implementation of IDP renew transaction

angular/src/app/fhirConfig.service.ts

@@ -70,15 +70,16 @@ export class FhirConfigService {
   }
 
   getAuthCodeFlowConfig(provider: string): AuthConfig {
+    const idpAlias = provider ? ("/alias/" + provider) : "";
     return {
       // Url of the Identity Provider
 
-      loginUrl: this.getMobileAccessGatewayLoginUrl()+(provider ? ("/alias/"+provider) : ""),
+      loginUrl: this.getMobileAccessGatewayLoginUrl() + idpAlias,
       // URL of the SPA to redirect the user to after login
       // redirectUri: window.location.origin + '/index.html',
       redirectUri: this.getRedirectUri(),
 
-      tokenEndpoint: this.getMobileAccessGatewayTokenEndpoint(),
+      tokenEndpoint: this.getMobileAccessGatewayTokenEndpoint() + idpAlias,
 
       // The SPA's id. The SPA is registerd with this id at the auth-server
       // clientId: 'server.code',

angular/src/app/mag/mag.component.html

@@ -124,7 +124,7 @@
         <select matNativeControl [formControl]="provider">
           <option *ngFor="let idp of idps" [value]="idp.id">
             {{ idp.name }}
-          </option>         
+          </option>
         </select>
       </mat-form-field>
     </div>
@@ -142,6 +142,13 @@
       >
         Authenticate
       </button>
+      <button
+        mat-raised-button
+        color="primary"
+        type="submit"
+        (click)="onRenewToken()">
+        Renew the token
+      </button>
     </mat-card-actions>
   </mat-card-content>
 </mat-card>
@@ -161,7 +168,7 @@
           </div>
         </mat-cell>
       </ng-container>
-    
+
       <ng-container matColumnDef="name">
         <mat-header-cell *matHeaderCellDef class="name"
           >Description</mat-header-cell
@@ -170,7 +177,7 @@
           {{ entry.description }}
         </mat-cell>
       </ng-container>
-     
+
       <ng-container matColumnDef="contentType">
         <mat-header-cell *matHeaderCellDef class="contentType"
           >Content-Type</mat-header-cell

angular/src/app/mag/mag.component.ts

@@ -29,7 +29,7 @@ export function toLocaleDateTime(date: Date) {
 
 interface IDP {
   id: string;
-  name: string;  
+  name: string;
 }
 
 class UUIReplace {
@@ -44,6 +44,8 @@ class UUIReplace {
   styleUrls: ['./mag.component.scss'],
 })
 export class MagComponent implements OnInit {
+  private readonly LS_OAUTH_CONF_KEY = "magOAuthConf";
+
   mag: FhirClient;
   json: string;
   doc: string;
@@ -231,12 +233,12 @@ export class MagComponent implements OnInit {
 
     this.searchGiven = new UntypedFormControl();
     this.searchFamily = new UntypedFormControl();
-    
+
     this.documentTitle = new UntypedFormControl();
     this.documentTitle.setValue(
       this.getLocalStorageItemOrDefault('mag.documentTitle', 'Titel')
     );
-    
+
     this.documentDescription = new UntypedFormControl();
     this.documentDescription.setValue(
       this.getLocalStorageItemOrDefault('mag.documentDescription', 'Description')
@@ -253,12 +255,16 @@ export class MagComponent implements OnInit {
 
     this.fhirConfigService = data;
 
-    oauthService.configure(this.fhirConfigService.getAuthCodeFlowConfig(this.provider.value));
-    oauthService.tryLoginCodeFlow().then((_) => {
-      this.scopes = this.oauthService.getGrantedScopes();
-    });
+    // If we have a OAuth configuration in local storage, we use it to configure the service
+    if (localStorage.getItem(this.LS_OAUTH_CONF_KEY) !== null) {
+      const conf = JSON.parse(localStorage.getItem(this.LS_OAUTH_CONF_KEY));
+      this.oauthService.configure(conf);
+      this.oauthService.tryLoginCodeFlow().then((_) => {
+        this.scopes = this.oauthService.getGrantedScopes();
+      });
+    }
 
