Merge branch 'main' into message-config

demos/jans-tarp/README.md

@@ -40,6 +40,15 @@ The extension can directly installed on Firefox browser from https://addons.mozi
 2. Click the `This Firefox` option.
 3. Click the `Load Temporary Add-on` button, then select the `jans-tarp-firefox-v{}.zip` zip file from `/jans-tarp/release/`.
 
+##### Note:
+
+When you are testing Janssen IdP with self-signed cert then follow below steps before client registration using jans-tarp.
+
+1. Open the OP_HOST url on browser.
+2. Accept the security risk due to self-signed cert and continue.
+
+![self-signed cert risk](./docs/images/untrusted_cert_risk.png)
+
 ## Testing with Keycloak (installed on localhost)
 
 1. Login to KC admin console
@@ -52,6 +61,4 @@ The extension can directly installed on Firefox browser from https://addons.mozi
 
 ![Client scopes](./docs/images/kc_add_scope.png)
 
-
-Suggestions and pull requests are welcomed!.
-
+Once above configuration is done, jans-tarp can be used test KC IdP.

demos/jans-tent/requirements.txt

@@ -26,15 +26,15 @@ Flask==2.2.2
 flask-oidc==1.4.0
 future==0.18.3
 gitdb==4.0.9
-GitPython==3.1.27
+GitPython==3.1.37
 h11==0.13.0
 httplib2==0.21.0
 idna==3.3
 importlib-metadata==4.12.0
 iniconfig==1.1.1
 install==1.3.5
 ipdb==0.13.9
-ipython==8.4.0
+ipython==8.10.0
 ipython-genutils==0.2.0
 isort==5.10.1
 itsdangerous==2.0.0

docs/requirements.txt

@@ -28,7 +28,7 @@ verspec==0.1.0 --hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d48
 watchdog==2.1.9 --hash=sha256:4f4e1c4aa54fb86316a62a87b3378c025e228178d55481d30d857c6c438897d6
 zipp==3.8.1 --hash=sha256:47c40d7fe183a6f21403a199b3e4192cca5774656965b0a4988ad2f8feb5f009
 babel==2.10.3 --hash=sha256:ff56f4892c1c4bf0d814575ea23471c230d544203c7748e8c68f0089478d48eb
-GitPython==3.1.30 --hash=sha256:cd455b0000615c60e286208ba540271af9fe531fa6a87cc590a7298785ab2882
+GitPython==3.1.37 --hash=sha256:5f4c4187de49616d710a77e98ddf17b4782060a1788df441846bddefbb89ab33 --hash=sha256:f9b9ddc0761c125d5780eab2d64be4873fc6817c2899cbcb34b02344bdc7bc54
 requests==2.28.1 --hash=sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349
 pytz==2022.2.1 --hash=sha256:220f481bdafa09c3955dfbdddb7b57780e9a94f5127e35456a48589b9e0c0197
 gitdb==4.0.9 --hash=sha256:8033ad4e853066ba6ca92050b9df2f89301b8fc8bf7e9324d412a63f8bf1a8fd

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -7858,22 +7858,22 @@ components:
           $ref: '#/components/schemas/AttributeValidation'
         tooltip:
           type: string
-        selected:
-          type: boolean
-        userCanEdit:
-          type: boolean
         adminCanView:
           type: boolean
         adminCanEdit:
           type: boolean
         userCanView:
           type: boolean
-        userCanAccess:
+        userCanEdit:
           type: boolean
         adminCanAccess:
           type: boolean
+        userCanAccess:
+          type: boolean
         whitePagesCanView:
           type: boolean
+        selected:
+          type: boolean
         baseDn:
           type: string
     PatchRequest:

jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml

@@ -672,9 +672,9 @@ paths:
       requestBody:
         description: Trust Relationship object
         content:
-          application/json:
+          multipart/form-data:
             schema:
-              $ref: '#/components/schemas/TrustRelationship'
+              $ref: '#/components/schemas/TrustRelationshipForm'
             examples:
               Request example:
                 description: Request example

jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java

@@ -127,7 +127,7 @@ public Response createTrustRelationshipWithFile(@MultipartForm TrustRelationship
     @Operation(summary = "Update TrustRelationship", description = "Update TrustRelationship", operationId = "put-trust-relationship", tags = {
             "SAML - Trust Relationship" }, security = @SecurityRequirement(name = "oauth2", scopes = {
                     Constants.SAML_WRITE_ACCESS }))
-    @RequestBody(description = "Trust Relationship object", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class), examples = @ExampleObject(name = "Request example", value = "example/trust-relationship/trust-relationship-put.json")))
+    @RequestBody(description = "Trust Relationship object", content = @Content(mediaType = MediaType.MULTIPART_FORM_DATA, schema = @Schema(implementation = TrustRelationshipForm.class), examples = @ExampleObject(name = "Request example", value = "example/trust-relationship/trust-relationship-post.json")))
     @ApiResponses(value = {
             @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = TrustRelationship.class))),
             @ApiResponse(responseCode = "401", description = "Unauthorized"),

jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/service/IdpService.java

@@ -6,49 +6,27 @@
 
 package io.jans.configapi.plugin.saml.service;
 
-import io.jans.as.common.model.registration.Client;
-import io.jans.as.common.service.common.InumService;
+
 import io.jans.as.common.service.OrganizationService;
-import io.jans.as.common.util.AttributeConstants;
-import io.jans.configapi.configuration.ConfigurationFactory;
 import io.jans.configapi.plugin.saml.client.IdpClientFactory;
 import io.jans.configapi.plugin.saml.mapper.IdentityProviderMapper;
 import io.jans.configapi.plugin.saml.model.IdentityProvider;
-import io.jans.configapi.plugin.saml.service.SamlService;
-import io.jans.configapi.plugin.saml.timer.MetadataValidationTimer;
-import io.jans.configapi.plugin.saml.util.Constants;
 
-import io.jans.model.GluuStatus;
 import io.jans.model.SearchRequest;
 import io.jans.orm.PersistenceEntryManager;
 import io.jans.orm.model.PagedResult;
-import io.jans.orm.model.SortOrder;
-import io.jans.orm.search.filter.Filter;
-import io.jans.util.StringHelper;
 import io.jans.util.exception.InvalidAttributeException;
 
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.UUID;
-import java.util.stream.Collectors;
-
 import jakarta.ws.rs.core.Response;
 
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.io.FileUtils;
-import org.apache.commons.io.filefilter.AgeFileFilter;
-import org.apache.commons.io.filefilter.TrueFileFilter;
 import org.slf4j.Logger;
-
 import org.keycloak.representations.idm.IdentityProviderRepresentation;
 
 @ApplicationScoped
@@ -136,9 +114,15 @@ public IdentityProvider createSamlIdentityProvider(IdentityProvider identityProv
                     idpMetadataStream.available());
             kcIdp = keycloakService.createIdentityProvider(identityProvider.getRealm(), kcIdp);
             log.debug("Newly created kcIdp:{}", kcIdp);
-            identityProvider = this.convertToIdentityProvider(kcIdp);
+            identityProvider = this.convertToIdentityProvider(identityProvider, kcIdp);
             log.debug("Final created identityProvider:{}", identityProvider);
 
+            // set KC SP MetadataURL name
+            if (identityProvider != null) {
+                String spMetadataUrl = getSpMetadataUrl(identityProvider.getRealm(), identityProvider.getName());
+                log.info(" Setting KC SP Metadata URL - spMetadataUrl:{} ", spMetadataUrl);
+                identityProvider.setSpMetaDataURL(spMetadataUrl);
+            }
         }
         return identityProvider;
     }
@@ -165,7 +149,8 @@ public IdentityProvider updateSamlIdentityProvider(IdentityProvider identityProv
 
