diff --git a/jans-linux-setup/jans_setup/jans_setup.py b/jans-linux-setup/jans_setup/jans_setup.py
index ffbee70d683..ff960384242 100755
--- a/jans-linux-setup/jans_setup/jans_setup.py
+++ b/jans-linux-setup/jans_setup/jans_setup.py
@@ -148,7 +148,7 @@ def ami_packaged():
from setup_app.installers.jans_casa import CasaInstaller
from setup_app.installers.jans_saml import JansSamlInstaller
-
+ from setup_app.installers.jans_lock import JansLockInstaller
from setup_app.installers.config_api import ConfigApiInstaller
from setup_app.installers.jans_cli import JansCliInstaller
@@ -271,6 +271,7 @@ def ami_packaged():
jans_link_installer = JansLinkInstaller()
jans_keycloak_link_installer = JansKCLinkInstaller()
jans_saml_installer = JansSamlInstaller()
+ jans_lock_installer = JansLockInstaller()
jansCliInstaller = JansCliInstaller()
@@ -470,6 +471,10 @@ def do_installation():
not Config.installed_instance and Config.get(jans_saml_installer.install_var)):
jans_saml_installer.start_installation()
+ if (Config.installed_instance and jans_lock_installer.install_var in Config.addPostSetupService) or (
+ not Config.installed_instance and Config.get(jans_lock_installer.install_var)):
+ jans_lock_installer.start_installation()
+
# if (Config.installed_instance and 'installOxd' in Config.addPostSetupService) or (not Config.installed_instance and Config.installOxd):
# oxdInstaller.start_installation()
jansInstaller.post_install_before_saving_properties()
diff --git a/jans-linux-setup/jans_setup/setup_app/config.py b/jans-linux-setup/jans_setup/setup_app/config.py
index 018050bf5f9..7adf4d58b21 100644
--- a/jans-linux-setup/jans_setup/setup_app/config.py
+++ b/jans-linux-setup/jans_setup/setup_app/config.py
@@ -208,6 +208,7 @@ def progress(self, service_name, msg, incr=False):
self.allowPreReleasedFeatures = False
self.install_jans_saml = False
self.install_jans_keycloak_link = False
+ self.install_jans_lock = False
# backward compatibility
self.os_type = base.os_type
diff --git a/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json b/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json
index 66f566e46da..a259bf4b73a 100644
--- a/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json
+++ b/jans-linux-setup/jans_setup/setup_app/data/jetty_app_configuration.json
@@ -15,7 +15,7 @@
"memory": {
"max_allowed_mb": 512,
"jvm_heap_ration": 0.7,
- "ratio": 0.10
+ "ratio": 0.08
},
"jetty": {
"modules": "server,deploy,resources,http,http-forwarded,threadpool,console-capture,jsp"
@@ -39,7 +39,7 @@
"memory": {
"max_allowed_mb": 1024,
"jvm_heap_ration": 0.7,
- "ratio": 0.10
+ "ratio": 0.08
},
"jetty": {
"modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
@@ -63,7 +63,7 @@
"memory": {
"max_allowed_mb": 1024,
"jvm_heap_ration": 0.7,
- "ratio": 0.10
+ "ratio": 0.08
},
"jetty": {
"modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
@@ -88,12 +88,24 @@
"memory": {
"max_allowed_mb": 1024,
"jvm_heap_ration": 0.7,
- "ratio": 0.10
+ "ratio": 0.08
},
"jetty": {
"modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
},
"installed": false,
"name": "jans-keycloak-link"
+ },
+ "jans-lock": {
+ "memory": {
+ "max_allowed_mb": 1024,
+ "jvm_heap_ration": 0.7,
+ "ratio": 0.08
+ },
+ "jetty": {
+ "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
+ },
+ "installed": false,
+ "name": "jans-lock"
}
}
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/base.py b/jans-linux-setup/jans_setup/setup_app/installers/base.py
index d05be4052d0..7b0b1ac9a25 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/base.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/base.py
@@ -49,7 +49,8 @@ def start_installation(self):
def render_unit_file(self, unit=None):
# render unit file
-
+ if getattr(self, 'no_unit_file', False):
+ return
