From 47d9dcf2d3908ada064ba87f1c5591990d943670 Mon Sep 17 00:00:00 2001 From: pujavs Date: Tue, 20 Feb 2024 16:27:53 +0530 Subject: [PATCH 01/22] feat(config-api): saml plugin changes for new fields Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 +++--- .../plugins/docs/fido2-plugin-swagger.yaml | 3 +- .../plugins/docs/kc-saml-plugin-swagger.yaml | 13 +++++ .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +- .../plugin/saml/model/IdentityProvider.java | 2 +- .../plugin/saml/model/TrustRelationship.java | 55 ++++++++++++++++++- .../jans_setup/schema/jans_schema.json | 9 ++- 7 files changed, 85 insertions(+), 19 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index f95731d352c..f350911f8ac 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7892,18 +7892,18 @@ components: type: boolean whitePagesCanView: type: boolean - adminCanEdit: - type: boolean userCanView: type: boolean - userCanEdit: - type: boolean adminCanView: type: boolean - adminCanAccess: + adminCanEdit: + type: boolean + userCanEdit: type: boolean userCanAccess: type: boolean + adminCanAccess: + type: boolean baseDn: type: string PatchRequest: @@ -9493,10 +9493,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object LocalizedString: type: object properties: @@ -9736,14 +9736,14 @@ components: type: boolean internal: type: boolean + locationPath: + type: string locationType: type: string enum: - ldap - db - file - locationPath: - type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml index ce9edff7121..941e2813ac9 100644 --- a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml @@ -269,7 +269,8 @@ components: challange: type: string challengeHash: - type: string + type: integer + format: int32 creationDate: type: string format: date-time diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml index b1e6328bfc2..cac8ad04ede 100644 --- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml @@ -1009,6 +1009,7 @@ components: type: string TrustRelationship: required: + - clientId - description - displayName - spMetaDataSourceType @@ -1021,6 +1022,8 @@ components: owner: type: string clientId: + maxLength: 60 + minLength: 0 type: string displayName: maxLength: 60 @@ -1058,6 +1061,16 @@ components: - federation - manual - mdq + nameIDPolicyFormat: + type: string + entityId: + type: string + singleLogoutServiceUrl: + type: string + redirectUris: + type: array + items: + type: string spMetaDataURL: type: string metaLocation: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index babb2ac7bbc..134dd75a2cf 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -837,10 +837,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object CustomUser: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/IdentityProvider.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/IdentityProvider.java index 024d000dc40..80b1ca7b75a 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/IdentityProvider.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/IdentityProvider.java @@ -68,7 +68,7 @@ public class IdentityProvider extends Entry implements Serializable { @AttributeName(name = "nameIDPolicyFormat") private String nameIDPolicyFormat; - @AttributeName(name = "idpEntityId") + @AttributeName(name = "entityId") private String idpEntityId; @AttributeName(name = "singleSignOnServiceUrl") diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java index 7518f1057e6..01a8c170930 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java @@ -16,6 +16,7 @@ import io.jans.orm.model.base.Entry; import io.swagger.v3.oas.annotations.Hidden; +import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Comparator; @@ -42,6 +43,8 @@ public class TrustRelationship extends Entry implements Serializable { private String owner; @AttributeName(name = "jansClntId") + @NotNull + @Size(min = 0, max = 60, message = "Length of the Client Id should not exceed 60") private String clientId; @NotNull @@ -107,6 +110,18 @@ public class TrustRelationship extends Entry implements Serializable { @AttributeName(name = "jansSAMLspMetaDataSourceTyp") private MetadataSourceType spMetaDataSourceType; + @AttributeName(name = "nameIDPolicyFormat") + private String nameIDPolicyFormat; + + @AttributeName(name = "entityId") + private String entityId; + + @AttributeName(name = "singleLogoutServiceUrl") + private String singleLogoutServiceUrl; + + @AttributeName(name = "jansRedirectURI") + private String[] redirectUris; + /** * Trust Relationship file location of metadata */ @@ -144,7 +159,7 @@ public class TrustRelationship extends Entry implements Serializable { private List validationLog; private Map profileConfigurations = new HashMap(); - + public String getInum() { return inum; } @@ -273,6 +288,38 @@ public void setSpMetaDataSourceType(MetadataSourceType spMetaDataSourceType) { this.spMetaDataSourceType = spMetaDataSourceType; } + public String getNameIDPolicyFormat() { + return nameIDPolicyFormat; + } + + public void setNameIDPolicyFormat(String nameIDPolicyFormat) { + this.nameIDPolicyFormat = nameIDPolicyFormat; + } + + public String getEntityId() { + return entityId; + } + + public void setEntityId(String entityId) { + this.entityId = entityId; + } + + public String getSingleLogoutServiceUrl() { + return singleLogoutServiceUrl; + } + + public void setSingleLogoutServiceUrl(String singleLogoutServiceUrl) { + this.singleLogoutServiceUrl = singleLogoutServiceUrl; + } + + public String[] getRedirectUris() { + return redirectUris; + } + + public void setRedirectUris(String[] redirectUris) { + this.redirectUris = redirectUris; + } + public String getSpMetaDataFN() { return spMetaDataFN; } @@ -382,11 +429,13 @@ public String toString() { + ", alwaysDisplayInConsole=" + alwaysDisplayInConsole + ", clientAuthenticatorType=" + clientAuthenticatorType + ", secret=" + secret + ", registrationAccessToken=" + registrationAccessToken + ", consentRequired=" + consentRequired + ", spMetaDataSourceType=" - + spMetaDataSourceType + ", spMetaDataFN=" + spMetaDataFN + ", spMetaDataURL=" + spMetaDataURL + + spMetaDataSourceType + ", nameIDPolicyFormat=" + nameIDPolicyFormat + ", entityId=" + entityId + + ", singleLogoutServiceUrl=" + singleLogoutServiceUrl + ", redirectUris=" + + Arrays.toString(redirectUris) + ", spMetaDataFN=" + spMetaDataFN + ", spMetaDataURL=" + spMetaDataURL + ", metaLocation=" + metaLocation + ", jansEntityId=" + jansEntityId + ", releasedAttributes=" + releasedAttributes + ", url=" + url + ", spLogoutURL=" + spLogoutURL + ", status=" + status + ", validationStatus=" + validationStatus + ", validationLog=" + validationLog + ", profileConfigurations=" + profileConfigurations + "]"; } - + } diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json index 877a9d4d1f4..0669184fc6e 100644 --- a/jans-linux-setup/jans_setup/schema/jans_schema.json +++ b/jans-linux-setup/jans_setup/schema/jans_schema.json @@ -3688,10 +3688,10 @@ "x_origin":"Jans created attribute" }, { - "desc":"idpEntityId", + "desc":"entityId", "equality":"caseIgnoreMatch", "names":[ - "idpEntityId" + "entityId" ], "oid":"jansAttr", "substr":"caseIgnoreSubstringsMatch", @@ -5010,6 +5010,9 @@ "jansRedirectURI", "jansWebOrigins", "consentRequired", + "nameIDPolicyFormat", + "entityId", + "singleLogoutServiceUrl", "jansSAMLMetaDataFilter", "jansSAMLspMetaDataSourceTyp", "jansSAMLspMetaDataFN", @@ -5054,7 +5057,7 @@ "validateSignature", "singleLogoutServiceUrl", "nameIDPolicyFormat", - "idpEntityId", + "entityId", "singleSignOnServiceUrl", "encryptionPublicKey", "trustEmail", From 389d5a60bc78fb63a40761cadff488096661603b Mon Sep 17 00:00:00 2001 From: pujavs Date: Tue, 20 Feb 2024 19:25:35 +0530 Subject: [PATCH 02/22] feat(config-api): kc link plugin endpoint Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 12 +- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +- .../plugins/kc-link-plugin/pom.xml | 298 ++++++++++++++++++ .../src/main/assembly/assembly.xml | 35 ++ .../kc/link/extensions/KcLinkExtension.java | 6 + .../link/model/config/KcLinkConfigSource.java | 81 +++++ .../plugin/kc/link/rest/ApiApplication.java | 39 +++ .../kc/link/rest/KcLinkConfigResource.java | 131 ++++++++ .../kc/link/service/KcLinkConfigService.java | 67 ++++ .../plugin/kc/link/util/Constants.java | 19 ++ .../plugin/kc/link/util/KcLinkUtil.java | 37 +++ .../src/main/resources/META-INF/beans.xml | 8 + .../javax.enterprise.inject.spi.Extension | 1 + .../services/javax.ws.rs.ext.Providers | 3 + ...lipse.microprofile.config.spi.ConfigSource | 1 + .../src/main/resources/kc-link.properties | 3 + .../io/jans/configapi/KarateTestRunner.java | 18 ++ .../io/jans/configapi/TestJenkinsRunner.java | 44 +++ .../feature/kc-link/kc-link-config.feature | 41 +++ .../test/resources/karate-config-jenkins.js | 58 ++++ .../src/test/resources/karate-config.js | 57 ++++ .../src/test/resources/karate.properties | 5 + .../test/resources/karate_jenkins.properties | 2 + .../src/test/resources/logback-test.xml | 24 ++ .../src/test/resources/test.properties | 8 + .../src/test/resources/testClient.feature | 13 + .../src/test/resources/token.feature | 45 +++ jans-config-api/plugins/pom.xml | 3 +- .../main/resources/config-api-rs-protect.json | 75 ++++- 29 files changed, 1122 insertions(+), 16 deletions(-) create mode 100644 jans-config-api/plugins/kc-link-plugin/pom.xml create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/extensions/KcLinkExtension.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/model/config/KcLinkConfigSource.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/ApiApplication.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/KcLinkConfigResource.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/service/KcLinkConfigService.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/Constants.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/beans.xml create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/org.eclipse.microprofile.config.spi.ConfigSource create mode 100644 jans-config-api/plugins/kc-link-plugin/src/main/resources/kc-link.properties create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/KarateTestRunner.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/TestJenkinsRunner.java create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config-jenkins.js create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config.js create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/karate.properties create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/karate_jenkins.properties create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/logback-test.xml create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/test.properties create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/testClient.feature create mode 100644 jans-config-api/plugins/kc-link-plugin/src/test/resources/token.feature diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index f350911f8ac..81bf7e0ac62 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7894,12 +7894,12 @@ components: type: boolean userCanView: type: boolean + userCanEdit: + type: boolean adminCanView: type: boolean adminCanEdit: type: boolean - userCanEdit: - type: boolean userCanAccess: type: boolean adminCanAccess: @@ -9493,10 +9493,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string LocalizedString: type: object properties: @@ -10172,10 +10172,10 @@ components: ttl: type: integer format: int32 - opbrowserState: - type: string persisted: type: boolean + opbrowserState: + type: string SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index 134dd75a2cf..babb2ac7bbc 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -837,10 +837,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string CustomUser: type: object properties: diff --git a/jans-config-api/plugins/kc-link-plugin/pom.xml b/jans-config-api/plugins/kc-link-plugin/pom.xml new file mode 100644 index 00000000000..7398ae84043 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/pom.xml @@ -0,0 +1,298 @@ + + + + plugins + io.jans.jans-config-api.plugins + 1.1.0-SNAPSHOT + + + 4.0.0 + kc-link-plugin + + + 4.4.14 + 4.5.13 + ${project.version} + + + + + + + + io.jans + jans-config-api-shared + ${jans.version} + + + io.jans + jans-config-api-server + ${jans.version} + + + io.jans + jans-orm-annotation + ${jans.version} + + + io.jans + jans-core-document-store + ${jans.version} + + + io.jans + jans-keycloak-link-model + ${jans.version} + + + io.jans + jans-link-model + ${jans.version} + + + + + + org.quartz-scheduler + quartz + + + + io.smallrye + smallrye-config + 1.5.0 + + + + + commons-collections + commons-collections + + + org.apache.httpcomponents + httpclient + + + org.apache.httpcomponents + httpcore + + + org.apache.httpcomponents + httpcore-nio + ${httpcore.version} + + + + + jakarta.enterprise + jakarta.enterprise.cdi-api + + + jakarta.inject + jakarta.inject-api + + + jakarta.validation + jakarta.validation-api + + + jakarta.ws.rs + jakarta.ws.rs-api + + + org.jboss.resteasy + resteasy-multipart-provider + ${resteasy.version} + + + + + org.apache.james + apache-mime4j-dom + + + org.apache.james + apache-mime4j-storage + + + org.apache.james + apache-mime4j-core + + + + + io.rest-assured + rest-assured + test + + + com.intuit.karate + karate-junit5 + test + + + com.intuit.karate + karate-apache + test + + + org.junit.jupiter + junit-jupiter-api + test + + + org.junit.jupiter + junit-jupiter-engine + test + + + net.masterthought + cucumber-reporting + test + + + + + io.swagger.core.v3 + swagger-core-jakarta + + + + + + + + + ../../profiles/${cfg}/config-build.properties + ../../profiles/${cfg}/config-api-test.properties + + + + + src/test/resources + true + + karate.properties + karate_jenkins.properties + test.properties + *.* + + + + + + + src/main/resources + true + + **/*.xml + **/*.properties + **/*.json + META-INF/services/*.* + + + + + + + + org.apache.maven.plugins + maven-assembly-plugin + + + package + + single + + + + src/main/assembly/assembly.xml + + + + + + + + maven-surefire-plugin + + + + integration + + --tags ~@ignore + + + + + integration-tests + integration-test + + test + + + false + !integration + integration + + + + + + + org.apache.maven.plugins + maven-resources-plugin + + + deploy-to-local-folder + package + + copy-resources + + + ../target/plugins + + + ${project.build.directory} + *-distribution.jar + false + + + + + + + + + + io.swagger.core.v3 + swagger-maven-plugin-jakarta + ${swagger-maven-plugin-jakarta} + + + + true + kc-link-plugin-swagger + ${project.artifactId} + true + + io.jans.configapi.plugin.kc.link.rest + + + + + + + io.swagger.core.v3 + swagger-models-jakarta + ${swagger-models-jakarta} + + + + + + + + \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml b/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml new file mode 100644 index 00000000000..3e8ca0c335c --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml @@ -0,0 +1,35 @@ + + + distribution + + jar + + false + + + true + / + false + + io.jans:jans-keycloak-link-model + io.jans:jans-link-model + org.jboss.resteasy:resteasy-multipart-provider + org.apache.james:apache-mime4j-dom + org.apache.james:apache-mime4j-storage + org.apache.james:apache-mime4j-core + + runtime + + + + + ${project.build.directory}/classes + / + + **/* + + + + \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/extensions/KcLinkExtension.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/extensions/KcLinkExtension.java new file mode 100644 index 00000000000..11973723678 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/extensions/KcLinkExtension.java @@ -0,0 +1,6 @@ +package io.jans.configapi.plugin.kc.link.extensions; + +import jakarta.enterprise.inject.spi.Extension; + +public class KcLinkExtension implements Extension { +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/model/config/KcLinkConfigSource.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/model/config/KcLinkConfigSource.java new file mode 100644 index 00000000000..95d7f51b7ae --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/model/config/KcLinkConfigSource.java @@ -0,0 +1,81 @@ +package io.jans.configapi.plugin.kc.link.model.config; + +import io.jans.exception.ConfigurationException; +import java.io.InputStream; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; +import java.util.Set; +import jakarta.enterprise.context.ApplicationScoped; + +import org.eclipse.microprofile.config.spi.ConfigSource; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@ApplicationScoped +public class KcLinkConfigSource implements ConfigSource { + + private static Logger log = LoggerFactory.getLogger(KcLinkConfigSource.class); + private static final String FILE_CONFIG = "kc-link.properties"; + private Properties properties = null; + Map propertiesMap = new HashMap<>(); + + public KcLinkConfigSource() { + this.loadProperties(); + } + + @Override + public Map getProperties() { + log.debug("Getting properties"); + return propertiesMap; + } + + @Override + public Set getPropertyNames() { + log.debug("Getting Property Names"); + try { + return properties.stringPropertyNames(); + + } catch (Exception e) { + log.error("Unable to read properties from file: " + FILE_CONFIG, e); + } + return Collections.emptySet(); + } + + @Override + public int getOrdinal() { + return 800; + } + + @Override + public String getValue(String name) { + log.debug("KcLinkConfigSource()::getValue() - name:{}", name); + try { + return properties.getProperty(name); + } catch (Exception e) { + log.error("Unable to read properties from file: " + FILE_CONFIG, e); + } + + return null; + } + + @Override + public String getName() { + return FILE_CONFIG; + } + + private Properties loadProperties() { + // Load the properties file + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + try ( InputStream inputStream = loader.getResourceAsStream(FILE_CONFIG)) { + properties = new Properties(); + properties.load(inputStream); + properties.stringPropertyNames().stream().forEach(key -> propertiesMap.put(key, properties.getProperty(key))); + return properties; + } catch (Exception e) { + throw new ConfigurationException("Failed to load configuration from "+ FILE_CONFIG, e); + } + } + +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/ApiApplication.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/ApiApplication.java new file mode 100644 index 00000000000..66e709aecde --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/ApiApplication.java @@ -0,0 +1,39 @@ +package io.jans.configapi.plugin.kc.link.rest; + +import io.jans.configapi.plugin.kc.link.util.Constants; +import io.swagger.v3.oas.annotations.OpenAPIDefinition; +import io.swagger.v3.oas.annotations.enums.SecuritySchemeType; +import io.swagger.v3.oas.annotations.info.*; +import io.swagger.v3.oas.annotations.tags.*; +import io.swagger.v3.oas.annotations.security.*; +import io.swagger.v3.oas.annotations.servers.*; + +import jakarta.ws.rs.ApplicationPath; +import jakarta.ws.rs.core.Application; +import java.util.HashSet; +import java.util.Set; + +@ApplicationPath("/kc-link") +@OpenAPIDefinition(info = @Info(title = "Jans Config API - Keycloak Link", version = "1.0.0", contact = @Contact(name = "Gluu Support", url = "https://support.gluu.org", email = "xxx@gluu.org"), + +license = @License(name = "Apache 2.0", url = "https://github.com/JanssenProject/jans/blob/main/LICENSE")), + +tags = { @Tag(name = "Keycloak Link - Configuration")}, + +servers = { @Server(url = "https://jans.io/", description = "The Jans server") }) + +@SecurityScheme(name = "oauth2", type = SecuritySchemeType.OAUTH2, flows = @OAuthFlows(clientCredentials = @OAuthFlow(tokenUrl = "https://{op-hostname}/.../token", scopes = { +@OAuthScope(name = Constants.KC_LINK_CONFIG_READ_ACCESS, description = "View Keycloak Link configuration related information"), +@OAuthScope(name = Constants.KC_LINK_CONFIG_WRITE_ACCESS, description = "Manage Keycloak Link configuration related information")} +))) +public class ApiApplication extends Application { + + @Override + public Set> getClasses() { + HashSet> classes = new HashSet<>(); + + classes.add(KcLinkConfigResource.class); + + return classes; + } +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/KcLinkConfigResource.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/KcLinkConfigResource.java new file mode 100644 index 00000000000..0a7cdc947fc --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/rest/KcLinkConfigResource.java @@ -0,0 +1,131 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.plugin.kc.link.rest; + + +import io.jans.configapi.core.rest.BaseResource; +import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.configapi.core.util.Jackson; +import io.jans.keycloak.link.model.config.AppConfiguration; +import io.jans.keycloak.link.model.config.Conf; +import io.jans.configapi.plugin.kc.link.service.KcLinkConfigService; +import io.jans.configapi.plugin.kc.link.util.Constants; +import io.jans.configapi.util.ApiAccessConstants; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.media.ArraySchema; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.ExampleObject; +import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.parameters.RequestBody; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import io.swagger.v3.oas.annotations.security.*; + +import jakarta.inject.Inject; +import jakarta.validation.Valid; +import jakarta.validation.constraints.NotNull; +import jakarta.ws.rs.