diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 010c93dd359..3f60f3c07ba 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -56,7 +56,10 @@ jobs: cp janssen-*.tgz ../ - name: Generate docs - run: echo "Custom work on generating docs can go here." + run: | + echo "Custom work on generating docs can go here." + chmod u+x automation/docs/generate-property-docs.sh + sudo bash ./automation/docs/generate-property-docs.sh - name: git config run: | diff --git a/.github/workflows/build-wars.yml b/.github/workflows/build-wars.yml index a0a58ad6aaa..f9485bed53d 100644 --- a/.github/workflows/build-wars.yml +++ b/.github/workflows/build-wars.yml @@ -48,7 +48,6 @@ jobs: - uses: actions/checkout@v3 with: repository: ${{ github.repository }} - token: ${{ secrets.githubtoken }} - name: find changed directories run: | @@ -88,4 +87,4 @@ jobs: pwd mvn clean install -DskipTests --file ${{ matrix.fldrpath }} mvn -B package --file ${{ matrix.fldrpath }}/pom.xml -Dmaven.test.skip=true - mvn --file ${{ matrix.fldrpath }}/pom.xml deploy -Dmaven.test.skip=true \ No newline at end of file + mvn --file ${{ matrix.fldrpath }}/pom.xml deploy -Dmaven.test.skip=true diff --git a/automation/docs/generate-property-docs.sh b/automation/docs/generate-property-docs.sh new file mode 100644 index 00000000000..e672a7dba48 --- /dev/null +++ b/automation/docs/generate-property-docs.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euo pipefail + +echo "Generate properties and feature flag documents from elements annotated with @DocFeatureFlag and @DocProperty" + +# Compile jans-core to pick-up any changes in annotation processors +mvn -q -f jans-core/pom.xml -DskipTests clean compile install + +# Compile modules where classes that use these annotations exist. +# This will generate markdown files under target/classes directory +mvn -q -f jans-auth-server/pom.xml clean compile +mvn -q -f jans-fido2/pom.xml clean compile +mvn -q -f jans-scim/pom.xml clean compile + +# Move markdown files to appropriate locations under documentation root 'doc' +mv -f jans-auth-server/model/target/classes/janssenauthserver-properties.md docs/admin/reference/json/properties +mv -f jans-auth-server/model/target/classes/janssenauthserver-feature-flags.md docs/admin/reference/json/feature-flags +mv -f jans-fido2/model/target/classes/fido2-properties.md docs/admin/reference/json/properties +mv -f jans-scim/model/target/classes/scim-properties.md docs/admin/reference/json/properties \ No newline at end of file diff --git a/docs/admin/reference/json/config-api.md b/docs/admin/reference/json/config-api.md deleted file mode 100644 index a81a4bed825..00000000000 --- a/docs/admin/reference/json/config-api.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -tags: - - administration - - reference - - json ---- - -This is a placeholder - diff --git a/docs/admin/reference/json/feature-flags/README.md b/docs/admin/reference/json/feature-flags/README.md new file mode 100644 index 00000000000..be85ed5c1be --- /dev/null +++ b/docs/admin/reference/json/feature-flags/README.md @@ -0,0 +1,6 @@ +# Overview + +Please use the left navigation menu to browse the content of this section while we are still working on developing content for `Overview` page. + +!!! Contribute +If you’d like to contribute to this document, get started with the [Contribution Guide](https://docs.jans.io/head/CONTRIBUTING/#contributing-to-the-documentation) diff --git a/docs/admin/reference/json/feature-flags/janssenauthserver-feature-flags.md b/docs/admin/reference/json/feature-flags/janssenauthserver-feature-flags.md new file mode 100644 index 00000000000..bb685047243 --- /dev/null +++ b/docs/admin/reference/json/feature-flags/janssenauthserver-feature-flags.md @@ -0,0 +1,214 @@ +--- +tags: +- administration +- reference +- json +- feature-flags +--- + +# Janssen Auth Server Feature Flags + +| Feature Flag Name | Description | | +|-----|-----|-----| +| ACTIVE_SESSION | Enable/Disable active session endpoint | [Details](#active_session) | +| CIBA | Enable/Disable OpenID Connect Client Initiated Backchannel Authentication Flow(CIBA) flow support | [Details](#ciba) | +| CLIENTINFO | Enable/Disable client info endpoint | [Details](#clientinfo) | +| DEVICE_AUTHZ | Enable/Disable support for device authorization | [Details](#device_authz) | +| END_SESSION | Enable/Disable end session endpoint | [Details](#end_session) | +| HEALTH_CHECK | Enable/Disable health-check endpoint | [Details](#health_check) | +| ID_GENERATION | Enable/Disable ID Generation endpoint | [Details](#id_generation) | +| INTROSPECTION | Enable/Disable token introspection endpoint | [Details](#introspection) | +| JANS_CONFIGURATION | Enable/Disable *.well-known* configuration endpoint | [Details](#jans_configuration) | +| METRIC | Enable/Disable metric reporter feature | [Details](#metric) | +| PAR | Enable/Disable Pushed Authorization Requests(PAR) feature | [Details](#par) | +| REGISTRATION | Enable/Disable client registration endpoint | [Details](#registration) | +| REVOKE_SESSION | Enable/Disable session revocation endpoint | [Details](#revoke_session) | +| REVOKE_TOKEN | Enable/Disable token revocation endpoint | [Details](#revoke_token) | +| SSA | Enable/Disable Software Statement Assertion(SSA) feature | [Details](#ssa) | +| STAT | Enable/Disable Stat service | [Details](#stat) | +| STATUS_SESSION | Enable/Disable session status check endpoint | [Details](#status_session) | +| U2F | Enable/Disable support for Universal 2nd Factor(U2F) protocol | [Details](#u2f) | +| UMA | Enable/Disable support for User-Managed Access (UMA) | [Details](#uma) | +| USERINFO | Enable/Disable OpenID Connect [userinfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) | [Details](#userinfo) | + + +### ACTIVE_SESSION + +- Description: Enable/Disable active session endpoint + +- Required: No + +- Default value: None + + +### CIBA + +- Description: Enable/Disable OpenID Connect Client Initiated Backchannel Authentication Flow(CIBA) flow support + +- Required: No + +- Default value: None + + +### CLIENTINFO + +- Description: Enable/Disable client info endpoint + +- Required: No + +- Default value: None + + +### DEVICE_AUTHZ + +- Description: Enable/Disable support for device authorization + +- Required: No + +- Default value: None + + +### END_SESSION + +- Description: Enable/Disable end session endpoint + +- Required: No + +- Default value: None + + +### HEALTH_CHECK + +- Description: Enable/Disable health-check endpoint + +- Required: No + +- Default value: None + + +### ID_GENERATION + +- Description: Enable/Disable ID Generation endpoint + +- Required: No + +- Default value: None + + +### INTROSPECTION + +- Description: Enable/Disable token introspection endpoint + +- Required: No + +- Default value: None + + +### JANS_CONFIGURATION + +- Description: Enable/Disable *.well-known* configuration endpoint + +- Required: No + +- Default value: None + + +### METRIC + +- Description: Enable/Disable metric reporter feature + +- Required: No + +- Default value: None + + +### PAR + +- Description: Enable/Disable Pushed Authorization Requests(PAR) feature + +- Required: No + +- Default value: None + + +### REGISTRATION + +- Description: Enable/Disable client registration endpoint + +- Required: No + +- Default value: None + + +### REVOKE_SESSION + +- Description: Enable/Disable session revocation endpoint + +- Required: No + +- Default value: None + + +### REVOKE_TOKEN + +- Description: Enable/Disable token revocation endpoint + +- Required: No + +- Default value: None + + +### SSA + +- Description: Enable/Disable Software Statement Assertion(SSA) feature + +- Required: No + +- Default value: None + + +### STAT + +- Description: Enable/Disable Stat service + +- Required: No + +- Default value: None + + +### STATUS_SESSION + +- Description: Enable/Disable session status check endpoint + +- Required: No + +- Default value: None + + +### U2F + +- Description: Enable/Disable support for Universal 2nd Factor(U2F) protocol + +- Required: No + +- Default value: None + + +### UMA + +- Description: Enable/Disable support for User-Managed Access (UMA) + +- Required: No + +- Default value: None + + +### USERINFO + +- Description: Enable/Disable OpenID Connect [userinfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) + +- Required: No + +- Default value: None + + diff --git a/docs/admin/reference/json/properties/README.md b/docs/admin/reference/json/properties/README.md new file mode 100644 index 00000000000..be85ed5c1be --- /dev/null +++ b/docs/admin/reference/json/properties/README.md @@ -0,0 +1,6 @@ +# Overview + +Please use the left navigation menu to browse the content of this section while we are still working on developing content for `Overview` page. + +!!! Contribute +If you’d like to contribute to this document, get started with the [Contribution Guide](https://docs.jans.io/head/CONTRIBUTING/#contributing-to-the-documentation) diff --git a/docs/admin/reference/json/properties/config-api-properties.md b/docs/admin/reference/json/properties/config-api-properties.md new file mode 100644 index 00000000000..be85ed5c1be --- /dev/null +++ b/docs/admin/reference/json/properties/config-api-properties.md @@ -0,0 +1,6 @@ +# Overview + +Please use the left navigation menu to browse the content of this section while we are still working on