units = self.get_systemd_service_list(unit)
for unit in units:
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans.py b/jans-linux-setup/jans_setup/setup_app/installers/jans.py
index 340a8a12fd7..e6c0e0a4f19 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans.py
@@ -77,12 +77,15 @@ def get_install_string(prefix, install_var):
txt += get_install_string('Install Auth Server', 'installOxAuth')
txt += get_install_string('Install Jans Config API', 'install_config_api')
if Config.profile == 'jans':
- txt += get_install_string('Install Fido2 Server', 'installFido2')
- txt += get_install_string('Install Scim Server', 'install_scim_server')
- txt += get_install_string('Install Jans Link Server', 'install_jans_link')
- txt += get_install_string('Install Jans KC Link Server', 'install_jans_keycloak_link')
- txt += get_install_string('Install Jans Casa Server', 'install_casa')
- txt += get_install_string('Install Jans SAML', 'install_jans_saml')
+ for prompt_str, install_var in (
+ ('Install Fido2 Server', 'installFido2'),
+ ('Install Scim Server', 'install_scim_server'),
+ ('Install Jans Link Server', 'install_jans_link'),
+ ('Install Jans KC Link Server', 'install_jans_keycloak_link'),
+ ('Install Jans Casa Server', 'install_casa'),
+ ('Install Jans Lock', 'install_jans_lock'),
+ ('Install Jans SAML', 'install_jans_saml')):
+ txt += get_install_string(prompt_str, install_var)
if Config.profile == 'jans' and Config.installEleven:
@@ -637,6 +640,7 @@ def order_services(self):
('jans-fido2', 'installFido2'),
('jans-link', 'install_jans_link'),
('jans-scim', 'install_scim_server'),
+ ('jans-lock', 'install_jans_lock_as_server'),
('saml', 'install_jans_saml'),
('jans-keycloak-link', 'install_jans_keycloak_link'),
]
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
new file mode 100644
index 00000000000..fead8c3d94a
--- /dev/null
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
@@ -0,0 +1,77 @@
+import os
+import glob
+import shutil
+from pathlib import Path
+
+from setup_app import paths
+from setup_app.utils import base
+from setup_app.static import AppType, InstallOption
+from setup_app.config import Config
+from setup_app.installers.jetty import JettyInstaller
+
+Config.jans_lock_port = '8076'
+
+class JansLockInstaller(JettyInstaller):
+
+ source_files = [
+ (os.path.join(Config.dist_jans_dir, 'jans-lock.war'), os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-lock-server/{0}/jans-lock-server-{0}.war').format(base.current_app.app_info['jans_version'])),
+ (os.path.join(Config.dist_jans_dir, 'jans-lock-service.jar'), os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-lock-service/{0}/jans-lock-service-{0}.jar').format(base.current_app.app_info['jans_version'])),
+ ]
+
+ def __init__(self):
+ setattr(base.current_app, self.__class__.__name__, self)
+ self.service_name = 'jans-lock'
+ self.needdb = True
+ self.app_type = AppType.SERVICE
+ self.install_type = InstallOption.OPTONAL
+ self.install_var = 'install_jans_lock'
+ self.register_progess()
+
+ self.output_dir = os.path.join(Config.output_dir, self.service_name)
+ self.template_dir = os.path.join(Config.templateFolder, self.service_name)
+ self.dynamic_conf_json = os.path.join(self.output_dir, 'dynamic-conf.json')
+ self.error_json = os.path.join(self.output_dir, 'errors.json')
+ self.static_conf_json = os.path.join(self.output_dir, 'static-conf.json')
+ self.config_ldif = os.path.join(self.output_dir, 'config.ldif')
+
+ def install(self):
+
+ if Config.get('install_jans_lock_as_server'):
+ self.install_as_server()
+ else:
+ self.no_unit_file = True
+ self.install_as_service()
+
+
+ def install_as_server(self):
+ self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+ self.logIt(f"Copying {self.source_files[0][0]} into jetty webapps folder...")