         // Update IDP in Jans DB
         updateIdentityProvider(identityProvider);
-        log.debug("Updated IdentityProvider dentityProvider:{})", identityProvider);
+        log.debug("Updated IdentityProvider dentityProvider:{}, , identityProvider.getRealm():{})", identityProvider,
+                identityProvider.getRealm());
 
         if (samlConfigService.isSamlEnabled()) {
             // Update IDP in KC
@@ -174,7 +159,14 @@ public IdentityProvider updateSamlIdentityProvider(IdentityProvider identityProv
 
             kcIdp = keycloakService.updateIdentityProvider(identityProvider.getRealm(), kcIdp);
             log.debug("Updated kcIdp:{}", kcIdp);
-            identityProvider = this.convertToIdentityProvider(kcIdp);
+            identityProvider = this.convertToIdentityProvider(identityProvider, kcIdp);
+
+            // set KC SP MetadataURL name
+            if (identityProvider != null) {
+                String spMetadataUrl = getSpMetadataUrl(identityProvider.getRealm(), identityProvider.getName());
+                log.info(" Updating KC SP Metadata URL - spMetadataUrl:{} ", spMetadataUrl);
+                identityProvider.setSpMetaDataURL(spMetadataUrl);
+            }
         }
         return identityProvider;
     }
@@ -217,6 +209,29 @@ private Map<String, String> validateSamlMetadata(String realmName, InputStream i
         return keycloakService.validateSamlMetadata(realmName, idpMetadataStream);
     }
 
+    private IdentityProvider convertToIdentityProvider(IdentityProvider identityProvider,
+            IdentityProviderRepresentation kcIdp) {
+        log.debug("identityProvider:{}, kcIdp:{}", identityProvider, kcIdp);
+
+        IdentityProvider idp = this.convertToIdentityProvider(kcIdp);
+        log.info("convertToIdentityProvider - idp:{}", idp);
+
+        if (idp != null && identityProvider != null) {
+            idp.setRealm(identityProvider.getRealm());
+            idp.setSpMetaDataFN(identityProvider.getSpMetaDataFN());
+            idp.setSpMetaDataURL(identityProvider.getSpMetaDataURL());
+            idp.setSpMetaDataLocation(identityProvider.getSpMetaDataLocation());
+            idp.setIdpMetaDataFN(identityProvider.getIdpMetaDataFN());
+            idp.setIdpMetaDataLocation(identityProvider.getIdpMetaDataLocation());
+            idp.setIdpMetaDataURL(identityProvider.getIdpMetaDataURL());
+            idp.setStatus(identityProvider.getStatus());
+            idp.setValidationStatus(identityProvider.getValidationStatus());
+            idp.setValidationLog(identityProvider.getValidationLog());
+        }
+
+        return idp;
+    }
+
     private IdentityProvider convertToIdentityProvider(IdentityProviderRepresentation kcIdp) {
         log.debug("kcIdp:{}", kcIdp);
         IdentityProvider idp = null;

jans-config-api/pom.xml

@@ -244,16 +244,6 @@
 			</dependency>
 
 			<!-- Security -->
-			<dependency>
-				<groupId>org.bouncycastle</groupId>
-				<artifactId>bcprov-jdk15on</artifactId>
-				<version>1.70</version>
-			</dependency>
-			<dependency>
-				<groupId>org.bouncycastle</groupId>
-				<artifactId>bcpkix-jdk15on</artifactId>
-				<version>1.70</version>
-			</dependency>
 			<dependency>
 				<groupId>com.nimbusds</groupId>
 				<artifactId>nimbus-jose-jwt</artifactId>

jans-config-api/server/pom.xml

@@ -87,15 +87,7 @@
 			<artifactId>weld-core-impl</artifactId>
 		</dependency>
 
-		<!-- Security -->
-		<dependency>
-			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcprov-jdk15on</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcpkix-jdk15on</artifactId>
-		</dependency>
+
 
 		<!-- Microprofile -->
 		<dependency>

jans-linux-setup/jans_setup/templates/base.ldif

@@ -143,7 +143,3 @@ objectClass: top
 objectClass: organizationalUnit
 ou: trusted-idp
 
-dn: ou=realm,o=jans
-objectClass: top
-objectClass: organizationalUnit
-ou: trusted-idp

jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json

@@ -97,11 +97,6 @@
       "name": "saml",
       "description": "saml plugin",
       "className": "io.jans.configapi.plugin.saml.rest.ApiApplication"
-    },
-	{
-      "name": "idp",
-      "description": "idp plugin",
-      "className": "io.jans.configapi.plugin.keycloak.idp.broker.rest.IdpApiApplication"
     }
 
   ]