*; +import jakarta.ws.rs.core.MediaType; +import jakarta.ws.rs.core.Response; + +import java.io.IOException; + +import org.slf4j.Logger; + +import com.github.fge.jsonpatch.JsonPatch; +import com.github.fge.jsonpatch.JsonPatchException; + +@Path(Constants.KC_LINK_CONFIG) +@Consumes(MediaType.APPLICATION_JSON) +@Produces(MediaType.APPLICATION_JSON) +public class KcLinkConfigResource extends BaseResource { + + @Inject + Logger logger; + + @Inject + KcLinkConfigService kcLinkConfigService; + + @Operation(summary = "Gets KC Link configuration properties", description = "Gets KC Link configuration properties", operationId = "get-kc-link-properties", tags = { + "KC Link - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { + Constants.KC_LINK_CONFIG_READ_ACCESS })) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @GET + @ProtectedApi(scopes = { Constants.KC_LINK_CONFIG_READ_ACCESS }, groupScopes = { + Constants.KC_LINK_CONFIG_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS, + ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) + public Response getkcLinkConf() { + + AppConfiguration kcLinkConfiguration = kcLinkConfigService.find(); + logger.info("KC Link details kcLinkConfiguration():{}", kcLinkConfiguration); + if(kcLinkConfiguration==null) { + throwInternalServerException("It seems Kc Link module is not setup, kindly check."); + } + return Response.ok(kcLinkConfiguration).build(); + + } + + @Operation(summary = "Update KC Link configuration properties", description = "Update KC Link configuration properties", operationId = "put-kc-link-properties", tags = { + "KC Link - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { + Constants.KC_LINK_CONFIG_WRITE_ACCESS })) + @RequestBody(description = "GluuAttribute object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class), examples = @ExampleObject(name = "Request example", value = "example/kc-link/config/kc-link-put.json"))) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @PUT @ProtectedApi(scopes = { Constants.KC_LINK_CONFIG_WRITE_ACCESS }, groupScopes = {}, superScopes = { + ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) + public Response updatekcLinkConf(@Valid AppConfiguration kcLinkAppConf) { + logger.info("Update KC Link conf details kcLinkAppConf():{}", kcLinkAppConf); + Conf conf = kcLinkConfigService.findKcLinkConf(); + logger.info("KC Link conf:{} ", conf); + if(conf==null) { + throwInternalServerException("It seems Kc Link module is not setup, kindly check."); + } + + conf.setDynamic(kcLinkAppConf); + kcLinkConfigService.mergeKcLinkConfig(conf); + kcLinkAppConf = kcLinkConfigService.find(); + logger.info("KC Link conf, post update - kcLinkAppConf:{}", kcLinkAppConf); + return Response.ok(kcLinkAppConf).build(); + + } + + @Operation(summary = "Partially modifies KC Link configuration properties.", description = "Partially modifies KC Link configuration properties.", operationId = "patch-kc-link-properties", tags = { + "KC Link - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = { + Constants.KC_LINK_CONFIG_WRITE_ACCESS })) + @RequestBody(description = "String representing patch-document.", content = @Content(mediaType = MediaType.APPLICATION_JSON_PATCH_JSON, array = @ArraySchema(schema = @Schema(implementation = JsonPatch.class)), examples = @ExampleObject(name = "Request json example", value = "example/kc-link/config/kc-link-patch.json"))) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @PATCH + @Consumes(MediaType.APPLICATION_JSON_PATCH_JSON) + @ProtectedApi(scopes = { Constants.KC_LINK_CONFIG_WRITE_ACCESS }, groupScopes = {}, superScopes = { + ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) + public Response patchkcLinkConf(@NotNull String jsonPatchString) throws JsonPatchException, IOException { + logger.info("KC Link Config - jsonPatchString:{} ", jsonPatchString); + Conf conf = kcLinkConfigService.findKcLinkConf(); + logger.info("KC Link conf:{} ", conf); + if(conf==null) { + throwInternalServerException("It seems Kc Link module is not setup, kindly check."); + } + + AppConfiguration kcLinkAppConf = Jackson.applyPatch(jsonPatchString, conf.getDynamic()); + logger.info("KC Link conf details kcLinkAppConf():{}", kcLinkAppConf); + + conf.setDynamic(kcLinkAppConf); + kcLinkConfigService.mergeKcLinkConfig(conf); + kcLinkAppConf = kcLinkConfigService.find(); + logger.info("KC KC Link post patch - kcLinkAppConf:{}", kcLinkAppConf); + return Response.ok(kcLinkAppConf).build(); + } +} \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/service/KcLinkConfigService.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/service/KcLinkConfigService.java new file mode 100644 index 00000000000..b4fa24a33eb --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/service/KcLinkConfigService.java @@ -0,0 +1,67 @@ +package io.jans.configapi.plugin.kc.link.service; + +import io.jans.as.common.service.common.ApplicationFactory; +import io.jans.configapi.configuration.ConfigurationFactory; +import io.jans.keycloak.link.model.config.AppConfiguration; +import io.jans.keycloak.link.model.config.Conf; +import io.jans.orm.PersistenceEntryManager; +import io.jans.orm.util.properties.FileConfiguration; +import io.jans.util.exception.InvalidConfigurationException; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; +import java.util.List; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; + +@ApplicationScoped +public class KcLinkConfigService { + + @Inject + Logger logger; + + @Inject + @Named(ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME) + PersistenceEntryManager persistenceManager; + + @Inject + ConfigurationFactory configurationFactory; + + + public FileConfiguration getBaseConfiguration() { + logger.info(" configurationFactory.getBaseConfiguration():{}", configurationFactory.getBaseConfiguration()); + return configurationFactory.getBaseConfiguration(); + } + + public String getKcLinkDn() { + String dn = this.getBaseConfiguration().getString("keycloakLink_ConfigurationEntryDN"); + logger.info(" kcLinkDn:{}", dn); + return dn; + } + + // Config handling methods + public Conf findKcLinkConf() { + final String dn = getKcLinkDn(); + logger.info(" dn:{}", dn); + if (StringUtils.isBlank(dn)) { + throw new InvalidConfigurationException("Kc Link Configuration DN is undefined!"); + } + + Conf kcLinkconf = persistenceManager.find(dn, Conf.class, null); + logger.info(" kcLinkconf:{}", kcLinkconf); + + return kcLinkconf; + } + + public void mergeKcLinkConfig(Conf kcLinkconf) { + kcLinkconf.setRevision(kcLinkconf.getRevision() + 1); + persistenceManager.merge(kcLinkconf); + } + + public AppConfiguration find() { + return findKcLinkConf().getDynamic(); + } + + +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/Constants.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/Constants.java new file mode 100644 index 00000000000..4f422f34e70 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/Constants.java @@ -0,0 +1,19 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.plugin.kc.link.util; + +public class Constants { + + private Constants() {} + + public static final String KC_LINK_CONFIG = "/kcLinkConfig"; + + + public static final String KC_LINK_CONFIG_READ_ACCESS = "https://jans.io/oauth/kc-link-config.readonly"; + public static final String KC_LINK_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/kc-link-config.write"; + +} \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java new file mode 100644 index 00000000000..f9ae90f4f27 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java @@ -0,0 +1,37 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.plugin.kc.link.util; + +import io.jans.configapi.plugin.kc.link.model.config.KcLinkConfigSource; + +import java.util.Map; +import java.util.Set; + +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; + +import org.slf4j.Logger; + +@ApplicationScoped +public class KcLinkUtil { + + @Inject + Logger logger; + + @Inject + KcLinkConfigSource kcLinkConfigSource; + + public Map getProperties() { + logger.debug(" KcLinkUtil - kcLinkConfigSource.getProperties():{}", kcLinkConfigSource.getProperties()); + return KcLinkConfigSource.getProperties(); + } + + public Set getPropertyNames() { + logger.debug(" KcLinkUtil - kcLinkConfigSource.getPropertyNames():{}", kcLinkConfigSource.getPropertyNames()); + return kcLinkConfigSource.getPropertyNames(); + } +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/beans.xml b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/beans.xml new file mode 100644 index 00000000000..bf2ab180c1c --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/beans.xml @@ -0,0 +1,8 @@ + + + + + diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension new file mode 100644 index 00000000000..89e970c3e1a --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.enterprise.inject.spi.Extension @@ -0,0 +1 @@ +io.jans.configapi.plugin.kc.link.extensions.KcLinkExtension \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers new file mode 100644 index 00000000000..b2c9664d366 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers @@ -0,0 +1,3 @@ +io.jans.configapi.filters.AuthorizationFilter +io.jans.configapi.filters.LoggingFilter + diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/org.eclipse.microprofile.config.spi.ConfigSource b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/org.eclipse.microprofile.config.spi.ConfigSource new file mode 100644 index 00000000000..d6248b5cbdc --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/resources/META-INF/services/org.eclipse.microprofile.config.spi.ConfigSource @@ -0,0 +1 @@ +io.jans.configapi.plugin.kc.link.model.config.KcLinkConfigSource \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/resources/kc-link.properties b/jans-config-api/plugins/kc-link-plugin/src/main/resources/kc-link.properties new file mode 100644 index 00000000000..6c5c08a213b --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/main/resources/kc-link.properties @@ -0,0 +1,3 @@ +default.max.count=200 +default.list.size = "50"; +default.list.start.index = "1"; diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/KarateTestRunner.java b/jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/KarateTestRunner.java new file mode 100644 index 00000000000..34da4586ef9 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/KarateTestRunner.java @@ -0,0 +1,18 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi; + +import com.intuit.karate.junit5.Karate; + +public class KarateTestRunner { + + @Karate.Test + Karate testFullPath() throws Exception { + return Karate.run("src/test/resources/feature"); + } + +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/TestJenkinsRunner.java b/jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/TestJenkinsRunner.java new file mode 100644 index 00000000000..a7f7d2d80c2 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/java/io/jans/configapi/TestJenkinsRunner.java @@ -0,0 +1,44 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi; + +import com.intuit.karate.Results; +import com.intuit.karate.Runner; + +import io.jans.as.common.model.registration.Client; +import net.masterthought.cucumber.Configuration; +import net.masterthought.cucumber.ReportBuilder; +import org.apache.commons.io.FileUtils; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +public class TestJenkinsRunner { + + @Test + void testParallel() { + System.setProperty("karate.env", "jenkins"); + Results results = Runner.path("src/test/resources/feature").tags("~@ignore").parallel(1); + generateReport(results.getReportDir()); + Assertions.assertEquals(0, results.getFailCount(), results.getErrorMessages()); + } + + public static void generateReport(String karateOutputPath) { + Collection jsonFiles = FileUtils.listFiles(new File(karateOutputPath), new String[] { "json" }, true); + List jsonPaths = new ArrayList(jsonFiles.size()); + jsonFiles.forEach(file -> jsonPaths.add(file.getAbsolutePath())); + Configuration config = new Configuration(new File("target"), "karateTesting"); + ReportBuilder reportBuilder = new ReportBuilder(jsonPaths, config); + reportBuilder.generateReports(); + } +} diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature b/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature new file mode 100644 index 00000000000..523d7208341 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature @@ -0,0 +1,41 @@ + +Feature: Verify KC Link configuration endpoint + + Background:kcLinkUrl + * def mainUrl = kcLinkUrl + + @kc-link-config-get + Scenario: Retrieve KC Link configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + + + @kc-link-config-put + Scenario: Update KC Link configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request response + When method PUT + Then status 200 + And print response + + + @kc-link-config-get-error + Scenario: Retrieve KC Link configuration without bearer token + Given url mainUrl + When method GET + Then status 401 + And print response + + + \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config-jenkins.js b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config-jenkins.js new file mode 100644 index 00000000000..f17ade676db --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config-jenkins.js @@ -0,0 +1,58 @@ +function() { + + var stream = read('classpath:karate_jenkins.properties'); + var props = new java.util.Properties(); + props.load(stream); + + var env = props.get('karate.env'); // get java system property 'karate.env' + karate.configure("ssl", true); + + if (!env) { + env = 'dev'; //env can be anything: dev, qa, staging, etc. + } + + var url = props.get('karate.test.url'); + var port = props.get('karate.test.port'); + var baseUrl = url + (port ? ':' + port : ''); + + karate.log('karate_jenkins env :', env); + karate.log('karate_jenkins url :', url); + karate.log('karate_jenkins port :', port); + karate.log('karate_jenkins baseUrl :', baseUrl); + + var testStream = read('classpath:test.properties'); + var testProps = new java.util.Properties(); + testProps.load(testStream); + karate.log(' testProps = '+testProps); + var testClientId = testProps.get('test.client.id'); + var testClientSecret = testProps.get('test.client.secret'); + var tokenEndpoint = testProps.get('token.endpoint'); + var testScopes = testProps.get('test.scopes'); + var issuer = testProps.get('test.issuer'); + karate.log(' testClientId = '+testClientId); + karate.log(' testClientSecret = '+testClientSecret); + karate.log(' tokenEndpoint = '+tokenEndpoint); + karate.log(' testScopes = '+testScopes); + karate.log(' issuer = '+issuer); + + + var config = { + env: env, + baseUrl: baseUrl, + testProps: testProps, + issuer: issuer, + accessToken: '123', + + kcLinkUrl: baseUrl + '/jans-config-api/kc-link/kc-link-config', + + }; + + karate.configure('connectTimeout', 30000); + karate.configure('readTimeout', 60000); + + var result = karate.callSingle('classpath:token.feature', config); + print(' result.response = '+result.response); + config.accessToken = result.response.access_token; + + return config; +} \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config.js b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config.js new file mode 100644 index 00000000000..41958588071 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate-config.js @@ -0,0 +1,57 @@ +function() { + + var stream = read('classpath:karate.properties'); + var props = new java.util.Properties(); + props.load(stream); + + var env = props.get('karate.env'); // get java system property 'karate.env' + karate.configure("ssl", true); + + if (!env) { + env = 'dev'; //env can be anything: dev, qa, staging, etc. + } + + var url = props.get('karate.test.url'); + var port = props.get('karate.test.port'); + var baseUrl = url + (port ? ':' + port : ''); + + karate.log('karate env :', env); + karate.log('karate url :', url); + karate.log('karate port :', port); + karate.log('karate baseUrl :', baseUrl); + + var testStream = read('classpath:test.properties'); + var testProps = new java.util.Properties(); + testProps.load(testStream); + karate.log(' testProps = '+testProps); + var testClientId = testProps.get('test.client.id'); + var testClientSecret = testProps.get('test.client.secret'); + var tokenEndpoint = testProps.get('token.endpoint'); + var testScopes = testProps.get('test.scopes'); + var issuer = testProps.get('test.issuer'); + karate.log(' testClientId = '+testClientId); + karate.log(' testClientSecret = '+testClientSecret); + karate.log(' tokenEndpoint = '+tokenEndpoint); + karate.log(' testScopes = '+testScopes); + karate.log(' issuer = '+issuer); + + + var config = { + env: env, + baseUrl: baseUrl, + testProps: testProps, + issuer: issuer, + accessToken: '123', + + kcLinkUrl: baseUrl + '/jans-config-api/kc-link/kc-link-config', + }; + + karate.configure('connectTimeout', 30000); + karate.configure('readTimeout', 60000); + + var result = karate.callSingle('classpath:token.feature', config); + print(' result.response = '+result.response); + config.accessToken = result.response.access_token; + + return config; +} \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate.properties b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate.properties new file mode 100644 index 00000000000..41c0d369aff --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate.properties @@ -0,0 +1,5 @@ +#karate.test.url=http://localhost +#karate.test.port=8080 +#karate.test.url=https://jenkins-config-api.gluu.org/jans-config-api +#karate.test.port=443 +karate.test.url=${test.server} diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate_jenkins.properties b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate_jenkins.properties new file mode 100644 index 00000000000..0b44a8d7b13 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/karate_jenkins.properties @@ -0,0 +1,2 @@ +karate.test.url=${test.server} +#karate.test.port=443 diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/logback-test.xml b/jans-config-api/plugins/kc-link-plugin/src/test/resources/logback-test.xml new file mode 100644 index 00000000000..fea195eb039 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/logback-test.xml @@ -0,0 +1,24 @@ + + + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + target/karate.log + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + + + + + + + \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/test.properties b/jans-config-api/plugins/kc-link-plugin/src/test/resources/test.properties new file mode 100644 index 00000000000..4257f297907 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/test.properties @@ -0,0 +1,8 @@ +test.scopes=${test.scopes} + +# Test env Setting +token.endpoint=${token.endpoint} +token.grant.type=${token.grant.type} +test.client.id=${test.client.id} +test.client.secret=${test.client.secret} +test.issuer=${test.issuer} \ No newline at end of file diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/testClient.feature b/jans-config-api/plugins/kc-link-plugin/src/test/resources/testClient.feature new file mode 100644 index 00000000000..34cfdffc438 --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/testClient.feature @@ -0,0 +1,13 @@ +@ignore +Feature: This Feature is to get token to test the test cases + +Background: +* def mainUrl = test_url + +Scenario: Get Token +Given url mainUrl +And print url +And request '' +When method POST +Then status 204 +And print response diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/token.feature b/jans-config-api/plugins/kc-link-plugin/src/test/resources/token.feature new file mode 100644 index 00000000000..ef0ad0d262d --- /dev/null +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/token.feature @@ -0,0 +1,45 @@ +@ignore +Feature: This Feature is to get token to test the test cases - Do not remove ignore tag + +Background: +* def mainUrl = testProps.get('token.endpoint'); +* def grantType = testProps.get('token.grant.type'); +* def clientId = testProps.get('test.client.id'); +* def clientSecret = testProps.get('test.client.secret'); +* def scopes = testProps.get('test.scopes'); +* def authStr = clientId+':'+clientSecret +* def Base64 = Java.type('java.util.Base64') +* def encodedAuth = Base64.encoder.encodeToString(authStr.bytes) +* def encodedScopes = java.net.URLDecoder.decode(scopes, 'UTF-8') + + +Scenario: Get Token +Given url mainUrl +And print 'mainUrl = '+mainUrl +And print 'grantType = '+grantType +And print 'clientId = '+clientId +And print 'clientSecret = '+clientSecret +And print 'scopes = '+scopes +And print 'authStr = '+authStr +And print 'encodedAuth = '+encodedAuth +And print 'encodedScopes = '+encodedScopes +And header Accept = 'application/json' +And header Authorization = 'Basic '+encodedAuth +And form field grant_type = grantType +And form field scope = scopes +When method POST +Then status 200 +And print 'token response = '+response + + + + +#Scenario: Get Token +#Given url 'https://pujavs.jans.server/jans-auth/restv1/token' +#And header Accept = 'application/json' +#And header Authorization = 'Basic MTgwMi45ZGNkOThhZC1mZTJjLTRmZDktYjcxNy1kOTQzNmQ5ZjIwMDk6dGVzdDEyMzQ=' +#And form field grant_type = 'client_credentials' +#And form field scope = 'https://jans.io/oauth/config/openid/clients.readonly' +#When method POST +#Then status 200 +#And print 'token response = '+response diff --git a/jans-config-api/plugins/pom.xml b/jans-config-api/plugins/pom.xml index 65e0db6b244..5d4dba29b18 100644 --- a/jans-config-api/plugins/pom.xml +++ b/jans-config-api/plugins/pom.xml @@ -22,7 +22,8 @@ user-mgt-plugin fido2-plugin kc-saml-plugin - + kc-link-plugin + diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json index 7a447d00146..8d0da16c6f7 100644 --- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json +++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json @@ -2303,7 +2303,9 @@ }, { "httpMethods": [ - "POST","PUT","DELETE" + "POST", + "PUT", + "DELETE" ], "scopes": [ { @@ -2349,7 +2351,9 @@ }, { "httpMethods": [ - "POST","PUT","DELETE" + "POST", + "PUT", + "DELETE" ], "scopes": [ { @@ -2395,7 +2399,9 @@ }, { "httpMethods": [ - "POST","PUT","DELETE" + "POST", + "PUT", + "DELETE" ], "scopes": [ { @@ -2441,7 +2447,9 @@ }, { "httpMethods": [ - "POST","PUT","PATCH" + "POST", + "PUT", + "PATCH" ], "scopes": [ { @@ -2487,7 +2495,10 @@ }, { "httpMethods": [ - "POST","PUT","PATCH","DELETE" + "POST", + "PUT", + "PATCH", + "DELETE" ], "scopes": [ { @@ -2533,7 +2544,10 @@ }, { "httpMethods": [ - "POST","PUT","PATCH","DELETE" + "POST", + "PUT", + "PATCH", + "DELETE" ], "scopes": [ { @@ -2725,7 +2739,7 @@ } ] }, - { + { "path": "/jans-config-api/api/v1/health/app-version", "conditions": [ { @@ -2747,6 +2761,53 @@ ] } ] + }, + { + "path": "/jans-config-api/kc-link/kcLinkConfig", + "conditions": [ + { + "httpMethods": [ + "GET" + ], + "scopes": [ + { + "inum": "1800.01.71", + "name": "https://jans.io/oauth/config/saml-config.readonly" + } + ], + "groupScopes": [ + { + "inum": "1800.01.72", + "name": "https://jans.io/oauth/config/saml-config.write" + } + ], + "superScopes": [ + { + "inum": "1800.03.1", + "name": "https://jans.io/oauth/config/read-all" + } + ] + }, + { + "httpMethods": [ + "PUT", + "PATCH" + ], + "scopes": [ + { + "inum": "1800.01.72", + "name": "https://jans.io/oauth/config/saml-config.write" + } + ], + "groupScopes": [], + "superScopes": [ + { + "inum": "1800.03.2", + "name": "https://jans.io/oauth/config/write-all" + } + ] + } + ] } ] } \ No newline at end of file From cdb8e8ccb09c38305aade9a3f5ee2048c810befe Mon Sep 17 00:00:00 2001 From: pujavs Date: Tue, 20 Feb 2024 20:23:42 +0530 Subject: [PATCH 03/22] feat(config-api): kc link plugin endpoint Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 14 +- .../plugins/docs/kc-link-plugin-swagger.yaml | 274 ++++++++++++++++++ .../plugin/kc/link/util/KcLinkUtil.java | 2 +- 3 files changed, 282 insertions(+), 8 deletions(-) create mode 100644 jans-config-api/plugins/docs/kc-link-plugin-swagger.yaml diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 81bf7e0ac62..c9b88cc0999 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7890,19 +7890,19 @@ components: type: string selected: type: boolean - whitePagesCanView: + adminCanEdit: type: boolean userCanView: type: boolean - userCanEdit: - type: boolean adminCanView: type: boolean - adminCanEdit: + userCanEdit: + type: boolean + adminCanAccess: type: boolean userCanAccess: type: boolean - adminCanAccess: + whitePagesCanView: type: boolean baseDn: type: string @@ -9736,14 +9736,14 @@ components: type: boolean internal: type: boolean - locationPath: - type: string locationType: type: string enum: - ldap - db - file + locationPath: + type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/plugins/docs/kc-link-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-link-plugin-swagger.yaml new file mode 100644 index 00000000000..7e5898c9f56 --- /dev/null +++ b/jans-config-api/plugins/docs/kc-link-plugin-swagger.yaml @@ -0,0 +1,274 @@ +openapi: 3.0.1 +info: + title: Jans Config API - Keycloak Link + contact: + name: Gluu Support + url: https://support.gluu.org + email: xxx@gluu.org + license: + name: Apache 2.0 + url: https://github.com/JanssenProject/jans/blob/main/LICENSE + version: 1.0.0 +servers: +- url: https://jans.io/ + description: The Jans server +tags: +- name: Keycloak Link - Configuration +paths: + /kc-link/kcLinkConfig: + get: + tags: + - KC Link - Configuration + summary: Gets KC Link configuration properties + description: Gets KC Link configuration properties + operationId: get-kc-link-properties + responses: + "200": + description: Ok + content: + application/json: + schema: + $ref: '#/components/schemas/AppConfiguration' + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/kc-link-config.readonly + put: + tags: + - KC Link - Configuration + summary: Update KC Link configuration properties + description: Update KC Link configuration properties + operationId: put-kc-link-properties + requestBody: + description: GluuAttribute object + content: + application/json: + schema: + $ref: '#/components/schemas/AppConfiguration' + examples: + Request example: + description: Request example + value: "" + responses: + "200": + description: Ok + content: + application/json: + schema: + $ref: '#/components/schemas/AppConfiguration' + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/kc-link-config.write + patch: + tags: + - KC Link - Configuration + summary: Partially modifies KC Link configuration properties. + description: Partially modifies KC Link configuration properties. + operationId: patch-kc-link-properties + requestBody: + description: String representing patch-document. + content: + application/json-patch+json: + schema: + type: array + items: + $ref: '#/components/schemas/JsonPatch' + examples: + Request json example: + description: Request json example + value: "" + responses: + "200": + description: Ok + content: + application/json: + schema: + $ref: '#/components/schemas/AppConfiguration' + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/kc-link-config.write +components: + schemas: + AppConfiguration: + type: object + properties: + sourceConfigs: + type: array + items: + $ref: '#/components/schemas/GluuLdapConfiguration' + inumConfig: + $ref: '#/components/schemas/GluuLdapConfiguration' + targetConfig: + $ref: '#/components/schemas/GluuLdapConfiguration' + ldapSearchSizeLimit: + type: integer + format: int32 + keyAttributes: + type: array + items: + type: string + keyObjectClasses: + type: array + items: + type: string + sourceAttributes: + type: array + items: + type: string + customLdapFilter: + type: string + updateMethod: + type: string + defaultInumServer: + type: boolean + keepExternalPerson: + type: boolean + useSearchLimit: + type: boolean + attributeMapping: + type: array + items: + $ref: '#/components/schemas/CacheRefreshAttributeMapping' + snapshotFolder: + type: string + snapshotMaxCount: + type: integer + format: int32 + keycloakConfiguration: + $ref: '#/components/schemas/KeycloakConfiguration' + baseDN: + type: string + personObjectClassTypes: + type: array + items: + type: string + personCustomObjectClass: + type: string + contactObjectClassTypes: + type: array + items: + type: string + allowPersonModification: + type: boolean + supportedUserStatus: + type: array + items: + type: string + loggingLevel: + type: string + loggingLayout: + type: string + externalLoggerConfiguration: + type: string + metricReporterInterval: + type: integer + format: int32 + metricReporterKeepDataDays: + type: integer + format: int32 + metricReporterEnabled: + type: boolean + disableJdkLogger: + type: boolean + cleanServiceInterval: + type: integer + format: int32 + keycloakLinkEnabled: + type: boolean + keycloakLinkServerIpAddress: + type: string + keycloakLinkPollingInterval: + type: string + keycloakLinkLastUpdate: + type: string + format: date-time + keycloakLinkLastUpdateCount: + type: string + keycloakLinkProblemCount: + type: string + useLocalCache: + type: boolean + CacheRefreshAttributeMapping: + type: object + properties: + source: + type: string + destination: + type: string + GluuLdapConfiguration: + type: object + properties: + configId: + type: string + bindDN: + type: string + bindPassword: + type: string + servers: + type: array + items: + type: string + maxConnections: + type: integer + format: int32 + useSSL: + type: boolean + baseDNs: + type: array + items: + type: string + primaryKey: + type: string + localPrimaryKey: + type: string + useAnonymousBind: + type: boolean + enabled: + type: boolean + version: + type: integer + format: int32 + level: + type: integer + format: int32 + KeycloakConfiguration: + type: object + properties: + serverUrl: + type: string + realm: + type: string + clientId: + type: string + clientSecret: + type: string + grantType: + type: string + username: + type: string + password: + type: string + JsonPatch: + type: object + securitySchemes: + oauth2: + type: oauth2 + flows: + clientCredentials: + tokenUrl: "https://{op-hostname}/.../token" + scopes: + https://jans.io/oauth/kc-link-config.readonly: View Keycloak Link configuration + related information + https://jans.io/oauth/kc-link-config.write: Manage Keycloak Link configuration + related information diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java index f9ae90f4f27..02c3b805533 100644 --- a/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java +++ b/jans-config-api/plugins/kc-link-plugin/src/main/java/io/jans/configapi/plugin/kc/link/util/KcLinkUtil.java @@ -27,7 +27,7 @@ public class KcLinkUtil { public Map getProperties() { logger.debug(" KcLinkUtil - kcLinkConfigSource.getProperties():{}", kcLinkConfigSource.getProperties()); - return KcLinkConfigSource.getProperties(); + return kcLinkConfigSource.getProperties(); } public Set getPropertyNames() { From 647cfe2dc1d5cea66bac941752c40d6115556447 Mon Sep 17 00:00:00 2001 From: pujavs Date: Tue, 20 Feb 2024 21:46:41 +0530 Subject: [PATCH 04/22] feat(config-api): kc link plugin endpoint Signed-off-by: pujavs --- .../plugin/saml/model/TrustRelationship.java | 3 --- .../jans_setup/schema/jans_schema.json | 25 +++++++++---------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java index 01a8c170930..2a9978c0300 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java @@ -135,9 +135,6 @@ public class TrustRelationship extends Entry implements Serializable { @AttributeName(name = "jansMetaLocation") private String metaLocation; - @AttributeName(name = "jansEntityId") - private List jansEntityId; - @AttributeName(name = "jansReleasedAttr") private List releasedAttributes; diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json index 0669184fc6e..cbed32cf8d5 100644 --- a/jans-linux-setup/jans_setup/schema/jans_schema.json +++ b/jans-linux-setup/jans_setup/schema/jans_schema.json @@ -5010,22 +5010,21 @@ "jansRedirectURI", "jansWebOrigins", "consentRequired", - "nameIDPolicyFormat", - "entityId", - "singleLogoutServiceUrl", + "nameIDPolicyFormat", + "entityId", + "singleLogoutServiceUrl", "jansSAMLMetaDataFilter", "jansSAMLspMetaDataSourceTyp", "jansSAMLspMetaDataFN", "jansSAMLspMetaDataURL", "jansMetaLocation", "jansIsFed", - "jansEntityId", "jansEntityTyp", "jansProfileConf", "jansReleasedAttr", "url", "jansPostLogoutRedirectURI", - "protocol", + "protocol", "jansStatus", "jansValidationStatus", "jansValidationLog" @@ -5052,14 +5051,14 @@ "description", "realm", "jansEnabled", - "providerId", - "signingCertificate", - "validateSignature", - "singleLogoutServiceUrl", - "nameIDPolicyFormat", - "entityId", - "singleSignOnServiceUrl", - "encryptionPublicKey", + "providerId", + "signingCertificate", + "validateSignature", + "singleLogoutServiceUrl", + "nameIDPolicyFormat", + "entityId", + "singleSignOnServiceUrl", + "encryptionPublicKey", "trustEmail", "storeToken", "addReadTokenRoleOnCreate", From 7bbf44d766aa879efd386355e29e6ac8ec9b7df9 Mon Sep 17 00:00:00 2001 From: pujavs Date: Tue, 20 Feb 2024 22:58:03 +0530 Subject: [PATCH 05/22] feat(config-api): saml plugin changes Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 +++++++++--------- .../plugins/docs/kc-saml-plugin-swagger.yaml | 4 ---- .../src/main/assembly/assembly.xml | 6 +----- .../plugin/saml/model/TrustRelationship.java | 18 ++++-------------- 4 files changed, 14 insertions(+), 32 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index c9b88cc0999..d60e1364af3 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7888,21 +7888,21 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string + whitePagesCanView: + type: boolean selected: type: boolean adminCanEdit: type: boolean - userCanView: - type: boolean adminCanView: type: boolean - userCanEdit: + userCanView: type: boolean - adminCanAccess: + userCanEdit: type: boolean userCanAccess: type: boolean - whitePagesCanView: + adminCanAccess: type: boolean baseDn: type: string @@ -8716,8 +8716,6 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' - fapi: - type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8727,6 +8725,8 @@ components: - code - token - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn @@ -10172,10 +10172,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml index cac8ad04ede..a668b352de6 100644 --- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml @@ -1075,10 +1075,6 @@ components: type: string metaLocation: type: string - jansEntityId: - type: array - items: - type: string releasedAttributes: type: array items: diff --git a/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml b/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml index 3e8ca0c335c..691b7c57b9f 100644 --- a/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml +++ b/jans-config-api/plugins/kc-link-plugin/src/main/assembly/assembly.xml @@ -15,11 +15,7 @@ io.jans:jans-keycloak-link-model io.jans:jans-link-model - org.jboss.resteasy:resteasy-multipart-provider - org.apache.james:apache-mime4j-dom - org.apache.james:apache-mime4j-storage - org.apache.james:apache-mime4j-core - + runtime diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java index 2a9978c0300..974c72bf8a9 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java @@ -341,14 +341,6 @@ public void setMetaLocation(String metaLocation) { this.metaLocation = metaLocation; } - public List getJansEntityId() { - return jansEntityId; - } - - public void setJansEntityId(List jansEntityId) { - this.jansEntityId = jansEntityId; - } - public List getReleasedAttributes() { return releasedAttributes; } @@ -416,7 +408,6 @@ public int compare(TrustRelationship first, TrustRelationship second) { public static void sortByDataSourceType(List trustRelationships) { Collections.sort(trustRelationships, new SortByDatasourceTypeComparator()); } - @Override public String toString() { @@ -429,10 +420,9 @@ public String toString() { + spMetaDataSourceType + ", nameIDPolicyFormat=" + nameIDPolicyFormat + ", entityId=" + entityId + ", singleLogoutServiceUrl=" + singleLogoutServiceUrl + ", redirectUris=" + Arrays.toString(redirectUris) + ", spMetaDataFN=" + spMetaDataFN + ", spMetaDataURL=" + spMetaDataURL - + ", metaLocation=" + metaLocation + ", jansEntityId=" + jansEntityId + ", releasedAttributes=" - + releasedAttributes + ", url=" + url + ", spLogoutURL=" + spLogoutURL + ", status=" + status - + ", validationStatus=" + validationStatus + ", validationLog=" + validationLog - + ", profileConfigurations=" + profileConfigurations + "]"; + + ", metaLocation=" + metaLocation + ", releasedAttributes=" + releasedAttributes + ", url=" + url + + ", spLogoutURL=" + spLogoutURL + ", status=" + status + ", validationStatus=" + validationStatus + + ", validationLog=" + validationLog + ", profileConfigurations=" + profileConfigurations + "]"; } - + } From e7c304a5aa239e253bfe57e8db2cf49dae7b8c0a Mon Sep 17 00:00:00 2001 From: pujavs Date: Wed, 21 Feb 2024 00:02:22 +0530 Subject: [PATCH 06/22] feat(config-api): kc plugin changes Signed-off-by: pujavs --- .../src/test/resources/feature/kc-link/kc-link-config.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature b/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature index 523d7208341..dd837aaa6ff 100644 --- a/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature +++ b/jans-config-api/plugins/kc-link-plugin/src/test/resources/feature/kc-link/kc-link-config.feature @@ -1,4 +1,4 @@ - +@ignore Feature: Verify KC Link configuration endpoint Background:kcLinkUrl From 7c5aa621bb055385de59e4ce782cab064f02885e Mon Sep 17 00:00:00 2001 From: pujavs Date: Wed, 21 Feb 2024 18:31:34 +0530 Subject: [PATCH 07/22] feat(config-api): saml plugin changes for metadata elements Signed-off-by: pujavs --- .../configuration/ApiAppConfiguration.java | 31 +- .../docs/jans-config-api-swagger.yaml | 20 +- .../plugins/docs/kc-saml-plugin-swagger.yaml | 17 +- .../plugin/saml/model/SAMLMetadata.java | 55 +++ .../plugin/saml/model/TrustRelationship.java | 42 +- .../saml/rest/TrustRelationshipResource.java | 50 ++- .../plugin/saml/service/SamlService.java | 10 + .../resource/auth/AttributesResource.java | 7 +- .../service/auth/AttributeService.java | 18 +- .../configapi/core/rest/BaseResource.java | 2 +- .../jans_setup/schema/jans_schema.json | 363 +++++++++--------- .../jans-config-api/dynamic-conf.json | 6 + 12 files changed, 370 insertions(+), 251 deletions(-) create mode 100644 jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java index e5d433ac194..b8c0ecf38d2 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java @@ -10,6 +10,7 @@ public class ApiAppConfiguration implements Configuration { private boolean configOauthEnabled; + private boolean customAttributeValidationEnabled; private List apiApprovedIssuer; private String apiProtectionType; private String apiClientId; @@ -48,6 +49,14 @@ public void setConfigOauthEnabled(boolean configOauthEnabled) { this.configOauthEnabled = configOauthEnabled; } + public boolean isCustomAttributeValidationEnabled() { + return customAttributeValidationEnabled; + } + + public void setCustomAttributeValidationEnabled(boolean customAttributeValidationEnabled) { + this.customAttributeValidationEnabled = customAttributeValidationEnabled; + } + public List getApiApprovedIssuer() { return apiApprovedIssuer; } @@ -260,24 +269,20 @@ public void setPlugins(List plugins) { @Override public String toString() { - return "ApiAppConfiguration [" + " apiApprovedIssuer=" + apiApprovedIssuer + ", apiProtectionType=" + return "ApiAppConfiguration [configOauthEnabled=" + configOauthEnabled + ", customAttributeValidationEnabled=" + + customAttributeValidationEnabled + ", apiApprovedIssuer=" + apiApprovedIssuer + ", apiProtectionType=" + apiProtectionType + ", apiClientId=" + apiClientId + ", apiClientPassword=" + apiClientPassword + ", endpointInjectionEnabled=" + endpointInjectionEnabled + ", authIssuerUrl=" + authIssuerUrl + ", authOpenidConfigurationUrl=" + authOpenidConfigurationUrl + ", authOpenidIntrospectionUrl=" + authOpenidIntrospectionUrl + ", authOpenidTokenUrl=" + authOpenidTokenUrl + ", authOpenidRevokeUrl=" - + authOpenidRevokeUrl + ", smallryeHealthRootPath=" + smallryeHealthRootPath - + ", corsConfigurationFilters=" + corsConfigurationFilters + ", exclusiveAuthScopes=" - + exclusiveAuthScopes + ", loggingLevel=" + loggingLevel + " , loggingLayout=" + loggingLayout - + " , externalLoggerConfiguration=" + externalLoggerConfiguration + " , disableJdkLogger=" - + disableJdkLogger + " , maxCount =" + maxCount - + " , userExclusionAttributes="+ userExclusionAttributes - + " , userMandatoryAttributes="+ userMandatoryAttributes - + " , agamaConfiguration="+ agamaConfiguration - + " , auditLogConf="+ auditLogConf - + " , dataFormatConversionConf="+ dataFormatConversionConf - + " , plugins="+ plugins + + authOpenidRevokeUrl + ", smallryeHealthRootPath=" + smallryeHealthRootPath + ", exclusiveAuthScopes=" + + exclusiveAuthScopes + ", corsConfigurationFilters=" + corsConfigurationFilters + ", loggingLevel=" + + loggingLevel + ", loggingLayout=" + loggingLayout + ", externalLoggerConfiguration=" + + externalLoggerConfiguration + ", disableJdkLogger=" + disableJdkLogger + ", maxCount=" + maxCount + + ", userExclusionAttributes=" + userExclusionAttributes + ", userMandatoryAttributes=" + + userMandatoryAttributes + ", agamaConfiguration=" + agamaConfiguration + ", auditLogConf=" + + auditLogConf + ", dataFormatConversionConf=" + dataFormatConversionConf + ", plugins=" + plugins + "]"; } - } diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index d60e1364af3..797900cad5a 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -686,6 +686,8 @@ paths: } "401": description: Unauthorized + "406": + description: NotAcceptable "500": description: InternalServerError security: @@ -772,8 +774,12 @@ paths: ], "whitePagesCanView": false } + "400": + description: BadRequest "401": description: Unauthorized + "406": + description: NotAcceptable "500": description: InternalServerError security: @@ -7888,17 +7894,17 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - whitePagesCanView: - type: boolean selected: type: boolean - adminCanEdit: + whitePagesCanView: + type: boolean + userCanEdit: type: boolean adminCanView: type: boolean userCanView: type: boolean - userCanEdit: + adminCanEdit: type: boolean userCanAccess: type: boolean @@ -8716,6 +8722,8 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' + fapi: + type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8725,8 +8733,6 @@ components: - code - token - id_token - fapi: - type: boolean AuthenticationFilter: required: - baseDn @@ -9520,6 +9526,8 @@ components: properties: configOauthEnabled: type: boolean + customAttributeValidationEnabled: + type: boolean apiApprovedIssuer: type: array items: diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml index a668b352de6..d708bd06052 100644 --- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml @@ -1007,6 +1007,15 @@ components: type: string signResponses: type: string + SAMLMetadata: + type: object + properties: + nameIDPolicyFormat: + type: string + entityId: + type: string + singleLogoutServiceUrl: + type: string TrustRelationship: required: - clientId @@ -1061,12 +1070,8 @@ components: - federation - manual - mdq - nameIDPolicyFormat: - type: string - entityId: - type: string - singleLogoutServiceUrl: - type: string + samlMetadata: + $ref: '#/components/schemas/SAMLMetadata' redirectUris: type: array items: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java new file mode 100644 index 00000000000..f6fc946a6a0 --- /dev/null +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java @@ -0,0 +1,55 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.plugin.saml.model; + + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +import java.io.Serializable; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class SAMLMetadata implements Serializable { + + private static final long serialVersionUID = 1L; + private String nameIDPolicyFormat; + private String entityId; + private String singleLogoutServiceUrl; + + public String getNameIDPolicyFormat() { + return nameIDPolicyFormat; + } + + public void setNameIDPolicyFormat(String nameIDPolicyFormat) { + this.nameIDPolicyFormat = nameIDPolicyFormat; + } + + public String getEntityId() { + return entityId; + } + + public void setEntityId(String entityId) { + this.entityId = entityId; + } + + public String getSingleLogoutServiceUrl() { + return singleLogoutServiceUrl; + } + + public void setSingleLogoutServiceUrl(String singleLogoutServiceUrl) { + this.singleLogoutServiceUrl = singleLogoutServiceUrl; + } + + @Override + public String toString() { + return "SPMetadata [nameIDPolicyFormat=" + nameIDPolicyFormat + ", entityId=" + entityId + + ", singleLogoutServiceUrl=" + singleLogoutServiceUrl + "]"; + } + + +} diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java index 974c72bf8a9..7e409c7c13e 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java @@ -12,6 +12,7 @@ import io.jans.model.GluuStatus; import io.jans.orm.annotation.AttributeName; import io.jans.orm.annotation.DataEntry; +import io.jans.orm.annotation.JsonObject; import