diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java index d54a74728b3..16f6a925722 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/AuditLogConf.java @@ -19,7 +19,7 @@ public class AuditLogConf { private Collection ignoreHttpMethod; /** - * List of header attributes + * List of header HTTP attributes whose value is to be logged */ private List headerAttributes; diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java index 4fda38241aa..670d02d54d8 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java @@ -85,4 +85,9 @@ private ApiAccessConstants() { public static final String UMA_DELETE_ACCESS = "https://jans.io/oauth/config/uma-delete"; public static final String PLUGIN_READ_ACCESS = "https://jans.io/oauth/config/plugin.readonly"; + + public static final String CONFIG_READ_ACCESS = "https://jans.io/oauth/config/properties.readonly"; + public static final String CONFIG_WRITE_ACCESS = "https://jans.io/oauth/config/properties.write"; + + } diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java index 0a18f903511..308a558a2fc 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java @@ -12,6 +12,7 @@ private ApiConstants() {} public static final String BASE_API_URL = "/"; public static final String CONFIG = "/config"; + public static final String API_CONFIG = "/api-config"; public static final String JWKS = "/jwks"; public static final String JANS_AUTH = "/jans-auth-server"; public static final String LOGGING = "/logging"; diff --git a/jans-config-api/docs/jans-config-api-swagger-auto.yaml b/jans-config-api/docs/jans-config-api-swagger-auto.yaml index 8e109c3f3f6..eea819e4ca9 100644 --- a/jans-config-api/docs/jans-config-api-swagger-auto.yaml +++ b/jans-config-api/docs/jans-config-api-swagger-auto.yaml @@ -39,6 +39,7 @@ tags: - name: Organization Configuration - name: Auth Server Health - Check - name: Plugins +- name: Configuration – Config API paths: /api/v1/health: get: @@ -1185,6 +1186,93 @@ paths: security: - oauth2: - https://jans.io/oauth/config/attributes.write + /api/v1/jans-auth-server/config: + get: + tags: + - Configuration – Properties + summary: Gets all Jans authorization server configuration properties. + description: Gets all Jans authorization server configuration properties. + operationId: get-properties + responses: + "200": + description: Ok + content: + application/json: + schema: + $ref: '#/components/schemas/AppConfiguration' + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/jans-auth-server/config/properties.readonly + patch: + tags: + - Configuration – Properties + summary: Partially modifies Jans authorization server Application configuration + properties. + description: Partially modifies Jans authorization server AppConfiguration properties. + operationId: patch-properties + requestBody: + description: String representing patch-document. + content: + application/json-patch+json: + schema: + type: array + items: + $ref: '#/components/schemas/JsonPatch' + examples: + Request json example: + description: Request json example + value: | + [ + {"op":"add","path":"/authenticationFilters","value":[{}]}, + {"op":"replace","path":"/useNestedJwtDuringEncryption","value":"true"}, + {"op":"add","path":"/loggingLevel","value":"TRACE"} + ] + responses: + "200": + description: Ok + content: + application/json: + schema: + $ref: '#/components/schemas/AppConfiguration' + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/jans-auth-server/config/properties.write + /api/v1/jans-auth-server/config/persistence: + get: + tags: + - Configuration – Properties + summary: Returns persistence type configured for Jans authorization server. + description: Returns persistence type configured for Jans authorization server. + operationId: get-properties-persistence + responses: + "200": + description: Jans Authorization Server persistence type + content: + application/json: + schema: + $ref: '#/components/schemas/PersistenceConfiguration' + examples: + Response json example: + description: Response json example + value: | + { + "persistenceType": "ldap" + } + "401": + description: Unauthorized + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/jans-auth-server/config/properties.readonly /api/v1/config/cache: get: tags: @@ -3341,34 +3429,33 @@ paths: security: - oauth2: - https://jans.io/oauth/config/openid/clients.write - /api/v1/jans-auth-server/config: + /api/v1/api-config: get: tags: - - Configuration – Properties - summary: Gets all Jans authorization server configuration properties. - description: Gets all Jans authorization server configuration properties. - operationId: get-properties + - Configuration – Config API + summary: Gets config-api configuration properties. + description: Gets config-api configuration properties. + operationId: get-config-api-properties responses: "200": description: Ok content: application/json: schema: - $ref: '#/components/schemas/AppConfiguration' + $ref: '#/components/schemas/ApiAppConfiguration' "401": description: Unauthorized "500": description: InternalServerError security: - oauth2: - - https://jans.io/oauth/jans-auth-server/config/properties.readonly + - https://jans.io/oauth/config/properties.readonly patch: tags: - - Configuration – Properties - summary: Partially modifies Jans authorization server Application configuration - properties. - description: Partially modifies Jans authorization server AppConfiguration properties. - operationId: patch-properties + - Configuration – Config API + summary: Partially modifies config-api configuration properties. + description: Partially modifies config-api Configuration properties. + operationId: patch-config-api-properties requestBody: description: String representing patch-document. content: @@ -3380,54 +3467,21 @@ paths: examples: Request json example: description: Request json example - value: | - [ - {"op":"add","path":"/authenticationFilters","value":[{}]}, - {"op":"replace","path":"/useNestedJwtDuringEncryption","value":"true"}, - {"op":"add","path":"/loggingLevel","value":"TRACE"} - ] + value: "" responses: "200": description: Ok content: application/json: schema: - $ref: '#/components/schemas/AppConfiguration' - "401": - description: Unauthorized - "500": - description: InternalServerError - security: - - oauth2: - - https://jans.io/oauth/jans-auth-server/config/properties.write - /api/v1/jans-auth-server/config/persistence: - get: - tags: - - Configuration – Properties - summary: Returns persistence type configured for Jans authorization server. - description: Returns persistence type configured for Jans authorization server. - operationId: get-properties-persistence - responses: - "200": - description: Jans Authorization Server persistence type - content: - application/json: - schema: - $ref: '#/components/schemas/PersistenceConfiguration' - examples: - Response json example: - description: Response json example - value: | - { - "persistenceType": "ldap" - } + $ref: '#/components/schemas/ApiAppConfiguration' "401": description: Unauthorized "500": description: InternalServerError security: - oauth2: - - https://jans.io/oauth/jans-auth-server/config/properties.readonly + - https://jans.io/oauth/config/properties.write /api/v1/config/smtp: get: tags: @@ -7466,18 +7520,18 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string - userCanAccess: - type: boolean - adminCanAccess: - type: boolean adminCanEdit: type: boolean userCanEdit: type: boolean adminCanView: type: boolean + userCanAccess: + type: boolean userCanView: type: boolean + adminCanAccess: + type: boolean whitePagesCanView: type: boolean baseDn: @@ -7491,147 +7545,149 @@ components: type: string value: type: string - CacheConfiguration: + AppConfiguration: type: object properties: - cacheProviderType: + issuer: type: string - enum: - - IN_MEMORY - - MEMCACHED - - REDIS - - NATIVE_PERSISTENCE - memcachedConfiguration: - $ref: '#/components/schemas/MemcachedConfiguration' - inMemoryConfiguration: - $ref: '#/components/schemas/InMemoryConfiguration' - redisConfiguration: - $ref: '#/components/schemas/RedisConfiguration' - nativePersistenceConfiguration: - $ref: '#/components/schemas/NativePersistenceConfiguration' - InMemoryConfiguration: - type: object - properties: - defaultPutExpiration: - type: integer - format: int32 - MemcachedConfiguration: - type: object - properties: - servers: + baseEndpoint: type: string - maxOperationQueueLength: - type: integer - format: int32 - bufferSize: - type: integer - format: int32 - defaultPutExpiration: - type: integer - format: int32 - connectionFactoryType: + authorizationEndpoint: type: string - enum: - - DEFAULT - - BINARY - NativePersistenceConfiguration: - type: object - properties: - defaultPutExpiration: - type: integer - format: int32 - defaultCleanupBatchSize: - type: integer - format: int32 - deleteExpiredOnGetRequest: - type: boolean - disableAttemptUpdateBeforeInsert: - type: boolean - RedisConfiguration: - type: object - properties: - redisProviderType: + tokenEndpoint: type: string - enum: - - STANDALONE - - CLUSTER - - SHARDED - - SENTINEL - servers: + tokenRevocationEndpoint: type: string - defaultPutExpiration: - type: integer - format: int32 - sentinelMasterGroupName: + userInfoEndpoint: type: string - password: + clientInfoEndpoint: type: string - useSSL: - type: boolean - sslTrustStoreFilePath: + checkSessionIFrame: type: string - sslTrustStorePassword: + endSessionEndpoint: type: string - sslKeyStoreFilePath: + jwksUri: type: string - sslKeyStorePassword: + registrationEndpoint: type: