from the issuer
mentioned in the discovery data. This class uses to special validator
to correctly validate the issuer returned by Azure AD.
More information at: https://msdn.microsoft.com/en-us/library/azure/dn645541.aspxATTEMPTED_AUTHENTICATION_SUFFIX, callbackUrl, callbackUrlResolver
logger
Constructor and Description |
---|
AzureAdClient() |
AzureAdClient(String clientId,
String secret,
String discoveryURI) |
Modifier and Type | Method and Description |
---|---|
protected AzureAdProfile |
createProfile()
Create the appropriate profile type.
|
protected com.nimbusds.jose.util.ResourceRetriever |
createResourceRetriever() |
protected com.nimbusds.openid.connect.sdk.validators.IDTokenValidator |
createRSATokenValidator(com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
com.nimbusds.oauth2.sdk.id.ClientID clientID) |
addCustomParam, buildTokenRequest, buildUserInfoRequest, createHMACTokenValidator, getAuthParams, getClientAuthentication, getClientAuthenticationMethod, getClientID, getConnectTimeout, getCustomParams, getDiscoveryURI, getIdTokenValidator, getMaxClockSkew, getPreferredJwsAlgorithm, getProviderMetadata, getReadTimeout, getRedirectURI, getScope, getSecret, internalInit, isUseNonce, retrieveCredentials, retrieveRedirectAction, retrieveUserProfile, setClientAuthenticationMethod, setClientID, setConnectTimeout, setCustomParams, setDiscoveryURI, setMaxClockSkew, setPreferredJwsAlgorithm, setReadTimeout, setScope, setSecret, setUseNonce
computeFinalCallbackUrl, getAjaxRequestResolver, getCallbackUrl, getCallbackUrlResolver, getCredentials, getRedirectAction, getStateParameter, isIncludeClientNameInCallbackUrl, redirect, setAjaxRequestResolver, setCallbackUrl, setCallbackUrlResolver, setIncludeClientNameInCallbackUrl
addAuthorizationGenerator, getAuthorizationGenerators, getName, getUserProfile, setAuthorizationGenerator, setAuthorizationGenerators, setAuthorizationGenerators, setName, toString
init, reinit
protected com.nimbusds.openid.connect.sdk.validators.IDTokenValidator createRSATokenValidator(com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, com.nimbusds.oauth2.sdk.id.ClientID clientID) throws MalformedURLException
createRSATokenValidator
in class OidcClient<AzureAdProfile>
MalformedURLException
protected com.nimbusds.jose.util.ResourceRetriever createResourceRetriever()
createResourceRetriever
in class OidcClient<AzureAdProfile>
protected AzureAdProfile createProfile()
OidcClient
createProfile
in class OidcClient<AzureAdProfile>
Copyright © 2016. All rights reserved.