diff --git a/docs/admin/config-guide/janssen-fido2-configuration.md b/docs/admin/config-guide/janssen-fido2-configuration.md index 663578b7ef9..14899de9cf9 100644 --- a/docs/admin/config-guide/janssen-fido2-configuration.md +++ b/docs/admin/config-guide/janssen-fido2-configuration.md @@ -7,131 +7,150 @@ tags: # Janssen FIDO2 Configuration -> Prerequisite: Know how to use the Janssen CLI in [command-line mode](config-tools/jans-cli/README.md) +The Janssen Server provides multiple configuration tools to perform these +tasks. -Using Janssen CLI, You can `get/update` Fido2 properties. -To get the information of Janssen Fido2 CLI, run the following command: +=== "Use Command-line" + Use the command line to perform actions from the terminal. Learn how to + use Jans CLI [here](./config-tools/jans-cli/README.md) or jump straight to + the [Using Command Line](#using-command-line) + +=== "Use Text-based UI" + + Use a fully functional text-based user interface from the terminal. + Learn how to use Jans Text-based UI (TUI) + [here](./config-tools/jans-tui/README.md) or jump straight to the + [Using Text-based UI](#using-text-based-ui) + +=== "Use REST API" + + Use REST API for programmatic access or invoke via tools like CURL or + Postman. Learn how to use Janssen Server Config API + [here](./config-tools/config-api/README.md) or Jump straight to the + [Using Configuration REST API](#using-configuration-rest-api) + +## Using Command Line + + +In the Janssen Server, you can deploy and customize the FIDO2 Configuration using the +command line. To get the details of Janssen command line operations relevant to +FIDO2 Configuration, you can check the operations under `Fido2Configuration` task using the +command below: + + +```bash title="Command" +/opt/jans/jans-cli/config-cli.py --info Fido2Configuration ``` -/opt/jans/jans-cli/config-cli.py --info ConfigurationFido2 +It will show the details of the available operation-ids for Fido2. + +```text title="Sample Output" Operation ID: get-properties-fido2 - Description: Gets Jans Authorization Server Fido2 configuration properties. + Description: Gets Jans Authorization Server Fido2 configuration properties Operation ID: put-properties-fido2 - Description: Updates Fido2 configuration properties. - Schema: /components/schemas/JansFido2DynConfiguration + Description: Updates Fido2 configuration properties + Schema: Fido2:AppConfiguration -To get sample shema type /opt/jans/jans-cli/config-cli.py --schema , for example /opt/jans/jans-cli/config-cli.py --schema /components/schemas/JansFido2DynConfiguration +To get sample schema type /opt/jans/jans-cli/config-cli.py --schema , for example /opt/jans/jans-cli/config-cli.py --schema Fido2:AppConfiguration ``` -Table of Contents -================= +### Get The Current Fido2 Configuration -* [Janssen FIDO2 Configuration](#janssen-fido2-configuration) - * [Find FIDO2 Configuration Properties](#find-fido2-configuration-properties) - * [Update FIDO2 Configuration Properties](#update-fido2-configuration-properties) +To get the properties of Janssen Fido2 Configuration, run the command below: -## Find FIDO2 Configuration Properties - -To get the properties of Janssen Fido2 Configuration, run below command: -`/opt/jans/jans-cli/config-cli.py --operation-id get-properties-fido2` +```bash title="Command" +/opt/jans/jans-cli/config-cli.py --operation-id get-properties-fido2 +``` It will return the result as below: -```text -Getting access token for scope https://jans.io/oauth/config/fido2.readonly +```json title="Sample Output" linenums="1" { - "issuer": "https://testjans.gluu.com", - "baseEndpoint": "https://testjans.gluu.com/fido2/restv1", + "issuer": "https://jans-project.lxd", + "baseEndpoint": "https://jans-project.lxd/jans-fido2/restv1", "cleanServiceInterval": 60, "cleanServiceBatchChunkSize": 10000, - "useLocalCache": false, - "disableJdkLogger": false, - "loggingLevel": "DEBUG", + "useLocalCache": true, + "disableJdkLogger": true, + "loggingLevel": "INFO", "loggingLayout": "text", - "externalLoggerConfiguration": null, "metricReporterInterval": 300, "metricReporterKeepDataDays": 