string - maxIdleConnections: - type: integer - format: int32 - maxTotalConnections: - type: integer - format: int32 - connectionTimeout: - type: integer - format: int32 - soTimeout: - type: integer - format: int32 - maxRetryAttempts: - type: integer - format: int32 - Client: - type: object - properties: - dn: + openIdDiscoveryEndpoint: type: string - expirationDate: + openIdConfigurationEndpoint: type: string - format: date-time - deletable: - type: boolean - clientSecret: + idGenerationEndpoint: type: string - frontChannelLogoutUri: + introspectionEndpoint: type: string - frontChannelLogoutSessionRequired: + parEndpoint: + type: string + requirePar: type: boolean - registrationAccessToken: + deviceAuthzEndpoint: type: string - clientIdIssuedAt: + mtlsAuthorizationEndpoint: type: string - format: date-time - clientSecretExpiresAt: + mtlsTokenEndpoint: type: string - format: date-time - redirectUris: + mtlsTokenRevocationEndpoint: + type: string + mtlsUserInfoEndpoint: + type: string + mtlsClientInfoEndpoint: + type: string + mtlsCheckSessionIFrame: + type: string + mtlsEndSessionEndpoint: + type: string + mtlsJwksUri: + type: string + mtlsRegistrationEndpoint: + type: string + mtlsIdGenerationEndpoint: + type: string + mtlsIntrospectionEndpoint: + type: string + mtlsParEndpoint: + type: string + mtlsDeviceAuthzEndpoint: + type: string + requireRequestObjectEncryption: + type: boolean + requirePkce: + type: boolean + allowAllValueForRevokeEndpoint: + type: boolean + sectorIdentifierCacheLifetimeInMinutes: + type: integer + format: int32 + umaConfigurationEndpoint: + type: string + umaRptAsJwt: + type: boolean + umaRptLifetime: + type: integer + format: int32 + umaTicketLifetime: + type: integer + format: int32 + umaPctLifetime: + type: integer + format: int32 + umaResourceLifetime: + type: integer + format: int32 + umaAddScopesAutomatically: + type: boolean + umaValidateClaimToken: + type: boolean + umaGrantAccessIfNoPolicies: + type: boolean + umaRestrictResourceToAssociatedClient: + type: boolean + statTimerIntervalInSeconds: + type: integer + format: int32 + statAuthorizationScope: + type: string + allowSpontaneousScopes: + type: boolean + spontaneousScopeLifetime: + type: integer + format: int32 + openidSubAttribute: + type: string + publicSubjectIdentifierPerClientEnabled: + type: boolean + subjectIdentifiersPerClientSupported: type: array items: type: string - claimRedirectUris: + responseTypesSupported: + uniqueItems: true type: array items: - type: string - responseTypes: + uniqueItems: true + type: array + items: + type: string + enum: + - code + - token + - id_token + responseModesSupported: + uniqueItems: true type: array items: type: string enum: - - code - - token - - id_token - grantTypes: + - query + - fragment + - form_post + - query.jwt + - fragment.jwt + - form_post.jwt + - jwt + grantTypesSupported: + uniqueItems: true type: array items: type: string @@ -7646,443 +7702,256 @@ components: - urn:ietf:params:oauth:grant-type:token-exchange - urn:openid:params:grant-type:ciba - urn:ietf:params:oauth:grant-type:device_code - applicationType: - type: string - enum: - - native - - web - contacts: + subjectTypesSupported: type: array items: type: string - idTokenTokenBindingCnf: - type: string - clientName: - type: string - logoUri: - type: string - clientUri: - type: string - policyUri: - type: string - tosUri: - type: string - clientNameLocalized: - $ref: '#/components/schemas/LocalizedString' - logoUriLocalized: - $ref: '#/components/schemas/LocalizedString' - clientUriLocalized: - $ref: '#/components/schemas/LocalizedString' - policyUriLocalized: - $ref: '#/components/schemas/LocalizedString' - tosUriLocalized: - $ref: '#/components/schemas/LocalizedString' - jwksUri: - type: string - jwks: - type: string - sectorIdentifierUri: - type: string - subjectType: - type: string - enum: - - pairwise - - public - idTokenSignedResponseAlg: - type: string - idTokenEncryptedResponseAlg: - type: string - idTokenEncryptedResponseEnc: - type: string - userInfoSignedResponseAlg: - type: string - userInfoEncryptedResponseAlg: - type: string - userInfoEncryptedResponseEnc: - type: string - requestObjectSigningAlg: - type: string - requestObjectEncryptionAlg: - type: string - requestObjectEncryptionEnc: - type: string - tokenEndpointAuthMethod: - type: string - tokenEndpointAuthSigningAlg: + defaultSubjectType: type: string - defaultMaxAge: - type: integer - format: int32 - defaultAcrValues: + authorizationSigningAlgValuesSupported: type: array items: type: string - initiateLoginUri: - type: string - postLogoutRedirectUris: + authorizationEncryptionAlgValuesSupported: type: array items: type: string - requestUris: + authorizationEncryptionEncValuesSupported: type: array items: type: string - scopes: + userInfoSigningAlgValuesSupported: type: array items: type: string - claims: + userInfoEncryptionAlgValuesSupported: type: array items: type: string - trustedClient: - type: boolean - lastAccessTime: - type: string - format: date-time - lastLogonTime: - type: string - format: date-time - persistClientAuthorizations: - type: boolean - includeClaimsInIdToken: - type: boolean - refreshTokenLifetime: - type: integer - format: int32 - accessTokenLifetime: - type: integer - format: int32 - customAttributes: + userInfoEncryptionEncValuesSupported: type: array items: - $ref: '#/components/schemas/CustomObjectAttribute' - customObjectClasses: + type: string + idTokenSigningAlgValuesSupported: type: array items: type: string - rptAsJwt: - type: boolean - accessTokenAsJwt: - type: boolean - accessTokenSigningAlg: - type: string - disabled: + idTokenEncryptionAlgValuesSupported: + type: array + items: + type: string + idTokenEncryptionEncValuesSupported: + type: array + items: + type: string + accessTokenSigningAlgValuesSupported: + type: array + items: + type: string + forceSignedRequestObject: type: boolean - authorizedOrigins: + requestObjectSigningAlgValuesSupported: type: array items: type: string - softwareId: - type: string - softwareVersion: - type: string - softwareStatement: - type: string - attributes: - $ref: '#/components/schemas/ClientAttributes' - backchannelTokenDeliveryMode: - type: string - enum: - - poll - - ping - - push - backchannelClientNotificationEndpoint: - type: string - backchannelAuthenticationRequestSigningAlg: - type: string - enum: - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - backchannelUserCodeParameter: - type: boolean - description: - type: string - organization: - type: string - groups: + requestObjectEncryptionAlgValuesSupported: type: array items: type: string - ttl: - type: integer - format: int32 - displayName: - type: string - authenticationMethod: - type: string - enum: - - client_secret_basic - - client_secret_post - - client_secret_jwt - - private_key_jwt - - access_token - - tls_client_auth - - self_signed_tls_client_auth - - none - baseDn: - type: string - inum: - type: string - ClientAttributes: - type: object - properties: - tlsClientAuthSubjectDn: - type: string - runIntrospectionScriptBeforeJwtCreation: - type: boolean - keepClientAuthorizationAfterExpiration: - type: boolean - allowSpontaneousScopes: - type: boolean - spontaneousScopes: + requestObjectEncryptionEncValuesSupported: type: array items: type: string - spontaneousScopeScriptDns: + tokenEndpointAuthMethodsSupported: type: array items: type: string - updateTokenScriptDns: + tokenEndpointAuthSigningAlgValuesSupported: type: array items: type: string - backchannelLogoutUri: + dynamicRegistrationCustomAttributes: type: array items: type: string - backchannelLogoutSessionRequired: - type: boolean - additionalAudience: + dynamicRegistrationDefaultCustomAttributes: + $ref: '#/components/schemas/JsonNode' + displayValuesSupported: type: array items: type: string - postAuthnScripts: + claimTypesSupported: type: array items: type: string - consentGatheringScripts: + jwksAlgorithmsSupported: type: array items: type: string - introspectionScripts: + serviceDocumentation: + type: string + claimsLocalesSupported: type: array items: type: string - rptClaimsScripts: + idTokenTokenBindingCnfValuesSupported: type: array items: type: string - ropcScripts: + uiLocalesSupported: type: array items: type: string - parLifetime: - type: integer - format: int32 - requirePar: + claimsParameterSupported: type: boolean - jansAuthSignedRespAlg: - type: string - jansAuthEncRespAlg: - type: string - jansAuthEncRespEnc: - type: string - jansSubAttr: - type: string - redirectUrisRegex: - type: string - jansAuthorizedAcr: - type: array - items: - type: string - jansDefaultPromptLogin: + requestParameterSupported: type: boolean - idTokenLifetime: - type: integer - format: int32 - allowOfflineAccessWithoutConsent: + requestUriParameterSupported: type: boolean - minimumAcrLevel: - type: integer - format: int32 - minimumAcrLevelAutoresolve: + requestUriHashVerificationEnabled: type: boolean - minimumAcrPriorityList: - type: array - items: - type: string - CustomObjectAttribute: - type: object - properties: - name: - type: string - multiValued: + requireRequestUriRegistration: type: boolean - values: + requestUriBlockList: type: array items: - type: object - value: - type: object - displayValue: - type: string - LocalizedString: - type: object - properties: - values: - type: object - additionalProperties: type: string - AppConfiguration: - type: object - properties: - issuer: - type: string - baseEndpoint: - type: string - authorizationEndpoint: - type: string - tokenEndpoint: - type: string - tokenRevocationEndpoint: - type: string - userInfoEndpoint: - type: string - clientInfoEndpoint: - type: string - checkSessionIFrame: - type: string - endSessionEndpoint: - type: string - jwksUri: - type: string - registrationEndpoint: - type: string - openIdDiscoveryEndpoint: - type: string - openIdConfigurationEndpoint: - type: string - idGenerationEndpoint: - type: string - introspectionEndpoint: - type: string - parEndpoint: - type: string - requirePar: - type: boolean - deviceAuthzEndpoint: - type: string - mtlsAuthorizationEndpoint: - type: string - mtlsTokenEndpoint: - type: string - mtlsTokenRevocationEndpoint: - type: string - mtlsUserInfoEndpoint: - type: string - mtlsClientInfoEndpoint: - type: string - mtlsCheckSessionIFrame: - type: string - mtlsEndSessionEndpoint: - type: string - mtlsJwksUri: - type: string - mtlsRegistrationEndpoint: - type: string - mtlsIdGenerationEndpoint: - type: string - mtlsIntrospectionEndpoint: - type: string - mtlsParEndpoint: + opPolicyUri: type: string - mtlsDeviceAuthzEndpoint: + opTosUri: type: string - requireRequestObjectEncryption: - type: boolean - requirePkce: - type: boolean - allowAllValueForRevokeEndpoint: - type: boolean - sectorIdentifierCacheLifetimeInMinutes: + authorizationCodeLifetime: type: integer format: int32 - umaConfigurationEndpoint: - type: string - umaRptAsJwt: - type: boolean - umaRptLifetime: + refreshTokenLifetime: type: integer format: int32 - umaTicketLifetime: + idTokenLifetime: type: integer format: int32 - umaPctLifetime: + idTokenFilterClaimsBasedOnAccessToken: + type: boolean + accessTokenLifetime: type: integer format: int32 - umaResourceLifetime: + cleanServiceInterval: type: integer format: int32 - umaAddScopesAutomatically: - type: boolean - umaValidateClaimToken: - type: boolean - umaGrantAccessIfNoPolicies: - type: boolean - umaRestrictResourceToAssociatedClient: - type: boolean - statTimerIntervalInSeconds: + cleanServiceBatchChunkSize: type: integer format: int32 - statAuthorizationScope: - type: string - allowSpontaneousScopes: + keyRegenerationEnabled: type: boolean - spontaneousScopeLifetime: + keyRegenerationInterval: type: integer format: int32 - openidSubAttribute: + defaultSignatureAlgorithm: type: string - publicSubjectIdentifierPerClientEnabled: + jansOpenIdConnectVersion: + type: string + jansId: + type: string + dynamicRegistrationExpirationTime: + type: integer + format: int32 + dynamicRegistrationPersistClientAuthorizations: type: boolean - subjectIdentifiersPerClientSupported: + trustedClientEnabled: + type: boolean + skipAuthorizationForOpenIdScopeAndPairwiseId: + type: boolean + dynamicRegistrationScopesParamEnabled: + type: boolean + dynamicRegistrationPasswordGrantTypeEnabled: + type: boolean + dynamicRegistrationAllowedPasswordGrantScopes: type: array items: type: string - responseTypesSupported: - uniqueItems: true + dynamicRegistrationCustomObjectClass: + type: string + personCustomObjectClassList: type: array items: - uniqueItems: true - type: array - items: - type: string - enum: - - code - - token - - id_token - responseModesSupported: - uniqueItems: true + type: string + persistIdTokenInLdap: + type: boolean + persistRefreshTokenInLdap: + type: boolean + allowPostLogoutRedirectWithoutValidation: + type: boolean + invalidateSessionCookiesAfterAuthorizationFlow: + type: boolean + returnClientSecretOnRead: + type: boolean + rejectJwtWithNoneAlg: + type: boolean + expirationNotificatorEnabled: + type: boolean + useNestedJwtDuringEncryption: + type: boolean + expirationNotificatorMapSizeLimit: + type: integer + format: int32 + expirationNotificatorIntervalInSeconds: + type: integer + format: int32 + redirectUrisRegexEnabled: + type: boolean + useHighestLevelScriptIfAcrScriptNotFound: + type: boolean + authenticationFiltersEnabled: + type: boolean + clientAuthenticationFiltersEnabled: + type: boolean + clientRegDefaultToCodeFlowWithRefresh: + type: boolean + grantTypesAndResponseTypesAutofixEnabled: + type: boolean + authenticationFilters: type: array items: - type: string - enum: - - query - - fragment - - form_post - - query.jwt - - fragment.jwt - - form_post.jwt - - jwt - grantTypesSupported: + $ref: '#/components/schemas/AuthenticationFilter' + clientAuthenticationFilters: + type: array + items: + $ref: '#/components/schemas/ClientAuthenticationFilter' + corsConfigurationFilters: + type: array + items: + $ref: '#/components/schemas/CorsConfigurationFilter' + sessionIdUnusedLifetime: + type: integer + format: int32 + sessionIdUnauthenticatedUnusedLifetime: + type: integer + format: int32 + sessionIdPersistOnPromptNone: + type: boolean + sessionIdRequestParameterEnabled: + type: boolean + changeSessionIdOnAuthentication: + type: boolean + sessionIdPersistInCache: + type: boolean + includeSidInResponse: + type: boolean + disablePromptLogin: + type: boolean + sessionIdLifetime: + type: integer + format: int32 + serverSessionIdLifetime: + type: integer + format: int32 + activeSessionAuthorizationScope: + type: string + configurationUpdateInterval: + type: integer + format: int32 + enableClientGrantTypeUpdate: + type: boolean + dynamicGrantTypeDefault: uniqueItems: true type: array items: @@ -8098,257 +7967,641 @@ components: - urn:ietf:params:oauth:grant-type:token-exchange - urn:openid:params:grant-type:ciba - urn:ietf:params:oauth:grant-type:device_code - subjectTypesSupported: - type: array - items: - type: string - defaultSubjectType: + cssLocation: type: string - authorizationSigningAlgValuesSupported: - type: array - items: - type: string - authorizationEncryptionAlgValuesSupported: - type: array - items: - type: string - authorizationEncryptionEncValuesSupported: - type: array - items: - type: string - userInfoSigningAlgValuesSupported: - type: array - items: - type: string - userInfoEncryptionAlgValuesSupported: - type: array - items: - type: string - userInfoEncryptionEncValuesSupported: + jsLocation: + type: string + imgLocation: + type: string + metricReporterInterval: + type: integer + format: int32 + metricReporterKeepDataDays: + type: integer + format: int32 + pairwiseIdType: + type: string + pairwiseCalculationKey: + type: string + pairwiseCalculationSalt: + type: string + shareSubjectIdBetweenClientsWithSameSectorId: + type: boolean + webKeysStorage: + type: string + enum: + - keystore + - pkcs11 + dnName: + type: string + keyStoreFile: + type: string + keyStoreSecret: + type: string + keySelectionStrategy: + type: string + enum: + - OLDER + - NEWER + - FIRST + keyAlgsAllowedForGeneration: type: array items: type: string - idTokenSigningAlgValuesSupported: + keySignWithSameKeyButDiffAlg: + type: boolean + staticKid: + type: string + staticDecryptionKid: + type: string + jansElevenTestModeToken: + type: string + jansElevenGenerateKeyEndpoint: + type: string + jansElevenSignEndpoint: + type: string + jansElevenVerifySignatureEndpoint: + type: string + jansElevenDeleteKeyEndpoint: + type: string + introspectionAccessTokenMustHaveUmaProtectionScope: + type: boolean + introspectionSkipAuthorization: + type: boolean + endSessionWithAccessToken: + type: boolean + cookieDomain: + type: string + enabledOAuthAuditLogging: + type: boolean + jmsBrokerURISet: + uniqueItems: true type: array items: type: string - idTokenEncryptionAlgValuesSupported: + jmsUserName: + type: string + jmsPassword: + type: string + externalUriWhiteList: type: array items: type: string - idTokenEncryptionEncValuesSupported: + clientWhiteList: type: array items: type: string - accessTokenSigningAlgValuesSupported: + clientBlackList: type: array items: type: string - forceSignedRequestObject: + legacyIdTokenClaims: type: boolean - requestObjectSigningAlgValuesSupported: - type: array - items: - type: string - requestObjectEncryptionAlgValuesSupported: + customHeadersWithAuthorizationResponse: + type: boolean + frontChannelLogoutSessionSupported: + type: boolean + loggingLevel: + type: string + loggingLayout: + type: string + updateUserLastLogonTime: + type: boolean + updateClientAccessTime: + type: boolean + logClientIdOnClientAuthentication: + type: boolean + logClientNameOnClientAuthentication: + type: boolean + disableJdkLogger: + type: boolean + authorizationRequestCustomAllowedParameters: + uniqueItems: true type: array items: - type: string - requestObjectEncryptionEncValuesSupported: + $ref: '#/components/schemas/AuthorizationRequestCustomParameter' + openidScopeBackwardCompatibility: + type: boolean + disableU2fEndpoint: + type: boolean + rotateDeviceSecret: + type: boolean + returnDeviceSecretFromAuthzEndpoint: + type: boolean + dcrSignatureValidationEnabled: + type: boolean + dcrSignatureValidationSharedSecret: + type: string + dcrSignatureValidationSoftwareStatementJwksURIClaim: + type: string + dcrSignatureValidationSoftwareStatementJwksClaim: + type: string + dcrSignatureValidationJwks: + type: string + dcrSignatureValidationJwksUri: + type: string + dcrAuthorizationWithClientCredentials: + type: boolean + dcrAuthorizationWithMTLS: + type: boolean + dcrIssuers: type: array items: type: string - tokenEndpointAuthMethodsSupported: - type: array - items: + useLocalCache: + type: boolean + fapiCompatibility: + type: boolean + forceIdTokenHintPrecense: + type: boolean + rejectEndSessionIfIdTokenExpired: + type: boolean + allowEndSessionWithUnmatchedSid: + type: boolean + forceOfflineAccessScopeToEnableRefreshToken: + type: boolean + errorReasonEnabled: + type: boolean + removeRefreshTokensForClientOnLogout: + type: boolean + skipRefreshTokenDuringRefreshing: + type: boolean + refreshTokenExtendLifetimeOnRotation: + type: boolean + checkUserPresenceOnRefreshToken: + type: boolean + consentGatheringScriptBackwardCompatibility: + type: boolean + introspectionScriptBackwardCompatibility: + type: boolean + introspectionResponseScopesBackwardCompatibility: + type: boolean + softwareStatementValidationType: + type: string + softwareStatementValidationClaimName: + type: string + authenticationProtectionConfiguration: + $ref: '#/components/schemas/AuthenticationProtectionConfiguration' + errorHandlingMethod: + type: string + enum: + - internal + - remote + disableAuthnForMaxAgeZero: + type: boolean + keepAuthenticatorAttributesOnAcrChange: + type: boolean + deviceAuthzRequestExpiresIn: + type: integer + format: int32 + deviceAuthzTokenPollInterval: + type: integer + format: int32 + deviceAuthzResponseTypeToProcessAuthz: + type: string + backchannelClientId: + type: string + backchannelRedirectUri: + type: string + backchannelAuthenticationEndpoint: + type: string + backchannelDeviceRegistrationEndpoint: + type: string + backchannelTokenDeliveryModesSupported: + type: array + items: type: string - tokenEndpointAuthSigningAlgValuesSupported: + backchannelAuthenticationRequestSigningAlgValuesSupported: type: array items: type: string - dynamicRegistrationCustomAttributes: + backchannelUserCodeParameterSupported: + type: boolean + backchannelBindingMessagePattern: + type: string + backchannelAuthenticationResponseExpiresIn: + type: integer + format: int32 + backchannelAuthenticationResponseInterval: + type: integer + format: int32 + backchannelLoginHintClaims: type: array items: type: string - dynamicRegistrationDefaultCustomAttributes: - $ref: '#/components/schemas/JsonNode' - displayValuesSupported: + cibaEndUserNotificationConfig: + $ref: '#/components/schemas/CIBAEndUserNotificationConfig' + backchannelRequestsProcessorJobIntervalSec: + type: integer + format: int32 + backchannelRequestsProcessorJobChunkSize: + type: integer + format: int32 + cibaGrantLifeExtraTimeSec: + type: integer + format: int32 + cibaMaxExpirationTimeAllowedSec: + type: integer + format: int32 + dpopSigningAlgValuesSupported: type: array items: type: string - claimTypesSupported: + dpopTimeframe: + type: integer + format: int32 + dpopJtiCacheTime: + type: integer + format: int32 + allowIdTokenWithoutImplicitGrantType: + type: boolean + discoveryCacheLifetimeInMinutes: + type: integer + format: int32 + discoveryAllowedKeys: type: array items: type: string - jwksAlgorithmsSupported: + discoveryDenyKeys: type: array items: type: string - serviceDocumentation: - type: string - claimsLocalesSupported: + featureFlags: type: array items: type: string - idTokenTokenBindingCnfValuesSupported: + httpLoggingEnabled: + type: boolean + httpLoggingExcludePaths: + uniqueItems: true type: array items: type: string - uiLocalesSupported: + externalLoggerConfiguration: + type: string + agamaConfiguration: + $ref: '#/components/schemas/EngineConfig' + dcrSsaValidationConfigs: type: array items: + $ref: '#/components/schemas/SsaValidationConfig' + ssaConfiguration: + $ref: '#/components/schemas/SsaConfiguration' + blockWebviewAuthorizationEnabled: + type: boolean + dateFormatterPatterns: + type: object + additionalProperties: type: string - claimsParameterSupported: + fapi: type: boolean - requestParameterSupported: + allResponseTypesSupported: + uniqueItems: true + type: array + items: + type: string + enum: + - code + - token + - id_token + AuthenticationFilter: + required: + - baseDn + - filter + type: object + properties: + filter: + type: string + bind: type: boolean - requestUriParameterSupported: + bindPasswordAttribute: + type: string + xml: + name: bind-password-attribute + baseDn: + type: string + xml: + name: base-dn + AuthenticationProtectionConfiguration: + type: object + properties: + attemptExpiration: + type: integer + format: int32 + maximumAllowedAttemptsWithoutDelay: + type: integer + format: int32 + delayTime: + type: integer + format: int32 + bruteForceProtectionEnabled: type: boolean - requestUriHashVerificationEnabled: + AuthorizationRequestCustomParameter: + type: object + properties: + paramName: + type: string + returnInResponse: type: boolean - requireRequestUriRegistration: + CIBAEndUserNotificationConfig: + type: object + properties: + apiKey: + type: string + authDomain: + type: string + databaseURL: + type: string + projectId: + type: string + storageBucket: + type: string + messagingSenderId: + type: string + appId: + type: string + notificationUrl: + type: string + notificationKey: + type: string + publicVapidKey: + type: string + ClientAuthenticationFilter: + required: + - baseDn + - filter + type: object + properties: + filter: + type: string + bind: type: boolean - requestUriBlockList: + bindPasswordAttribute: + type: string + xml: + name: bind-password-attribute + baseDn: + type: string + xml: + name: base-dn + CorsConfigurationFilter: + type: object + properties: + filterName: + type: string + corsEnabled: + type: boolean + corsAllowedOrigins: + type: string + corsAllowedMethods: + type: string + corsAllowedHeaders: + type: string + corsExposedHeaders: + type: string + corsSupportCredentials: + type: boolean + corsLoggingEnabled: + type: boolean + corsPreflightMaxAge: + type: integer + format: int32 + corsRequestDecorate: + type: boolean + EngineConfig: + type: object + properties: + enabled: + type: boolean + rootDir: + type: string + templatesPath: + type: string + scriptsPath: + type: string + serializerType: + type: string + enum: + - KRYO + - FST + maxItemsLoggedInCollections: + type: integer + format: int32 + disableTCHV: + type: boolean + pageMismatchErrorPage: + type: string + interruptionErrorPage: + type: string + crashErrorPage: + type: string + finishedFlowPage: + type: string + bridgeScriptPage: + type: string + defaultResponseHeaders: + type: object + additionalProperties: + type: string + JsonNode: + type: object + SsaConfiguration: + type: object + properties: + ssaEndpoint: + type: string + ssaCustomAttributes: type: array items: type: string - opPolicyUri: + ssaSigningAlg: type: string - opTosUri: + ssaExpirationInDays: + type: integer + format: int32 + SsaValidationConfig: + type: object + properties: + id: type: string - authorizationCodeLifetime: + type: + type: string + enum: + - NONE + - SSA + - DCR + displayName: + type: string + description: + type: string + scopes: + type: array + items: + type: string + allowedClaims: + type: array + items: + type: string + jwks: + type: string + jwksUri: + type: string + issuers: + type: array + items: + type: string + configurationEndpoint: + type: string + configurationEndpointClaim: + type: string + sharedSecret: + type: string + PersistenceConfiguration: + type: object + properties: + persistenceType: + type: string + CacheConfiguration: + type: object + properties: + cacheProviderType: + type: string + enum: + - IN_MEMORY + - MEMCACHED + - REDIS + - NATIVE_PERSISTENCE + memcachedConfiguration: + $ref: '#/components/schemas/MemcachedConfiguration' + inMemoryConfiguration: + $ref: '#/components/schemas/InMemoryConfiguration' + redisConfiguration: + $ref: '#/components/schemas/RedisConfiguration' + nativePersistenceConfiguration: + $ref: '#/components/schemas/NativePersistenceConfiguration' + InMemoryConfiguration: + type: object + properties: + defaultPutExpiration: + type: integer + format: int32 + MemcachedConfiguration: + type: object + properties: + servers: + type: string + maxOperationQueueLength: + type: integer + format: int32 + bufferSize: + type: integer + format: int32 + defaultPutExpiration: + type: integer + format: int32 + connectionFactoryType: + type: string + enum: + - DEFAULT + - BINARY + NativePersistenceConfiguration: + type: object + properties: + defaultPutExpiration: type: integer format: int32 - refreshTokenLifetime: + defaultCleanupBatchSize: type: integer format: int32 - idTokenLifetime: + deleteExpiredOnGetRequest: + type: boolean + disableAttemptUpdateBeforeInsert: + type: boolean + RedisConfiguration: + type: object + properties: + redisProviderType: + type: string + enum: + - STANDALONE + - CLUSTER + - SHARDED + - SENTINEL + servers: + type: string + defaultPutExpiration: type: integer format: int32 - idTokenFilterClaimsBasedOnAccessToken: + sentinelMasterGroupName: + type: string + password: + type: string + useSSL: type: boolean - accessTokenLifetime: + sslTrustStoreFilePath: + type: string + sslTrustStorePassword: + type: string + sslKeyStoreFilePath: + type: string + sslKeyStorePassword: + type: string + maxIdleConnections: type: integer format: int32 - cleanServiceInterval: + maxTotalConnections: type: integer format: int32 - cleanServiceBatchChunkSize: + connectionTimeout: type: integer format: int32 - keyRegenerationEnabled: - type: boolean - keyRegenerationInterval: + soTimeout: type: integer format: int32 - defaultSignatureAlgorithm: - type: string - jansOpenIdConnectVersion: - type: string - jansId: - type: string - dynamicRegistrationExpirationTime: + maxRetryAttempts: type: integer format: int32 - dynamicRegistrationPersistClientAuthorizations: - type: boolean - trustedClientEnabled: - type: boolean - skipAuthorizationForOpenIdScopeAndPairwiseId: - type: boolean - dynamicRegistrationScopesParamEnabled: + Client: + type: object + properties: + dn: + type: string + expirationDate: + type: string + format: date-time + deletable: type: boolean - dynamicRegistrationPasswordGrantTypeEnabled: + clientSecret: + type: string + frontChannelLogoutUri: + type: string + frontChannelLogoutSessionRequired: type: boolean - dynamicRegistrationAllowedPasswordGrantScopes: - type: array - items: - type: string - dynamicRegistrationCustomObjectClass: + registrationAccessToken: type: string - personCustomObjectClassList: + clientIdIssuedAt: + type: string + format: date-time + clientSecretExpiresAt: + type: string + format: date-time + redirectUris: type: array items: type: string - persistIdTokenInLdap: - type: boolean - persistRefreshTokenInLdap: - type: boolean - allowPostLogoutRedirectWithoutValidation: - type: boolean - invalidateSessionCookiesAfterAuthorizationFlow: - type: boolean - returnClientSecretOnRead: - type: boolean - rejectJwtWithNoneAlg: - type: boolean - expirationNotificatorEnabled: - type: boolean - useNestedJwtDuringEncryption: - type: boolean - expirationNotificatorMapSizeLimit: - type: integer - format: int32 - expirationNotificatorIntervalInSeconds: - type: integer - format: int32 - redirectUrisRegexEnabled: - type: boolean - useHighestLevelScriptIfAcrScriptNotFound: - type: boolean - authenticationFiltersEnabled: - type: boolean - clientAuthenticationFiltersEnabled: - type: boolean - clientRegDefaultToCodeFlowWithRefresh: - type: boolean - grantTypesAndResponseTypesAutofixEnabled: - type: boolean - authenticationFilters: - type: array - items: - $ref: '#/components/schemas/AuthenticationFilter' - clientAuthenticationFilters: + claimRedirectUris: type: array items: - $ref: '#/components/schemas/ClientAuthenticationFilter' - corsConfigurationFilters: + type: string + responseTypes: type: array items: - $ref: '#/components/schemas/CorsConfigurationFilter' - sessionIdUnusedLifetime: - type: integer - format: int32 - sessionIdUnauthenticatedUnusedLifetime: - type: integer - format: int32 - sessionIdPersistOnPromptNone: - type: boolean - sessionIdRequestParameterEnabled: - type: boolean - changeSessionIdOnAuthentication: - type: boolean - sessionIdPersistInCache: - type: boolean - includeSidInResponse: - type: boolean - disablePromptLogin: - type: boolean - sessionIdLifetime: - type: integer - format: int32 - serverSessionIdLifetime: - type: integer - format: int32 - activeSessionAuthorizationScope: - type: string - configurationUpdateInterval: - type: integer - format: int32 - enableClientGrantTypeUpdate: - type: boolean - dynamicGrantTypeDefault: - uniqueItems: true + type: string + enum: + - code + - token + - id_token + grantTypes: type: array items: type: string @@ -8363,499 +8616,408 @@ components: - urn:ietf:params:oauth:grant-type:token-exchange - urn:openid:params:grant-type:ciba - urn:ietf:params:oauth:grant-type:device_code - cssLocation: + applicationType: type: string - jsLocation: + enum: + - native + - web + contacts: + type: array + items: + type: string + idTokenTokenBindingCnf: type: string - imgLocation: + clientName: type: string - metricReporterInterval: - type: integer - format: int32 - metricReporterKeepDataDays: - type: integer - format: int32 - pairwiseIdType: + logoUri: type: string - pairwiseCalculationKey: + clientUri: type: string - pairwiseCalculationSalt: + policyUri: type: string - shareSubjectIdBetweenClientsWithSameSectorId: - type: boolean - webKeysStorage: + tosUri: type: string - enum: - - keystore - - pkcs11 - dnName: + clientNameLocalized: + $ref: '#/components/schemas/LocalizedString' + logoUriLocalized: + $ref: '#/components/schemas/LocalizedString' + clientUriLocalized: + $ref: '#/components/schemas/LocalizedString' + policyUriLocalized: + $ref: '#/components/schemas/LocalizedString' + tosUriLocalized: + $ref: '#/components/schemas/LocalizedString' + jwksUri: type: string - keyStoreFile: + jwks: type: string - keyStoreSecret: + sectorIdentifierUri: type: string - keySelectionStrategy: + subjectType: type: string enum: - - OLDER - - NEWER - - FIRST - keyAlgsAllowedForGeneration: - type: array - items: - type: string - keySignWithSameKeyButDiffAlg: - type: boolean - staticKid: + - pairwise + - public + idTokenSignedResponseAlg: type: string - staticDecryptionKid: + idTokenEncryptedResponseAlg: type: string - jansElevenTestModeToken: + idTokenEncryptedResponseEnc: type: string - jansElevenGenerateKeyEndpoint: + userInfoSignedResponseAlg: type: string - jansElevenSignEndpoint: + userInfoEncryptedResponseAlg: type: string - jansElevenVerifySignatureEndpoint: + userInfoEncryptedResponseEnc: type: string - jansElevenDeleteKeyEndpoint: + requestObjectSigningAlg: type: string - introspectionAccessTokenMustHaveUmaProtectionScope: - type: boolean - introspectionSkipAuthorization: - type: boolean - endSessionWithAccessToken: - type: boolean - cookieDomain: + requestObjectEncryptionAlg: type: string - enabledOAuthAuditLogging: - type: boolean - jmsBrokerURISet: - uniqueItems: true + requestObjectEncryptionEnc: + type: string + tokenEndpointAuthMethod: + type: string + tokenEndpointAuthSigningAlg: + type: string + defaultMaxAge: + type: integer + format: int32 + defaultAcrValues: type: array items: type: string - jmsUserName: - type: string - jmsPassword: + initiateLoginUri: type: string - externalUriWhiteList: + postLogoutRedirectUris: type: array items: type: string - clientWhiteList: + requestUris: type: array items: type: string - clientBlackList: + scopes: type: array items: type: string - legacyIdTokenClaims: - type: boolean - customHeadersWithAuthorizationResponse: - type: boolean - frontChannelLogoutSessionSupported: + claims: + type: array + items: + type: string + trustedClient: type: boolean - loggingLevel: + lastAccessTime: type: string - loggingLayout: + format: date-time + lastLogonTime: type: string - updateUserLastLogonTime: - type: boolean - updateClientAccessTime: - type: boolean - logClientIdOnClientAuthentication: - type: boolean - logClientNameOnClientAuthentication: + format: date-time + persistClientAuthorizations: type: boolean - disableJdkLogger: + includeClaimsInIdToken: type: boolean - authorizationRequestCustomAllowedParameters: - uniqueItems: true + refreshTokenLifetime: + type: integer + format: int32 + accessTokenLifetime: + type: integer + format: int32 + customAttributes: type: array items: - $ref: '#/components/schemas/AuthorizationRequestCustomParameter' - openidScopeBackwardCompatibility: - type: boolean - disableU2fEndpoint: - type: boolean - rotateDeviceSecret: - type: boolean - returnDeviceSecretFromAuthzEndpoint: + $ref: '#/components/schemas/CustomObjectAttribute' + customObjectClasses: + type: array + items: + type: string + rptAsJwt: type: boolean - dcrSignatureValidationEnabled: + accessTokenAsJwt: type: boolean - dcrSignatureValidationSharedSecret: - type: string - dcrSignatureValidationSoftwareStatementJwksURIClaim: - type: string - dcrSignatureValidationSoftwareStatementJwksClaim: - type: string - dcrSignatureValidationJwks: - type: string - dcrSignatureValidationJwksUri: + accessTokenSigningAlg: type: string - dcrAuthorizationWithClientCredentials: - type: boolean - dcrAuthorizationWithMTLS: + disabled: type: boolean - dcrIssuers: + authorizedOrigins: type: array items: type: string - useLocalCache: - type: boolean - fapiCompatibility: - type: boolean - forceIdTokenHintPrecense: - type: boolean - rejectEndSessionIfIdTokenExpired: - type: boolean - allowEndSessionWithUnmatchedSid: - type: boolean - forceOfflineAccessScopeToEnableRefreshToken: - type: boolean - errorReasonEnabled: - type: boolean - removeRefreshTokensForClientOnLogout: - type: boolean - skipRefreshTokenDuringRefreshing: - type: boolean - refreshTokenExtendLifetimeOnRotation: - type: boolean - checkUserPresenceOnRefreshToken: - type: boolean - consentGatheringScriptBackwardCompatibility: - type: boolean - introspectionScriptBackwardCompatibility: - type: boolean - introspectionResponseScopesBackwardCompatibility: - type: boolean - softwareStatementValidationType: + softwareId: type: string - softwareStatementValidationClaimName: + softwareVersion: type: string - authenticationProtectionConfiguration: - $ref: '#/components/schemas/AuthenticationProtectionConfiguration' - errorHandlingMethod: + softwareStatement: + type: string + attributes: + $ref: '#/components/schemas/ClientAttributes' + backchannelTokenDeliveryMode: type: string enum: - - internal - - remote - disableAuthnForMaxAgeZero: - type: boolean - keepAuthenticatorAttributesOnAcrChange: + - poll + - ping + - push + backchannelClientNotificationEndpoint: + type: string + backchannelAuthenticationRequestSigningAlg: + type: string + enum: + - RS256 + - RS384 + - RS512 + - ES256 + - ES384 + - ES512 + - PS256 + - PS384 + - PS512 + backchannelUserCodeParameter: type: boolean - deviceAuthzRequestExpiresIn: - type: integer - format: int32 - deviceAuthzTokenPollInterval: + description: + type: string + organization: + type: string + groups: + type: array + items: + type: string + ttl: type: integer format: int32 - deviceAuthzResponseTypeToProcessAuthz: + displayName: type: string - backchannelClientId: + authenticationMethod: type: string - backchannelRedirectUri: + enum: + - client_secret_basic + - client_secret_post + - client_secret_jwt + - private_key_jwt + - access_token + - tls_client_auth + - self_signed_tls_client_auth + - none + baseDn: type: string - backchannelAuthenticationEndpoint: + inum: type: string - backchannelDeviceRegistrationEndpoint: + ClientAttributes: + type: object + properties: + tlsClientAuthSubjectDn: type: string - backchannelTokenDeliveryModesSupported: + runIntrospectionScriptBeforeJwtCreation: + type: boolean + keepClientAuthorizationAfterExpiration: + type: boolean + allowSpontaneousScopes: + type: boolean + spontaneousScopes: type: array items: type: string - backchannelAuthenticationRequestSigningAlgValuesSupported: + spontaneousScopeScriptDns: type: array items: type: string - backchannelUserCodeParameterSupported: - type: boolean - backchannelBindingMessagePattern: - type: string - backchannelAuthenticationResponseExpiresIn: - type: integer - format: int32 - backchannelAuthenticationResponseInterval: - type: integer - format: int32 - backchannelLoginHintClaims: + updateTokenScriptDns: type: array items: type: string - cibaEndUserNotificationConfig: - $ref: '#/components/schemas/CIBAEndUserNotificationConfig' - backchannelRequestsProcessorJobIntervalSec: - type: integer - format: int32 - backchannelRequestsProcessorJobChunkSize: - type: integer - format: int32 - cibaGrantLifeExtraTimeSec: - type: integer - format: int32 - cibaMaxExpirationTimeAllowedSec: - type: integer - format: int32 - dpopSigningAlgValuesSupported: + backchannelLogoutUri: type: array items: type: string - dpopTimeframe: - type: integer - format: int32 - dpopJtiCacheTime: - type: integer - format: int32 - allowIdTokenWithoutImplicitGrantType: + backchannelLogoutSessionRequired: type: boolean - discoveryCacheLifetimeInMinutes: - type: integer - format: int32 - discoveryAllowedKeys: + additionalAudience: type: array items: type: string - discoveryDenyKeys: + postAuthnScripts: type: array items: type: string - featureFlags: + consentGatheringScripts: type: array items: type: string - httpLoggingEnabled: - type: boolean - httpLoggingExcludePaths: - uniqueItems: true + introspectionScripts: type: array items: type: string - externalLoggerConfiguration: - type: string - agamaConfiguration: - $ref: '#/components/schemas/EngineConfig' - dcrSsaValidationConfigs: + rptClaimsScripts: type: array items: - $ref: '#/components/schemas/SsaValidationConfig' - ssaConfiguration: - $ref: '#/components/schemas/SsaConfiguration' - blockWebviewAuthorizationEnabled: - type: boolean - dateFormatterPatterns: - type: object - additionalProperties: type: string - fapi: - type: boolean - allResponseTypesSupported: - uniqueItems: true + ropcScripts: type: array items: type: string - enum: - - code - - token - - id_token - AuthenticationFilter: - required: - - baseDn - - filter - type: object - properties: - filter: - type: string - bind: + parLifetime: + type: integer + format: int32 + requirePar: type: boolean - bindPasswordAttribute: + jansAuthSignedRespAlg: type: string - xml: - name: bind-password-attribute - baseDn: + jansAuthEncRespAlg: type: string - xml: - name: base-dn - AuthenticationProtectionConfiguration: - type: object - properties: - attemptExpiration: - type: integer - format: int32 - maximumAllowedAttemptsWithoutDelay: + jansAuthEncRespEnc: + type: string + jansSubAttr: + type: string + redirectUrisRegex: + type: string + jansAuthorizedAcr: + type: array + items: + type: string + jansDefaultPromptLogin: + type: boolean + idTokenLifetime: type: integer format: int32 - delayTime: + allowOfflineAccessWithoutConsent: + type: boolean + minimumAcrLevel: type: integer format: int32 - bruteForceProtectionEnabled: + minimumAcrLevelAutoresolve: type: boolean - AuthorizationRequestCustomParameter: + minimumAcrPriorityList: + type: array + items: + type: string + CustomObjectAttribute: type: object properties: - paramName: + name: type: string - returnInResponse: + multiValued: type: boolean - CIBAEndUserNotificationConfig: - type: object - properties: - apiKey: - type: string - authDomain: - type: string - databaseURL: - type: string - projectId: - type: string - storageBucket: - type: string - messagingSenderId: - type: string - appId: - type: string - notificationUrl: - type: string - notificationKey: - type: string - publicVapidKey: + values: + type: array + items: + type: object + displayValue: type: string - ClientAuthenticationFilter: - required: - - baseDn - - filter + value: + type: object + LocalizedString: type: object properties: - filter: - type: string - bind: - type: boolean - bindPasswordAttribute: - type: string - xml: - name: bind-password-attribute - baseDn: - type: string - xml: - name: base-dn - CorsConfigurationFilter: + values: + type: object + additionalProperties: + type: string + AgamaConfiguration: type: object properties: - filterName: - type: string - corsEnabled: - type: boolean - corsAllowedOrigins: - type: string - corsAllowedMethods: - type: string - corsAllowedHeaders: - type: string - corsExposedHeaders: - type: string - corsSupportCredentials: - type: boolean - corsLoggingEnabled: - type: boolean - corsPreflightMaxAge: - type: integer - format: int32 - corsRequestDecorate: - type: boolean - EngineConfig: + mandatoryAttributes: + type: array + items: + type: string + optionalAttributes: + type: array + items: + type: string + ApiAppConfiguration: type: object properties: - enabled: + configOauthEnabled: type: boolean - rootDir: - type: string - templatesPath: + apiApprovedIssuer: + type: array + items: + type: string + apiProtectionType: type: string - scriptsPath: + apiClientId: type: string - serializerType: + apiClientPassword: type: string - enum: - - KRYO - - FST - maxItemsLoggedInCollections: - type: integer - format: int32 - disableTCHV: + endpointInjectionEnabled: type: boolean - pageMismatchErrorPage: + authIssuerUrl: type: string - interruptionErrorPage: + authOpenidConfigurationUrl: type: string - crashErrorPage: + authOpenidIntrospectionUrl: type: string - finishedFlowPage: + authOpenidTokenUrl: type: string - bridgeScriptPage: + authOpenidRevokeUrl: type: string - defaultResponseHeaders: - type: object - additionalProperties: - type: string - JsonNode: - type: object - SsaConfiguration: - type: object - properties: - ssaEndpoint: + smallryeHealthRootPath: type: string - ssaCustomAttributes: + exclusiveAuthScopes: type: array items: type: string - ssaSigningAlg: + corsConfigurationFilters: + type: array + items: + $ref: '#/components/schemas/CorsConfigurationFilter' + loggingLevel: type: string - ssaExpirationInDays: + loggingLayout: + type: string + externalLoggerConfiguration: + type: string + disableJdkLogger: + type: boolean + maxCount: type: integer format: int32 - SsaValidationConfig: + userExclusionAttributes: + type: array + items: + type: string + userMandatoryAttributes: + type: array + items: + type: string + agamaConfiguration: + $ref: '#/components/schemas/AgamaConfiguration' + auditLogConf: + $ref: '#/components/schemas/AuditLogConf' + dataFormatConversionConf: + $ref: '#/components/schemas/DataFormatConversionConf' + plugins: + type: array + items: + $ref: '#/components/schemas/PluginConf' + AuditLogConf: type: object properties: - id: - type: string - type: - type: string - enum: - - NONE - - SSA - - DCR - displayName: - type: string - description: - type: string - scopes: + enabled: + type: boolean + ignoreHttpMethod: type: array items: type: string - allowedClaims: + headerAttributes: type: array items: type: string - jwks: - type: string - jwksUri: - type: string - issuers: + DataFormatConversionConf: + type: object + properties: + enabled: + type: boolean + ignoreHttpMethod: type: array items: type: string - configurationEndpoint: - type: string - configurationEndpointClaim: - type: string - sharedSecret: - type: string - PersistenceConfiguration: + PluginConf: type: object properties: - persistenceType: + name: + type: string + description: + type: string + className: type: string SmtpConfiguration: type: object @@ -9178,15 +9340,6 @@ components: type: string baseDn: type: string - PluginConf: - type: object - properties: - name: - type: string - description: - type: string - className: - type: string Scope: type: object properties: @@ -9534,3 +9687,17 @@ components: related information https://jans.io/oauth/jans-auth-server/session.delete: Delete Session information + https://jans.io/oauth/config/read-all: Admin read scope + https://jans.io/oauth/config/write-all: Admin write scope + https://jans.io/oauth/config/delete-all: Admin delete scope + https://jans.io/oauth/config/openid-read: View OpenID functionality + https://jans.io/oauth/config/openid/openid-write: Manage OpenID functionality + https://jans.io/oauth/config/openid/openid-delete: Delete OpenID functionality + https://jans.io/oauth/config/uma-read: View UMA functionality + https://jans.io/oauth/config/uma-write: Manage UMA functionality + https://jans.io/oauth/config/uma-delete: Delete UMA functionality + https://jans.io/oauth/config/plugin.readonly: View Plugin information + https://jans.io/oauth/config/properties.readonly: View Config-API related + configuration properties + https://jans.io/oauth/config/properties.write: Manage Config-API related + configuration properties diff --git a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml index 8c1780ad95b..e2f1847d3f0 100644 --- a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml @@ -16,7 +16,7 @@ servers: tags: - name: Fido2 - Configuration paths: - /fido2/config: + /fido2/fido2-config: get: tags: - Fido2 - Configuration diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index a74747c2026..98076264e6d 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -794,10 +794,10 @@ components: type: array items: type: object - value: - type: object displayValue: type: string + value: + type: object CustomUser: type: object properties: diff --git