io.jans.orm.annotation.ObjectClass; import io.jans.orm.model.base.Entry; import io.swagger.v3.oas.annotations.Hidden; @@ -30,7 +31,7 @@ @DataEntry(sortBy = { "displayName" }) -@ObjectClass(value = "jansSAMLconfig") +@ObjectClass(value = "jansTrustRelationship") @JsonInclude(JsonInclude.Include.NON_NULL) public class TrustRelationship extends Entry implements Serializable { @@ -110,14 +111,9 @@ public class TrustRelationship extends Entry implements Serializable { @AttributeName(name = "jansSAMLspMetaDataSourceTyp") private MetadataSourceType spMetaDataSourceType; - @AttributeName(name = "nameIDPolicyFormat") - private String nameIDPolicyFormat; - - @AttributeName(name = "entityId") - private String entityId; - - @AttributeName(name = "singleLogoutServiceUrl") - private String singleLogoutServiceUrl; + @JsonObject + @AttributeName(name = "samlMetadata") + private SAMLMetadata samlMetadata; @AttributeName(name = "jansRedirectURI") private String[] redirectUris; @@ -285,28 +281,12 @@ public void setSpMetaDataSourceType(MetadataSourceType spMetaDataSourceType) { this.spMetaDataSourceType = spMetaDataSourceType; } - public String getNameIDPolicyFormat() { - return nameIDPolicyFormat; - } - - public void setNameIDPolicyFormat(String nameIDPolicyFormat) { - this.nameIDPolicyFormat = nameIDPolicyFormat; - } - - public String getEntityId() { - return entityId; - } - - public void setEntityId(String entityId) { - this.entityId = entityId; - } - - public String getSingleLogoutServiceUrl() { - return singleLogoutServiceUrl; + public SAMLMetadata getSamlMetadata() { + return samlMetadata; } - public void setSingleLogoutServiceUrl(String singleLogoutServiceUrl) { - this.singleLogoutServiceUrl = singleLogoutServiceUrl; + public void setSamlMetadata(SAMLMetadata samlMetadata) { + this.samlMetadata = samlMetadata; } public String[] getRedirectUris() { @@ -417,12 +397,10 @@ public String toString() { + ", alwaysDisplayInConsole=" + alwaysDisplayInConsole + ", clientAuthenticatorType=" + clientAuthenticatorType + ", secret=" + secret + ", registrationAccessToken=" + registrationAccessToken + ", consentRequired=" + consentRequired + ", spMetaDataSourceType=" - + spMetaDataSourceType + ", nameIDPolicyFormat=" + nameIDPolicyFormat + ", entityId=" + entityId - + ", singleLogoutServiceUrl=" + singleLogoutServiceUrl + ", redirectUris=" + + spMetaDataSourceType + ", samlMetadata=" + samlMetadata + ", redirectUris=" + Arrays.toString(redirectUris) + ", spMetaDataFN=" + spMetaDataFN + ", spMetaDataURL=" + spMetaDataURL + ", metaLocation=" + metaLocation + ", releasedAttributes=" + releasedAttributes + ", url=" + url + ", spLogoutURL=" + spLogoutURL + ", status=" + status + ", validationStatus=" + validationStatus + ", validationLog=" + validationLog + ", profileConfigurations=" + profileConfigurations + "]"; } - } diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java index e897150dc36..69a6df1c93c 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java @@ -6,6 +6,7 @@ import io.jans.configapi.core.rest.BaseResource; import io.jans.configapi.core.rest.ProtectedApi; import io.jans.configapi.plugin.saml.util.Constants; +import io.jans.configapi.util.AttributeNames; import io.jans.configapi.plugin.saml.service.SamlService; import io.swagger.v3.oas.annotations.Operation; @@ -40,7 +41,9 @@ public class TrustRelationshipResource extends BaseResource { private static final String SAML_TRUST_RELATIONSHIP = "Trust Relationship"; private static final String SAML_TRUST_RELATIONSHIP_FORM = "Trust Relationship From"; private static final String SAML_TRUST_RELATIONSHIP_CHECK_STR = "Trust Relationship identified by '"; - + private static final String NAME_CONFLICT = "NAME_CONFLICT"; + private static final String NAME_CONFLICT_MSG = "Trust Relationship with same name %s already exists!"; + @Inject Logger logger; @@ -105,7 +108,17 @@ public Response createTrustRelationshipWithFile(@MultipartForm TrustRelationship TrustRelationship trustRelationship = trustRelationshipForm.getTrustRelationship(); logger.debug(" Create trustRelationship:{} ", trustRelationship); - checkResourceNotNull(trustRelationshipForm.getTrustRelationship(), SAML_TRUST_RELATIONSHIP); + + //validation + checkResourceNotNull(trustRelationship, SAML_TRUST_RELATIONSHIP); + checkNotNull(trustRelationship.getClientId(), "Client Id"); + + // check if TrustRelationship with same name already exists + List existingTrustRelationship = samlService.getAllTrustRelationshipByName(trustRelationship.getClientId()); + logger.debug(" existingTrustRelationship:{} ", existingTrustRelationship); + if (existingTrustRelationship != null && !existingTrustRelationship.isEmpty()) { + throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getClientId())); + } InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); logger.debug(" Create metaDataFile:{} ", metaDataFile); @@ -143,15 +156,13 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru TrustRelationship trustRelationship = trustRelationshipForm.getTrustRelationship(); logger.debug(" Create trustRelationship:{} ", trustRelationship); - checkResourceNotNull(trustRelationshipForm.getTrustRelationship(), SAML_TRUST_RELATIONSHIP); - - InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); - logger.debug(" Create metaDataFile:{} ", metaDataFile); - if (metaDataFile != null) { - logger.debug(" Create metaDataFile.available():{}", metaDataFile.available()); - } - - // validation of TrustRelationship + + //validation + checkResourceNotNull(trustRelationship, SAML_TRUST_RELATIONSHIP); + checkNotNull(trustRelationship.getClientId(), "ClientId"); + checkNotNull(trustRelationship.getInum(), AttributeNames.INUM); + + // check if TrustRelationship exists TrustRelationship existingTrustRelationship = samlService .getTrustRelationshipByInum(trustRelationship.getInum()); logger.info("TrustRelationship found by trustRelationship.getInum():{}, existingTrustRelationship:{}", @@ -159,6 +170,23 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru checkResourceNotNull(existingTrustRelationship, SAML_TRUST_RELATIONSHIP_CHECK_STR + trustRelationship.getInum() + "'"); + // check if another TrustRelationship with same name already exists + final String inum = trustRelationship.getInum(); + List trustRelationshipList = samlService.getAllTrustRelationshipByName(trustRelationship.getClientId()); + logger.info(" trustRelationshipList:{} ", trustRelationshipList); + if (trustRelationshipList != null && !trustRelationshipList.isEmpty()) { + boolean flag = trustRelationshipList.stream().anyMatch(e -> e.getInum() != inum); + logger.info("Another TrustRelationship with same clientID:{}, exists:{}", trustRelationship.getClientId(), flag); + throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getClientId())); + } + + InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); + logger.debug(" Create metaDataFile:{} ", metaDataFile); + if (metaDataFile != null) { + logger.debug(" Create metaDataFile.available():{}", metaDataFile.available()); + } + + // Update trustRelationship = samlService.updateTrustRelationship(trustRelationship); diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index 196d6c47933..a2b4fd9c01f 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -126,6 +126,16 @@ public List getAllTrustRelationshipByName(String name) { return persistenceEntryManager.findEntries(getDnForTrustRelationship(null), TrustRelationship.class, displayNameFilter); } + + public List getAllTrustRelationshipByClientId(String clientId) { + log.info("Search TrustRelationship with clientId:{}", clientId); + + String[] targetArray = new String[] { clientId }; + Filter filter = Filter.createEqualityFilter("jansClntId", targetArray); + log.debug("Search TrustRelationship with filter:{}", filter); + return persistenceEntryManager.findEntries(getDnForTrustRelationship(null), TrustRelationship.class, + filter); + } public TrustRelationship getTrustContainerFederation(TrustRelationship trustRelationship) { return getRelationshipByDn(trustRelationship.getDn()); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java index c16a78b7e63..9bf61fde9d2 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java @@ -116,7 +116,9 @@ public Response getAttributeByInum(@Parameter(description = "Attribute Id") @Pat @RequestBody(description = "JansAttribute object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = JansAttribute.class), examples = @ExampleObject(name = "Request example", value = "example/attribute/attribute.json"))) @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = JansAttribute.class), examples = @ExampleObject(name = "Response example", value = "example/attribute/attribute.json"))), + @ApiResponse(responseCode = "400", description = "BadRequest"), @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "406", description = "NotAcceptable"), @ApiResponse(responseCode = "500", description = "InternalServerError") }) @POST @ProtectedApi(scopes = { ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS }, groupScopes = {}, superScopes = { @@ -129,7 +131,7 @@ public Response createAttribute(@Valid JansAttribute attribute) { // check if attribute exists in schema boolean attributeValidation = attributeService.validateAttributeDefinition(attribute.getName()); - log.debug("Validate attribute while creation - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); + log.info("Validate attribute while creation - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); if (!attributeValidation) { throw new WebApplicationException(getNotAcceptableException("The attribute type '" + attribute.getName() + "' not defined in DB schema")); } @@ -150,6 +152,7 @@ public Response createAttribute(@Valid JansAttribute attribute) { @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = JansAttribute.class), examples = @ExampleObject(name = "Response example", value = "example/attribute/attribute.json"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "406", description = "NotAcceptable"), @ApiResponse(responseCode = "500", description = "InternalServerError") }) @PUT @ProtectedApi(scopes = { ApiAccessConstants.ATTRIBUTES_WRITE_ACCESS }, groupScopes = {}, superScopes = { @@ -164,7 +167,7 @@ public Response updateAttribute(@Valid JansAttribute attribute) { // check if attribute exists in schema boolean attributeValidation = attributeService.validateAttributeDefinition(attribute.getName()); - log.debug("Validate attribute - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); + log.info("Validate attribute - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); if (!attributeValidation) { throw new WebApplicationException(getNotAcceptableException( "The attribute type '" + attribute.getName() + "' not defined in DB schema")); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java index 1cb200bd703..43b061d0e2b 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java @@ -4,10 +4,11 @@ import static io.jans.as.model.util.Util.escapeLog; import io.jans.as.common.model.common.SimpleUser; import io.jans.as.common.util.AttributeConstants; -import io.jans.orm.model.AttributeType; +import io.jans.configapi.model.configuration.ApiAppConfiguration; import io.jans.configapi.util.ApiConstants; import io.jans.model.JansAttribute; import io.jans.model.SearchRequest; +import io.jans.orm.model.AttributeType; import io.jans.orm.model.PagedResult; import io.jans.orm.model.SortOrder; import io.jans.orm.search.filter.Filter; @@ -26,6 +27,9 @@ public class AttributeService extends io.jans.as.common.service.AttributeService private static final long serialVersionUID = -820393743995746612L; + @Inject + private ApiAppConfiguration appConfiguration; + @Inject transient ConfigurationService configurationService; @@ -111,11 +115,19 @@ public JansAttribute getAttributeUsingName(String claimName) { } public boolean validateAttributeDefinition(String attributeName) { - log.info(" Validate attributeName:{}, getPersistenceType():{}", attributeName, getPersistenceType()); + log.info(" Validate attributeName:{}, getPersistenceType():{}, appConfiguration:{}", attributeName, getPersistenceType(), appConfiguration); boolean isValidAttribute = false; try { + + //return if isCustomAttributeValidationEnabled not enabled + if(appConfiguration!=null && !appConfiguration.isCustomAttributeValidationEnabled()) { + return true; + } + + log.info(" attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, SimpleUser.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, + attributeName)); AttributeType attributeType = persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, - "uid"); + attributeName); log.info(" attributeName:{}, attributeType():{}", attributeName, attributeType); if (attributeType != null) { diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java index 578dbebb98a..32627bcfcdc 100644 --- a/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java @@ -76,7 +76,7 @@ public static void checkResourceNotNull(T resource, String objectName) { } public static void checkNotNull(String attribute, String attributeName) { - if (attribute == null) { + if (StringUtils.isBlank(attribute)) { throw new BadRequestException(getMissingAttributeError(attributeName)); } } diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json index cbed32cf8d5..37c145eb0a1 100644 --- a/jans-linux-setup/jans_setup/schema/jans_schema.json +++ b/jans-linux-setup/jans_setup/schema/jans_schema.json @@ -3485,15 +3485,15 @@ "x_origin": "Jans created attribute" }, { - "desc": "SAML Trust Relationship file location of metadata", - "equality": "caseIgnoreMatch", - "names": [ - "jansSAMLspMetaDataFN" - ], - "oid": "jansAttr", - "substr": "caseIgnoreSubstringsMatch", - "syntax": "1.3.6.1.4.1.1466.115.121.1.15", - "x_origin": "Jans created attribute" + "desc": "SAML Trust Relationship file location of metadata", + "equality": "caseIgnoreMatch", + "names": [ + "jansSAMLspMetaDataFN" + ], + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" }, { "desc": "Provider Id", @@ -3590,15 +3590,15 @@ "x_origin": "Jans created attribute" }, { - "desc": "SAML Trusted IDP file location of metadata", - "equality": "caseIgnoreMatch", - "names": [ - "jansSAMLidpMetaDataFN" - ], - "oid": "jansAttr", - "substr": "caseIgnoreSubstringsMatch", - "syntax": "1.3.6.1.4.1.1466.115.121.1.15", - "x_origin": "Jans created attribute" + "desc": "SAML Trusted IDP file location of metadata", + "equality": "caseIgnoreMatch", + "names": [ + "jansSAMLidpMetaDataFN" + ], + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" }, { "desc": "SAML Trusted IDP URI location of metadata", @@ -3643,140 +3643,151 @@ "syntax": "1.3.6.1.4.1.1466.115.121.1.15", "x_origin": "Jans created attribute" }, - { - "desc":"signingCertificate", - "equality":"caseIgnoreMatch", - "names":[ + { + "desc": "signingCertificate", + "equality": "caseIgnoreMatch", + "names": [ "signingCertificate" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"validateSignature", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "validateSignature", + "equality": "caseIgnoreMatch", + "names": [ "validateSignature" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"singleLogoutServiceUrl", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "singleLogoutServiceUrl", + "equality": "caseIgnoreMatch", + "names": [ "singleLogoutServiceUrl" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"nameIDPolicyFormat", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "nameIDPolicyFormat", + "equality": "caseIgnoreMatch", + "names": [ "nameIDPolicyFormat" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"entityId", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "entityId", + "equality": "caseIgnoreMatch", + "names": [ "entityId" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"singleSignOnServiceUrl", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "singleSignOnServiceUrl", + "equality": "caseIgnoreMatch", + "names": [ "singleSignOnServiceUrl" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"encryptionPublicKey", - "equality":"caseIgnoreMatch", - "names":[ - "encryptionPublicKey" - ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, -{ - "desc":"Webhook identifier", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "encryptionPublicKey", + "equality": "caseIgnoreMatch", + "names": [ + "encryptionPublicKey" + ], + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "Webhook identifier", + "equality": "caseIgnoreMatch", + "names": [ "webhookId" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"HTTP request method", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "HTTP request method", + "equality": "caseIgnoreMatch", + "names": [ "httpMethod" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"HTTP request headers", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "HTTP request headers", + "equality": "caseIgnoreMatch", + "names": [ "httpHeaders" ], "multivalued": true, - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"HTTP request body", - "equality":"caseIgnoreMatch", - "names":[ + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "HTTP request body", + "equality": "caseIgnoreMatch", + "names": [ "httpRequestBody" ], - "oid":"jansAttr", + "oid": "jansAttr", "json": true, - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - }, - { - "desc":"Admin UI feature identifier", - "equality":"caseIgnoreMatch", - "names":[ + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "Admin UI feature identifier", + "equality": "caseIgnoreMatch", + "names": [ "auiFeatureId" ], - "oid":"jansAttr", - "substr":"caseIgnoreSubstringsMatch", - "syntax":"1.3.6.1.4.1.1466.115.121.1.15", - "x_origin":"Jans created attribute" - } + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "SAML Metadata", + "equality": "caseIgnoreMatch", + "names": [ + "samlMetadata" + ], + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + } ], "objectClasses": [ { @@ -5010,9 +5021,7 @@ "jansRedirectURI", "jansWebOrigins", "consentRequired", - "nameIDPolicyFormat", - "entityId", - "singleLogoutServiceUrl", + "samlMetadata", "jansSAMLMetaDataFilter", "jansSAMLspMetaDataSourceTyp", "jansSAMLspMetaDataFN", @@ -5033,7 +5042,7 @@ "objectclass" ], "names": [ - "jansSAMLconfig" + "jansTrustRelationship" ], "oid": "jansObjClass", "sup": [ @@ -5089,50 +5098,50 @@ ], "x_origin": "Jans created objectclass" }, -{ - "kind": "STRUCTURAL", - "may": [ - "auiFeatureId", - "displayName", - "jansScope", - "webhookId" - ], - "must": [ - "objectclass" - ], - "names": [ - "auiFeatures" - ], - "oid": "jansObjClass", - "sup": [ - "top" - ], - "x_origin": "Jans created objectclass" - }, - { - "kind": "STRUCTURAL", - "may": [ - "webhookId", - "displayName", - "description", - "url", - "httpMethod", - "httpRequestBody", - "jansEnabled", - "httpHeaders" - ], - "must": [ - "objectclass" - ], - "names": [ - "auiWebhooks" - ], - "oid": "jansObjClass", - "sup": [ - "top" - ], - "x_origin": "Jans created objectclass" - } + { + "kind": "STRUCTURAL", + "may": [ + "auiFeatureId", + "displayName", + "jansScope", + "webhookId" + ], + "must": [ + "objectclass" + ], + "names": [ + "auiFeatures" + ], + "oid": "jansObjClass", + "sup": [ + "top" + ], + "x_origin": "Jans created objectclass" + }, + { + "kind": "STRUCTURAL", + "may": [ + "webhookId", + "displayName", + "description", + "url", + "httpMethod", + "httpRequestBody", + "jansEnabled", + "httpHeaders" + ], + "must": [ + "objectclass" + ], + "names": [ + "auiWebhooks" + ], + "oid": "jansObjClass", + "sup": [ + "top" + ], + "x_origin": "Jans created objectclass" + } ], "oidMacros": { "jansAttr": "jansPublished:3", @@ -5143,4 +5152,4 @@ "jansReserved": "jansOrgOID:0", "jansSyntax": "jansPublished:1" } -} +} \ No newline at end of file diff --git a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json index 2f0f17fb8c7..de23ec6b86d 100644 --- a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json +++ b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json @@ -1,5 +1,6 @@ { "configOauthEnabled": ${configOauthEnabled}, + "customAttributeValidationEnabled": true, "apiApprovedIssuer": ["${apiApprovedIssuer}"], "apiProtectionType": "${apiProtectionType}", "apiClientId": "${jca_client_id}", @@ -97,6 +98,11 @@ "name": "saml", "description": "saml plugin", "className": "io.jans.configapi.plugin.saml.rest.ApiApplication" + }, + { + "name": "kc-link", + "description": "kc-link plugin", + "className": "io.jans.configapi.plugin.kc.link.rest.ApiApplication" } ] From bd6e171fedeb0e17959edf1e8c40e4694927ebc9 Mon Sep 17 00:00:00 2001 From: pujavs Date: Wed, 21 Feb 2024 22:19:52 +0530 Subject: [PATCH 08/22] feat(config-api): resolved merge conflict Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 28 ++++++------------- .../plugins/docs/kc-saml-plugin-swagger.yaml | 4 +-- .../plugin/saml/model/TrustRelationship.java | 19 +++++++------ .../saml/rest/TrustRelationshipResource.java | 16 +++++------ .../plugin/saml/service/SamlService.java | 21 +++++++------- .../jans_setup/schema/jans_schema.json | 2 +- 6 files changed, 39 insertions(+), 51 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 1f94af53061..34cdc8eea58 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7894,34 +7894,22 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - whitePagesCanView: - type: boolean -<<<<<<< HEAD -======= selected: type: boolean - adminCanEdit: - type: boolean - adminCanView: - type: boolean userCanView: type: boolean ->>>>>>> f8442579cb0e7c8983310dce872b0d2eac736170 userCanEdit: type: boolean - userCanAccess: - type: boolean - userCanView: + adminCanView: type: boolean adminCanEdit: type: boolean -<<<<<<< HEAD + adminCanAccess: + type: boolean userCanAccess: type: boolean - adminCanAccess: + whitePagesCanView: type: boolean -======= ->>>>>>> f8442579cb0e7c8983310dce872b0d2eac736170 baseDn: type: string PatchRequest: @@ -8734,6 +8722,8 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' + fapi: + type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8743,8 +8733,6 @@ components: - code - token - id_token - fapi: - type: boolean AuthenticationFilter: required: - baseDn @@ -10192,10 +10180,10 @@ components: ttl: type: integer format: int32 - opbrowserState: - type: string persisted: type: boolean + opbrowserState: + type: string SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml index d708bd06052..d986ae87191 100644 --- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml @@ -1018,9 +1018,9 @@ components: type: string TrustRelationship: required: - - clientId - description - displayName + - name - spMetaDataSourceType type: object properties: @@ -1030,7 +1030,7 @@ components: type: string owner: type: string - clientId: + name: maxLength: 60 minLength: 0 type: string diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java index 7e409c7c13e..6c1eb1ee35c 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java @@ -43,10 +43,10 @@ public class TrustRelationship extends Entry implements Serializable { @AttributeName private String owner; - @AttributeName(name = "jansClntId") + @AttributeName(name = "name") @NotNull - @Size(min = 0, max = 60, message = "Length of the Client Id should not exceed 60") - private String clientId; + @Size(min = 0, max = 60, message = "Length of the name should not exceed 60") + private String name; @NotNull @Size(min = 0, max = 60, message = "Length of the Display Name should not exceed 60") @@ -87,7 +87,7 @@ public class TrustRelationship extends Entry implements Serializable { private boolean enabled; /** - * Always list this client in the Account UI, even if the user does not have an + * Always list this in the Account UI, even if the user does not have an * active session. */ @AttributeName(name = "displayInConsole") @@ -169,12 +169,12 @@ public void setOwner(String owner) { this.owner = owner; } - public String getClientId() { - return clientId; + public String getName() { + return name; } - public void setClientId(String clientId) { - this.clientId = clientId; + public void setName(String name) { + this.name = name; } public String getDisplayName() { @@ -391,7 +391,7 @@ public static void sortByDataSourceType(List trustRelationshi @Override public String toString() { - return "TrustRelationship [inum=" + inum + ", owner=" + owner + ", clientId=" + clientId + ", displayName=" + return "TrustRelationship [inum=" + inum + ", owner=" + owner + ", name=" + name + ", displayName=" + displayName + ", description=" + description + ", rootUrl=" + rootUrl + ", adminUrl=" + adminUrl + ", baseUrl=" + baseUrl + ", surrogateAuthRequired=" + surrogateAuthRequired + ", enabled=" + enabled + ", alwaysDisplayInConsole=" + alwaysDisplayInConsole + ", clientAuthenticatorType=" @@ -403,4 +403,5 @@ public String toString() { + ", spLogoutURL=" + spLogoutURL + ", status=" + status + ", validationStatus=" + validationStatus + ", validationLog=" + validationLog + ", profileConfigurations=" + profileConfigurations + "]"; } + } diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java index 69a6df1c93c..afeeacfb9d4 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java @@ -111,13 +111,13 @@ public Response createTrustRelationshipWithFile(@MultipartForm TrustRelationship //validation checkResourceNotNull(trustRelationship, SAML_TRUST_RELATIONSHIP); - checkNotNull(trustRelationship.getClientId(), "Client Id"); + checkNotNull(trustRelationship.getName(), "Name"); // check if TrustRelationship with same name already exists - List existingTrustRelationship = samlService.getAllTrustRelationshipByName(trustRelationship.getClientId()); + List existingTrustRelationship = samlService.getAllTrustRelationshipByName(trustRelationship.getName()); logger.debug(" existingTrustRelationship:{} ", existingTrustRelationship); if (existingTrustRelationship != null && !existingTrustRelationship.isEmpty()) { - throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getClientId())); + throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getName())); } InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); @@ -159,7 +159,7 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru //validation checkResourceNotNull(trustRelationship, SAML_TRUST_RELATIONSHIP); - checkNotNull(trustRelationship.getClientId(), "ClientId"); + checkNotNull(trustRelationship.getName(), "Name"); checkNotNull(trustRelationship.getInum(), AttributeNames.INUM); // check if TrustRelationship exists @@ -172,12 +172,12 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru // check if another TrustRelationship with same name already exists final String inum = trustRelationship.getInum(); - List trustRelationshipList = samlService.getAllTrustRelationshipByName(trustRelationship.getClientId()); + List trustRelationshipList = samlService.getAllTrustRelationshipByName(trustRelationship.getName()); logger.info(" trustRelationshipList:{} ", trustRelationshipList); if (trustRelationshipList != null && !trustRelationshipList.isEmpty()) { boolean flag = trustRelationshipList.stream().anyMatch(e -> e.getInum() != inum); - logger.info("Another TrustRelationship with same clientID:{}, exists:{}", trustRelationship.getClientId(), flag); - throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getClientId())); + logger.info("Another TrustRelationship with same name:{}, exists:{}", trustRelationship.getName(), flag); + throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getName())); } InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); @@ -208,7 +208,7 @@ public Response deleteTrustRelationship( @Parameter(description = "Unique Id of Trust Relationship") @PathParam(Constants.ID) @NotNull String id) { if (logger.isInfoEnabled()) { - logger.info("Delete client identified by id:{}", escapeLog(id)); + logger.info("Delete TrustRelationship identified by id:{}", escapeLog(id)); } TrustRelationship trustRelationship = samlService.getTrustRelationshipByInum(id); diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index a2b4fd9c01f..8bf25c39f7a 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -6,7 +6,6 @@ package io.jans.configapi.plugin.saml.service; -import io.jans.as.common.model.registration.Client; import io.jans.as.common.service.common.InumService; import io.jans.as.common.service.OrganizationService; import io.jans.as.common.util.AttributeConstants; @@ -117,7 +116,7 @@ public List getAllTrustRelationshipByInum(String inum) { return persistenceEntryManager.findEntries(getDnForTrustRelationship(inum), TrustRelationship.class, null); } - public List getAllTrustRelationshipByName(String name) { + public List getAllTrustRelationshipByDisplayName(String name) { log.info("Search TrustRelationship with name:{}", name); String[] targetArray = new String[] { name }; @@ -127,16 +126,16 @@ public List getAllTrustRelationshipByName(String name) { displayNameFilter); } - public List getAllTrustRelationshipByClientId(String clientId) { - log.info("Search TrustRelationship with clientId:{}", clientId); + public List getAllTrustRelationshipByName(String name) { + log.info("Search TrustRelationship with name:{}", name); - String[] targetArray = new String[] { clientId }; - Filter filter = Filter.createEqualityFilter("jansClntId", targetArray); - log.debug("Search TrustRelationship with filter:{}", filter); + String[] targetArray = new String[] { name }; + Filter nameFilter = Filter.createEqualityFilter("name", targetArray); + log.debug("Search TrustRelationship with nameFilter:{}", nameFilter); return persistenceEntryManager.findEntries(getDnForTrustRelationship(null), TrustRelationship.class, - filter); + nameFilter); } - + public TrustRelationship getTrustContainerFederation(TrustRelationship trustRelationship) { return getRelationshipByDn(trustRelationship.getDn()); } @@ -181,7 +180,7 @@ public List getAllTrustRelationship(int sizeLimit) { sizeLimit); } - public PagedResult getTrustRelationship(SearchRequest searchRequest) { + public PagedResult getTrustRelationship(SearchRequest searchRequest) { log.info("Search TrustRelationship with searchRequest:{}", searchRequest); Filter searchFilter = null; @@ -214,7 +213,7 @@ public PagedResult getTrustRelationship(SearchRequest searchRequest) { log.info("TrustRelationship searchFilter:{}", searchFilter); - return persistenceEntryManager.findPagedEntries(getDnForTrustRelationship(null), Client.class, searchFilter, + return persistenceEntryManager.findPagedEntries(getDnForTrustRelationship(null), TrustRelationship.class, searchFilter, null, searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()), searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount()); diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json index 37c145eb0a1..85a9d675754 100644 --- a/jans-linux-setup/jans_setup/schema/jans_schema.json +++ b/jans-linux-setup/jans_setup/schema/jans_schema.json @@ -5006,7 +5006,7 @@ "may": [ "inum", "owner", - "jansClntId", + "name", "displayName", "description", "rootUrl", From 2e154943354192326913e1b0796234159b8807aa Mon Sep 17 00:00:00 2001 From: pujavs Date: Thu, 22 Feb 2024 00:07:55 +0530 Subject: [PATCH 09/22] feat(config-api): resolved merge conflict Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 +++++++++--------- .../plugin/saml/service/SamlService.java | 7 ++----- .../jans-config-api/dynamic-conf.json | 2 +- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 34cdc8eea58..81b99402244 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,19 +7896,19 @@ components: type: string selected: type: boolean + whitePagesCanView: + type: boolean + adminCanView: + type: boolean userCanView: type: boolean userCanEdit: type: boolean - adminCanView: - type: boolean adminCanEdit: type: boolean - adminCanAccess: - type: boolean userCanAccess: type: boolean - whitePagesCanView: + adminCanAccess: type: boolean baseDn: type: string @@ -8722,8 +8722,6 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' - fapi: - type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8733,6 +8731,8 @@ components: - code - token - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index 8bf25c39f7a..4f585ea75f5 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -128,12 +128,9 @@ public List getAllTrustRelationshipByDisplayName(String name) public List getAllTrustRelationshipByName(String name) { log.info("Search TrustRelationship with name:{}", name); - - String[] targetArray = new String[] { name }; - Filter nameFilter = Filter.createEqualityFilter("name", targetArray); + Filter nameFilter = Filter.createEqualityFilter("name", name); log.debug("Search TrustRelationship with nameFilter:{}", nameFilter); - return persistenceEntryManager.findEntries(getDnForTrustRelationship(null), TrustRelationship.class, - nameFilter); + return persistenceEntryManager.findEntries(getDnForTrustRelationship(null), TrustRelationship.class, nameFilter); } public TrustRelationship getTrustContainerFederation(TrustRelationship trustRelationship) { diff --git a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json index de23ec6b86d..438ab313194 100644 --- a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json +++ b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json @@ -1,6 +1,6 @@ { "configOauthEnabled": ${configOauthEnabled}, - "customAttributeValidationEnabled": true, + "customAttributeValidationEnabled": false, "apiApprovedIssuer": ["${apiApprovedIssuer}"], "apiProtectionType": "${apiProtectionType}", "apiClientId": "${jca_client_id}", From 9bca8359d4bce6d053153882008845798e65c841 Mon Sep 17 00:00:00 2001 From: pujavs Date: Thu, 22 Feb 2024 15:23:20 +0530 Subject: [PATCH 10/22] feat(config-api): saml metedata elements save Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 16 ++++++++-------- .../saml/rest/TrustRelationshipResource.java | 18 +++++++++++++----- .../main/resources/config-api-rs-protect.json | 6 +++--- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 81b99402244..a915c2368b8 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,19 +7896,19 @@ components: type: string selected: type: boolean - whitePagesCanView: + adminCanAccess: type: boolean - adminCanView: + userCanAccess: + type: boolean + userCanEdit: type: boolean userCanView: type: boolean - userCanEdit: + adminCanView: type: boolean adminCanEdit: type: boolean - userCanAccess: - type: boolean - adminCanAccess: + whitePagesCanView: type: boolean baseDn: type: string @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - opbrowserState: - type: string persisted: type: boolean + opbrowserState: + type: string SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java index afeeacfb9d4..3286ff52fa3 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java @@ -29,6 +29,7 @@ import java.io.InputStream; import java.io.IOException; import java.util.*; +import java.util.stream.*; import org.jboss.resteasy.annotations.providers.multipart.MultipartForm; import org.slf4j.Logger; @@ -42,7 +43,7 @@ public class TrustRelationshipResource extends BaseResource { private static final String SAML_TRUST_RELATIONSHIP_FORM = "Trust Relationship From"; private static final String SAML_TRUST_RELATIONSHIP_CHECK_STR = "Trust Relationship identified by '"; private static final String NAME_CONFLICT = "NAME_CONFLICT"; - private static final String NAME_CONFLICT_MSG = "Trust Relationship with same name %s already exists!"; + private static final String NAME_CONFLICT_MSG = "Trust Relationship with same name `%s` already exists!"; @Inject Logger logger; @@ -172,12 +173,19 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru // check if another TrustRelationship with same name already exists final String inum = trustRelationship.getInum(); - List trustRelationshipList = samlService.getAllTrustRelationshipByName(trustRelationship.getName()); + List trustRelationshipList = samlService + .getAllTrustRelationshipByName(trustRelationship.getName()); logger.info(" trustRelationshipList:{} ", trustRelationshipList); if (trustRelationshipList != null && !trustRelationshipList.isEmpty()) { - boolean flag = trustRelationshipList.stream().anyMatch(e -> e.getInum() != inum); - logger.info("Another TrustRelationship with same name:{}, exists:{}", trustRelationship.getName(), flag); - throwBadRequestException(NAME_CONFLICT,String.format(NAME_CONFLICT_MSG, trustRelationship.getName())); + List inumList = trustRelationshipList.stream().map(TrustRelationship::getInum) + .collect(Collectors.toList()); + logger.info("TrustRelationship's with name:{}, inumList:{}", trustRelationship.getName(), inumList); + List list = trustRelationshipList.stream().filter(e -> !e.getInum().equalsIgnoreCase(inum)) + .collect(Collectors.toList()); + logger.info("Other TrustRelationship's with same name:{} list:{}", trustRelationship.getName(), list); + if (list != null && !list.isEmpty()) { + throwBadRequestException(NAME_CONFLICT, String.format(NAME_CONFLICT_MSG, trustRelationship.getName())); + } } InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json index 8d0da16c6f7..e041fce9f82 100644 --- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json +++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json @@ -2772,13 +2772,13 @@ "scopes": [ { "inum": "1800.01.71", - "name": "https://jans.io/oauth/config/saml-config.readonly" + "name": "https://jans.io/oauth/kc-link-config.readonly" } ], "groupScopes": [ { "inum": "1800.01.72", - "name": "https://jans.io/oauth/config/saml-config.write" + "name": "https://jans.io/oauth/kc-link-config.write" } ], "superScopes": [ @@ -2796,7 +2796,7 @@ "scopes": [ { "inum": "1800.01.72", - "name": "https://jans.io/oauth/config/saml-config.write" + "name": "https://jans.io/oauth/kc-link-config.write" } ], "groupScopes": [], From d34f14b62f118e0fb9aac17dd34b5ae37eeb8f14 Mon Sep 17 00:00:00 2001 From: pujavs Date: Thu, 22 Feb 2024 18:41:44 +0530 Subject: [PATCH 11/22] feat(config-api): attribute validation check Signed-off-by: pujavs --- jans-config-api/docs/jans-config-api-swagger.yaml | 14 +++++++------- .../plugin/mgt/service/UserMgmtService.java | 10 ++++++---- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index a915c2368b8..ea6e2f256dc 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,19 +7896,19 @@ components: type: string selected: type: boolean - adminCanAccess: + whitePagesCanView: type: boolean - userCanAccess: + userCanView: type: boolean userCanEdit: type: boolean - userCanView: - type: boolean adminCanView: type: boolean adminCanEdit: type: boolean - whitePagesCanView: + userCanAccess: + type: boolean + adminCanAccess: type: boolean baseDn: type: string @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java index 2b1e85907c3..acf78905620 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java @@ -485,10 +485,12 @@ public void validateAttributes(List customAttributes) { } StringBuilder sb = new StringBuilder(); for (CustomObjectAttribute customObjectAttribute : customAttributes) { - logger.info("customObjectAttribute:{}", customObjectAttribute, customObjectAttribute.getName()); - AttributeValidation validation = attributeService.getAttributeByName(customObjectAttribute.getName()) - .getAttributeValidation(); - + logger.info("customObjectAttribute:{}, customObjectAttribute.getName():{}", customObjectAttribute, customObjectAttribute.getName()); + JansAttribute attribute = attributeService.getAttributeByName(customObjectAttribute.getName()); + AttributeValidation validation = null; + if(attribute!=null) { + validation = attribute.getAttributeValidation(); + } logger.info("validation:{}", validation); String errorMsg = validateCustomAttributes(customObjectAttribute, validation); From c07b76b24be2c188e3efdf42098770a2ca9c8083 Mon Sep 17 00:00:00 2001 From: pujavs Date: Fri, 23 Feb 2024 21:54:48 +0530 Subject: [PATCH 12/22] feat(config-api): attribute validation in schema Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 +++++++++--------- .../rest/resource/auth/AttributesResource.java | 4 ++-- .../service/auth/AttributeService.java | 9 ++++----- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index ea6e2f256dc..5812b100d84 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,19 +7896,19 @@ components: type: string selected: type: boolean - whitePagesCanView: + adminCanView: + type: boolean + adminCanEdit: type: boolean userCanView: type: boolean userCanEdit: type: boolean - adminCanView: - type: boolean - adminCanEdit: + adminCanAccess: type: boolean userCanAccess: type: boolean - adminCanAccess: + whitePagesCanView: type: boolean baseDn: type: string @@ -8722,6 +8722,8 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' + fapi: + type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8731,8 +8733,6 @@ components: - code - token - id_token - fapi: - type: boolean AuthenticationFilter: required: - baseDn @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - opbrowserState: - type: string persisted: type: boolean + opbrowserState: + type: string SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java index 9bf61fde9d2..82bea02cc89 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java @@ -131,7 +131,7 @@ public Response createAttribute(@Valid JansAttribute attribute) { // check if attribute exists in schema boolean attributeValidation = attributeService.validateAttributeDefinition(attribute.getName()); - log.info("Validate attribute while creation - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); + log.error("\n\n ** Validate attribute while creation - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); if (!attributeValidation) { throw new WebApplicationException(getNotAcceptableException("The attribute type '" + attribute.getName() + "' not defined in DB schema")); } @@ -167,7 +167,7 @@ public Response updateAttribute(@Valid JansAttribute attribute) { // check if attribute exists in schema boolean attributeValidation = attributeService.validateAttributeDefinition(attribute.getName()); - log.info("Validate attribute - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); + log.error("\n\n ** Validate attribute - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); if (!attributeValidation) { throw new WebApplicationException(getNotAcceptableException( "The attribute type '" + attribute.getName() + "' not defined in DB schema")); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java index 43b061d0e2b..81df7000614 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java @@ -115,7 +115,7 @@ public JansAttribute getAttributeUsingName(String claimName) { } public boolean validateAttributeDefinition(String attributeName) { - log.info(" Validate attributeName:{}, getPersistenceType():{}, appConfiguration:{}", attributeName, getPersistenceType(), appConfiguration); + log.error("\n Validate attributeName:{}, getPersistenceType():{}, appConfiguration:{}", attributeName, getPersistenceType(), appConfiguration); boolean isValidAttribute = false; try { @@ -124,18 +124,17 @@ public boolean validateAttributeDefinition(String attributeName) { return true; } - log.info(" attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, SimpleUser.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, + log.error("\n attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, SimpleUser.