developing content for `Overview` page. + +!!! Contribute +If you’d like to contribute to this document, get started with the [Contribution Guide](https://docs.jans.io/head/CONTRIBUTING/#contributing-to-the-documentation) diff --git a/docs/admin/reference/json/fido.md b/docs/admin/reference/json/properties/fido2-properties.md similarity index 98% rename from docs/admin/reference/json/fido.md rename to docs/admin/reference/json/properties/fido2-properties.md index 83222d7a8be..aa2aa14c42a 100644 --- a/docs/admin/reference/json/fido.md +++ b/docs/admin/reference/json/properties/fido2-properties.md @@ -1,9 +1,9 @@ --- tags: - - administration - - reference - - json - - properties +- administration +- reference +- json +- properties --- # Fido2 Configuration Properties @@ -252,5 +252,3 @@ tags: - Default value: None - - diff --git a/docs/admin/reference/json/auth-server.md b/docs/admin/reference/json/properties/janssenauthserver-properties.md similarity index 99% rename from docs/admin/reference/json/auth-server.md rename to docs/admin/reference/json/properties/janssenauthserver-properties.md index b05fcbade21..82be71f1535 100644 --- a/docs/admin/reference/json/auth-server.md +++ b/docs/admin/reference/json/properties/janssenauthserver-properties.md @@ -1,12 +1,12 @@ --- tags: - - administration - - reference - - json - - properties +- administration +- reference +- json +- properties --- -# jans-auth-server Configuration Properties +# Janssen Auth Server Configuration Properties | Property Name | Description | | |-----|-----|-----| @@ -2532,6 +2532,3 @@ tags: - Default value: None - - - diff --git a/docs/admin/reference/json/scim.md b/docs/admin/reference/json/properties/scim-properties.md similarity index 98% rename from docs/admin/reference/json/scim.md rename to docs/admin/reference/json/properties/scim-properties.md index d776815099e..3f479f218c1 100644 --- a/docs/admin/reference/json/scim.md +++ b/docs/admin/reference/json/properties/scim-properties.md @@ -1,9 +1,9 @@ --- tags: - - administration - - reference - - json - - properties +- administration +- reference +- json +- properties --- # SCIM Configuration Properties @@ -192,5 +192,3 @@ tags: - Default value: None - - diff --git a/jans-auth-server/model/pom.xml b/jans-auth-server/model/pom.xml index bc73d6fc7d4..7fc2f3eeb02 100644 --- a/jans-auth-server/model/pom.xml +++ b/jans-auth-server/model/pom.xml @@ -180,6 +180,11 @@ com.wordnik swagger-annotations + + io.jans + jans-doc + ${jans-core.version} + \ No newline at end of file diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/common/FeatureFlagType.java b/jans-auth-server/model/src/main/java/io/jans/as/model/common/FeatureFlagType.java index f714a68a02c..6398193b5d8 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/common/FeatureFlagType.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/common/FeatureFlagType.java @@ -1,5 +1,6 @@ package io.jans.as.model.common; +import io.jans.doc.annotation.DocFeatureFlag; import org.apache.commons.lang3.StringUtils; import java.util.HashSet; @@ -12,25 +13,46 @@ public enum FeatureFlagType { UNKNOWN("unknown"), + @DocFeatureFlag(description = "Enable/Disable health-check endpoint") HEALTH_CHECK("health_check"), + @DocFeatureFlag(description = "Enable/Disable OpenID Connect [userinfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)") USERINFO("userinfo"), + + @DocFeatureFlag(description = "Enable/Disable client info endpoint") CLIENTINFO("clientinfo"), + @DocFeatureFlag(description = "Enable/Disable ID Generation endpoint") ID_GENERATION("id_generation"), + @DocFeatureFlag(description = "Enable/Disable client registration endpoint") REGISTRATION("registration"), + @DocFeatureFlag(description = "Enable/Disable token introspection endpoint") INTROSPECTION("introspection"), + @DocFeatureFlag(description = "Enable/Disable token revocation endpoint") REVOKE_TOKEN("revoke_token"), + @DocFeatureFlag(description = "Enable/Disable session revocation endpoint") REVOKE_SESSION("revoke_session"), + @DocFeatureFlag(description = "Enable/Disable active session endpoint") ACTIVE_SESSION("active_session"), + @DocFeatureFlag(description = "Enable/Disable end session endpoint") END_SESSION("end_session"), + @DocFeatureFlag(description = "Enable/Disable session status check endpoint") STATUS_SESSION("status_session"), + @DocFeatureFlag(description = "Enable/Disable *.well-known* configuration endpoint") JANS_CONFIGURATION("jans_configuration"), // /.well-known/jans-configuration + @DocFeatureFlag(description = "Enable/Disable OpenID Connect Client Initiated Backchannel Authentication Flow(CIBA) flow support") CIBA("ciba"), + @DocFeatureFlag(description = "Enable/Disable support for User-Managed Access (UMA)") UMA("uma"), + @DocFeatureFlag(description = "Enable/Disable support for Universal 2nd Factor(U2F) protocol") U2F("u2f"), + @DocFeatureFlag(description = "Enable/Disable support for device authorization") DEVICE_AUTHZ("device_authz"), + @DocFeatureFlag(description = "Enable/Disable metric reporter feature") METRIC("metric"), + @DocFeatureFlag(description = "Enable/Disable Stat service") STAT("stat"), + @DocFeatureFlag(description = "Enable/Disable Pushed Authorization Requests(PAR) feature") PAR("par"), + @DocFeatureFlag(description = "Enable/Disable Software Statement Assertion(SSA) feature") SSA("ssa"); private final String value; diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java index c519bd7b64f..b7ad2aae18e 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java @@ -14,6 +14,7 @@ import io.jans.as.model.error.ErrorHandlingMethod; import io.jans.as.model.jwk.KeySelectionStrategy; import io.jans.as.model.ssa.SsaConfiguration; +import io.jans.doc.annotation.DocProperty; import java.util.ArrayList; import java.util.HashSet; @@ -35,301 +36,774 @@ public class AppConfiguration implements Configuration { public static final KeySelectionStrategy DEFAULT_KEY_SELECTION_STRATEGY = KeySelectionStrategy.OLDER; public static final String DEFAULT_STAT_SCOPE = "jans_stat"; + @DocProperty(description = "URL using the https scheme that OP asserts as Issuer identifier") private String issuer; + + @DocProperty(description = "The base URL for endpoints") private String baseEndpoint; + + @DocProperty(description = "The authorization endpoint URL") private String authorizationEndpoint; + + @DocProperty(description = "The token endpoint URL") private String tokenEndpoint; + + @DocProperty(description = "The URL for the access_token or refresh_token revocation endpoint") private String tokenRevocationEndpoint; + + @DocProperty(description = "The User Info endpoint URL") private String userInfoEndpoint; + + @DocProperty(description = "The Client Info endpoint URL") private String clientInfoEndpoint; + + @DocProperty(description = "URL for an OP IFrame that supports cross-origin communications for session state information with the RP Client using the HTML5 postMessage API") private String checkSessionIFrame; + + @DocProperty(description = "URL at the OP to which an RP can perform a redirect to request that the end user be logged out at the OP") private String endSessionEndpoint; + + @DocProperty(description = "URL of the OP's JSON Web Key Set (JWK) document. This contains the signing key(s) the RP uses to validate signatures from the OP") private String jwksUri; + + @DocProperty(description = "Registration endpoint URL") private String registrationEndpoint; + + @DocProperty(description = "Discovery endpoint URL") private String openIdDiscoveryEndpoint; + + @DocProperty(description = "URL for the Open ID Connect Configuration Endpoint") private String openIdConfigurationEndpoint; + + @DocProperty(description = "ID Generation endpoint URL") private String idGenerationEndpoint; + + @DocProperty(description = "Introspection endpoint URL") private String introspectionEndpoint; + + @DocProperty(description = "URL for Pushed Authorisation Request (PAR) Endpoint") private String parEndpoint; + + @DocProperty(description = "Boolean value to indicate of Pushed Authorisation Request(PAR)is required", defaultValue = "false") private Boolean requirePar = false; + + @DocProperty(description = "URL for the Device Authorization") private String deviceAuthzEndpoint; + @DocProperty(description = "URL for Mutual TLS (mTLS) Client Authentication and Certificate-Bound Access Tokens (MTLS) Endpoint") private String mtlsAuthorizationEndpoint; + + @DocProperty(description = "URL for Mutual TLS (mTLS) Authorization token Endpoint") private String mtlsTokenEndpoint; + + @DocProperty(description = "URL for Mutual TLS (mTLS) Authorization token revocation endpoint") private String mtlsTokenRevocationEndpoint; + + @DocProperty(description = "Mutual TLS (mTLS) user info endpoint URL") private String mtlsUserInfoEndpoint; + + @DocProperty(description = "URL for Mutual TLS (mTLS) Client Info endpoint") private String mtlsClientInfoEndpoint; + + @DocProperty(description = "URL for Mutual TLS (mTLS) IFrame that supports cross-origin communications for session state information with the RP Client using the HTML5 postMessage API") private String mtlsCheckSessionIFrame; + + @DocProperty(description = "URL for Mutual TLS (mTLS) to which an RP can perform a redirect to request that the end user be logged out at the OP") private String mtlsEndSessionEndpoint; + + @DocProperty(description = "URL for Mutual TLS (mTLS) of the OP's JSON Web Key Set (JWK) document") private String mtlsJwksUri; + + @DocProperty(description = "Mutual TLS (mTLS) registration endpoint URL") private String mtlsRegistrationEndpoint; + + @DocProperty(description = "Mutual TLS (mTLS) ID generation endpoint URL") private String mtlsIdGenerationEndpoint; + + @DocProperty(description = "Mutual TLS (mTLS) introspection endpoint URL") private String mtlsIntrospectionEndpoint; + + @DocProperty(description = "Mutual TLS (mTLS) Pushed Authorization Requests(PAR) endpoint URL") private String mtlsParEndpoint; + + @DocProperty(description = "Mutual TLS (mTLS) device authorization endpoint URL") private String mtlsDeviceAuthzEndpoint; + @DocProperty(description = "Boolean value true saves session data as a JWT", defaultValue = "false") private Boolean sessionAsJwt = false; + + @DocProperty(description = "Boolean value true encrypts request object", defaultValue = "false") private Boolean requireRequestObjectEncryption = false; + + @DocProperty(description = "Boolean value true check for Proof Key for Code Exchange (PKCE)", defaultValue = "false") private Boolean requirePkce = false; + @DocProperty(description = "Boolean value true allow all value for revoke endpoint", defaultValue = "false") private Boolean allowAllValueForRevokeEndpoint = false; + @DocProperty(description = "Sector Identifier cache lifetime in minutes", defaultValue = "1440") private int sectorIdentifierCacheLifetimeInMinutes = 1440; + @DocProperty(description = "UMA Configuration endpoint URL") private String umaConfigurationEndpoint; + + @DocProperty(description = "Issue RPT as JWT or as random string", defaultValue = "false") private Boolean umaRptAsJwt = false; + + @DocProperty(description = "UMA RPT lifetime") private int umaRptLifetime; + + @DocProperty(description = "UMA ticket lifetime") private int umaTicketLifetime; + + @DocProperty(description = "UMA PCT lifetime") private int umaPctLifetime; + + @DocProperty(description = "UMA Resource lifetime") private int umaResourceLifetime; + + @DocProperty(description = "Add UMA scopes automatically if it is not registered yet") private Boolean umaAddScopesAutomatically; + + @DocProperty(description = "Validate claim_token as id_token assuming it is issued by local id", defaultValue = "false") private Boolean umaValidateClaimToken = false; + + @DocProperty(description = "Specify whether to grant access to resources if there is no any policies associated with scopes", defaultValue = "false") private Boolean umaGrantAccessIfNoPolicies = false; + + @DocProperty(description = "Restrict access to resource by associated client", defaultValue = "false") private Boolean umaRestrictResourceToAssociatedClient = false; + @DocProperty(description = "Statistical data capture time interval") private int statTimerIntervalInSeconds; + + @DocProperty(description = "Scope required for Statistical Authorization") private String statAuthorizationScope; + @DocProperty(description = "Specifies whether to allow spontaneous scopes") private Boolean allowSpontaneousScopes; + + @DocProperty(description = "The lifetime of spontaneous scope in seconds") private int spontaneousScopeLifetime; + + @DocProperty(description = "Specifies which LDAP attribute is used for the subject identifier claim") private String openidSubAttribute; + + @DocProperty(description = "Specifies whether public subject identifier is allowed per client", defaultValue = "false") private Boolean publicSubjectIdentifierPerClientEnabled = false; + + @DocProperty(description = "A list of the subject identifiers supported per client") private List subjectIdentifiersPerClientSupported; + + @DocProperty(description = "This list details which OAuth 2.0 response_type values are supported by this OP.", defaultValue = "By default, every combination of code, token and id_token is supported.") private Set> responseTypesSupported; + + @DocProperty(description = "This list details which OAuth 2.0 response modes are supported by this OP") private Set responseModesSupported; + + @DocProperty(description = "This list details which OAuth 2.0 grant types are supported by this OP") private Set grantTypesSupported; + + @DocProperty(description = "This list details which Subject Identifier types that the OP supports. Valid types include pairwise and public.") private List subjectTypesSupported; + + @DocProperty(description = "The default subject type used for dynamic client registration") private String defaultSubjectType; + + @DocProperty(description = "List of authorization signing algorithms supported by this OP") private List authorizationSigningAlgValuesSupported; + + @DocProperty(description = "List of authorization encryption algorithms supported by this OP") private List authorizationEncryptionAlgValuesSupported; + + @DocProperty(description = "A list of the authorization encryption algorithms supported") private List authorizationEncryptionEncValuesSupported; + + @DocProperty(description = "This JSON Array lists which JWS signing algorithms (alg values) [JWA] can be used by for the UserInfo endpoint to encode the claims in a JWT") private List userInfoSigningAlgValuesSupported; + + @DocProperty(description = "This JSON Array lists which JWS encryption algorithms (alg values) [JWA] can be used by for the UserInfo endpoint to encode the claims in a JWT") private List userInfoEncryptionAlgValuesSupported; + + @DocProperty(description = "This JSON Array lists which JWS encryption algorithms (enc values) [JWA] can be used by for the UserInfo endpoint to encode the claims in a JWT") private List userInfoEncryptionEncValuesSupported; + + @DocProperty(description = "A list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT") private List idTokenSigningAlgValuesSupported; + + @DocProperty(description = "A list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT") private List idTokenEncryptionAlgValuesSupported; + + @DocProperty(description = "A list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT") private List idTokenEncryptionEncValuesSupported; + + @DocProperty(description = "A list of the JWS signing algorithms (alg values) supported by the OP for the access token to encode the Claims in a JWT") private List accessTokenSigningAlgValuesSupported; + + @DocProperty(description = "Boolean value true indicates that signed request object is mandatory", defaultValue = "false") private Boolean forceSignedRequestObject = false; + + @DocProperty(description = "A list of the JWS signing algorithms (alg values) supported by the OP for Request Objects") private List requestObjectSigningAlgValuesSupported; + + @DocProperty(description = "A list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects") private List requestObjectEncryptionAlgValuesSupported; + + @DocProperty(description = "A list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects") private List requestObjectEncryptionEncValuesSupported; + + @DocProperty(description = "A list of Client Authentication methods supported by this Token Endpoint") private List tokenEndpointAuthMethodsSupported; + + @DocProperty(description = "A list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods") private List tokenEndpointAuthSigningAlgValuesSupported; + + @DocProperty(description = "This list details the custom attributes for dynamic registration") private List dynamicRegistrationCustomAttributes; + + @DocProperty(description = "A list of the display parameter values that the OpenID Provider supports") private List displayValuesSupported; + + @DocProperty(description = "A list of the Claim Types that the OpenID Provider supports") private List claimTypesSupported; + + @DocProperty(description = "A list of algorithms that will be used in JWKS endpoint") private List jwksAlgorithmsSupported; + + @DocProperty(description = "URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider") private String serviceDocumentation; + + @DocProperty(description = "This list details the languages and scripts supported for values in the claims being returned") private List claimsLocalesSupported; + + @DocProperty(description = "Array containing a list of the JWT Confirmation Method member names supported by the OP for Token Binding of ID Tokens. The presence of this parameter indicates that the OpenID Provider supports Token Binding of ID Tokens. If omitted, the default is that the OpenID Provider does not support Token Binding of ID Tokens") private List idTokenTokenBindingCnfValuesSupported; + + @DocProperty(description = "This list details the languages and scripts supported for the user interface") private List uiLocalesSupported; + + @DocProperty(description = "Specifies whether the OP supports use of the claims parameter") private Boolean claimsParameterSupported; + + @DocProperty(description = "Boolean value specifying whether the OP supports use of the request parameter") private Boolean requestParameterSupported; + + @DocProperty(description = "Boolean value specifying whether the OP supports use of the request_uri parameter") private Boolean requestUriParameterSupported; + + @DocProperty(description = "Boolean value specifying whether the OP supports use of the request_uri hash verification") private Boolean requestUriHashVerificationEnabled; + + @DocProperty(description = "Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter") private Boolean requireRequestUriRegistration; + + @DocProperty(description = "Block list for requestUri that can come to Authorization Endpoint (e.g. localhost)") private List requestUriBlockList; + + @DocProperty(description = "URL that the OpenID Provider provides to the person registering the Client to read about the OP's requirements on how the Relying Party can use the data provided by the OP") private String opPolicyUri; + + @DocProperty(description = "URL that the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service") private String opTosUri; + + @DocProperty(description = "The lifetime of the Authorization Code") private int authorizationCodeLifetime; + + @DocProperty(description = "The lifetime of the Refresh Token") private int refreshTokenLifetime; + + @DocProperty(description = "The lifetime of the ID Token") private int idTokenLifetime; + + @DocProperty(description = "Boolean value specifying whether idToken filters claims based on accessToken") private Boolean idTokenFilterClaimsBasedOnAccessToken; + + @DocProperty(description = "The lifetime of the short lived Access Token") private int accessTokenLifetime; + @DocProperty(description = "Time interval for the Clean Service in seconds") private int cleanServiceInterval; + + @DocProperty(description = "Clean service chunk size which is used during clean up", defaultValue = "100") private int cleanServiceBatchChunkSize = 100; + @DocProperty(description = "Boolean value specifying whether to regenerate keys") private Boolean keyRegenerationEnabled; + + @DocProperty(description = "The interval for key regeneration in hours") private int keyRegenerationInterval; + + @DocProperty(description = "The default signature algorithm to sign ID Tokens") private String defaultSignatureAlgorithm; + + @DocProperty(description = "OpenID Connect Version") private String oxOpenIdConnectVersion; + + @DocProperty(description = "URL for the Inum generator Service") private String oxId; + + @DocProperty(description = "Expiration time in seconds for clients created with dynamic registration, 0 or -1 means never expire", defaultValue = "-1") private int dynamicRegistrationExpirationTime = -1; + + @DocProperty(description = "Boolean value specifying whether to persist client authorizations") private Boolean dynamicRegistrationPersistClientAuthorizations; + + @DocProperty(description = "Boolean value specifying whether a client is trusted and no authorization is required") private Boolean trustedClientEnabled; + + @DocProperty(description = "Choose whether to skip authorization if a client has an OpenId scope and a pairwise ID", defaultValue = "false") private Boolean skipAuthorizationForOpenIdScopeAndPairwiseId = false; + + @DocProperty(description = "Boolean value specifying whether to enable scopes parameter in dynamic registration") private Boolean dynamicRegistrationScopesParamEnabled; + + @DocProperty(description = "Boolean value specifying whether to enable Password Grant Type during Dynamic Registration", defaultValue = "false") private Boolean dynamicRegistrationPasswordGrantTypeEnabled = false; + + @DocProperty(description = "List of grant scopes for dynamic registration") private List dynamicRegistrationAllowedPasswordGrantScopes; + + @DocProperty(description = "LDAP custom object class for dynamic registration") private String dynamicRegistrationCustomObjectClass; + + @DocProperty(description = "This list details LDAP custom object classes for dynamic person enrollment") private List personCustomObjectClassList; + @DocProperty(description = "Specifies whether to persist id_token into LDAP (otherwise saves into cache)", defaultValue = "false") private Boolean persistIdTokenInLdap = false; + + @DocProperty(description = "Specifies whether to persist refresh_token into LDAP (otherwise saves into cache)", defaultValue = "true") private Boolean persistRefreshTokenInLdap = true; + + @DocProperty(description = "Allows post-logout redirect without validation for the End Session endpoint (still AS validates it against clientWhiteList url pattern property)", defaultValue = "false") private Boolean allowPostLogoutRedirectWithoutValidation = false; + + @DocProperty(description = "Boolean value to specify whether to invalidate session_id and consent_session_id cookies right after successful or unsuccessful authorization", defaultValue = "false") private Boolean invalidateSessionCookiesAfterAuthorizationFlow = false; + + @DocProperty(description = "Boolean value specifying whether a client_secret is returned on client GET or PUT. Set to true by default which means to return secret", defaultValue = "false") private Boolean returnClientSecretOnRead = false; + + @DocProperty(description = "Boolean value specifying whether reject JWT requested or validated with algorithm None. Default value is true", defaultValue = "true") private Boolean rejectJwtWithNoneAlg = true; + + @DocProperty(description = "Boolean value specifying whether expiration notificator is enabled (used to identify expiration for persistence that support TTL, like Couchbase)", defaultValue = "false") private Boolean expirationNotificatorEnabled = false; + + @DocProperty(description = "Boolean value specifying whether to use nested Jwt during encryption", defaultValue = "true") private Boolean useNestedJwtDuringEncryption = true; + + @DocProperty(description = "The expiration notificator maximum size limit") private int expirationNotificatorMapSizeLimit = 100000; + + @DocProperty(description = "The expiration notificator interval in second") private int expirationNotificatorIntervalInSeconds = 600; + + //feature flags + @DocProperty(description = "Enable/Disable redirect uris validation using regular expression", defaultValue = "false") private Boolean redirectUrisRegexEnabled = false; + + @DocProperty(description = "Enable/Disable usage of highest level script in case ACR script does not exist", defaultValue = "true") private Boolean useHighestLevelScriptIfAcrScriptNotFound = true; + @DocProperty(description = "Boolean value specifying whether to enable user authentication filters") private Boolean authenticationFiltersEnabled; + + @DocProperty(description = "Boolean value specifying whether to enable client authentication filters") private Boolean clientAuthenticationFiltersEnabled; + + @DocProperty(description = "Boolean value specifying whether to add Authorization Code Flow with Refresh grant during client registratio") private Boolean clientRegDefaultToCodeFlowWithRefresh; + + @DocProperty(description = "Boolean value specifying whether to Grant types and Response types can be auto fixed") private Boolean grantTypesAndResponseTypesAutofixEnabled; + + @DocProperty(description = "This list details filters for user authentication") private List authenticationFilters; + + @DocProperty(description = "This list details filters for client authentication") private List clientAuthenticationFilters; + + @DocProperty(description = "This list specifies the CORS configuration filters") private List corsConfigurationFilters; + @DocProperty(description = "The lifetime for unused session states") private int sessionIdUnusedLifetime; + + @DocProperty(description = "The lifetime for unused unauthenticated session states") private int sessionIdUnauthenticatedUnusedLifetime = 120; // 120 seconds + + @DocProperty(description = "Boolean value specifying whether to persist session ID on prompt none") private Boolean sessionIdPersistOnPromptNone; + + @DocProperty(description = "Boolean value specifying whether to enable session_id HTTP request parameter", defaultValue = "false") private Boolean sessionIdRequestParameterEnabled = false; // #1195 + + @DocProperty(description = "Boolean value specifying whether change session_id on authentication. Default value is true", defaultValue = "true") private Boolean changeSessionIdOnAuthentication = true; + + @DocProperty(description = "Boolean value specifying whether to persist session_id in cache", defaultValue = "false") private Boolean sessionIdPersistInCache = false; + + @DocProperty(description = "Boolean value specifying whether to include sessionId in response", defaultValue = "false") private Boolean includeSidInResponse = false; + + /** * SessionId will be expired after sessionIdLifetime seconds */ + @DocProperty(description = "The lifetime of session id in seconds. If 0 or -1 then expiration is not set. session_id cookie expires when browser session ends") private Integer sessionIdLifetime = DEFAULT_SESSION_ID_LIFETIME; + + @DocProperty(description = "Dedicated property to control lifetime of the server side OP session object in seconds. Overrides sessionIdLifetime. By default value is 0, so object lifetime equals sessionIdLifetime (which sets both cookie and object expiration). It can be useful if goal is to keep different values for client cookie and server object") private Integer serverSessionIdLifetime = sessionIdLifetime; // by default same as sessionIdLifetime + + @DocProperty(description = "Authorization Scope for active session") private String activeSessionAuthorizationScope; + + @DocProperty(description = "The interval for configuration update in seconds") private int configurationUpdateInterval; + @DocProperty(description = "Choose if client can update Grant Type values") private Boolean