+ self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
+ self.enable()
+
+ def install_as_service(self):
+ plugin_name = os.path.basename(self.source_files[1][0])
+ self.logIt(f"Adding plugin {plugin_name} to jans-auth")
+ self.copyFile(self.source_files[1][0], base.current_app.JansAuthInstaller.custom_lib_dir)
+ plugin_class_path = os.path.join(base.current_app.JansAuthInstaller.custom_lib_dir, plugin_name)
+ base.current_app.JansAuthInstaller.add_extra_class(plugin_class_path)
+ self.chown(plugin_class_path, Config.jetty_user, Config.jetty_group)
+
+
+ def render_import_templates(self):
+
+ self.renderTemplateInOut(self.dynamic_conf_json, self.template_dir, self.output_dir)
+ self.renderTemplateInOut(self.error_json, self.template_dir, self.output_dir)
+ self.renderTemplateInOut(self.static_conf_json, self.template_dir, self.output_dir)
+
+ Config.templateRenderingDict['lock_dynamic_conf_base64'] = self.generate_base64_file(self.dynamic_conf_json, 1)
+ Config.templateRenderingDict['lock_error_base64'] = self.generate_base64_file(self.error_json, 1)
+ Config.templateRenderingDict['lock_static_conf_base64'] = self.generate_base64_file(self.static_conf_json, 1)
+
+ self.renderTemplateInOut(self.config_ldif, self.template_dir, self.output_dir)
+
+ ldif_files = [self.config_ldif]
+ self.dbUtils.import_ldif(ldif_files)
+
+ def installed(self):
+ return os.path.exists(self.jetty_service_webapps) or os.path.exists(os.path.join(base.current_app.JansAuthInstaller.custom_lib_dir, os.path.basename(self.source_files[1][0])))
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jetty.py b/jans-linux-setup/jans_setup/setup_app/installers/jetty.py
index 99b668d9224..6d2831d7a4a 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jetty.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jetty.py
@@ -339,6 +339,7 @@ def calculate_selected_aplications_memory(self):
('installFido2', 'jans-fido2'),
('install_config_api', 'jans-config-api'),
('installEleven', 'jans-eleven'),
+ ('install_jans_lock_as_server', 'jans-lock'),
]:
if Config.get(config_var) and service in self.jetty_app_configuration:
diff --git a/jans-linux-setup/jans_setup/setup_app/setup_options.py b/jans-linux-setup/jans_setup/setup_app/setup_options.py
index 42923987ac0..fee3ab21696 100644
--- a/jans-linux-setup/jans_setup/setup_app/setup_options.py
+++ b/jans-linux-setup/jans_setup/setup_app/setup_options.py
@@ -22,6 +22,7 @@ def get_setup_options():
'install_jans_keycloak_link': False,
'install_casa': False,
'install_jans_saml': False,
+ 'install_jans_lock': False,
'loadTestData': False,
'allowPreReleasedFeatures': False,
'listenAllInterfaces': False,
@@ -115,6 +116,8 @@ def get_setup_options():
setupOptions['install_casa'] = True
if base.argsp.install_jans_saml:
setupOptions['install_jans_saml'] = True
+ if base.argsp.install_jans_lock:
+ setupOptions['install_jans_lock'] = True
if base.argsp.jans_max_mem:
setupOptions['jans_max_mem'] = base.argsp.jans_max_mem
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
index 406ef7029bd..21e2dc38de8 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
@@ -101,6 +101,8 @@
parser.add_argument('--with-casa', help="Install Jans Casa Server", action='store_true')
parser.add_argument('--install-jans-saml', help="Install Jans SAML", action='store_true')
+ parser.add_argument('--install-jans-lock', help="Install Jans Lock", action='store_true')
+
#parser.add_argument('--oxd-use-jans-storage', help="Use Jans Storage for Oxd Server", action='store_true')
parser.add_argument('--load-config-api-test', help="Load Config Api Test Data", action='store_true')
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
