Package gluu.scim2.client.factory

Class ScimClientFactory

  • public class ScimClientFactory
extends Object
    A factory class to obtain "client" objects that allow interaction with the SCIM service.

    • Constructor Detail

      • ScimClientFactory

        public ScimClientFactory()

    • Method Detail

      • getClient

        public static <T> T getClient​(Class<T> interfaceClass,
                              String domain,
                              String umaAatClientId,
                              String umaAatClientJksPath,
                              String umaAatClientJksPassword,
                              String umaAatClientKeyId)
        Constructs an object that allows direct interaction with the SCIM API assuming it is protected by UMA. This method hides the complexity of authorization steps required at both the resource and authorization server in an UMA setting. The parameters needed as well as examples can be found at the SCIM 2.0 docs page.
        Type Parameters:
        T - The type the object returned will belong to.
        Parameters:
        interfaceClass - The Class to which the object returned will belong to. Normally it will be an interface inside package gluu.scim2.client.rest or org.gluu.oxtrust.ws.rs.scim2
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        umaAatClientId - Requesting party Client Id
        umaAatClientJksPath - Path to requesting party jks file
        umaAatClientJksPassword - Keystore password
        umaAatClientKeyId - Key Id in the keystore. Pass an empty string to use the first key in keystore
        Returns:
        An object that allows to invoke service methods

      • getClient

        public static ClientSideService getClient​(String domain,
                                          String umaAatClientId,
                                          String umaAatClientJksPath,
                                          String umaAatClientJksPassword,
                                          String umaAatClientKeyId)
        See getClient(java.lang.Class, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
        Parameters:
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        umaAatClientId - Requesting party Client Id
        umaAatClientJksPath - Path to requesting party jks file in local filesystem
        umaAatClientJksPassword - Keystore password
        umaAatClientKeyId - Key Id in the keystore. Pass an empty string to use the first key in keystore
        Returns:
        An object that allows calling User, Group, and FidoDevices operations. It also has some support to call service provider configuration endpoints (see section 4 of RFC 7644)

      • getTestClient

        public static <T> T getTestClient​(Class<T> interfaceClass,
                                  String domain,
                                  String OIDCMetadataUrl)
                           throws Exception
        Constructs an object that allows direct interaction with the SCIM API assuming it is protected by test mode. This method hides the complexity of steps required at the authorization server in a test-mode setting. Usage examples of this type of client can be found at the SCIM 2.0 docs page.
        Type Parameters:
        T - The type the object returned will belong to.
        Parameters:
        interfaceClass - The Class to which the object returned will belong to. Normally it will be an interface inside package gluu.scim2.client.rest or org.gluu.oxtrust.ws.rs.scim2
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        OIDCMetadataUrl - URL of authorization servers' metadata document. Usually in the form https://your.gluu-server.com/.well-known/openid-configuration
        Returns:
        An object that allows to invoke service methods
        Throws:
        Exception - If there is initialization problem

      • getTestClient

        public static <T> T getTestClient​(Class<T> interfaceClass,
                                  String domain,
                                  String OIDCMetadataUrl,
                                  String clientId,
                                  String clientSecret)
                           throws Exception
        Constructs an object that allows direct interaction with the SCIM API assuming it is protected by test mode. Usage examples of this type of client can be found at the SCIM 2.0 docs page.
        Type Parameters:
        T - The type the object returned will belong to.
        Parameters:
        interfaceClass - The Class to which the object returned will belong to. Normally it will be an interface inside package gluu.scim2.client.rest or org.gluu.oxtrust.ws.rs.scim2
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        OIDCMetadataUrl - URL of authorization servers' metadata document. Usually in the form https://your.gluu-server.com/.well-known/openid-configuration
        clientId - ID of an already registered OIDC client in the Gluu Server
        clientSecret - Secret of the corresponding client (see clientID parameter)
        Returns:
        An object that allows to invoke service methods
        Throws:
        Exception - If there is initialization problem

      • getTestClient

        public static ClientSideService getTestClient​(String domain,
                                              String OIDCMetadataUrl)
                                       throws Exception
        See getTestClient(java.lang.Class, java.lang.String, java.lang.String)
        Parameters:
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        OIDCMetadataUrl - URL of authorization servers' metadata document. Usually in the form https://your.gluu-server.com/.well-known/openid-configuration
        Returns:
        An object that allows calling User, Group, and FidoDevices operations. It also has some support to call service provider configuration endpoints (see section 4 of RFC 7644)
        Throws:
        Exception - If there is initialization problem

      • getTestClient

        public static ClientSideService getTestClient​(String domain,
                                              String OIDCMetadataUrl,
                                              String clientId,
                                              String clientSecret)
                                       throws Exception
        See getTestClient(java.lang.Class, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
        Parameters:
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        OIDCMetadataUrl - URL of authorization servers' metadata document. Usually in the form https://your.gluu-server.com/.well-known/openid-configuration
        clientId - ID of an already registered OIDC client in the Gluu Server
        clientSecret - Secret of the corresponding client (see clientID parameter)
        Returns:
        An object that allows calling User, Group, and FidoDevices operations. It also has some support to call service provider configuration endpoints (see section 4 of RFC 7644)
        Throws:
        Exception - If there is initialization problem

      • getOAuthClient

        public static <T> T getOAuthClient​(Class<T> interfaceClass,
                                   String domain,
                                   String OIDCMetadataUrl,
                                   String clientId,
                                   String clientSecret,
                                   boolean secretPostAuthnMethod)
                            throws Exception
        Constructs an object that allows direct interaction with the SCIM API assuming it is protected by oauth mode. Usage examples of this type of client can be found at the SCIM 2.0 docs page.
        Type Parameters:
        T - The type the object returned will belong to.
        Parameters:
        interfaceClass - The Class to which the object returned will belong to. Normally it will be an interface inside package gluu.scim2.client.rest or org.gluu.oxtrust.ws.rs.scim2
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        OIDCMetadataUrl - URL of authorization servers' metadata document. Usually in the form https://your.gluu-server.com/.well-known/openid-configuration
        clientId - ID of an already registered OIDC client in the Gluu Server
        clientSecret - Secret of the corresponding client (see clientID parameter)
        secretPostAuthnMethod - Whether the client uses client_secret_post (true) or client_secret_basic (false) to authenticate to the token endpoint
        Returns:
        An object that allows to invoke service methods
        Throws:
        Exception - If there is initialization problem

      • getOAuthClient

        public static ClientSideService getOAuthClient​(String domain,
                                               String OIDCMetadataUrl,
                                               String clientId,
                                               String clientSecret,
                                               boolean secretPostAuthnMethod)
                                        throws Exception
        See getOAuthClient(java.lang.Class, java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean)
        Parameters:
        domain - The root URL of the SCIM service. Usually in the form https://your.gluu-server.com/identity/restv1
        OIDCMetadataUrl - URL of authorization servers' metadata document. Usually in the form https://your.gluu-server.com/.well-known/openid-configuration
        clientId - ID of an already registered OIDC client in the Gluu Server
        clientSecret - Secret of the corresponding client (see clientID parameter)
        secretPostAuthnMethod - Whether the client uses client_secret_post (true) or client_secret_basic (false) to authenticate to the token endpoint
        Returns:
        An object that allows calling User, Group, and FidoDevices operations. It also has some support to call service provider configuration endpoints (see section 4 of RFC 7644)
        Throws:
        Exception - If there is initialization problem