enableClientGrantTypeUpdate; + + @DocProperty(description = "This list details which OAuth 2.0 grant types can be set up with the client registration API") private Set dynamicGrantTypeDefault; + @DocProperty(description = "The location for CSS files") private String cssLocation; + + @DocProperty(description = "The location for JavaScript files") private String jsLocation; + + @DocProperty(description = "The location for image files") private String imgLocation; + + @DocProperty(description = "The interval for metric reporter in seconds") private int metricReporterInterval; + + @DocProperty(description = "The days to keep metric reported data") private int metricReporterKeepDataDays; + + @DocProperty(description = "the pairwise ID type") private String pairwiseIdType; // persistent, algorithmic + + @DocProperty(description = "Key to calculate algorithmic pairwise IDs") private String pairwiseCalculationKey; + + @DocProperty(description = "Salt to calculate algorithmic pairwise IDs") private String pairwiseCalculationSalt; + + @DocProperty(description = "When true, clients with the same Sector ID also share the same Subject ID", defaultValue = "false") private Boolean shareSubjectIdBetweenClientsWithSameSectorId = false; + @DocProperty(description = "Web Key Storage Type") private WebKeyStorage webKeysStorage; + + @DocProperty(description = "DN of certificate issuer") private String dnName; + + @DocProperty(description = "The Key Store File (JKS)") // Jans Auth KeyStore private String keyStoreFile; + + @DocProperty(description = "The Key Store password") private String keyStoreSecret; + + @DocProperty(description = "Key Selection Strategy : OLDER, NEWER, FIRST", defaultValue = "OLDER") private KeySelectionStrategy keySelectionStrategy = DEFAULT_KEY_SELECTION_STRATEGY; + + @DocProperty(description = "List of algorithm allowed to be used for key generation") private List keyAlgsAllowedForGeneration = new ArrayList<>(); + + @DocProperty(description = "Specifies if signing to be done with same key but apply different algorithms") private Boolean keySignWithSameKeyButDiffAlg; // https://github.com/JanssenProject/jans-auth-server/issues/95 + + @DocProperty(description = "Specifies static Kid") private String staticKid; + + @DocProperty(description = "Specifies static decryption Kid") private String staticDecryptionKid; + + //oxEleven + @DocProperty(description = "oxEleven Test Mode Token") private String oxElevenTestModeToken; + + @DocProperty(description = "oxEleven Generate Key endpoint URL") private String oxElevenGenerateKeyEndpoint; + + @DocProperty(description = "oxEleven Sign endpoint UR") private String oxElevenSignEndpoint; + + @DocProperty(description = "oxEleven Verify Signature endpoint URL") private String oxElevenVerifySignatureEndpoint; + + @DocProperty(description = "oxEleven Delete Key endpoint URL") private String oxElevenDeleteKeyEndpoint; + @DocProperty(description = "If True, rejects introspection requests if access_token does not have the uma_protection scope in its authorization header", defaultValue = "false") private Boolean introspectionAccessTokenMustHaveUmaProtectionScope = false; + + @DocProperty(description = "Specifies if authorization to be skipped for introspection") private Boolean introspectionSkipAuthorization; + @DocProperty(description = "Choose whether to accept access tokens to call end_session endpoint") private Boolean endSessionWithAccessToken; + + @DocProperty(description = "Sets cookie domain for all cookies created by OP") private String cookieDomain; + + @DocProperty(description = "enable OAuth Audit Logging") private Boolean enabledOAuthAuditLogging; + + @DocProperty(description = "JMS Broker URI Set") private Set jmsBrokerURISet; + + @DocProperty(description = "JMS UserName") private String jmsUserName; + + @DocProperty(description = "JMS Password") private String jmsPassword; + + @DocProperty(description = "This list specifies which client redirection URIs are white-listed") private List clientWhiteList; + + @DocProperty(description = "This list specified which client redirection URIs are black-listed") private List clientBlackList; + + @DocProperty(description = "Choose whether to include claims in ID tokens") private Boolean legacyIdTokenClaims; + + @DocProperty(description = "Choose whether to enable the custom response header parameter to return custom headers with the authorization response") private Boolean customHeadersWithAuthorizationResponse; + + @DocProperty(description = "Choose whether to support front channel session logout") private Boolean frontChannelLogoutSessionSupported; + + @DocProperty(description = "Specify the logging level for oxAuth loggers") private String loggingLevel; + + @DocProperty(description = "Logging layout used for Jans Authorization Server loggers") private String loggingLayout; + + @DocProperty(description = "Choose if application should update oxLastLogonTime attribute upon user authentication") private Boolean updateUserLastLogonTime; + + @DocProperty(description = "Choose if application should update oxLastAccessTime/oxLastLogonTime attributes upon client authentication") private Boolean updateClientAccessTime; + + @DocProperty(description = "Choose if application should log the Client ID on client authentication") private Boolean logClientIdOnClientAuthentication; + + @DocProperty(description = "Choose if application should log the Client Name on client authentication") private Boolean logClientNameOnClientAuthentication; + + @DocProperty(description = "Choose whether to disable JDK loggers", defaultValue = "true") private Boolean disableJdkLogger = true; + + @DocProperty(description = "This list details the allowed custom parameters for authorization requests") private Set authorizationRequestCustomAllowedParameters; + + @DocProperty(description = "Set to false to only allow token endpoint request for openid scope with grant type equals to authorization_code, restrict access to userinfo to scope openid and only return id_token if scope contains openid", defaultValue = "false") private Boolean openidScopeBackwardCompatibility = false; + + @DocProperty(description = "Choose whether to disable U2F endpoints", defaultValue = "false") private Boolean disableU2fEndpoint = false; // Token Exchange + @DocProperty(description = "", defaultValue = "false") private Boolean rotateDeviceSecret = false; + + @DocProperty(description = "", defaultValue = "false") private Boolean returnDeviceSecretFromAuthzEndpoint = false; // DCR + @DocProperty(description = "Boolean value enables DCR signature validation. Default is false", defaultValue = "false") private Boolean dcrSignatureValidationEnabled = false; + + @DocProperty(description = "Specifies shared secret for Dynamic Client Registration") private String dcrSignatureValidationSharedSecret; + + @DocProperty(description = "Specifies claim name inside software statement. Value of claim should point to JWKS URI") private String dcrSignatureValidationSoftwareStatementJwksURIClaim; + + @DocProperty(description = "Specifies claim name inside software statement. Value of claim should point to inlined JWKS") private String dcrSignatureValidationSoftwareStatementJwksClaim; + + @DocProperty(description = "Specifies JWKS for all DCR's validations") private String dcrSignatureValidationJwks; + + @DocProperty(description = "Specifies JWKS URI for all DCR's validations") private String dcrSignatureValidationJwksUri; + + @DocProperty(description = "Boolean value indicating if DCR authorization to be performed using client credentials", defaultValue = "false") private Boolean dcrAuthorizationWithClientCredentials = false; + + @DocProperty(description = "Boolean value indicating if DCR authorization allowed with MTLS", defaultValue = "false") private Boolean dcrAuthorizationWithMTLS = false; + + @DocProperty(description = "List of DCR issuers") private List dcrIssuers = new ArrayList<>(); + @DocProperty(description = "Cache in local memory cache attributes, scopes, clients and organization entry with expiration 60 seconds", defaultValue = "false") private Boolean useLocalCache = false; + + @DocProperty(description = "Boolean value specifying whether to turn on FAPI compatibility mode. If true AS behaves in more strict mode", defaultValue = "false") private Boolean fapiCompatibility = false; + + @DocProperty(description = "Boolean value specifying whether force id_token_hint parameter presence", defaultValue = "false") private Boolean forceIdTokenHintPrecense = false; + + @DocProperty(description = "default value false. If true and id_token is not found in db, request is rejected", defaultValue = "false") private Boolean rejectEndSessionIfIdTokenExpired = false; + + @DocProperty(description = "default value false. If true, sid check will be skipped", defaultValue = "false") private Boolean allowEndSessionWithUnmatchedSid = false; + + @DocProperty(description = "Boolean value specifying whether force offline_access scope to enable refresh_token grant type. Default value is true", defaultValue = "true") private Boolean forceOfflineAccessScopeToEnableRefreshToken = true; + + @DocProperty(description = "Boolean value specifying whether to return detailed reason of the error from AS. Default value is false", defaultValue = "false") private Boolean errorReasonEnabled = false; + + @DocProperty(description = "Boolean value specifying whether to remove Refresh Tokens on logout. Default value is false", defaultValue = "true") private Boolean removeRefreshTokensForClientOnLogout = true; + + @DocProperty(description = "Boolean value specifying whether to skip refreshing tokens on refreshing", defaultValue = "false") private Boolean skipRefreshTokenDuringRefreshing = false; + + @DocProperty(description = "Boolean value specifying whether to extend refresh tokens on rotation", defaultValue = "false") private Boolean refreshTokenExtendLifetimeOnRotation = false; + + @DocProperty(description = "Check whether user exists and is active before creating RefreshToken. Set it to true if check is needed(Default value is false - don't check.", defaultValue = "false") private Boolean checkUserPresenceOnRefreshToken = false; + + @DocProperty(description = "Boolean value specifying whether to turn on Consent Gathering Script backward compatibility mode. If true AS will pick up script with higher level globally. If false (default) AS will pick up script based on client configuration", defaultValue = "false") private Boolean consentGatheringScriptBackwardCompatibility = false; // means ignore client configuration (as defined in 4.2) and determine it globally (as in 4.1 and earlier) + + @DocProperty(description = "Boolean value specifying whether switch off client's introspection scripts (true value) and run all scripts that exists on server. Default value is false", defaultValue = "false") private Boolean introspectionScriptBackwardCompatibility = false; // means ignore client configuration (as defined in 4.2) and determine it globally (as in 4.1 and earlier) + + @DocProperty(description = "Boolean value specifying introspection response backward compatibility mode", defaultValue = "false") private Boolean introspectionResponseScopesBackwardCompatibility = false; + @DocProperty(description = "Validation type used for software statement") private String softwareStatementValidationType = SoftwareStatementValidationType.DEFAULT.getValue(); + + @DocProperty(description = "Validation claim name for software statement") private String softwareStatementValidationClaimName; + @DocProperty(description = "Authentication Brute Force Protection Configuration") private AuthenticationProtectionConfiguration authenticationProtectionConfiguration; + @DocProperty(description = "A list of possible error handling methods") private ErrorHandlingMethod errorHandlingMethod = ErrorHandlingMethod.INTERNAL; + @DocProperty(description = "Boolean value specifying whether to disable authentication when max_age=0", defaultValue = "false") private Boolean disableAuthnForMaxAgeZero; + + @DocProperty(description = "Boolean value specifying whether to keep authenticator attributes on ACR change", defaultValue = "false") private Boolean keepAuthenticatorAttributesOnAcrChange = false; + + @DocProperty(description = "Expiration time given for device authorization requests") private int deviceAuthzRequestExpiresIn; + + @DocProperty(description = "Default interval returned to the client to process device token requests") private int deviceAuthzTokenPollInterval; - private String deviceAuthzResponseTypeToProcessAuthz; + @DocProperty(description = "Response type used to process device authz requests") + private String deviceAuthzResponseTypeToProcessAuthz; // CIBA + @DocProperty(description = "Backchannel Client Id") private String backchannelClientId; + + @DocProperty(description = "Backchannel Redirect Uri") private String backchannelRedirectUri; + + @DocProperty(description = "Backchannel Authentication Endpoint") private String backchannelAuthenticationEndpoint; + + @DocProperty(description = "Backchannel Device Registration Endpoint") private String backchannelDeviceRegistrationEndpoint; + + @DocProperty(description = "Backchannel Token Delivery Modes Supported") private List backchannelTokenDeliveryModesSupported; + + @DocProperty(description = "Backchannel Authentication Request Signing Alg Values Supported") private List backchannelAuthenticationRequestSigningAlgValuesSupported; + + @DocProperty(description = "Backchannel User Code Parameter Supported") private Boolean backchannelUserCodeParameterSupported; + + @DocProperty(description = "Backchannel Binding Message Pattern") private String backchannelBindingMessagePattern; + + @DocProperty(description = "Backchannel Authentication Response Expires In") private int backchannelAuthenticationResponseExpiresIn; + + @DocProperty(description = "Backchannel Authentication Response Interval") private int backchannelAuthenticationResponseInterval; + + @DocProperty(description = "Backchannel Login Hint Claims") private List backchannelLoginHintClaims; + + @DocProperty(description = "CIBA End User Notification Config") private CIBAEndUserNotificationConfig cibaEndUserNotificationConfig; + + @DocProperty(description = "Specifies the allowable elapsed time in seconds backchannel request processor executes") private int backchannelRequestsProcessorJobIntervalSec; + + @DocProperty(description = "Each backchannel request processor iteration fetches chunk of data to be processed") private int backchannelRequestsProcessorJobChunkSize; + + @DocProperty(description = "Specifies the CIBA Grant life extra time in seconds") private int cibaGrantLifeExtraTimeSec; + + @DocProperty(description = "Specifies the CIBA token expiration time in seconds") private int cibaMaxExpirationTimeAllowedSec; // DPoP + @DocProperty(description = "Demonstration of Proof-of-Possession (DPoP) authorization signing algorithms supported") private List dpopSigningAlgValuesSupported; + + @DocProperty(description = "Demonstration of Proof-of-Possession (DPoP) timeout", defaultValue = "5") private int dpopTimeframe = 5; + + @DocProperty(description = "Demonstration of Proof-of-Possession (DPoP) cache time", defaultValue = "3600") private int dpopJtiCacheTime = 3600; + @DocProperty(description = "Specifies if a token without implicit grant types is allowed") private Boolean allowIdTokenWithoutImplicitGrantType; + @DocProperty(description = "Lifetime of discovery cache", defaultValue = "60") private int discoveryCacheLifetimeInMinutes = 60; + + @DocProperty(description = "List of configuration response claim allowed to be displayed in discovery endpoint") private List discoveryAllowedKeys; + + @DocProperty(description = "List of configuration response claims which must not be displayed in discovery endpoint response") private List discoveryDenyKeys; + @DocProperty(description = "List of enabled feature flags") private List featureFlags; + @DocProperty(description = "Enable/disable request/response logging filter") private Boolean httpLoggingEnabled; // Used in ServletLoggingFilter to enable http request/response logging. + + @DocProperty(description = "This list details the base URIs for which the request/response logging filter will not record activity") private Set httpLoggingExcludePaths; // Used in ServletLoggingFilter to exclude some paths from logger. Paths example: ["/jans-auth/img", "/jans-auth/stylesheet"] + + @DocProperty(description = "The path to the external log4j2 logging configuration") private String externalLoggerConfiguration; // Path to external log4j2 configuration file. This property might be configured from oxTrust: /identity/logviewer/configure - + + @DocProperty(description = "Engine Config which offers an alternative way to build authentication flows in Janssen server") private EngineConfig agamaConfiguration; + @DocProperty(description = "") private SsaConfiguration ssaConfiguration; public Boolean getRequireRequestObjectEncryption() { diff --git a/jans-auth-server/pom.xml b/jans-auth-server/pom.xml index b1b72da4651..860cd244038 100644 --- a/jans-auth-server/pom.xml +++ b/jans-auth-server/pom.xml @@ -406,6 +406,15 @@ 1.8 1.8 UTF-8 + + + io.jans.doc.annotation.DocPropertyProcessor + + + io.jans.doc.annotation.DocFeatureFlagProcessor + + + -Amodule=Janssen Auth Server diff --git a/jans-core/doc/pom.xml b/jans-core/doc/pom.xml new file mode 100644 index 00000000000..16f9791dafb --- /dev/null +++ b/jans-core/doc/pom.xml @@ -0,0 +1,15 @@ + + + jans-core-parent + io.jans + 1.0.5-SNAPSHOT + + + 4.0.0 + jans-doc + jar + jans-doc + + + diff --git a/jans-core/doc/src/main/java/io/jans/doc/annotation/DocFeatureFlag.java b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocFeatureFlag.java new file mode 100644 index 00000000000..8aaed803ba9 --- /dev/null +++ b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocFeatureFlag.java @@ -0,0 +1,16 @@ +package io.jans.doc.