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, attributeName)); AttributeType attributeType = persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, attributeName); - log.info(" attributeName:{}, attributeType():{}", attributeName, attributeType); + log.error("\n attributeName:{}, attributeType():{}", attributeName, attributeType); if (attributeType != null) { isValidAttribute = true; } } catch (Exception ex) { - log.error("Exception by ORM while validating attribute is:{}", ex); - isValidAttribute = true; + log.error("Exception by ORM while validating attribute is:", ex); } return isValidAttribute; } From c6d8f26273bb3dc7dbe4bddf9eaf792039d10485 Mon Sep 17 00:00:00 2001 From: pujavs Date: Mon, 26 Feb 2024 23:17:53 +0530 Subject: [PATCH 13/22] feat(config-api): custom attribute verification in schema Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 +++++++++--------- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 ++-- .../service/auth/AttributeService.java | 6 +++--- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 5812b100d84..9e60c988358 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7894,19 +7894,19 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - selected: + userCanView: + type: boolean + userCanEdit: type: boolean adminCanView: type: boolean adminCanEdit: type: boolean - userCanView: - type: boolean - userCanEdit: + userCanAccess: type: boolean adminCanAccess: type: boolean - userCanAccess: + selected: type: boolean whitePagesCanView: type: boolean @@ -9499,10 +9499,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object LocalizedString: type: object properties: @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index babb2ac7bbc..134dd75a2cf 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -837,10 +837,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object CustomUser: type: object properties: diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java index 81df7000614..c51d91917dc 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java @@ -2,7 +2,7 @@ package io.jans.configapi.service.auth; import static io.jans.as.model.util.Util.escapeLog; -import io.jans.as.common.model.common.SimpleUser; +import io.jans.as.common.model.common.User; import io.jans.as.common.util.AttributeConstants; import io.jans.configapi.model.configuration.ApiAppConfiguration; import io.jans.configapi.util.ApiConstants; @@ -124,9 +124,9 @@ public boolean validateAttributeDefinition(String attributeName) { return true; } - log.error("\n attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, SimpleUser.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, + log.error("\n attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, User.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", User.class, attributeName)); - AttributeType attributeType = persistenceEntryManager.getAttributeType("ou=people,o=jans", SimpleUser.class, + AttributeType attributeType = persistenceEntryManager.getAttributeType("ou=people,o=jans", User.class, attributeName); log.error("\n attributeName:{}, attributeType():{}", attributeName, attributeType); From 5fc187bde930a4fb60604440f950713e4217c0fa Mon Sep 17 00:00:00 2001 From: pujavs Date: Tue, 27 Feb 2024 22:13:50 +0530 Subject: [PATCH 14/22] feat(config-api): attribute check in schema name and client password decryption handling Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 ++++----- .../docs/jans-admin-ui-plugin-swagger.yaml | 8 ++-- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +- .../resource/auth/AttributesResource.java | 38 +++++++++++++++++-- .../rest/resource/auth/ClientsResource.java | 6 ++- .../service/auth/AttributeService.java | 28 +++++++++++--- 6 files changed, 76 insertions(+), 26 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 9e60c988358..35754c01176 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7894,20 +7894,20 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - userCanView: + selected: type: boolean - userCanEdit: + adminCanEdit: type: boolean adminCanView: type: boolean - adminCanEdit: + userCanView: + type: boolean + userCanEdit: type: boolean userCanAccess: type: boolean adminCanAccess: type: boolean - selected: - type: boolean whitePagesCanView: type: boolean baseDn: @@ -8722,8 +8722,6 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' - fapi: - type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8733,6 +8731,8 @@ components: - code - token - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn @@ -9499,10 +9499,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string LocalizedString: type: object properties: diff --git a/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml b/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml index 38d9a6ab1cc..2b2f31fc36d 100644 --- a/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml @@ -1645,10 +1645,6 @@ components: type: string url: type: string - httpRequestBody: - type: object - additionalProperties: - type: object httpMethod: type: string jansEnabled: @@ -1662,6 +1658,10 @@ components: type: array items: type: string + httpRequestBody: + type: object + additionalProperties: + type: object baseDn: type: string Scope: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index 134dd75a2cf..babb2ac7bbc 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -837,10 +837,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string CustomUser: type: object properties: diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java index 82bea02cc89..cedbd2b5ece 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AttributesResource.java @@ -30,6 +30,8 @@ import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.security.*; +import java.util.*; +import java.util.stream.*; import jakarta.inject.Inject; import jakarta.validation.Valid; import jakarta.validation.constraints.NotNull; @@ -54,6 +56,8 @@ public class AttributesResource extends ConfigBaseResource { private static final String JANS_ATTRIBUTE = "jans attribute"; + private static final String NAME_CONFLICT = "NAME_CONFLICT"; + private static final String NAME_CONFLICT_MSG = "Attribute with same name `%s` already exists!"; @Inject Logger log; @@ -129,11 +133,22 @@ public Response createAttribute(@Valid JansAttribute attribute) { checkNotNull(attribute.getDisplayName(), AttributeNames.DISPLAY_NAME); checkResourceNotNull(attribute.getDataType(), AttributeNames.DATA_TYPE); + // check if attribute with same name + List jansAttributes = attributeService.getAttributeWithName(attribute.getName()); + log.info("Check if attribute with same name exists - attribute.getName():{}, jansAttributes:{}", + attribute.getName(), jansAttributes); + if (jansAttributes != null && !jansAttributes.isEmpty()) { + throw new WebApplicationException(getNotAcceptableException( + "Attribute with same name '" + attribute.getName() + "' already exists!")); + } + // check if attribute exists in schema boolean attributeValidation = attributeService.validateAttributeDefinition(attribute.getName()); - log.error("\n\n ** Validate attribute while creation - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); + log.info("** Validate attribute while creation - attribute.getName():{}, attributeValidation:{}", + attribute.getName(), attributeValidation); if (!attributeValidation) { - throw new WebApplicationException(getNotAcceptableException("The attribute type '" + attribute.getName() + "' not defined in DB schema")); + throw new WebApplicationException( + getNotAcceptableException("The attribute '" + attribute.getName() + "' not defined in DB schema")); } @@ -159,15 +174,30 @@ public Response createAttribute(@Valid JansAttribute attribute) { ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) public Response updateAttribute(@Valid JansAttribute attribute) { log.debug(" JansAttribute details to update - attribute:{}", attribute); - String inum = attribute.getInum(); + final String inum = attribute.getInum(); checkResourceNotNull(inum, JANS_ATTRIBUTE); checkNotNull(attribute.getName(), AttributeNames.NAME); checkNotNull(attribute.getDisplayName(), AttributeNames.DISPLAY_NAME); checkResourceNotNull(attribute.getDataType(), AttributeNames.DATA_TYPE); + // check if attribute with same name + List jansAttributes = attributeService.getAttributeWithName(attribute.getName()); + log.info( + "Check if attribute with inum different then:{} but with same name exists - attribute.getName():{}, jansAttributes:{}", + inum, attribute.getName(), jansAttributes); + if (jansAttributes != null && !jansAttributes.isEmpty()) { + List list = jansAttributes.stream().filter(e -> !e.getInum().equalsIgnoreCase(inum)) + .collect(Collectors.toList()); + logger.info("Other JansAttribute's with same name:{} are list:{}", attribute.getName(), list); + if (list != null && !list.isEmpty()) { + throwBadRequestException(NAME_CONFLICT, String.format(NAME_CONFLICT_MSG, attribute.getName())); + } + } + // check if attribute exists in schema boolean attributeValidation = attributeService.validateAttributeDefinition(attribute.getName()); - log.error("\n\n ** Validate attribute - attribute.getName():{}, attributeValidation:{}", attribute.getName(), attributeValidation); + log.info(" ** Validate attribute - attribute.getName():{}, attributeValidation:{}", attribute.getName(), + attributeValidation); if (!attributeValidation) { throw new WebApplicationException(getNotAcceptableException( "The attribute type '" + attribute.getName() + "' not defined in DB schema")); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java index 7b7175c51ef..a4a623d4932 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java @@ -296,7 +296,11 @@ public Response deleteClient(@Parameter(description = "Client identifier") @Path private List getClients(List clients) throws EncryptionException { if (clients != null && !clients.isEmpty()) { for (Client client : clients) { - client.setClientSecret(encryptionService.decrypt(client.getClientSecret())); + try { + client.setClientSecret(encryptionService.decrypt(client.getClientSecret())); + } catch (Exception ex) { + logger.error(" Error while decrypting ClientSecret for '" + client.getClientId() + "', exception is - ",ex); + } } } return clients; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java index c51d91917dc..d2e162ded5b 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java @@ -104,18 +104,34 @@ public JansAttribute getAttributeUsingDn(String dn) { return result; } - public JansAttribute getAttributeUsingName(String claimName) { + public JansAttribute getAttributeUsingName(String name) { JansAttribute jansAttribute = null; try { - jansAttribute = getByClaimName(claimName); + jansAttribute = getByClaimName(name); } catch (Exception ex) { - log.error("Failed to load attribute with name:{}, ex:{}", claimName, ex); + log.error("Failed to load attribute with name:{}, ex:{}", name, ex); } return jansAttribute; } - + + public List getAttributeWithName(String name) { + log.info("Get attribute by name:{}", name); + List jansAttributes = null; + try { + Filter nameFilter = Filter.createEqualityFilter("jansAttrName", name); + log.info("JansAttribute nameFilter:{}", nameFilter); + jansAttributes = persistenceEntryManager.findEntries(getDnForAttribute(null), JansAttribute.class, + nameFilter); + log.info("JansAttribute by name:{} are jansAttributes:{}", name, jansAttributes); + + } catch (Exception ex) { + log.error("Failed to load attribute with name:{}, ex:{}", name, ex); + } + return jansAttributes; + } + public boolean validateAttributeDefinition(String attributeName) { - log.error("\n Validate attributeName:{}, getPersistenceType():{}, appConfiguration:{}", attributeName, getPersistenceType(), appConfiguration); + log.info(" Validate attributeName:{}, getPersistenceType():{}, appConfiguration:{}", attributeName, getPersistenceType(), appConfiguration); boolean isValidAttribute = false; try { @@ -124,7 +140,7 @@ public boolean validateAttributeDefinition(String attributeName) { return true; } - log.error("\n attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, User.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", User.class, + log.info("attributeName:{}, persistenceEntryManager.getAttributeType(ou=people,o=jans, User.class,attributeName)():{}", attributeName, persistenceEntryManager.getAttributeType("ou=people,o=jans", User.class, attributeName)); AttributeType attributeType = persistenceEntryManager.getAttributeType("ou=people,o=jans", User.class, attributeName); From 44f92aea43114dbc5726335874ba6c6a6a9c3476 Mon Sep 17 00:00:00 2001 From: pujavs Date: Wed, 28 Feb 2024 20:10:37 +0530 Subject: [PATCH 15/22] feat(config-api): saml plugin changes for sp metadata handling Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 24 ++++++++--------- .../plugins/docs/kc-saml-plugin-swagger.yaml | 4 +++ .../plugins/docs/lock-plugin-swagger.yaml | 18 ++++++------- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +-- .../plugin/saml/model/SAMLMetadata.java | 27 ++++++++++++++++--- .../plugin/saml/service/SamlIdpService.java | 8 +++--- .../plugin/saml/service/SamlService.java | 20 +++++++------- .../jans_setup/schema/jans_schema.json | 22 +++++++++++++++ .../static/rdbm/sql_data_types.json | 11 ++++++++ .../jans-config-api/dynamic-conf.json | 2 +- 10 files changed, 98 insertions(+), 42 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 6749800ce87..66047f6e54f 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,20 +7896,20 @@ components: type: string selected: type: boolean + whitePagesCanView: + type: boolean adminCanView: type: boolean + adminCanEdit: + type: boolean userCanEdit: type: boolean userCanView: type: boolean - adminCanEdit: - type: boolean userCanAccess: type: boolean adminCanAccess: type: boolean - whitePagesCanView: - type: boolean baseDn: type: string PatchRequest: @@ -8722,8 +8722,6 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' - fapi: - type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8733,6 +8731,8 @@ components: - code - token - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn @@ -8876,9 +8876,9 @@ components: LockMessageConfig: type: object properties: - enableIdTokenMessages: + enableTokenMessages: type: boolean - idTokenMessagesChannel: + tokenMessagesChannel: type: string SsaConfiguration: type: object @@ -9499,10 +9499,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object LocalizedString: type: object properties: @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml index d986ae87191..4d82da3c933 100644 --- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml @@ -1016,6 +1016,10 @@ components: type: string singleLogoutServiceUrl: type: string + jansAssertionConsumerServiceGetURL: + type: string + jansAssertionConsumerServicePostURL: + type: string TrustRelationship: required: - description diff --git a/jans-config-api/plugins/docs/lock-plugin-swagger.yaml b/jans-config-api/plugins/docs/lock-plugin-swagger.yaml index 0781f7dafe0..beddbb80175 100644 --- a/jans-config-api/plugins/docs/lock-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/lock-plugin-swagger.yaml @@ -18,9 +18,9 @@ paths: /lock/lockConfig: get: tags: - - KC Lock - Configuration - summary: Gets KC Lock configuration properties - description: Gets KC Lock configuration properties + - Lock - Configuration + summary: Gets Lock configuration properties + description: Gets Lock configuration properties operationId: get-lock-properties responses: "200": @@ -38,9 +38,9 @@ paths: - https://jans.io/oauth/lock-config.readonly put: tags: - - KC Lock - Configuration - summary: Update KC Lock configuration properties - description: Update KC Lock configuration properties + - Lock - Configuration + summary: Update Lock configuration properties + description: Update Lock configuration properties operationId: put-lock-properties requestBody: description: GluuAttribute object @@ -68,9 +68,9 @@ paths: - https://jans.io/oauth/lock-config.write patch: tags: - - KC Lock - Configuration - summary: Partially modifies KC Lock configuration properties. - description: Partially modifies KC Lock configuration properties. + - Lock - Configuration + summary: Partially modifies Lock configuration properties. + description: Partially modifies Lock configuration properties. operationId: patch-lock-properties requestBody: description: String representing patch-document. diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index babb2ac7bbc..134dd75a2cf 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -837,10 +837,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object CustomUser: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java index f6fc946a6a0..02022a871d2 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/SAMLMetadata.java @@ -20,6 +20,8 @@ public class SAMLMetadata implements Serializable { private String nameIDPolicyFormat; private String entityId; private String singleLogoutServiceUrl; + private String jansAssertionConsumerServiceGetURL; + private String jansAssertionConsumerServicePostURL; public String getNameIDPolicyFormat() { return nameIDPolicyFormat; @@ -45,11 +47,28 @@ public void setSingleLogoutServiceUrl(String singleLogoutServiceUrl) { this.singleLogoutServiceUrl = singleLogoutServiceUrl; } + public String getJansAssertionConsumerServiceGetURL() { + return jansAssertionConsumerServiceGetURL; + } + + public void setJansAssertionConsumerServiceGetURL(String jansAssertionConsumerServiceGetURL) { + this.jansAssertionConsumerServiceGetURL = jansAssertionConsumerServiceGetURL; + } + + public String getJansAssertionConsumerServicePostURL() { + return jansAssertionConsumerServicePostURL; + } + + public void setJansAssertionConsumerServicePostURL(String jansAssertionConsumerServicePostURL) { + this.jansAssertionConsumerServicePostURL = jansAssertionConsumerServicePostURL; + } + @Override public String toString() { - return "SPMetadata [nameIDPolicyFormat=" + nameIDPolicyFormat + ", entityId=" + entityId - + ", singleLogoutServiceUrl=" + singleLogoutServiceUrl + "]"; - } - + return "SAMLMetadata [nameIDPolicyFormat=" + nameIDPolicyFormat + ", entityId=" + entityId + + ", singleLogoutServiceUrl=" + singleLogoutServiceUrl + ", jansAssertionConsumerServiceGetURL=" + + jansAssertionConsumerServiceGetURL + ", jansAssertionConsumerServicePostURL=" + + jansAssertionConsumerServicePostURL + "]"; + } } diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java index 38b64012db3..abd51784429 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java @@ -24,6 +24,7 @@ import jakarta.inject.Inject; import javax.xml.validation.Schema; +import java.io.File; import java.io.InputStream; import java.io.IOException; import java.util.*; @@ -81,10 +82,7 @@ public String saveMetadataFile(String metadataTempDir, String metadataFileName, documentStoreModuleName = "SAML"; } - String tempFileName = getTempMetadataFilename(metadataTempDir, metadataFileName); - logger.debug("metadataTempDir:{}, metadataFileName:{}", metadataTempDir, metadataFileName); - - String metadataFile = metadataTempDir + tempFileName; + String metadataFile = metadataTempDir + File.separator + metadataFileName; logger.debug("documentStoreService:{}, metadataFile:{}, localDocumentStoreService:{} ", documentStoreService, metadataFile, localDocumentStoreService); try { @@ -96,7 +94,7 @@ public String saveMetadataFile(String metadataTempDir, String metadataFileName, logger.debug("SAML file read newFile:{}", newFile); if (result) { - return tempFileName; + return metadataFile; } } catch (Exception ex) { logger.error("Failed to write SAML metadata file '{}'", metadataFile, ex); diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index 4f585ea75f5..bf2a41c4aa1 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -230,7 +230,8 @@ public TrustRelationship addTrustRelationship(TrustRelationship trustRelationshi if (file != null && file.available() > 0) { saveSpMetaDataFileSourceTypeFile(trustRelationship, file); } - + persistenceEntryManager.merge(trustRelationship); + log.info("After saving new trustRelationship:{}", trustRelationship); return getTrustRelationshipByInum(trustRelationship.getInum()); } @@ -240,13 +241,14 @@ public TrustRelationship updateTrustRelationship(TrustRelationship trustRelation public TrustRelationship updateTrustRelationship(TrustRelationship trustRelationship, InputStream file) throws IOException { + log.info("Update trustRelationship:{}, file:{}", trustRelationship, file); setTrustRelationshipDefaultValue(trustRelationship, true); - persistenceEntryManager.merge(trustRelationship); - + if (file != null && file.available() > 0) { saveSpMetaDataFileSourceTypeFile(trustRelationship, file); } - + persistenceEntryManager.merge(trustRelationship); + log.info("After updating trustRelationship:{}", trustRelationship); return getTrustRelationshipByInum(trustRelationship.getInum()); } @@ -316,17 +318,17 @@ private boolean saveSpMetaDataFileSourceTypeFile(TrustRelationship trustRelation return true; } if (emptySpMetadataFileName) { - log.debug("emptySpMetadataFileName:{}", emptySpMetadataFileName); + log.info("emptySpMetadataFileName:{}", emptySpMetadataFileName); spMetadataFileName = getSpNewMetadataFileName(trustRelationship); - log.debug("spMetadataFileName:{}", spMetadataFileName); + log.info("***spMetadataFileName:{}***", spMetadataFileName); trustRelationship.setSpMetaDataFN(spMetadataFileName); } InputStream targetStream = file; - log.debug("targetStream:{}, spMetadataFileName:{}", targetStream, spMetadataFileName); + log.info("targetStream:{}, spMetadataFileName:{}", targetStream, spMetadataFileName); - String result = samlIdpService.saveMetadataFile(samlConfigService.getSpMetadataTempDir(), spMetadataFileName, Constants.SP_MODULE, targetStream); - log.debug("targetStream:{}, spMetadataFileName:{}", targetStream, spMetadataFileName); + String result = samlIdpService.saveMetadataFile(samlConfigService.getSpMetadataDir(), spMetadataFileName, Constants.SP_MODULE, targetStream); + log.info("targetStream:{}, spMetadataFileName:{}, result:{}, trustRelationship.getSpMetaDataFN():{}", targetStream, spMetadataFileName, result, trustRelationship.getSpMetaDataFN()); if (StringHelper.isNotEmpty(result)) { metadataValidationTimer.spQueue(result); //process files in temp that were not processed earlier diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json index 85a9d675754..f8eb5f74967 100644 --- a/jans-linux-setup/jans_setup/schema/jans_schema.json +++ b/jans-linux-setup/jans_setup/schema/jans_schema.json @@ -3787,6 +3787,28 @@ "substr": "caseIgnoreSubstringsMatch", "syntax": "1.3.6.1.4.1.1466.115.121.1.15", "x_origin": "Jans created attribute" + }, + { + "desc": "SAML AssertionConsumerService Get endpoint where the Identity Provider will send SAML assertions", + "equality": "caseIgnoreMatch", + "names": [ + "jansAssertionConsumerServiceGetURL" + ], + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" + }, + { + "desc": "SAML AssertionConsumerService Post endpoint where the Identity Provider will send SAML assertions", + "equality": "caseIgnoreMatch", + "names": [ + "jansAssertionConsumerServicePostURL" + ], + "oid": "jansAttr", + "substr": "caseIgnoreSubstringsMatch", + "syntax": "1.3.6.1.4.1.1466.115.121.1.15", + "x_origin": "Jans created attribute" } ], "objectClasses": [ diff --git a/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json