-    oauthService.events.subscribe((event) => {
+    this.oauthService.events.subscribe((event) => {
       if (event instanceof OAuthErrorEvent) {
         console.error(event);
       } else {
@@ -276,7 +282,7 @@ export class MagComponent implements OnInit {
             this.idps = body;
             this.provider.setValue(
               this.getLocalStorageItemOrDefault('mag.provider', '')
-            );            
+            );
           },
           error: (err: Error) => {
             this.idps = [ { id : "", name : "Default" } ];
@@ -564,21 +570,26 @@ export class MagComponent implements OnInit {
   onAuthenticate() {
     this.cache();
     this.scopes = null;
+    const authCodeFlowConfig = this.fhirConfigService.getAuthCodeFlowConfig(this.provider.value);
     if (this.authenticate.value === 'HCP') {
-      let authCodeFlowConfig = this.fhirConfigService.getAuthCodeFlowConfig(this.provider.value);
       authCodeFlowConfig.scope = `person_id=${this.targetIdentifier2Value}^^^&2.16.756.5.30.1.127.3.10.3&ISO purpose_of_use=urn:oid:2.16.756.5.30.1.127.3.10.5|NORM subject_role=urn:oid:2.16.756.5.30.1.127.3.10.6|HCP`;
+      localStorage.setItem(this.LS_OAUTH_CONF_KEY, JSON.stringify(authCodeFlowConfig));
       this.oauthService.configure(authCodeFlowConfig);
       this.oauthService.initCodeFlow();
-    } 
+    }
     if (this.authenticate.value === 'Patient') {
-      let authCodeFlowConfig = this.fhirConfigService.getAuthCodeFlowConfig(this.provider.value);
       authCodeFlowConfig.scope = `person_id=${this.targetIdentifier2Value}^^^&2.16.756.5.30.1.127.3.10.3&ISO purpose_of_use=urn:oid:2.16.756.5.30.1.127.3.10.5|NORM subject_role=urn:oid:2.16.756.5.30.1.127.3.10.6|PAT`;
+      localStorage.setItem(this.LS_OAUTH_CONF_KEY, JSON.stringify(authCodeFlowConfig));
       this.oauthService.configure(authCodeFlowConfig);
-      this.oauthService.initCodeFlow();      
-    } 
+      this.oauthService.initCodeFlow();
+    }
     if (this.authenticate.value === 'TCU') {
       this.getSamlToken().then((value) => (this.json = value));
-    } 
+    }
+  }
+
+  onRenewToken(): void {
+    this.oauthService.refreshToken().then(r => console.log(r));
   }
 
   getAppcDocument(eprspid: string, uniqueId: string): string {

pom.xml

@@ -258,6 +258,11 @@
           <artifactId>opensaml</artifactId>
           <version>${opensaml-version}</version>
         </dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.core</groupId>
+			<artifactId>jersey-common</artifactId>
+			<version>2.43</version>
+		</dependency>
 
         <dependency>
           <groupId>org.apache.camel</groupId>

src/main/java/ch/bfh/ti/i4mi/mag/Config.java

@@ -420,4 +420,18 @@ public RestfulServerConfiguration serverConfiguration() {
         return config;
     }
 
+    @Bean(name = "stsEndpoint")
+    public String getStsEndpoint(final @Value("${mag.iua.ap.url}") String assertionEndpointUrl,
+                                 final @Value("${mag.iua.ap.wsdl}") String wsdl,
+                                 final @Value("${mag.iua.ap.endpoint-name:}") String endpointName,
+                                 final @Value("${mag.client-ssl.enabled}") boolean clientSsl) {
+        return String.format("cxf://%s?dataFormat=CXF_MESSAGE&wsdlURL=%s&loggingFeatureEnabled=true" +
+                                     ((endpointName != null && endpointName.length() > 0) ? "&endpointName=" + endpointName : "") +
+                                     "&inInterceptors=#soapResponseLogger" +
+                                     "&inFaultInterceptors=#soapResponseLogger" +
+                                     "&outInterceptors=#soapRequestLogger" +
+                                     "&outFaultInterceptors=#soapRequestLogger" +
+                                     (clientSsl ? "&sslContextParameters=#sslContext" : ""),
+                             assertionEndpointUrl, wsdl);
+    }
 }

src/main/java/ch/bfh/ti/i4mi/mag/xua/AssertionFromIdpTokenRouteBuilder.java

@@ -60,7 +60,7 @@ public void configure() throws Exception {
 		    // identity provider assertions cached in spring security session
 		    // this is unrelated to the IDP provider cookie set by the IDP itself
 		    .process(Utils.endHttpSession())
-
+		    .setProperty("oauthrequest").method(TokenRenew.class, "emptyAuthRequest")		    
 		    .bean(AuthRequestConverter.class, "buildAssertionRequestFromIdp")
 			.bean(Iti40RequestGenerator.class, "buildAssertion")			
 			.removeHeaders("*", "scope")
@@ -69,8 +69,8 @@ public void configure() throws Exception {
 			.setHeader(CxfConstants.OPERATION_NAMESPACE,
 			        constant("http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl"))			
 			.to(assertionEndpoint)		
-			.bean(AssertionExtractor.class)
-			.bean(TokenEndpoint.class, "handleFromIdp")	
+			.bean(XuaUtils.class, "extractAssertionAsString")
+			.bean(TokenEndpoint.class, "generateOAuth2TokenResponse")
 
 	    .doCatch(AuthException.class)
 		    .setBody(simple("${exception}"))