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.FIELD) +@Retention(RetentionPolicy.SOURCE) +public @interface DocFeatureFlag { + String description() default "None"; + + boolean isRequired() default false; + + String defaultValue() default "None"; +} diff --git a/jans-core/doc/src/main/java/io/jans/doc/annotation/DocFeatureFlagProcessor.java b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocFeatureFlagProcessor.java new file mode 100644 index 00000000000..cfd64ec56d1 --- /dev/null +++ b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocFeatureFlagProcessor.java @@ -0,0 +1,112 @@ +package io.jans.doc.annotation; + +import javax.annotation.processing.AbstractProcessor; +import javax.annotation.processing.RoundEnvironment; +import javax.annotation.processing.SupportedAnnotationTypes; +import javax.annotation.processing.SupportedOptions; +import javax.lang.model.element.Element; +import javax.lang.model.element.TypeElement; +import javax.tools.Diagnostic; +import javax.tools.FileObject; +import javax.tools.StandardLocation; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +@SupportedAnnotationTypes("io.jans.doc.annotation.DocFeatureFlag") +@SupportedOptions({"module"}) +public class DocFeatureFlagProcessor extends AbstractProcessor { + + String moduleName; + @Override + public boolean process(Set annotations, RoundEnvironment env) { + + moduleName = processingEnv.getOptions().get("module"); + + for (TypeElement annotation : annotations) { + Set annotatedElements = env.getElementsAnnotatedWith(annotation); + + // sort alphabetically + List sortedElements = annotatedElements.stream() + .sorted((prop1, prop2)->prop1.getSimpleName().toString().toLowerCase().compareTo(prop2.getSimpleName().toString().toLowerCase())) + .collect(Collectors.toList()); + + StringBuilder docContents = new StringBuilder(); + StringBuilder tableContents = new StringBuilder(); + StringBuilder detailsContent = new StringBuilder(); + + // prepare document header + prepareDocTagsAndTableHeader(docContents, tableContents); + + // for each feature flag add a row in table and add content for the details section + for (Element element : sortedElements) + { + DocFeatureFlag elementAnnotation = element.getAnnotation(DocFeatureFlag.class); + addToTable(tableContents, element, elementAnnotation); + addToDetails(detailsContent, element, elementAnnotation); + } + tableContents.append("\n\n"); + createAndWriteDoc(docContents.append((tableContents.append(detailsContent.toString())))); + + } + return false; + } + + private void prepareDocTagsAndTableHeader(StringBuilder docContents, StringBuilder tableContents) { + // add tags + docContents.append("---\n") + .append("tags:\n") + .append("- administration\n") + .append("- reference\n") + .append("- json\n") + .append("- feature-flags\n") + .append("---\n") + .append("\n") + .append("# "+moduleName+" Feature Flags") // add doc header + .append("\n") + .append("\n"); + + tableContents.append("| Feature Flag Name ") // prepare table header + .append("| Description ") + .append("| | ") + .append("\n") + .append("|-----|-----|-----|") + .append("\n"); + } + + private void createAndWriteDoc(StringBuilder docContent) { + + FileObject docFile = null; + try{ + docFile = processingEnv.getFiler().createResource(StandardLocation.CLASS_OUTPUT, "", moduleName.toLowerCase().replaceAll("\\s", "")+"-feature-flags.md"); + } + catch (IOException ioe){ + processingEnv.getMessager().printMessage(Diagnostic.Kind.ERROR, this.getClass().getName()+": Error occurred while creating annotation documentation file"); + } + if(docFile!=null){ + try(PrintWriter docWriter = new PrintWriter(docFile.openWriter());) { + docWriter.write(docContent.toString()); + docWriter.flush(); + } catch (IOException e) { + processingEnv.getMessager().printMessage(Diagnostic.Kind.ERROR, this.getClass().getName()+": Error occurred while writing annotation documentation file"); + } + } + } + + private static void addToDetails(StringBuilder propDetails, Element jansElement, DocFeatureFlag featureFlagAnnotation) { + propDetails.append("### "+ jansElement.getSimpleName()+"\n\n"); + propDetails.append("- Description: "+ featureFlagAnnotation.description()+"\n\n"); + propDetails.append("- Required: "+ (featureFlagAnnotation.isRequired()?"Yes":"No")+"\n\n"); + propDetails.append("- Default value: "+ featureFlagAnnotation.defaultValue()+"\n\n"); + propDetails.append("\n"); + } + + private static void addToTable(StringBuilder propTable, Element jansElement, DocFeatureFlag featureFlagAnnotation) { + propTable.append("| "+ jansElement.getSimpleName()+" "); + propTable.append("| "+ featureFlagAnnotation.description()+" "); + propTable.append("| [Details](#"+jansElement.getSimpleName().toString().toLowerCase()+") |"); + propTable.append("\n"); + } +} diff --git a/jans-core/doc/src/main/java/io/jans/doc/annotation/DocProperty.java b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocProperty.java new file mode 100644 index 00000000000..6be3b7d3be2 --- /dev/null +++ b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocProperty.java @@ -0,0 +1,16 @@ +package io.jans.doc.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.FIELD) +@Retention(RetentionPolicy.SOURCE) +public @interface DocProperty { + String description() default "None"; + + boolean isRequired() default false; + + String defaultValue() default "None"; +} diff --git a/jans-core/doc/src/main/java/io/jans/doc/annotation/DocPropertyProcessor.java b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocPropertyProcessor.java new file mode 100644 index 00000000000..c1ed4270dce --- /dev/null +++ b/jans-core/doc/src/main/java/io/jans/doc/annotation/DocPropertyProcessor.java @@ -0,0 +1,120 @@ +package io.jans.doc.annotation; + +import javax.annotation.processing.AbstractProcessor; +import javax.annotation.processing.RoundEnvironment; +import javax.annotation.processing.SupportedAnnotationTypes; +import javax.annotation.processing.SupportedOptions; +import javax.lang.model.element.Element; +import javax.lang.model.element.TypeElement; +import javax.tools.Diagnostic; +import javax.tools.FileObject; +import javax.tools.StandardLocation; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +@SupportedAnnotationTypes("io.jans.doc.annotation.DocProperty") +@SupportedOptions({"module"}) +public class DocPropertyProcessor extends AbstractProcessor { + + String moduleName; + + // This method would be called once per class containing annotated elements + @Override + public boolean process(Set annotations, RoundEnvironment env) { + + moduleName = processingEnv.getOptions().get("module"); + + // Loop iterates once per supported annotation type by this processor + for (TypeElement annotation : annotations) { + + // Get all the elements that are annotated by a particular annotation located across classes in this module + Set annotatedProperties = env.getElementsAnnotatedWith(annotation); + + // sort alphabetically + List sortedProperties = annotatedProperties.stream() + .sorted((prop1, prop2)->prop1.getSimpleName().toString().toLowerCase().compareTo(prop2.getSimpleName().toString().toLowerCase())) + .collect(Collectors.toList()); + + StringBuilder docContents = new StringBuilder(); + StringBuilder tableContents = new StringBuilder(); + StringBuilder detailsContent = new StringBuilder(); + + // prepare document header + prepareDocTagsAndTableHeader(docContents, tableContents); + + // for each property add a row in table and add content for the details section + for (Element jansProperty : sortedProperties) + { + DocProperty propertyAnnotation = jansProperty.getAnnotation(DocProperty.class); + addToTable(tableContents, jansProperty, propertyAnnotation); + addToDetails(detailsContent, jansProperty, propertyAnnotation); + } + tableContents.append("\n\n"); + docContents.append((tableContents.append(detailsContent.toString()))); + createAndWriteDoc(docContents); + + } + return false; + } + + private void prepareDocTagsAndTableHeader(StringBuilder docContents, StringBuilder tableContents) { + + // add tags + docContents.append("---\n") + .append("tags:\n") + .append("- administration\n") + .append("- reference\n") + .append("- json\n") + .append("- properties\n") + .append("---\n") + .append("\n") + .append("# "+moduleName+" Configuration Properties") // add doc headers + .append("\n") + .append("\n"); + + tableContents.append("| Property Name ") // prepare table header + .append("| Description ") + .append("| | ") + .append("\n") + .append("|-----|-----|-----|") + .append("\n"); + } + + private void createAndWriteDoc(StringBuilder docContent) { + + FileObject docFile = null; + try{ + docFile = processingEnv.getFiler().createResource(StandardLocation.CLASS_OUTPUT, "", moduleName.toLowerCase().replaceAll("\\s", "")+"-properties.md"); + } + catch (IOException ioe){ + processingEnv.getMessager().printMessage(Diagnostic.Kind.ERROR, this.getClass().getName()+": Error occurred while creating annotation documentation file"); + } + if(docFile!