b/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json index f10640f5305..ddfc2e6b2b3 100644 --- a/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json +++ b/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json @@ -1138,5 +1138,16 @@ "spanner": { "type": "STRING(MAX)" } + }, + "samlMetadata": { + "mysql": { + "type": "TINYTEXT" + }, + "pgsql": { + "type": "TEXT" + }, + "spanner": { + "type": "STRING(MAX)" + } } } diff --git a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json index 438ab313194..de23ec6b86d 100644 --- a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json +++ b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json @@ -1,6 +1,6 @@ { "configOauthEnabled": ${configOauthEnabled}, - "customAttributeValidationEnabled": false, + "customAttributeValidationEnabled": true, "apiApprovedIssuer": ["${apiApprovedIssuer}"], "apiProtectionType": "${apiProtectionType}", "apiClientId": "${jca_client_id}", From b9bca2e307259a608dabc50b0ceb9833639b84e0 Mon Sep 17 00:00:00 2001 From: pujavs Date: Wed, 28 Feb 2024 22:34:37 +0530 Subject: [PATCH 16/22] feat(config-api): saml plugin changes for sp metadata handling Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 18 +++++++++--------- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 ++-- .../plugin/saml/service/SamlConfigService.java | 5 ++++- .../plugin/saml/service/SamlIdpService.java | 6 +++--- .../plugin/saml/service/SamlService.java | 6 ++++-- 5 files changed, 22 insertions(+), 17 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 66047f6e54f..48db8289b49 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,19 +7896,19 @@ components: type: string selected: type: boolean - whitePagesCanView: + userCanView: type: boolean adminCanView: type: boolean - adminCanEdit: - type: boolean userCanEdit: type: boolean - userCanView: + adminCanEdit: + type: boolean + adminCanAccess: type: boolean userCanAccess: type: boolean - adminCanAccess: + whitePagesCanView: type: boolean baseDn: type: string @@ -9499,10 +9499,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string LocalizedString: type: object properties: @@ -9744,14 +9744,14 @@ components: type: boolean internal: type: boolean - locationPath: - type: string locationType: type: string enum: - ldap - db - file + locationPath: + type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index 134dd75a2cf..babb2ac7bbc 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -837,10 +837,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string CustomUser: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java index 099703a0b96..8ba239ac593 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java @@ -294,7 +294,10 @@ public String getSpMetadataTempDir() { } public String getSpMetadataFilePattern() { - return Constants.SP_METADATA_FILE_PATH; + StringBuilder sb = new StringBuilder(); + sb.append("%s_"); + sb.append(getSpMetadataFile()); + return sb.toString(); } public String getSpMetadataFile() { diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java index abd51784429..e893b08ea58 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java @@ -83,15 +83,15 @@ public String saveMetadataFile(String metadataTempDir, String metadataFileName, } String metadataFile = metadataTempDir + File.separator + metadataFileName; - logger.debug("documentStoreService:{}, metadataFile:{}, localDocumentStoreService:{} ", documentStoreService, + logger.info("documentStoreService:{}, metadataFile:{}, localDocumentStoreService:{} ", documentStoreService, metadataFile, localDocumentStoreService); try { boolean result = documentStoreService.saveDocumentStream(metadataFile, stream, List.of("jans-server", documentStoreModuleName)); - logger.debug("SAML file saving result:{}", result); + logger.info("SAML file saving result:{}", result); InputStream newFile = documentStoreService.readDocumentAsStream(metadataFile); - logger.debug("SAML file read newFile:{}", newFile); + logger.info("SAML file read newFile:{}", newFile); if (result) { return metadataFile; diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index bf2a41c4aa1..ba47c406f6a 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -325,7 +325,7 @@ private boolean saveSpMetaDataFileSourceTypeFile(TrustRelationship trustRelation } InputStream targetStream = file; - log.info("targetStream:{}, spMetadataFileName:{}", targetStream, spMetadataFileName); + log.info("targetStream:{}, samlConfigService.getSpMetadataDir():{}, spMetadataFileName:{}", targetStream, samlConfigService.getSpMetadataDir(), spMetadataFileName); String result = samlIdpService.saveMetadataFile(samlConfigService.getSpMetadataDir(), spMetadataFileName, Constants.SP_MODULE, targetStream); log.info("targetStream:{}, spMetadataFileName:{}, result:{}, trustRelationship.getSpMetaDataFN():{}", targetStream, spMetadataFileName, result, trustRelationship.getSpMetaDataFN()); @@ -360,12 +360,14 @@ public String getSpNewMetadataFileName(TrustRelationship trustRel) { } public String getSpNewMetadataFileName(String inum) { + log.info("Generate SP Metadata FileName with inum:{}",inum); String relationshipInum = StringHelper.removePunctuation(inum); + log.info("inum with punctuation is:{}",inum); return String.format(samlConfigService.getSpMetadataFilePattern(), relationshipInum); } public void processUnprocessedSpMetadataFiles() { - log.debug("Processing unprocessed SP Metadata files "); + log.info("Processing unprocessed SP Metadata files "); String directory = samlConfigService.getSpMetadataTempDir(); log.debug("Check SP Metadata file in directory:{}, Files.exists(Paths.get(directory):{}", directory, Files.exists(Paths.get(directory))); From 1fc3dc43276940fbcca68571cc898d8875daefbc Mon Sep 17 00:00:00 2001 From: pujavs Date: Thu, 29 Feb 2024 15:21:24 +0530 Subject: [PATCH 17/22] feat(config-api): SAML TR enhacement for metadata field and filename Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 12 ++-- .../saml/service/IdentityProviderService.java | 65 +++++-------------- .../saml/service/SamlConfigService.java | 5 +- .../plugin/saml/service/SamlIdpService.java | 10 +-- .../plugin/saml/service/SamlService.java | 61 ++++------------- .../configapi/plugin/saml/util/Constants.java | 4 +- 6 files changed, 45 insertions(+), 112 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 48db8289b49..5d787117b23 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,20 +7896,20 @@ components: type: string selected: type: boolean - userCanView: + whitePagesCanView: type: boolean adminCanView: type: boolean + adminCanEdit: + type: boolean userCanEdit: type: boolean - adminCanEdit: + userCanView: type: boolean adminCanAccess: type: boolean userCanAccess: type: boolean - whitePagesCanView: - type: boolean baseDn: type: string PatchRequest: @@ -9744,14 +9744,14 @@ components: type: boolean internal: type: boolean + locationPath: + type: string locationType: type: string enum: - ldap - db - file - locationPath: - type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java index 37f31452fc9..8971ed2aed1 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java @@ -195,16 +195,16 @@ public PagedResult getIdentityProvider(SearchRequest searchReq } - public IdentityProvider addSamlIdentityProvider(IdentityProvider identityProvider, InputStream file) { + public IdentityProvider addSamlIdentityProvider(IdentityProvider identityProvider, InputStream file) throws IOException{ log.info("Add new identityProvider:{}, file:{}", identityProvider, file); - if (file != null) { + if (file != null && file.available() > 0) { log.info("Save IDP metadatfile on server"); saveIdpMetaDataFileSourceTypeFile(identityProvider, file); - log.info("After saving IDP metadatfile on server"); + log.info("After saving IDP metadatfile on server - identityProvider:{}", identityProvider); } - log.info("Persist IDP in DB identityProvider:{}:{}", identityProvider); + log.info("Persist IDP in DB identityProvider:{}", identityProvider); persistenceEntryManager.persist(identityProvider); log.info("After Persisting IDP"); return getIdentityProviderByInum(identityProvider.getInum()); @@ -272,65 +272,34 @@ public String generateInumForNewIdentityProvider() { private boolean saveIdpMetaDataFileSourceTypeFile(IdentityProvider identityProvider, InputStream file) { log.info("Saving file identityProvider:{}, file:{}", identityProvider, file); + boolean status = false; + if(identityProvider==null || file==null) { + return status; + } - String idpMetaDataFN = identityProvider.getIdpMetaDataFN(); - log.debug("idpMetaDataFN:{}", idpMetaDataFN); - - boolean emptyidpMetaDataFN = StringHelper.isEmpty(idpMetaDataFN); - log.debug("emptyidpMetaDataFN:{}", emptyidpMetaDataFN); - if ((file == null)) { - log.debug("File is null"); - if (emptyidpMetaDataFN) { - log.debug("The trust relationship {} has an empty Metadata filename", identityProvider.getInum()); - return false; - } - String filePath = getIdpMetadataTempDirFilePath(idpMetaDataFN); - log.debug("filePath:{}", filePath); - - if (filePath == null) { - log.debug("The trust relationship {} has an invalid Metadata file storage path", - identityProvider.getInum()); - return false; - } - - if (samlIdpService.isLocalDocumentStoreType()) { - - File newFile = new File(filePath); - log.trace("newFile:{}", newFile); + String idpMetaDataFN = getIdpNewMetadataFileName(identityProvider); + log.debug("Final idpMetaDataFN:{}", idpMetaDataFN); + identityProvider.setIdpMetaDataFN(idpMetaDataFN); + identityProvider.setIdpMetaDataLocation(getIdpMetadataTempDirFilePath()); - if (!newFile.exists()) { - log.info( - "The trust relationship {} metadata used local storage but the IDP metadata file `{}` was not found", - identityProvider.getInum(), filePath); - return false; - } - } - return true; - } - if (emptyidpMetaDataFN) { - log.info("File name is blank emptyidpMetaDataFN:{}", emptyidpMetaDataFN); - idpMetaDataFN = getIdpNewMetadataFileName(identityProvider); - log.debug("Final idpMetaDataFN:{}", idpMetaDataFN); - identityProvider.setIdpMetaDataFN(idpMetaDataFN); - identityProvider.setIdpMetaDataLocation(getIdpMetadataTempDirFilePath()); - } InputStream targetStream = file; log.debug("targetStream:{}, idpMetaDataFN:{}", targetStream, idpMetaDataFN); String result = samlIdpService.saveMetadataFile(getIdpMetadataTempDirFilePath(), idpMetaDataFN, Constants.IDP_MODULE, targetStream); - log.debug("targetStream:{}, idpMetaDataFN:{}", targetStream, idpMetaDataFN); + log.debug("targetStream:{}, idpMetaDataFN:{}, result:{}", targetStream, idpMetaDataFN, result); if (StringHelper.isNotEmpty(result)) { metadataValidationTimer.idpQueue(result); // process files in temp that were not processed earlier processUnprocessedIdpMetadataFiles(); + status = true; } else { log.error("Failed to save IDP meta-data file. Please check if you provide correct file"); } - log.info("Successfully saved IDP Metadata file - idpMetaDataFN:{}", idpMetaDataFN); - return false; + log.info("Successfully saved IDP Metadata file - idpMetaDataFN:{}, status:{}", idpMetaDataFN, status); + return status; } @@ -359,7 +328,7 @@ private String getIdpMetadataFileName(String inum) { } private String getIdpMetadataTempDirFilePath() { - return samlConfigService.getIdpMetadataTempDir() + File.separator; + return samlConfigService.getIdpMetadataTempDir(); } public void processUnprocessedIdpMetadataFiles() { diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java index 8ba239ac593..833b34e7dfd 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlConfigService.java @@ -294,10 +294,7 @@ public String getSpMetadataTempDir() { } public String getSpMetadataFilePattern() { - StringBuilder sb = new StringBuilder(); - sb.append("%s_"); - sb.append(getSpMetadataFile()); - return sb.toString(); + return Constants.SP_METADATA_FILE_PATTERN; } public String getSpMetadataFile() { diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java index e893b08ea58..afdd20a0da0 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlIdpService.java @@ -61,13 +61,13 @@ public boolean isLocalDocumentStoreType() { return documentStoreService.getProviderType() == DocumentStoreType.LOCAL; } - public String saveMetadataFile(String metadataTempDir, String metadataFileName, String documentStoreModuleName, + public String saveMetadataFile(String metadataDir, String metadataFileName, String documentStoreModuleName, InputStream stream) { - logger.info("metadataTempDir:{}, metadataFileName:{}, documentStoreModuleName:{}, stream:{}", metadataTempDir, + logger.info("metadataDir:{}, metadataFileName:{}, documentStoreModuleName:{}, stream:{}", metadataDir, metadataFileName, documentStoreModuleName, stream); - if (StringUtils.isBlank(metadataTempDir)) { - throw new InvalidConfigurationException("Failed to save file as metadataTempDir is null!"); + if (StringUtils.isBlank(metadataDir)) { + throw new InvalidConfigurationException("Failed to save file as metadata directory provided is null!"); } if (StringUtils.isBlank(metadataFileName)) { @@ -82,7 +82,7 @@ public String saveMetadataFile(String metadataTempDir, String metadataFileName, documentStoreModuleName = "SAML"; } - String metadataFile = metadataTempDir + File.separator + metadataFileName; + String metadataFile = metadataDir + File.separator + metadataFileName; logger.info("documentStoreService:{}, metadataFile:{}, localDocumentStoreService:{} ", documentStoreService, metadataFile, localDocumentStoreService); try { diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index ba47c406f6a..20a9db79614 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -284,60 +284,27 @@ public String generateInumForNewRelationship() { private boolean saveSpMetaDataFileSourceTypeFile(TrustRelationship trustRelationship, InputStream file) { log.info("trustRelationship:{}, file:{}", trustRelationship, file); - - String spMetadataFileName = trustRelationship.getSpMetaDataFN(); - boolean emptySpMetadataFileName = StringHelper.isEmpty(spMetadataFileName); - log.debug("emptySpMetadataFileName:{}", emptySpMetadataFileName); - if ((file == null)) { - log.trace("File is null"); - if (emptySpMetadataFileName) { - log.debug("The trust relationship {} has an empty Metadata filename", trustRelationship.getInum()); - return false; - } - String filePath = getSpMetadataFilePath(spMetadataFileName); - log.debug("filePath:{}", filePath); - - if (filePath == null) { - log.debug("The trust relationship {} has an invalid Metadata file storage path", - trustRelationship.getInum()); - return false; - } - - if (samlIdpService.isLocalDocumentStoreType()) { - - File newFile = new File(filePath); - log.debug("newFile:{}", newFile); - - if (!newFile.exists()) { - log.debug( - "The trust relationship {} metadata used local storage but the SP metadata file `{}` was not found", - trustRelationship.getInum(), filePath); - return false; - } - } - return true; - } - if (emptySpMetadataFileName) { - log.info("emptySpMetadataFileName:{}", emptySpMetadataFileName); - spMetadataFileName = getSpNewMetadataFileName(trustRelationship); - log.info("***spMetadataFileName:{}***", spMetadataFileName); - trustRelationship.setSpMetaDataFN(spMetadataFileName); - - } + boolean status = false; + + String spMetadataFileName = this.getSpNewMetadataFileName(trustRelationship); + log.info("***spMetadataFileName:{}***", spMetadataFileName); + trustRelationship.setSpMetaDataFN(spMetadataFileName); InputStream targetStream = file; log.info("targetStream:{}, samlConfigService.getSpMetadataDir():{}, spMetadataFileName:{}", targetStream, samlConfigService.getSpMetadataDir(), spMetadataFileName); - String result = samlIdpService.saveMetadataFile(samlConfigService.getSpMetadataDir(), spMetadataFileName, Constants.SP_MODULE, targetStream); - log.info("targetStream:{}, spMetadataFileName:{}, result:{}, trustRelationship.getSpMetaDataFN():{}", targetStream, spMetadataFileName, result, trustRelationship.getSpMetaDataFN()); - if (StringHelper.isNotEmpty(result)) { - metadataValidationTimer.spQueue(result); + String metadataFilePath = samlIdpService.saveMetadataFile(samlConfigService.getSpMetadataDir(), spMetadataFileName, Constants.SP_MODULE, targetStream); + log.info("targetStream:{}, spMetadataFileName:{}, metadataFilePath:{}, trustRelationship.getSpMetaDataFN():{}", targetStream, spMetadataFileName, metadataFilePath, trustRelationship.getSpMetaDataFN()); + if (StringHelper.isNotEmpty(metadataFilePath)) { + trustRelationship.setSpMetaDataFN(metadataFilePath); + metadataValidationTimer.spQueue(metadataFilePath); //process files in temp that were not processed earlier processUnprocessedSpMetadataFiles(); + status = true; } else { log.error("Failed to save SP meta-data file. Please check if you provide correct file"); } - - return false; + log.info("Successfully saved SP Metadata file - spMetadataFileName:{}, status:{}", spMetadataFileName, status); + return status; } @@ -362,7 +329,7 @@ public String getSpNewMetadataFileName(TrustRelationship trustRel) { public String getSpNewMetadataFileName(String inum) { log.info("Generate SP Metadata FileName with inum:{}",inum); String relationshipInum = StringHelper.removePunctuation(inum); - log.info("inum with punctuation is:{}",inum); + log.info("inum after remove punctuation is:{}",relationshipInum); return String.format(samlConfigService.getSpMetadataFilePattern(), relationshipInum); } diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java index 1c1b34fed0b..1095db372f8 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java @@ -18,8 +18,8 @@ private Constants() { public static final String IDP_MODULE = "idp-module"; public static final String SP_MODULE = "sp-module"; public static final String REALM_MASTER = "master"; - public static final String SP_METADATA_FILE_PATTERN = "%s-sp-metadata.xml"; - public static final String IDP_METADATA_FILE_PATTERN = "%s-idp-metadata.xml"; + public static final String SP_METADATA_FILE_PATTERN = "%s_sp-metadata.xml"; + public static final String IDP_METADATA_FILE_PATTERN = "%s_idp-metadata.xml"; public static final String SAML_CONFIG = "/samlConfig"; public static final String TRUST_RELATIONSHIP = "/trust-relationship"; From 73a400e84dd08a4b075fdae679c9b42a4d481fc2 Mon Sep 17 00:00:00 2001 From: pujavs Date: Thu, 29 Feb 2024 16:08:59 +0530 Subject: [PATCH 18/22] feat(config-api): SAML TR enhacement for metadata field and filename Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 16 ++++++++-------- .../saml/service/IdentityProviderService.java | 4 ++++ .../plugin/saml/service/SamlService.java | 6 ++++++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 5d787117b23..5fd92c4da7b 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7898,18 +7898,18 @@ components: type: boolean whitePagesCanView: type: boolean - adminCanView: - type: boolean adminCanEdit: type: boolean userCanEdit: type: boolean - userCanView: + adminCanView: type: boolean - adminCanAccess: + userCanView: type: boolean userCanAccess: type: boolean + adminCanAccess: + type: boolean baseDn: type: string PatchRequest: @@ -9744,14 +9744,14 @@ components: type: boolean internal: type: boolean - locationPath: - type: string locationType: type: string enum: - ldap - db - file + locationPath: + type: string baseDn: type: string ScriptError: @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - opbrowserState: - type: string persisted: type: boolean + opbrowserState: + type: string SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java index 8971ed2aed1..0e3c133bd5e 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdentityProviderService.java @@ -202,6 +202,8 @@ public IdentityProvider addSamlIdentityProvider(IdentityProvider identityProvide log.info("Save IDP metadatfile on server"); saveIdpMetaDataFileSourceTypeFile(identityProvider, file); log.info("After saving IDP metadatfile on server - identityProvider:{}", identityProvider); + }else { + identityProvider.setIdpMetaDataFN(null); } log.info("Persist IDP in DB identityProvider:{}", identityProvider); @@ -222,6 +224,8 @@ public IdentityProvider updateIdentityProvider(IdentityProvider identityProvider } if (file != null && file.available() > 0) { saveIdpMetaDataFileSourceTypeFile(identityProvider, file); + }else { + identityProvider.setIdpMetaDataFN(null); } persistenceEntryManager.merge(identityProvider); diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java index 20a9db79614..3336adb674a 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/SamlService.java @@ -229,7 +229,10 @@ public TrustRelationship addTrustRelationship(TrustRelationship trustRelationshi if (file != null && file.available() > 0) { saveSpMetaDataFileSourceTypeFile(trustRelationship, file); + }else { + trustRelationship.setSpMetaDataFN(null); } + persistenceEntryManager.merge(trustRelationship); log.info("After saving new trustRelationship:{}", trustRelationship); return getTrustRelationshipByInum(trustRelationship.getInum()); @@ -246,7 +249,10 @@ public TrustRelationship updateTrustRelationship(TrustRelationship trustRelation if (file != null && file.available() > 0) { saveSpMetaDataFileSourceTypeFile(trustRelationship, file); + }else { + trustRelationship.setSpMetaDataFN(null); } + persistenceEntryManager.merge(trustRelationship); log.info("After updating trustRelationship:{}", trustRelationship); return getTrustRelationshipByInum(trustRelationship.getInum()); From 1ba66c3f5dc6137557676d1b605401174b2426e2 Mon Sep 17 00:00:00 2001 From: pujavs Date: Fri, 1 Mar 2024 13:01:15 +0530 Subject: [PATCH 19/22] feat(config-api): security issue for apache-mime4j-core Signed-off-by: pujavs --- jans-config-api/docs/jans-config-api-swagger.yaml | 8 ++++---- jans-config-api/pom.xml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 5fd92c4da7b..aa2ca003ab1 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7894,16 +7894,16 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - selected: - type: boolean whitePagesCanView: type: boolean - adminCanEdit: + selected: type: boolean - userCanEdit: + adminCanEdit: type: boolean adminCanView: type: boolean + userCanEdit: + type: boolean userCanView: type: boolean userCanAccess: diff --git a/jans-config-api/pom.xml b/jans-config-api/pom.xml index 