index 443469c4252..9cd2bbb0b57 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
@@ -647,6 +647,33 @@ def prompt_to_install(self, install_var):
return True
+
+ def pompt_for_jans_lock(self):
+ if not self.prompt_to_install('install_jans_lock'):
+ return
+
+ prompt = self.getPrompt("Install Jans Lock?",
+ self.getDefaultOption(Config.install_jans_lock)
+ )[0].lower()
+
+
+
+ if prompt == 'y':
+ prompt = self.getPrompt("Install Jans Lock as Server?",
+ self.getDefaultOption(Config.install_jans_lock)
+ )[0].lower()
+ if prompt == 'y':
+ Config.install_jans_lock = True
+ Config.install_jans_lock_as_server = True
+ else:
+ prompt = self.getPrompt("Install Jans Lock as Auth Service?", self.getDefaultOption(True))[0].lower()
+ if prompt == 'y':
+ Config.install_jans_lock = True
+
+
+ if Config.installed_instance and Config.install_jans_lock:
+ Config.addPostSetupService.append('install_jans_lock')
+
def prompt_for_jans_saml(self):
if not self.prompt_to_install('install_jans_saml'):
return
@@ -1016,7 +1043,7 @@ def promptForProperties(self):
self.prompt_for_jans_link()
self.prompt_for_jans_keycloak_link()
self.prompt_for_casa()
-
+ self.pompt_for_jans_lock()
self.prompt_for_jans_saml()
#self.promptForEleven()
#if (not Config.installOxd) and Config.oxd_package:
diff --git a/jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service b/jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service
new file mode 100644
index 00000000000..6517080f7cc
--- /dev/null
+++ b/jans-linux-setup/jans_setup/static/system/systemd/jans-lock.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Janssen Lock Service
+After=%(order_jans_lock_service)s
+
+[Service]
+Type=forking
+ExecStart=/opt/dist/scripts/jans-lock start
+ExecStop=/opt/dist/scripts/jans-lock stop
+User=jetty
+Group=jetty
+
+[Install]
+WantedBy=multi-user.target
diff --git a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
index 14234d41dcb..324695f3f08 100644
--- a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
+++ b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
@@ -103,6 +103,13 @@
Allow from all
+
+ Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly
+ ProxyPass http://localhost:%(jans_lock_port)s/jans-lock retry=5 connectiontimeout=60 timeout=60
+ Order deny,allow
+ Allow from all
+
+
SSLVerifyClient optional_no_ca
SSLVerifyDepth 10
diff --git a/jans-linux-setup/jans_setup/templates/jans-lock/lock.ldif b/jans-linux-setup/jans_setup/templates/jans-lock/config.ldif
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/jans-lock/lock.ldif
rename to jans-linux-setup/jans_setup/templates/jans-lock/config.ldif
diff --git a/jans-linux-setup/jans_setup/templates/jans-lock/jans-lock-errors.json b/jans-linux-setup/jans_setup/templates/jans-lock/errors.json
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/jans-lock/jans-lock-errors.json
rename to jans-linux-setup/jans_setup/templates/jans-lock/errors.json
diff --git a/jans-linux-setup/jans_setup/templates/jetty/jans-lock b/jans-linux-setup/jans_setup/templates/jetty/jans-lock
new file mode 100644
index 00000000000..aec37412e06
--- /dev/null
+++ b/jans-linux-setup/jans_setup/templates/jetty/jans-lock
@@ -0,0 +1,11 @@
+JAVA_HOME=%(jre_home)s
+JAVA=$JAVA_HOME/bin/java
+JAVA_OPTIONS="-server -Xms%(jans-lock_min_heap_mem)sm -Xmx%(jans-lock_max_heap_mem)sm -XX:+DisableExplicitGC -Djans.base=%(jansBaseFolder)s -Dserver.base=%(jetty_base)s/jans-lock -Dlog.base=%(jetty_base)s/jans-lock -Dpython.home=%(jython_home)s"
+
+JETTY_HOME=%(jetty_home)s
+JETTY_BASE=%(jetty_base)s/jans-lock
+JETTY_USER=%(jetty_user)s
+JETTY_ARGS="jetty.http.host=localhost jetty.http.port=%(jans_lock_port)s"
+TMPDIR=%(jetty_dist)s/temp
+
+export PYTHON_HOME=%(jython_home)s