From d49b0e89ce7f2c56336d6c68aba5b470d804f0af Mon Sep 17 00:00:00 2001 From: jgomer2001 Date: Fri, 19 Apr 2024 16:17:33 -0500 Subject: [PATCH] chore: refactor agama to use data in acr_values #8228 Signed-off-by: jgomer2001 --- .../agama-bridge/AgamaBridge.py | 38 ++++++++----------- jans-auth-server/server/conf/jans-config.json | 4 -- .../templates/jans-auth/jans-auth-config.json | 4 -- .../jans_setup/templates/scripts.ldif | 2 - 4 files changed, 16 insertions(+), 32 deletions(-) diff --git a/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py b/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py index 4ff3569bcdb..6d641959810 100644 --- a/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py +++ b/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py @@ -7,6 +7,7 @@ from io.jans.agama import NativeJansFlowBridge from io.jans.agama.engine.misc import FlowUtils from io.jans.service import EncryptionService +from io.jans.as.model.util import Base64Util from io.jans.as.server.security import Identity from io.jans.as.server.service import AuthenticationService, UserService from io.jans.jsf2.service import FacesService @@ -29,16 +30,6 @@ def __init__(self, currentTimeMillis): def init(self, customScript, configurationAttributes): print "Agama. Initialization" self.resultParam = "agamaData" - - prop = "cust_param_name" - self.cust_param_name = self.configProperty(configurationAttributes, prop) - - if self.cust_param_name == None: - print "Agama. Custom parameter name not referenced via property '%s'" % prop - return False - - prop = "default_flow_name" - self.default_flow_name = self.configProperty(configurationAttributes, prop) prop = "finish_userid_db_attribute" self.finish_userid_db_attr = self.configProperty(configurationAttributes, prop) @@ -46,9 +37,7 @@ def init(self, customScript, configurationAttributes): if self.finish_userid_db_attr == None: print "Agama. Property '%s' is missing value" % prop return False - - print "Agama. Request param '%s' will be used to pass flow name and inputs" % self.cust_param_name - print "Agama. When '%s' is missing, the flow to launch will be '%s'" % (self.cust_param_name, self.default_flow_name) + print "Agama. DB attribute '%s' will be used to map the identity of userId passed in Finish directives (if any)" % self.finish_userid_db_attr print "Agama. Initialized successfully" @@ -139,20 +128,19 @@ def prepareForStep(self, configurationAttributes, requestParameters, step): print "Agama. Failed to retrieve session_id" return False - param = session.getSessionAttributes().get(self.cust_param_name) + cesar = session.getSessionAttributes() + param = cesar.get("agama_flow") + if StringHelper.isEmpty(param): - print "Agama. Request param '%s' is missing or has no value" % self.cust_param_name - - param = self.default_flow_name - if param == None: - print "Agama. Default flow name is not set either..." + param = self.extractAgamaFlow(cesar.get("acr_values")) + if StringHelper.isEmpty(param): print "Agama. Unable to determine the Agama flow to launch. Check the docs" return False (qn, ins) = self.extractParams(param) if qn == None: - print "Agama. Param '%s' is missing the name of the flow to be launched" % self.cust_param_name + print "Agama. Unable to determine the Agama flow to launch. Check the docs" return False try: @@ -215,10 +203,16 @@ def setMessageError(self, severity, msg): facesMessages.clear() facesMessages.add(severity, msg) + def extractAgamaFlow(self, acr): + prefix = "agama_" + if StringHelper.isNotEmpty(acr) and acr.find(prefix) == 0: + return acr[len(prefix):] + return None + def extractParams(self, param): # param must be of the form QN-INPUT where QN is the qualified name of the flow to launch - # INPUT is a JSON object that contains the arguments to use for the flow call. + # INPUT is a base64URL-encoded JSON object that contains the arguments to use for the flow call. # The keys of this object should match the already defined flow inputs. Ideally, and # depending on the actual flow implementation, some keys may not even be required # QN and INPUTS are separated by a hyphen @@ -230,4 +224,4 @@ def extractParams(self, param): elif i == -1: return (param, None) else: - return (param[:i], param[i+1:]) + return (param[:i], Base64Util.base64urldecodeToString(param[i+1:])) diff --git a/jans-auth-server/server/conf/jans-config.json b/jans-auth-server/server/conf/jans-config.json index 50788497e87..155d0b15f9f 100644 --- a/jans-auth-server/server/conf/jans-config.json +++ b/jans-auth-server/server/conf/jans-config.json @@ -460,10 +460,6 @@ { "paramName": "customParam5", "returnInResponse": true - }, - { - "paramName": "agama_flow", - "returnInResponse": false } ], "legacyDynamicRegistrationScopeParam": false, diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json index 349bc50d5c1..15b57db916c 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json +++ b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json @@ -499,10 +499,6 @@ { "paramName": "customParam5", "returnInResponse": true - }, - { - "paramName": "agama_flow", - "returnInResponse": false } ], "legacyDynamicRegistrationScopeParam": false, diff --git a/jans-linux-setup/jans_setup/templates/scripts.ldif b/jans-linux-setup/jans_setup/templates/scripts.ldif index 8cf3add8f6b..32045c4e0c8 100644 --- a/jans-linux-setup/jans_setup/templates/scripts.ldif +++ b/jans-linux-setup/jans_setup/templates/scripts.ldif @@ -570,8 +570,6 @@ objectClass: top description: Agama Script displayName: agama inum: BADA-BADA -jansConfProperty: {"value1":"cust_param_name","value2":"agama_flow","description":""} -jansConfProperty: {"value1":"default_flow_name","value2":"","description":""} jansConfProperty: {"value1":"finish_userid_db_attribute","value2":"uid","description":""} jansEnabled: false jansLevel: 10