=null){ + try(PrintWriter docWriter = new PrintWriter(docFile.openWriter());) { + docWriter.write(docContent.toString()); + docWriter.flush(); + } catch (IOException e) { + processingEnv.getMessager().printMessage(Diagnostic.Kind.ERROR, this.getClass().getName()+": Error occurred while writing annotation documentation file"); + } + } + + } + + private static void addToDetails(StringBuilder propDetails, Element jansProperty, DocProperty propertyAnnotation) { + propDetails.append("### "+ jansProperty.getSimpleName()+"\n\n"); + propDetails.append("- Description: "+ propertyAnnotation.description()+"\n\n"); + propDetails.append("- Required: "+ (propertyAnnotation.isRequired()?"Yes":"No")+"\n\n"); + propDetails.append("- Default value: "+ propertyAnnotation.defaultValue()+"\n\n"); + propDetails.append("\n"); + } + + private static void addToTable(StringBuilder propTable, Element jansProperty, DocProperty propertyAnnotation) { + propTable.append("| "+ jansProperty.getSimpleName()+" "); + propTable.append("| "+ propertyAnnotation.description()+" "); + propTable.append("| [Details](#"+jansProperty.getSimpleName().toString().toLowerCase()+") |"); + propTable.append("\n"); + } +} diff --git a/jans-core/pom.xml b/jans-core/pom.xml index 98ff17a8fca..2494a78ef93 100644 --- a/jans-core/pom.xml +++ b/jans-core/pom.xml @@ -56,6 +56,7 @@ radius demo-cdi uma-rs-core + doc diff --git a/jans-fido2/model/pom.xml b/jans-fido2/model/pom.xml index 1d4312867a1..ea888e9b435 100644 --- a/jans-fido2/model/pom.xml +++ b/jans-fido2/model/pom.xml @@ -47,6 +47,11 @@ jakarta.servlet-api provided + + io.jans + jans-doc + ${project.version} + \ No newline at end of file diff --git a/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/AppConfiguration.java b/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/AppConfiguration.java index bf341cc7077..e251163df7f 100644 --- a/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/AppConfiguration.java +++ b/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/AppConfiguration.java @@ -12,6 +12,7 @@ import io.jans.as.model.configuration.Configuration; +import io.jans.doc.annotation.DocProperty; import jakarta.enterprise.inject.Vetoed; /** * Represents the configuration JSON file. @@ -23,23 +24,31 @@ @Vetoed public class AppConfiguration implements Configuration { + @DocProperty(description = "URL using the https scheme for Issuer identifier") private String issuer; + @DocProperty(description = "The base URL for Fido2 endpoints") private String baseEndpoint; - + @DocProperty(description = "Time interval for the Clean Service in seconds") private int cleanServiceInterval; + @DocProperty(description = "Each clean up iteration fetches chunk of expired data per base dn and removes it from storage") private int cleanServiceBatchChunkSize = 100; - + @DocProperty(description = "Boolean value to indicate if Local Cache is to be used") private boolean useLocalCache; - + @DocProperty(description = "Boolean value specifying whether to enable JDK Loggers") private boolean disableJdkLogger = true; + @DocProperty(description = "Logging level for Fido2 logger") private String loggingLevel; + @DocProperty(description = "Logging layout used for Fido2") private String loggingLayout; + @DocProperty(description = "Path to external Fido2 logging configuration") private String externalLoggerConfiguration; - + @DocProperty(description = "The interval for metric reporter in seconds") private int metricReporterInterval; + @DocProperty(description = "The days to keep report data") private int metricReporterKeepDataDays; + @DocProperty(description = "Boolean value specifying whether metric reporter is enabled") private boolean metricReporterEnabled = true; - + @DocProperty(description = "Custom object class list for dynamic person enrolment") private List personCustomObjectClassList; private Fido2Configuration fido2Configuration; diff --git a/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java b/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java index 2763163db2f..1bc56f323e2 100644 --- a/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java +++ b/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java @@ -10,6 +10,7 @@ import java.util.List; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import io.jans.doc.annotation.DocProperty; /** * FIDO 2 configuration @@ -19,23 +20,28 @@ @JsonIgnoreProperties(ignoreUnknown = true) public class Fido2Configuration { + @DocProperty(description = "Authenticators certificates folder") private String authenticatorCertsFolder; - + @DocProperty(description = "MDS access token") private String mdsAccessToken; + @DocProperty(description = "MDS TOC root certificates folder") private String mdsCertsFolder; + @DocProperty(description = "MDS TOC files folder") private String mdsTocsFolder; - + @DocProperty(description = "Boolean value indicating if U2f attestation needs to be checked") private boolean checkU2fAttestations = false; - + @DocProperty(description = "Allow to enroll users on enrollment/authentication requests") private boolean userAutoEnrollment = false; + @DocProperty(description = "Expiration time in seconds for pending enrollment/authentication requests") private int unfinishedRequestExpiration = 120; // 120 seconds + @DocProperty(description = "Expiration time in seconds for approved authentication requests") private int authenticationHistoryExpiration = 15 * 24 * 3600; // 15 days - + @DocProperty(description = "Authenticators metadata in json format") private String serverMetadataFolder; - + @DocProperty(description = "List of Requested Credential Types") private List requestedCredentialTypes = new ArrayList(); - + @DocProperty(description = "Authenticators metadata in json format") private List requestedParties = new ArrayList(); public String getAuthenticatorCertsFolder() { diff --git a/jans-fido2/pom.xml b/jans-fido2/pom.xml index 46cd11b8cc1..521e28afd50 100644 --- a/jans-fido2/pom.xml +++ b/jans-fido2/pom.xml @@ -116,6 +116,16 @@ org.apache.maven.plugins maven-compiler-plugin 3.1 + + + + io.jans.doc.annotation.DocPropertyProcessor + + + + -Amodule=Fido2 + + org.apache.maven.plugins diff --git a/jans-scim/model/pom.xml b/jans-scim/model/pom.xml index 20cf2ff4015..62ea04a7a56 100644 --- a/jans-scim/model/pom.xml +++ b/jans-scim/model/pom.xml @@ -26,6 +26,11 @@ io.jans jans-core-model + + io.jans + jans-doc + ${project.version} + diff --git a/jans-scim/model/src/main/java/io/jans/scim/model/conf/AppConfiguration.java b/jans-scim/model/src/main/java/io/jans/scim/model/conf/AppConfiguration.java index c23efb53633..84fe9abafcc 100644 --- a/jans-scim/model/src/main/java/io/jans/scim/model/conf/AppConfiguration.java +++ b/jans-scim/model/src/main/java/io/jans/scim/model/conf/AppConfiguration.java @@ -1,6 +1,7 @@ package io.jans.scim.model.conf; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import io.jans.doc.annotation.DocProperty; import java.io.Serializable; @@ -14,31 +15,41 @@ public class AppConfiguration implements Configuration, Serializable { private static final long serialVersionUID = -8991383390239617013L; + @DocProperty(description = "Application config Base DN") private String baseDN; - + @DocProperty(description = "Application base URL") private String applicationUrl; - + @DocProperty(description = "SCIM base endpoint URL") private String baseEndpoint; - + @DocProperty(description = "Person Object Class") private String personCustomObjectClass; - + @DocProperty(description = "Jans Auth - Issuer identifier") private String oxAuthIssuer; - + @DocProperty(description = "SCIM Protection Mode") private ScimMode protectionMode; + @DocProperty(description = "Maximum number of results per page") private int maxCount; + @DocProperty(description = "Specifies maximum bulk operations") private int bulkMaxOperations; + @DocProperty(description = "Specifies maximum payload size of bulk operations") private long bulkMaxPayloadSize; + @DocProperty(description = "User Extension Schema URI") private String userExtensionSchemaURI; - + @DocProperty(description = "Logging level for scim logger") private String loggingLevel; + @DocProperty(description = "Logging layout used for Server loggers") private String loggingLayout; + @DocProperty(description = "Path to external log4j2 logging configuration") private String externalLoggerConfiguration; - + @DocProperty(description = "The interval for metric reporter in seconds") private int metricReporterInterval; + @DocProperty(description = "The days to keep metric reported data") private int metricReporterKeepDataDays; + @DocProperty(description = "Metric reported data enabled flag") private Boolean metricReporterEnabled; + @DocProperty(description = "Boolean value specifying whether to enable JDK Loggers") private Boolean disableJdkLogger = true; - + @DocProperty(description = "Boolean value specifying whether to enable local in-memory cache") private Boolean useLocalCache = false; public String getBaseDN() { diff --git a/jans-scim/pom.xml b/jans-scim/pom.xml index 2c261edbe21..b80e1b0dd60 100644 --- a/jans-scim/pom.xml +++ b/jans-scim/pom.xml @@ -87,6 +87,19 @@ org.apache.maven.plugins maven-compiler-plugin 3.1 + + + + io.jans.doc.annotation.DocPropertyProcessor + + + io.jans.doc.annotation.DocFeatureFlagProcessor + + + + -Amodule=SCIM + + org.apache.maven.plugins diff --git a/mkdocs.yml b/mkdocs.yml index da779caf344..0b07961774a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -409,10 +409,16 @@ nav: - 'Converting Data': 'admin/reference/database/converting-data.md' - 'JSON Configuration/Properties': - 'admin/reference/json/README.md' - - 'Auth Server': 'admin/reference/json/auth-server.md' - - 'FIDO': 'admin/reference/json/fido.md' - - 'SCIM': 'admin/reference/json/scim.md' - - 'Config API': 'admin/reference/json/config-api.md' + - 'Properties': + - 'admin/reference/json/properties/README.md' + - 'Auth Server': 'admin/reference/json/properties/janssenauthserver-properties.md' + - 'FIDO': 'admin/reference/json/properties/fido2-properties.md' + - 'SCIM': 'admin/reference/json/properties/scim-properties.md' + - 'Config API': 'admin/reference/json/properties/config-api-properties.md' + - 'Feature Flags': + - 'admin/reference/json/feature-flags/README.md' + - 'Auth Server': 'admin/reference/json/feature-flags/janssenauthserver-feature-flags.md' + - 'Kubernetes': - 'admin/reference/kubernetes/README.md' - 'Helm Chart': 'admin/reference/kubernetes/helm-chart.md'