a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java index 0a10e1c770b..4b89aad3767 100644 --- a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java +++ b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java @@ -30,7 +30,7 @@ import org.slf4j.Logger; -@Path(Constants.CONFIG) +@Path(Constants.FIDO2_CONFIG) @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public class Fido2ConfigResource extends BaseResource { diff --git a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/util/Constants.java b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/util/Constants.java index 453657c14da..549312017e2 100644 --- a/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/util/Constants.java +++ b/jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/util/Constants.java @@ -10,7 +10,7 @@ public class Constants { private Constants() {} - public static final String CONFIG = "/config"; + public static final String FIDO2_CONFIG = "/fido2-config"; public static final String REGISTRATION = "/registration"; public static final String ENTRIES = "/entries"; } \ No newline at end of file diff --git a/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config-jenkins.js b/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config-jenkins.js index 2bf718528aa..35a4a9bb3c1 100644 --- a/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config-jenkins.js +++ b/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config-jenkins.js @@ -43,7 +43,7 @@ function() { issuer: issuer, accessToken: '123', - fido2Url: baseUrl + '/jans-config-api/fido2/config', + fido2Url: baseUrl + '/jans-config-api/fido2/fido2-config', }; diff --git a/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config.js b/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config.js index 9c37722c842..0a39c646bec 100644 --- a/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config.js +++ b/jans-config-api/plugins/fido2-plugin/src/test/resources/karate-config.js @@ -43,7 +43,7 @@ function() { issuer: issuer, accessToken: '123', - fido2Url: baseUrl + '/jans-config-api/fido2/config', + fido2Url: baseUrl + '/jans-config-api/fido2/fido2-config', }; karate.configure('connectTimeout', 30000); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/configuration/ConfigurationFactory.java b/jans-config-api/server/src/main/java/io/jans/configapi/configuration/ConfigurationFactory.java index 6b128f4e1d7..ef4f3c5602a 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/configuration/ConfigurationFactory.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/configuration/ConfigurationFactory.java @@ -291,6 +291,10 @@ public String getAuthConfigurationDn() { return this.baseConfiguration.getString(Constants.SERVER_KEY_OF_CONFIGURATION_ENTRY); } + public String getApiAppConfigurationDn() { + return this.baseConfiguration.getString(CONFIGAPI_CONFIGURATION_ENTRY); + } + public String getConfigurationDn(String key) { return this.baseConfiguration.getString(key); } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java index be788062b17..ee4712982d1 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java @@ -43,7 +43,8 @@ @Tag(name = "Agama - Configuration"), @Tag(name = "Agama - Developer Studio"), @Tag(name = "Statistics - User"), @Tag(name = "Health - Check"), @Tag(name = "Server Stats"), @Tag(name = "Auth - Session Management"), @Tag(name = "Organization Configuration"), - @Tag(name = "Auth Server Health - Check"), @Tag(name = "Plugins")}, + @Tag(name = "Auth Server Health - Check"), @Tag(name = "Plugins"), + @Tag(name = "Configuration – Config API") }, servers = { @Server(url = "https://jans.io/", description = "The Jans server") }) @@ -87,7 +88,19 @@ @OAuthScope(name = ApiAccessConstants.AGAMA_WRITE_ACCESS, description = "Manage Agama Flow related information"), @OAuthScope(name = ApiAccessConstants.AGAMA_DELETE_ACCESS, description = "Delete Agama Flow related information"), @OAuthScope(name = ApiAccessConstants.JANS_AUTH_SESSION_READ_ACCESS, description = "View Session related information"), - @OAuthScope(name = ApiAccessConstants.JANS_AUTH_SESSION_DELETE_ACCESS, description = "Delete Session information") } + @OAuthScope(name = ApiAccessConstants.JANS_AUTH_SESSION_DELETE_ACCESS, description = "Delete Session information"), + @OAuthScope(name = ApiAccessConstants.SUPER_ADMIN_READ_ACCESS, description = "Admin read scope"), + @OAuthScope(name = ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS, description = "Admin write scope"), + @OAuthScope(name = ApiAccessConstants.SUPER_ADMIN_DELETE_ACCESS, description = "Admin delete scope"), + @OAuthScope(name = ApiAccessConstants.OPENID_READ_ACCESS, description = "View OpenID functionality"), + @OAuthScope(name = ApiAccessConstants.OPENID_WRITE_ACCESS, description = "Manage OpenID functionality"), + @OAuthScope(name = ApiAccessConstants.OPENID_DELETE_ACCESS, description = "Delete OpenID functionality"), + @OAuthScope(name = ApiAccessConstants.UMA_READ_ACCESS, description = "View UMA functionality"), + @OAuthScope(name = ApiAccessConstants.UMA_WRITE_ACCESS, description = "Manage UMA functionality"), + @OAuthScope(name = ApiAccessConstants.UMA_DELETE_ACCESS, description = "Delete UMA functionality"), + @OAuthScope(name = ApiAccessConstants.PLUGIN_READ_ACCESS, description = "View Plugin information"), + @OAuthScope(name = ApiAccessConstants.CONFIG_READ_ACCESS, description = "View Config-API related configuration properties"), + @OAuthScope(name = ApiAccessConstants.CONFIG_WRITE_ACCESS, description = "Manage Config-API related configuration properties") } ))) public class ApiApplication extends Application { @@ -105,7 +118,7 @@ public Set> getClasses() { classes.add(AttributesResource.class); classes.add(CacheConfigurationResource.class); classes.add(ClientsResource.class); - classes.add(ConfigResource.class); + classes.add(AuthConfigResource.class); classes.add(ConfigSmtpResource.class); classes.add(CustomScriptResource.class); classes.add(JwksResource.class); @@ -120,6 +133,7 @@ public Set> getClasses() { classes.add(ADSDeploymentsResource.class); classes.add(SessionResource.class); classes.add(PluginResource.class); + classes.add(ConfigApiResource.class); return classes; } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AuthConfigResource.java similarity index 95% rename from jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigResource.java rename to jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AuthConfigResource.java index a24286a23d4..7f9e69f4c6b 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AuthConfigResource.java @@ -39,7 +39,7 @@ @Path(ApiConstants.JANS_AUTH + ApiConstants.CONFIG) @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) -public class ConfigResource extends ConfigBaseResource { +public class AuthConfigResource extends ConfigBaseResource { private static final String AGAMACONFIGURATION = "agamaConfiguration"; @@ -62,7 +62,7 @@ public class ConfigResource extends ConfigBaseResource { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS }) public Response getAppConfiguration() { AppConfiguration appConfiguration = configurationService.find(); - log.debug("ConfigResource::getAppConfiguration() appConfiguration:{}", appConfiguration); + log.debug("AuthConfigResource::getAppConfiguration() appConfiguration:{}", appConfiguration); return Response.ok(appConfiguration).build(); } @@ -113,10 +113,10 @@ public Response patchAppConfigurationProperty(@NotNull String jsonPatchString) @Path(ApiConstants.PERSISTENCE) public Response getPersistenceDetails() { String persistenceType = configurationService.getPersistenceType(); - log.debug("ConfigResource::getPersistenceDetails() - persistenceType:{}", persistenceType); + log.debug("AuthConfigResource::getPersistenceDetails() - persistenceType:{}", persistenceType); PersistenceConfiguration persistenceConfiguration = new PersistenceConfiguration(); persistenceConfiguration.setPersistenceType(persistenceType); - log.debug("ConfigResource::getPersistenceDetails() - persistenceConfiguration:{}", persistenceConfiguration); + log.debug("AuthConfigResource::getPersistenceDetails() - persistenceConfiguration:{}", persistenceConfiguration); return Response.ok(persistenceConfiguration).build(); } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigApiResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigApiResource.java new file mode 100644 index 00000000000..775e48f8dd3 --- /dev/null +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigApiResource.java @@ -0,0 +1,88 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.rest.resource.auth; + +import com.github.fge.jsonpatch.JsonPatch; +import com.github.fge.jsonpatch.JsonPatchException; +import io.jans.configapi.model.configuration.ApiAppConfiguration; +import io.jans.configapi.model.configuration.ApiConf; +import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.configapi.service.conf.ConfigApiService; +import io.jans.configapi.util.ApiAccessConstants; +import io.jans.configapi.util.ApiConstants; +import io.jans.configapi.core.util.Jackson; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.parameters.RequestBody; +import io.swagger.v3.oas.annotations.media.ArraySchema; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.ExampleObject; +import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import io.swagger.v3.oas.annotations.security.*; + +import jakarta.inject.Inject; +import jakarta.validation.constraints.NotNull; +import jakarta.ws.rs.