SharedSecretOpenIdResolverImpl (OpenAM Server Only 6.5.5 Documentation)

Skip navigation links

OpenAM Server Only 6.5.5 Documentation

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.forgerock.oauth.resolvers.BaseOpenIdResolver
- - org.forgerock.oauth.resolvers.SharedSecretOpenIdResolverImpl

All Implemented Interfaces:

OpenIdResolver
```
public class SharedSecretOpenIdResolverImpl
extends BaseOpenIdResolver
```
This class exists to allow functionality for those Open ID Connect providers which supply their signatures through symmetric key algorithms (e.g. HMAC). In these cases we want to use the shared secret (known to both the provider and client) such that we can generate a "private key". We do this using the SecretKeySpec call in SharedSecretOpenIdResolverImpl.verifySignature(org.forgerock.json.jose.jws.SignedJwt).

Field Summary
- Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver
  CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors
Constructor and Description

SharedSecretOpenIdResolverImpl(String issuer, String sharedSecret)
Constructor for SharedSecretOpenIdResolverImpl.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`validateIdentity(SignedJwt idClaim)` Validates the supplied Jwt against this OpenId Connect Idp.
`void`	`verifySignature(SignedJwt idClaim)` Verifies that the JWS was signed by the supplied key.

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver
getIssuer

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SharedSecretOpenIdResolverImpl
```
public SharedSecretOpenIdResolverImpl(String issuer,
                                      String sharedSecret)
```
    Constructor for SharedSecretOpenIdResolverImpl.
    
    Parameters:
    
    issuer - The issuer (provider) of the Open Id Connect id token
    
    sharedSecret - The secret String, known to both provider and consumer
    
    Throws:
    
    IllegalArgumentException - if the sharedSecret is null
- Method Detail
  - validateIdentity
```
public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException
```
    Validates the supplied Jwt against this OpenId Connect Idp.
    
    Specified by:
    
    validateIdentity in interface OpenIdResolver
    
    Overrides:
    
    validateIdentity in class BaseOpenIdResolver
    
    Parameters:
    
    idClaim - The Jwt to test is authenticated from this issuer
    
    Throws:
    
    OpenIdConnectVerificationException - If the Jwt is unable to be verified
  - verifySignature
```
public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException
```
    Verifies that the JWS was signed by the supplied key. Throws an exception otherwise.
    
    Parameters:
    
    idClaim - The JWS to verify
    
    Throws:
    
    InvalidSignatureException - If the JWS supplied does not match the key for this resolver

Skip navigation links

OpenAM Server Only 6.5.5 Documentation

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2010-2018, ForgeRock All Rights Reserved.