JanssenProject · yuriyz · Jun 10, 2024 · Jun 9, 2024
@@ -15,6 +15,8 @@
 from setup_app.installers.jetty import JettyInstaller
 from setup_app.static import AppType, InstallOption, SetupProfiles
 
+Config.jans_auth_port = '8081'
+
 class JansAuthInstaller(JettyInstaller):
 
     source_files = [

@@ -49,7 +49,7 @@ def __init__(self):
         self.opa_dir = os.path.join(Config.opt_dir, 'opa')
         self.opa_bin_dir = os.path.join(self.opa_dir, 'bin')
         self.opa_log_dir = os.path.join(self.opa_dir, 'logs')
-
+        self.base_endpoint = 'jans-lock' if Config.get('install_jans_lock_as_server') else 'jans-auth'
 
     def install(self):
         if Config.get('install_jans_lock_as_server'):
@@ -71,6 +71,7 @@ def install(self):
             base.current_app.ConfigApiInstaller.source_files.append(self.source_files[3])
             base.current_app.ConfigApiInstaller.install_plugin('lock-plugin')
 
+        self.apache_lock_config()
 
     def install_as_server(self):
         self.installJettyService(self.jetty_app_configuration[self.service_name], True)
@@ -110,6 +111,27 @@ def configure_message_conf(self):
         message_conf_json = self.readFile(self.message_conf_json)
         self.dbUtils.set_configuration('jansMessageConf', message_conf_json)
 
+    def apache_lock_config(self):
+        apache_config = self.readFile(base.current_app.HttpdInstaller.https_jans_fn).splitlines()
+        if Config.get('install_jans_lock_as_server'):
+            proxy_context = 'jans-lock'
+            proxy_port = Config.jans_lock_port
+        else:
+            proxy_port = Config.jans_auth_port
+            proxy_context = 'jans-auth'
+
+        jans_lock_well_known_proxy_pass = f'    ProxyPass   /.well-known/lock-master-configuration http://localhost:{proxy_port}/{proxy_context}/v1/configuration'
+        jans_lock_well_known_proxy_pass += f'\n\n    <Location /jans-lock>\n     Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly\n     ProxyPass http://localhost:{proxy_port}/{proxy_context} retry=5 connectiontimeout=60 timeout=60\n     Order deny,allow\n     Allow from all\n    </Location>\n'
+
+
+        proyx_pass_n = 0
+        for i, l in enumerate(apache_config):
+            if l.strip().startswith('ProxyErrorOverride') and l.strip().endswith('On'):
+                proyx_pass_n = i
+
+        apache_config.insert(proyx_pass_n-1, jans_lock_well_known_proxy_pass)
+        self.writeFile(base.current_app.HttpdInstaller.https_jans_fn, '\n'.join(apache_config), backup=False)
+
 
     def install_opa(self):
         opa_fn = 'opa'

@@ -76,7 +76,7 @@
 
     <Location /jans-auth>
         Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly
-        ProxyPass http://localhost:8081/jans-auth retry=5 connectiontimeout=60 timeout=60
+        ProxyPass http://localhost:%(jans_auth_port)s/jans-auth retry=5 connectiontimeout=60 timeout=60
         # Header set Access-Control-Allow-Origin "*"
         Order deny,allow
         Allow from all
@@ -96,13 +96,6 @@
         Allow from all 
     </Location>
 
-    <Location /jans-lock>
-        Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly
-        ProxyPass http://localhost:%(jans_lock_port)s/jans-lock retry=5 connectiontimeout=60 timeout=60
-        Order deny,allow
-        Allow from all
-    </Location>
-
     <LocationMatch /jans-auth/auth/cert/cert-login.htm>
         SSLVerifyClient optional_no_ca
         SSLVerifyDepth 10
@@ -118,13 +111,13 @@
      Allow from all
     </Location>
 
-    ProxyPass   /.well-known/openid-configuration http://localhost:8081/jans-auth/.well-known/openid-configuration
-    ProxyPass   /.well-known/webfinger http://localhost:8081/jans-auth/.well-known/webfinger
-    ProxyPass   /.well-known/uma2-configuration http://localhost:8081/jans-auth/restv1/uma2-configuration
+    ProxyPass   /.well-known/openid-configuration http://localhost:%(jans_auth_port)s/jans-auth/.well-known/openid-configuration
+    ProxyPass   /.well-known/webfinger http://localhost:%(jans_auth_port)s/jans-auth/.well-known/webfinger
+    ProxyPass   /.well-known/uma2-configuration http://localhost:%(jans_auth_port)s/jans-auth/restv1/uma2-configuration
     ProxyPass   /.well-known/fido2-configuration http://localhost:8073/jans-fido2/restv1/configuration
     ProxyPass   /.well-known/scim-configuration http://localhost:8087/jans-scim/restv1/scim-configuration
-    ProxyPass   /firebase-messaging-sw.js http://localhost:8081/jans-auth/firebase-messaging-sw.js
-    ProxyPass   /device-code http://localhost:8081/jans-auth/device_authorization.htm
+    ProxyPass   /firebase-messaging-sw.js http://localhost:%(jans_auth_port)s/jans-auth/firebase-messaging-sw.js
+    ProxyPass   /device-code http://localhost:%(jans_auth_port)s/jans-auth/device_authorization.htm
 
     ProxyErrorOverride On
 

@@ -1,5 +1,5 @@
 {
-   "baseEndpoint" : "https://%(hostname)s/jans-lock/v1",
+   "baseEndpoint" : "https://%(hostname)s/%(base_endpoint)s/v1",
 
    "tokenChannels":[
          "jans_token"

@@ -5,7 +5,7 @@ JAVA_OPTIONS="-server -Xms%(jans-auth_min_heap_mem)sm -Xmx%(jans-auth_max_heap_m
 JETTY_HOME=%(jetty_home)s
 JETTY_BASE=%(jetty_base)s/jans-auth
 JETTY_USER=%(jetty_user)s
-JETTY_ARGS="jetty.http.host=localhost jetty.http.port=8081"
+JETTY_ARGS="jetty.http.host=localhost jetty.http.port=%(jans_auth_port)s"
 TMPDIR=%(jetty_dist)s/temp
 
 export PYTHON_HOME=%(jython_home)s