040e1a15cc7..3e2ae64755c 100644 --- a/jans-config-api/pom.xml +++ b/jans-config-api/pom.xml @@ -58,7 +58,7 @@ 2.2.19 2.2.7 - 0.8.9 + 0.8.10 From 6e8f4a281204d2630dcdfe01dea6569243ded660 Mon Sep 17 00:00:00 2001 From: pujavs Date: Fri, 1 Mar 2024 14:59:36 +0530 Subject: [PATCH 20/22] feat(config-api): exception handling for user creation Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 10 +++++----- .../plugins/docs/user-mgt-plugin-swagger.yaml | 17 +++++++++++++++++ .../configapi/plugin/mgt/rest/UserResource.java | 12 ++++++++++-- 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index aa2ca003ab1..78b287713a8 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7894,22 +7894,22 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - whitePagesCanView: - type: boolean selected: type: boolean - adminCanEdit: + whitePagesCanView: type: boolean adminCanView: type: boolean + adminCanEdit: + type: boolean userCanEdit: type: boolean userCanView: type: boolean - userCanAccess: - type: boolean adminCanAccess: type: boolean + userCanAccess: + type: boolean baseDn: type: string PatchRequest: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index babb2ac7bbc..738d7bc6be0 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -330,6 +330,10 @@ paths: description: Not Found "500": description: InternalServerError + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' security: - oauth2: - https://jans.io/oauth/config/user.write @@ -532,6 +536,10 @@ paths: description: Unauthorized "500": description: InternalServerError + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' security: - oauth2: - https://jans.io/oauth/config/user.write @@ -882,6 +890,15 @@ components: type: string baseDn: type: string + ApiError: + type: object + properties: + code: + type: string + message: + type: string + description: + type: string UserPagedResult: type: object properties: diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java index 6a6e4cfedfc..f89d7579235 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java @@ -2,6 +2,7 @@ import com.github.fge.jsonpatch.JsonPatchException; import io.jans.as.common.model.common.User; +import io.jans.configapi.core.model.ApiError; import io.jans.configapi.core.rest.BaseResource; import io.jans.configapi.core.rest.ProtectedApi; import io.jans.configapi.plugin.mgt.model.user.CustomUser; @@ -136,7 +137,8 @@ public Response getUserByInum( @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class, description = "Created Object"), examples = @ExampleObject(name = "Response json example", value = "example/user/user.json"))), @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), + }) @POST @ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS }) public Response createUser(@Valid CustomUser customUser, @@ -147,6 +149,7 @@ public Response createUser(@Valid CustomUser customUser, removeNonLDAPAttributes); } + try { // get User object User user = setUserAttributes(customUser); @@ -168,6 +171,10 @@ public Response createUser(@Valid CustomUser customUser, // get custom user customUser = getCustomUser(user, removeNonLDAPAttributes); logger.info("newly created customUser:{}", customUser); + }catch(WebApplicationException waex) { + logger.error("ApplicationException while creating user is:", waex); + throwInternalServerException("USER_CREATION", waex.getMessage()); + } return Response.status(Response.Status.CREATED).entity(customUser).build(); } @@ -181,7 +188,8 @@ public Response createUser(@Valid CustomUser customUser, @ApiResponse(responseCode = "400", description = "Bad Request"), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), + }) @PUT @ProtectedApi(scopes = { ApiAccessConstants.USER_WRITE_ACCESS }) public Response updateUser(@Valid CustomUser customUser, From 8890bea236e2b3a703afb6f990f1130fe6085645 Mon Sep 17 00:00:00 2001 From: pujavs Date: Fri, 1 Mar 2024 23:30:22 +0530 Subject: [PATCH 21/22] fix(config-api): SAML TR metadata validation, user mgt spec for error and security issue Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 12 ++--- .../plugins/docs/kc-saml-plugin-swagger.yaml | 44 ++++++++++++++-- .../plugins/docs/user-mgt-plugin-swagger.yaml | 22 +++++++- .../plugin/saml/model/MetadataSourceType.java | 2 +- .../saml/rest/TrustRelationshipResource.java | 52 ++++++++++++++++--- .../plugin/mgt/rest/UserResource.java | 7 +-- .../default/config-api-test.properties | 2 +- .../profiles/jans-ui.jans.io/test.properties | 2 +- .../test.properties | 2 +- .../profiles/local/test.properties | 2 +- 10 files changed, 122 insertions(+), 25 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 78b287713a8..d5928a9b23e 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7906,10 +7906,10 @@ components: type: boolean userCanView: type: boolean - adminCanAccess: - type: boolean userCanAccess: type: boolean + adminCanAccess: + type: boolean baseDn: type: string PatchRequest: @@ -9499,10 +9499,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object LocalizedString: type: object properties: @@ -10180,10 +10180,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml index 4d82da3c933..188878ddb25 100644 --- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml @@ -686,10 +686,26 @@ paths: application/json: schema: $ref: '#/components/schemas/TrustRelationship' + "400": + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "401": description: Unauthorized + "404": + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "500": description: InternalServerError + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' security: - oauth2: - https://jans.io/oauth/config/saml.write @@ -716,10 +732,26 @@ paths: application/json: schema: $ref: '#/components/schemas/TrustRelationship' + "400": + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "401": description: Unauthorized + "404": + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "500": description: InternalServerError + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' security: - oauth2: - https://jans.io/oauth/config/saml.write @@ -1070,10 +1102,7 @@ components: type: string enum: - file - - uri - - federation - manual - - mdq samlMetadata: $ref: '#/components/schemas/SAMLMetadata' redirectUris: @@ -1129,6 +1158,15 @@ components: metaDataFile: type: string format: binary + ApiError: + type: object + properties: + code: + type: string + message: + type: string + description: + type: string securitySchemes: oauth2: type: oauth2 diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index 738d7bc6be0..a22db49cb12 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -324,10 +324,18 @@ paths: } "400": description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "401": description: Unauthorized "404": description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "500": description: InternalServerError content: @@ -532,8 +540,18 @@ paths: } "400": description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "401": description: Unauthorized + "404": + description: Not Found + content: + application/json: + schema: + $ref: '#/components/schemas/ApiError' "500": description: InternalServerError content: @@ -845,10 +863,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object CustomUser: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/MetadataSourceType.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/MetadataSourceType.java index c8a5597dfcf..cd9682e33af 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/MetadataSourceType.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/MetadataSourceType.java @@ -16,7 +16,7 @@ */ public enum MetadataSourceType implements AttributeEnum { - FILE("file", "File",1), URI("uri", "URI",2), FEDERATION("federation", "Federation",3), MANUAL("manual", "Manual",4), MDQ("mdq", "MDQ",5); + FILE("file", "File",1), MANUAL("manual", "Manual",2); private final String value; private final String displayName; diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java index 3286ff52fa3..dddfd45ed04 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java @@ -1,10 +1,12 @@ package io.jans.configapi.plugin.saml.rest; import static io.jans.as.model.util.Util.escapeLog; -import io.jans.configapi.plugin.saml.model.TrustRelationship; -import io.jans.configapi.plugin.saml.form.TrustRelationshipForm; +import io.jans.configapi.core.model.ApiError; import io.jans.configapi.core.rest.BaseResource; import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.configapi.plugin.saml.model.MetadataSourceType; +import io.jans.configapi.plugin.saml.model.TrustRelationship; +import io.jans.configapi.plugin.saml.form.TrustRelationshipForm; import io.jans.configapi.plugin.saml.util.Constants; import io.jans.configapi.util.AttributeNames; import io.jans.configapi.plugin.saml.service.SamlService; @@ -31,6 +33,7 @@ import java.util.*; import java.util.stream.*; +import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.annotations.providers.multipart.MultipartForm; import org.slf4j.Logger; @@ -44,6 +47,9 @@ public class TrustRelationshipResource extends BaseResource { private static final String SAML_TRUST_RELATIONSHIP_CHECK_STR = "Trust Relationship identified by '"; private static final String NAME_CONFLICT = "NAME_CONFLICT"; private static final String NAME_CONFLICT_MSG = "Trust Relationship with same name `%s` already exists!"; + private static final String OBJECT_NULL_MSG = "`%s` should not be null!"; + private static final String DATA_NULL_CHK = "RESOURCE_IS_NULL"; + private static final String DATA_NULL_MSG = "`%s` should not be null!"; @Inject Logger logger; @@ -95,8 +101,11 @@ public Response getTrustRelationshipById( @RequestBody(description = "Trust Relationship object", content = @Content(mediaType = MediaType.MULTIPART_FORM_DATA, schema = @Schema(implementation = TrustRelationshipForm.class), examples = @ExampleObject(name = "Request example", value = "example/trust-relationship/trust-relationship-post.json"))) @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Newly created Trust Relationship", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class))), + @ApiResponse(responseCode = "400", description = "Bad Request" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "404", description = "Not Found" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))), + @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), + }) @Consumes(MediaType.MULTIPART_FORM_DATA) @Path("/upload") @ProtectedApi(scopes = { Constants.SAML_WRITE_ACCESS }, groupScopes = {}, superScopes = { @@ -127,6 +136,7 @@ public Response createTrustRelationshipWithFile(@MultipartForm TrustRelationship logger.debug(" Create metaDataFile.available():{}", metaDataFile.available()); } + validateSpMetaDataSourceType(trustRelationship, metaDataFile); String inum = samlService.generateInumForNewRelationship(); trustRelationship.setInum(inum); trustRelationship.setDn(samlService.getDnForTrustRelationship(inum)); @@ -143,8 +153,11 @@ public Response createTrustRelationshipWithFile(@MultipartForm TrustRelationship @RequestBody(description = "Trust Relationship object", content = @Content(mediaType = MediaType.MULTIPART_FORM_DATA, schema = @Schema(implementation = TrustRelationshipForm.class), examples = @ExampleObject(name = "Request example", value = "example/trust-relationship/trust-relationship-put.json"))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class))), + @ApiResponse(responseCode = "400", description = "Bad Request" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @ApiResponse(responseCode = "404", description = "Not Found" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))), + @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), + }) @ProtectedApi(scopes = { Constants.SAML_WRITE_ACCESS }) @Consumes(MediaType.MULTIPART_FORM_DATA) @Path("/upload") @@ -193,8 +206,8 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru if (metaDataFile != null) { logger.debug(" Create metaDataFile.available():{}", metaDataFile.available()); } - - + + validateSpMetaDataSourceType(trustRelationship, metaDataFile); // Update trustRelationship = samlService.updateTrustRelationship(trustRelationship); @@ -245,5 +258,32 @@ public Response processMetadataFiles() { return Response.ok().build(); } + + private void validateSpMetaDataSourceType (TrustRelationship trustRelationship, InputStream metaDataFile) throws IOException { + logger.info("Validate SP MetaDataSourceType trustRelationship:{}, metaDataFile:{}", trustRelationship, metaDataFile); + + checkResourceNotNull(trustRelationship.getSpMetaDataSourceType(), "SP MetaData Source Type"); + + + logger.info("Validate trustRelationship.getSpMetaDataSourceType():{}", trustRelationship.getSpMetaDataSourceType()); + if(trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.FILE) && (metaDataFile==null || metaDataFile.available()<=0) ){ + throwBadRequestException(DATA_NULL_CHK,String.format(DATA_NULL_MSG, "SP MetaData File")); + + }else if(trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.MANUAL)){ + + if(metaDataFile!=null && metaDataFile.available()>0) { + throwBadRequestException("SP MetaData File should not be provided!"); + } + + checkResourceNotNull(trustRelationship.getSamlMetadata(), "SamlMetadata elements !"); + checkNotNull(trustRelationship.getSamlMetadata().getEntityId(), "SamlMetadata element - 'EntityId'"); + checkNotNull(trustRelationship.getSamlMetadata().getNameIDPolicyFormat(), "SamlMetadata element - 'NameIDPolicyFormat'"); + checkNotNull(trustRelationship.getSamlMetadata().getSingleLogoutServiceUrl(), "SamlMetadata element - 'SingleLogoutServiceUrl'"); + if(StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL()) && (StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL())) ) { + throwBadRequestException("Either of AssertionConsumerService GET or POST URL should be provided!"); + } + } + + } } diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java index f89d7579235..ddc546c3163 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java @@ -135,8 +135,9 @@ public Response getUserByInum( @RequestBody(description = "User object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class), examples = @ExampleObject(name = "Request json example", value = "example/user/user-post.json"))) @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class, description = "Created Object"), examples = @ExampleObject(name = "Response json example", value = "example/user/user.json"))), - @ApiResponse(responseCode = "400", description = "Bad Request"), + @ApiResponse(responseCode = "400", description = "Bad Request" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "404", description = "Not Found" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))), @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), }) @POST @@ -185,9 +186,9 @@ public Response createUser(@Valid CustomUser customUser, @RequestBody(description = "User object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class), examples = @ExampleObject(name = "Request json example", value = "example/user/user.json"))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class), examples = @ExampleObject(name = "Response json example", value = "example/user/user.json"))), - @ApiResponse(responseCode = "400", description = "Bad Request"), + @ApiResponse(responseCode = "400", description = "Bad Request" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), - @ApiResponse(responseCode = "404", description = "Not Found"), + @ApiResponse(responseCode = "404", description = "Not Found" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))), @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), }) @PUT diff --git a/jans-config-api/profiles/default/config-api-test.properties b/jans-config-api/profiles/default/config-api-test.properties index 90760aa83eb..79c46750a28 100644 --- a/jans-config-api/profiles/default/config-api-test.properties +++ b/jans-config-api/profiles/default/config-api-test.properties @@ -1,7 +1,7 @@ # The URL of your Jans installation test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/jans-ui.jans.io/test.properties b/jans-config-api/profiles/jans-ui.jans.io/test.properties index 2f3d2a62072..97f3924e65f 100644 --- a/jans-config-api/profiles/jans-ui.jans.io/test.properties +++ b/jans-config-api/profiles/jans-ui.jans.io/test.properties @@ -1,4 +1,4 @@ -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write # Test env Setting token.endpoint=https://jans-ui.jans.io/jans-auth/restv1/token diff --git a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties index 47a789d4f5f..d5d20550091 100644 --- a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties +++ b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties @@ -1,6 +1,6 @@ test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties index 22d4b2a7040..8adb514efb9 100644 --- a/jans-config-api/profiles/local/test.properties +++ b/jans-config-api/profiles/local/test.properties @@ -1,5 +1,5 @@ #LOCAL -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write # jans.server token.endpoint=https://jans.server3/jans-auth/restv1/token From 714bf5ae1b0ec86a781372ca56d5663b8a74ec57 Mon Sep 17 00:00:00 2001 From: pujavs Date: Sat, 2 Mar 2024 00:10:38 +0530 Subject: [PATCH 22/22] fix(config-api): SAML TR metadata validation, user mgt spec for error and security issue Signed-off-by: pujavs --- .../docs/jans-config-api-swagger.yaml | 8 +-- .../plugins/docs/user-mgt-plugin-swagger.yaml | 4 +- .../saml/rest/TrustRelationshipResource.java | 52 ++++++++++++------- 3 files changed, 38 insertions(+), 26 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index d5928a9b23e..b6ca6fa568f 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7906,10 +7906,10 @@ components: type: boolean userCanView: type: boolean - userCanAccess: - type: boolean adminCanAccess: type: boolean + userCanAccess: + type: boolean baseDn: type: string PatchRequest: @@ -9499,10 +9499,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string LocalizedString: type: object properties: diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index a22db49cb12..cb2dcc6823c 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -863,10 +863,10 @@ components: type: array items: type: object - displayValue: - type: string value: type: object + displayValue: + type: string CustomUser: type: object properties: diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java index dddfd45ed04..844cd7c764e 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java @@ -47,7 +47,6 @@ public class TrustRelationshipResource extends BaseResource { private static final String SAML_TRUST_RELATIONSHIP_CHECK_STR = "Trust Relationship identified by '"; private static final String NAME_CONFLICT = "NAME_CONFLICT"; private static final String NAME_CONFLICT_MSG = "Trust Relationship with same name `%s` already exists!"; - private static final String OBJECT_NULL_MSG = "`%s` should not be null!"; private static final String DATA_NULL_CHK = "RESOURCE_IS_NULL"; private static final String DATA_NULL_MSG = "`%s` should not be null!"; @@ -259,31 +258,44 @@ public Response processMetadataFiles() { return Response.ok().build(); } - private void validateSpMetaDataSourceType (TrustRelationship trustRelationship, InputStream metaDataFile) throws IOException { - logger.info("Validate SP MetaDataSourceType trustRelationship:{}, metaDataFile:{}", trustRelationship, metaDataFile); - + private void validateSpMetaDataSourceType(TrustRelationship trustRelationship, InputStream metaDataFile) + throws IOException { + logger.info("Validate SP MetaDataSourceType trustRelationship:{}, metaDataFile:{}", trustRelationship, + metaDataFile); + checkResourceNotNull(trustRelationship.getSpMetaDataSourceType(), "SP MetaData Source Type"); + + logger.info("Validate trustRelationship.getSpMetaDataSourceType():{}", + trustRelationship.getSpMetaDataSourceType()); - - logger.info("Validate trustRelationship.getSpMetaDataSourceType():{}", trustRelationship.getSpMetaDataSourceType()); - if(trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.FILE) && (metaDataFile==null || metaDataFile.available()<=0) ){ - throwBadRequestException(DATA_NULL_CHK,String.format(DATA_NULL_MSG, "SP MetaData File")); - - }else if(trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.MANUAL)){ - - if(metaDataFile!=null && metaDataFile.available()>0) { + if (trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.FILE)) { + + if (metaDataFile == null || metaDataFile.available() <= 0) { + throwBadRequestException(DATA_NULL_CHK, String.format(DATA_NULL_MSG, "SP MetaData File")); + } + + // Since SP Metadata source is File set SamlMetadata manual elements to null + trustRelationship.setSamlMetadata(null); + + } else if (trustRelationship.getSpMetaDataSourceType().equals(MetadataSourceType.MANUAL)) { + + if (metaDataFile != null && metaDataFile.available() > 0) { throwBadRequestException("SP MetaData File should not be provided!"); } - - checkResourceNotNull(trustRelationship.getSamlMetadata(), "SamlMetadata elements !"); - checkNotNull(trustRelationship.getSamlMetadata().getEntityId(), "SamlMetadata element - 'EntityId'"); - checkNotNull(trustRelationship.getSamlMetadata().getNameIDPolicyFormat(), "SamlMetadata element - 'NameIDPolicyFormat'"); - checkNotNull(trustRelationship.getSamlMetadata().getSingleLogoutServiceUrl(), "SamlMetadata element - 'SingleLogoutServiceUrl'"); - if(StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL()) && (StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL())) ) { + + checkResourceNotNull(trustRelationship.getSamlMetadata(), "'SamlMetadata manual elements'"); + checkNotNull(trustRelationship.getSamlMetadata().getEntityId(), "'EntityId'"); + checkNotNull(trustRelationship.getSamlMetadata().getNameIDPolicyFormat(), + "'NameIDPolicyFormat'"); + checkNotNull(trustRelationship.getSamlMetadata().getSingleLogoutServiceUrl(), + "'SingleLogoutServiceUrl'"); + if (StringUtils.isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL()) + && (StringUtils + .isBlank(trustRelationship.getSamlMetadata().getJansAssertionConsumerServiceGetURL()))) { throwBadRequestException("Either of AssertionConsumerService GET or POST URL should be provided!"); - } + } } - + } }