Module org.elasticsearch.security
Class OpenIdConnectAuthenticator
java.lang.Object
org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthenticator
Handles an OpenID Connect Authentication response as received by the facilitator. In the case of an implicit flow, validates
the ID Token and extracts the elasticsearch user properties from it. In the case of an authorization code flow, it first
exchanges the code in the authentication response for an ID Token at the token endpoint of the OpenID Connect Provider.
-
Constructor Summary
ConstructorsConstructorDescriptionOpenIdConnectAuthenticator(RealmConfig realmConfig, OpenIdConnectProviderConfiguration opConfig, RelyingPartyConfiguration rpConfig, SSLService sslService, ResourceWatcherService watcherService) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(OpenIdConnectToken token, ActionListener<com.nimbusds.jwt.JWTClaimsSet> listener) Processes an OpenID Connect Response to an Authentication Request that comes in the form of a URL with the necessary parameters, that is contained in the provided Token.protected voidclose()
-
Constructor Details
-
OpenIdConnectAuthenticator
public OpenIdConnectAuthenticator(RealmConfig realmConfig, OpenIdConnectProviderConfiguration opConfig, RelyingPartyConfiguration rpConfig, SSLService sslService, ResourceWatcherService watcherService)
-
-
Method Details
-
authenticate
public void authenticate(OpenIdConnectToken token, ActionListener<com.nimbusds.jwt.JWTClaimsSet> listener) Processes an OpenID Connect Response to an Authentication Request that comes in the form of a URL with the necessary parameters, that is contained in the provided Token. If the response is valid, it calls the provided listener with a set of OpenID Connect claims that identify the authenticated user. If the UserInfo endpoint is specified in the configuration, we attempt to make a UserInfo request and add the returned claims to the Id Token claims.- Parameters:
token- The OpenIdConnectToken to consumelistener- The listener to notify with the resolvedJWTClaimsSet
-
close
protected void close()
-