*; +import jakarta.ws.rs.core.MediaType; +import jakarta.ws.rs.core.Response; + +import java.io.IOException; +import org.slf4j.Logger; + +@Path(ApiConstants.API_CONFIG) +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class ConfigApiResource extends ConfigBaseResource { + + @Inject + Logger log; + + @Inject + ConfigApiService configApiService; + + @Operation(summary = "Gets config-api configuration properties.", description = "Gets config-api configuration properties.", operationId = "get-config-api-properties", tags = { + "Configuration – Config API" }, security = @SecurityRequirement(name = "oauth2", scopes = { + ApiAccessConstants.CONFIG_READ_ACCESS })) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiAppConfiguration.class))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @GET + @ProtectedApi(scopes = { ApiAccessConstants.CONFIG_READ_ACCESS }, groupScopes = { + ApiAccessConstants.CONFIG_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS }) + public Response getAppConfiguration() { + ApiAppConfiguration appConfiguration = configApiService.find(); + log.debug("Config API Configuration:{}", appConfiguration); + return Response.ok(appConfiguration).build(); + } + + @Operation(summary = "Partially modifies config-api configuration properties.", description = "Partially modifies config-api Configuration properties.", operationId = "patch-config-api-properties", tags = { + "Configuration – Config API" }, security = @SecurityRequirement(name = "oauth2", scopes = { + ApiAccessConstants.CONFIG_WRITE_ACCESS })) + @RequestBody(description = "String representing patch-document.", content = @Content(mediaType = MediaType.APPLICATION_JSON_PATCH_JSON, array = @ArraySchema(schema = @Schema(implementation = JsonPatch.class)), examples = @ExampleObject(name = "Request json example", value = "example/config/config-api-patch.json"))) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiAppConfiguration.class))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @PATCH + @Consumes(MediaType.APPLICATION_JSON_PATCH_JSON) + @ProtectedApi(scopes = { ApiAccessConstants.CONFIG_WRITE_ACCESS }, groupScopes = {}, superScopes = { + ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) + public Response patchAppConfigurationProperty(@NotNull String jsonPatchString) + throws JsonPatchException, IOException { + log.debug("Config API - jsonPatchString:{} ", jsonPatchString); + ApiConf conf = configApiService.findApiConf(); + ApiAppConfiguration appConfiguration = Jackson.applyPatch(jsonPatchString, conf.getDynamicConf()); + conf.setDynamicConf(appConfiguration); + configApiService.merge(conf); + appConfiguration = configApiService.find(); + log.debug("Config-api post patch - appConfiguration:{}", appConfiguration); + return Response.ok(appConfiguration).build(); + } + +} diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java b/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java index b8d5d033dde..8b13d43ecd1 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java @@ -184,7 +184,7 @@ private List validateScope(String resourceName, ProtectionScopeType prote scopeService.addScope(scope); } else { // Update resource - log.debug("Scope - '{}' already exists, hence updating it.", rsScope.getName()); + log.info("Scope - '{}' already exists, hence updating it.", rsScope.getName()); scope.setId(rsScope.getName()); scope.setScopeType(scopeType); scopeService.updateScope(scope); @@ -215,8 +215,8 @@ private void updateScopeForClientIfNeeded(String clientId) { try { Client client = this.clientService.getClientByInum(clientId); log.debug("updateScopeForClientIfNeeded() - Verify client:{} ", client); - log.debug("updateScopeForClientIfNeeded() - 1 - client.getClientSecret():{} ", client.getClientSecret()); if (client != null) { + log.info("updateScopeForClientIfNeeded() - 1 - client.getClientSecret():{} ", client.getClientSecret()); // Assign scope // Prepare scope array List scopes = getScopeWithDn(getAllScopes()); @@ -245,7 +245,7 @@ private void updateScopeForClientIfNeeded(String clientId) { client = this.clientService.getClientByInum(clientId); log.debug(" Verify scopes post assignment, clientId:{}, scopes:{}", clientId, Arrays.asList(client.getScopes())); - log.debug("updateScopeForClientIfNeeded() - 2 - client.getClientSecret():{} ", client.getClientSecret()); + log.info("updateScopeForClientIfNeeded() - 2 - client.getClientSecret():{} ", client.getClientSecret()); } catch (Exception ex) { log.error("Error while searching internal client", ex); } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/conf/ConfigApiService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/conf/ConfigApiService.java new file mode 100644 index 00000000000..c83a6a3b93f --- /dev/null +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/conf/ConfigApiService.java @@ -0,0 +1,43 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.service.conf; + +import io.jans.as.common.service.common.ApplicationFactory; +import io.jans.configapi.model.configuration.ApiAppConfiguration; +import io.jans.configapi.model.configuration.ApiConf; +import io.jans.configapi.configuration.ConfigurationFactory; +import io.jans.orm.PersistenceEntryManager; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.inject.Named; + +@ApplicationScoped +public class ConfigApiService { + + @Inject + @Named(ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME) + PersistenceEntryManager persistenceManager; + + @Inject + ConfigurationFactory configurationFactory; + + public ApiConf findApiConf() { + final String dn = configurationFactory.getApiAppConfigurationDn(); + return persistenceManager.find(dn, ApiConf.class, null); + } + + public void merge(ApiConf apiConf) { + apiConf.setRevision(apiConf.getRevision() + 1); + persistenceManager.merge(apiConf); + } + + public ApiAppConfiguration find() { + final ApiConf apiConf = findApiConf(); + return apiConf.getDynamicConf(); + } + +} diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json index b182bd66523..b13ea6b41d0 100644 --- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json +++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json @@ -2141,6 +2141,52 @@ ] } ] + }, + { + "path": "/jans-config-api/api/v1/config", + "conditions": [ + { + "httpMethods": [ + "GET" + ], + "scopes": [ + { + "inum": "1800.01.50", + "name": "https://jans.io/oauth/config/properties.readonly" + } + ], + "groupScopes": [ + { + "inum": "1800.01.51", + "name": "https://jans.io/oauth/config/properties.write" + } + ], + "superScopes": [ + { + "inum": "1800.03.1", + "name": "https://jans.io/oauth/config/read-all" + } + ] + }, + { + "httpMethods": [ + "PATCH" + ], + "scopes": [ + { + "inum": "1800.01.51", + "name": "https://jans.io/oauth/config/properties.write" + } + ], + "groupScopes": [], + "superScopes": [ + { + "inum": "1800.03.2", + "name": "https://jans.io/oauth/config/write-all" + } + ] + } + ] } ] } \ No newline at end of file diff --git a/jans-config-api/server/src/test/resources/feature/config/api/properties.feature b/jans-config-api/server/src/test/resources/feature/config/api/properties.feature new file mode 100644 index 00000000000..e6fa17bc6e6 --- /dev/null +++ b/jans-config-api/server/src/test/resources/feature/config/api/properties.feature @@ -0,0 +1,44 @@ + +Feature: Verify Auth configuration endpoint + + Background: + * def mainUrl = api_config_url + + @config-get-error + Scenario: Retrieve configuration without bearer token + Given url mainUrl + When method GET + Then status 401 + And print response + + @config-get + Scenario: Retrieve configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + + @config-patch + Scenario: Patch configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And header Content-Type = 'application/json-patch+json' + And header Accept = 'application/json' + And print 'response.loggingLevel = '+response.loggingLevel + And def request_body = (response.loggingLevel == null ? "[ {\"op\":\"add\", \"path\": \"/loggingLevel\", \"value\":\"DEBUG\" } ]" : "[ {\"op\":\"replace\", \"path\": \"/loggingLevel\", \"value\":\"DEBUG\" } ]") + And print 'request_body ='+request_body + And request request_body + Then print request + When method PATCH + Then status 200 + And print response + + \ No newline at end of file diff --git a/jans-config-api/server/src/test/resources/karate-config-jenkins.js b/jans-config-api/server/src/test/resources/karate-config-jenkins.js index fc5ced476ba..260a59998f8 100644 --- a/jans-config-api/server/src/test/resources/karate-config-jenkins.js +++ b/jans-config-api/server/src/test/resources/karate-config-jenkins.js @@ -63,6 +63,7 @@ function() { agama_url: baseUrl + '/jans-config-api/api/v1/agama', session_url: baseUrl + '/jans-config-api/api/v1/jans-auth-server/session', plugin_url: baseUrl + '/jans-config-api/api/v1/plugin', + api_config_url: baseUrl + '/jans-config-api/api/v1/api-config', }; karate.configure('connectTimeout', 30000); diff --git a/jans-config-api/server/src/test/resources/karate-config.js b/jans-config-api/server/src/test/resources/karate-config.js index f0a549ac372..8c51ff66d96 100644 --- a/jans-config-api/server/src/test/resources/karate-config.js +++ b/jans-config-api/server/src/test/resources/karate-config.js @@ -63,6 +63,7 @@ function() { agama_url: baseUrl + '/jans-config-api/api/v1/agama', session_url: baseUrl + '/jans-config-api/api/v1/jans-auth-server/session', plugin_url: baseUrl + '/jans-config-api/api/v1/plugin', + api_config_url: baseUrl + '/jans-config-api/api/v1/api-config', }; karate.configure('connectTimeout', 30000);