diff --git a/jans-linux-setup/jans_setup/static/extension/introspection/introspection_role_based_scope.py b/jans-linux-setup/jans_setup/static/extension/introspection/introspection_role_based_scope.py index 57e646509ff..135280a6e0a 100644 --- a/jans-linux-setup/jans_setup/static/extension/introspection/introspection_role_based_scope.py +++ b/jans-linux-setup/jans_setup/static/extension/introspection/introspection_role_based_scope.py @@ -50,7 +50,17 @@ def modifyResponse(self, responseAsJsonObject, context): ujwt = context.getHttpRequest().getParameter("ujwt") print ujwt if not ujwt: - print "UJWT is empty or null" + print "UJWT is empty or null. Only the default scopes will be added to the token." + entryManager = CdiUtil.bean(PersistenceEntryManager) + adminConf = AdminConf() + adminUIConfig = entryManager.find(adminConf.getClass(), "ou=admin-ui,ou=configuration,o=jans") + permissions = adminUIConfig.getDynamic().getPermissions() + scopes = [] + for ele in permissions: + if ele.getDefaultPermissionInToken() is not None and ele.getDefaultPermissionInToken(): + scopes.append(ele.getPermission()) + + responseAsJsonObject.accumulate("scope", scopes) return True # Parse jwt @@ -89,4 +99,4 @@ def modifyResponse(self, responseAsJsonObject, context): except Exception as e: print "Exception occured. Unable to resolve role/scope mapping." print e - return True + return True \ No newline at end of file diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json index b3a1b707d13..9841a6ec565 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json +++ b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json @@ -20,196 +20,250 @@ "permissions": [ { "permission": "https://jans.io/oauth/config/attributes.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/attributes.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/attributes.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/acrs.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/acrs.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/acrs.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/scopes.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/scopes.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/scopes.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/scripts.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/scripts.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/scripts.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/openid/clients.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/openid/clients.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/openid/clients.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/smtp.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/smtp.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/smtp.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/logging.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/logging.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/uma/resources.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/uma/resources.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/uma/resources.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/ldap.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/ldap.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/ldap.delete", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/jwks.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/jwks.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/fido2.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/fido2.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/cache.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/cache.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/couchbase.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/couchbase.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/sql.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/database/sql.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/properties.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/properties.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/config/stats.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "jans_stat", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write", - "description": null + "description": null, + "defaultPermissionInToken": false }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", - "description": null + "description": null, + "defaultPermissionInToken": true }, { "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.write", - "description": null + "description": null, + "defaultPermissionInToken": true + }, + { + "permission": "openid", + "description": null, + "defaultPermissionInToken": true } + ], "rolePermissionMapping": [ {