JanssenProject · moabu · Apr 4, 2024 · Mar 20, 2024 · Mar 25, 2024 · Mar 26, 2024
diff --git a/docs/casa/plugins/bioid.md b/docs/casa/plugins/bioid.md
@@ -0,0 +1,47 @@
+# BioID plugin
+
+## Overview
+This plugin allows users to enroll their BioID facial biometrics. 
+
+## Requirements
+- A Janssen server installation with Casa installed
+- A BioID account. Register on the [BioID site](https://bwsportal.bioid.com/register) 
+- Application credentials from the BWS Portal. Please register an application against your account. You will need the app identifier, app secret, storage and partition. 
+
+## Installation
+
+1. [Download the plugin jar]()
+1. Log into Casa as an administrator, navigate to `Administration Console > Casa plugins` and add the plugin jar
+1. Using the TUI, enable the `agama` custom script
+1. Run the following commands to generate the Agama flow file:
+
+```
+git clone --depth 1 --branch main --no-checkout https://github.com/JanssenProject/jans.git
+cd jans/jans-casa/plugins/bioid/extras/agama
+zip -r casa-bioid.gama ./*
+```
+1. Transfer the `casa-bioid.gama` file to the server, and deploy it using the TUI
+1. Using the TUI, export the sample configuration, edit it according to the specification below and import it back in
+
+## Agama Configuration
+```
+{
+  "io.jans.agama.bioid.enroll": {
+    "host": "https://<HOSTNAME>/jans-auth/fl/callback",
+    "endpoint": "https://bws.bioid.com/extension/",
+    "appIdentifier": "",
+    "appSecret": "",
+    "storage": "",
+    "partition": ""
+  }
+}
+```
+- `host`: Replace `<HOSTNAME>` with the hostname of your server
+- `endpoint`: BioID API endpoint. Leave as default
+- `appIdentifier`: The app identifier string from BWS Portal - Configuration
+- `appSecret`: The app secret from BWS Portal - Configuration
+- `storage`: Storage value from BWS Portal - Configuration
+- `partition`: Partition value from BWS Portal - Configuration
+
+## How to use
+The plugin provides a user menu. When clicking the `Click to Enroll` button, Casa launches the `io.jans.agama.bioid.enroll` flow on the authorization server. This flow queries the BioID database for existing enrollments for the user. If the user has not enrolled, the flow presents the BWS GUI for enrollment. Upon success, the flow redirects back to a Casa landing page. Deletion of credentials is not supported as of now because Casa is unaware of enrollment status of a user.
@@ -0,0 +1,41 @@
+<configuration scan="true">
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+      <pattern>%date [%thread] %-5level %logger{35} - %msg%n</pattern>
+    </encoder>
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>OFF</level> <!-- change to DEBUG to mimic '-consolelog' behaviour -->
+    </filter>
+  </appender>
+
+  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <File>${org.eclipse.m2e.log.dir}/0.log</File>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <FileNamePattern>${org.eclipse.m2e.log.dir}/%i.log</FileNamePattern>
+      <MinIndex>1</MinIndex>
+      <MaxIndex>10</MaxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <MaxFileSize>100MB</MaxFileSize>
+    </triggeringPolicy>
+    <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+      <pattern>%date [%thread] %-5level %logger{35} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="EclipseLog" class="org.eclipse.m2e.logback.appender.EclipseLogAppender">
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>WARN</level>
+    </filter>
+  </appender>
+
+  <appender name="MavenConsoleLog" class="org.eclipse.m2e.logback.appender.MavenConsoleAppender">
+  </appender>
+
+  <root level="INFO">
+    <appender-ref ref="FILE" />
+    <appender-ref ref="STDOUT" />
+    <appender-ref ref="EclipseLog" />
+    <appender-ref ref="MavenConsoleLog" />
+  </root>
+</configuration>
@@ -0,0 +1,22 @@
+Flow io.jans.agama.bioid.enroll
+    Basepath ""
+    Configs conf
+    Inputs bioid_enrollment_code login_hint
+bioid = Call io.jans.agama.bioid.BioIdService#new conf
+idp = Call io.jans.agama.bioid.IdentityProcessor#new 
+bioid_verification = Call idp validateBioIdCode login_hint bioid_enrollment_code 
+When bioid_verification is false
+    error_map = {success:false, error: "Failed to verify BioID code"}
+    Finish error_map
+enrolled = Call bioid isEnrolled login_hint 
+When enrolled is false
+    token = Call bioid getBWSToken login_hint "enroll"
+    enroll_map = {token:token, return_url:conf.host, state: "abcdef"}
+    enroll_result = RRF "bioid.ftlh" enroll_map true
+    When enroll_result.error is not null
+        error_map = {success:false, error: "Enrollment failed; please try again later."}
+        Finish error_map
+    success_map = {success:true, data: {userId: login_hint, status: "success"}}
+    Finish success_map
+error_map = {success:true, data: {status: "enrolled", userId: login_hint}}
+Finish error_map
@@ -0,0 +1,18 @@
+{
+    "projectName": "casa-bioid",
+    "author": "SafinWasi",
+    "type": "Community",
+    "version": "1.0.0",
+    "description": "A helper project for Jans Casa BioID plugin",
+    "noDirectLaunch": [],
+    "configs": {
+        "io.jans.agama.bioid.enroll": {
+            "host": "https://<hostname>/jans-auth/fl/callback",
+            "endpoint": "https://bws.bioid.com/extension/",
+            "appIdentifier": "",
+            "appSecret": "",
+            "storage": "",
+            "partition": ""
+        }
+    }
+}