15, - "metricReporterEnabled": false, + "metricReporterEnabled": true, "personCustomObjectClassList": [ "jansCustomPerson", "jansPerson" ], + "superGluuEnabled": false, + "sessionIdPersistInCache": false, + "oldU2fMigrationEnabled": true, + "errorReasonEnabled": false, "fido2Configuration": { - "authenticatorCertsFolder": null, - "mdsCertsFolder": null, - "mdsTocsFolder": null, - "serverMetadataFolder": null, + "authenticatorCertsFolder": "/etc/jans/conf/fido2/authenticator_cert", + "mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert", + "mdsTocsFolder": "/etc/jans/conf/fido2/mds/toc", + "checkU2fAttestations": false, + "userAutoEnrollment": false, + "unfinishedRequestExpiration": 180, + "authenticationHistoryExpiration": 1296000, + "serverMetadataFolder": "/etc/jans/conf/fido2/server_metadata", + "requestedCredentialTypes": [ + "RS256", + "ES256" + ], "requestedParties": [ { - "name": null, - "domains": [] + "name": "https://jans-project.lxd", + "domains": [ + "jans-project.lxd" + ] } ], - "userAutoEnrollment": false, - "unfinishedRequestExpiration": null, - "authenticationHistoryExpiration": null, - "requestedCredentialTypes": [] + "skipDownloadMdsEnabled": false, + "skipValidateMdsInAttestationEnabled": false, + "assertionOptionsGenerateEndpointEnabled": true } } + ``` -## Update FIDO2 Configuration Properties +### Update FIDO2 Configuration Properties -To perform this operation, let's check the schema first. +To update the configuration follow the steps below. -```text -/opt/jans/jans-cli/config-cli.py --schema /components/schemas/JansFido2DynConfiguration > /tmp/fido2-schema.json -``` +1. [Get the current configuration](#get-the-current-fido2-configuration) and store it into a file for editing +2. Edit and update the desired configuration values in the file while keeping other properties and values unchanged. Updates must adhere to the `Fido2:AppConfiguration` schema as mentioned [here](#using-command-line). The schema details can be retrieved using the command below. The schema defines what values and datatypes are acceptable for each property value. + ```text title="Command" + /opt/jans/jans-cli/config-cli.py --schema Fido2:AppConfiguration + ``` +3. Use the updated file to send the update to the Janssen Server using the command below + ```bash title="Command" + /opt/jans/jans-cli/config-cli.py --operation-id put-properties-fido2 \ + --data /tmp/conf-data.json + ``` + Upon successful execution of the update, the Janssen Server responds with updated configuration. -This command will create a fido2 schema file on `/tmp/`. You can edit this file depending on the requirements: -![janssen fido2 configuration](../../assets/image-cl-fido2-update-03042021.png) +## Using Text-based UI -Now let's do the operation: +In the Janssen Server, You can manage FIDO2 Configuration using +the [Text-Based UI](./config-tools/jans-tui/README.md) also. -```text -/opt/jans/jans-cli/config-cli.py --operation-id put-properties-fido2 --data /tmp/fido2-schema.json +You can start TUI using the command below: -Getting access token for scope https://jans.io/oauth/config/fido2.write -Server Response: -{ - "issuer": "https://server.example.com/", - "baseEndpoint": "https://server.example.com/fido2/restv1", - "cleanServiceInterval": null, - "cleanServiceBatchChunkSize": null, - "useLocalCache": false, - "disableJdkLogger": false, - "loggingLevel": "INFO", - "loggingLayout": null, - "externalLoggerConfiguration": null, - "metricReporterInterval": null, - "metricReporterKeepDataDays": null, - "metricReporterEnabled": true, - "personCustomObjectClassList": [], - "fido2Configuration": { - "authenticatorCertsFolder": null, - "mdsCertsFolder": null, - "mdsTocsFolder": null, - "serverMetadataFolder": null, - "requestedParties": [ - { - "name": null, - "domains": null - }, - { - "name": null, - "domains": null - } - ], - "userAutoEnrollment": true, - "unfinishedRequestExpiration": null, - "authenticationHistoryExpiration": null, - "requestedCredentialTypes": [] - } -} +```bash title="Command" +sudo /opt/jans/jans-cli/jans_cli_tui.py ``` -You may find that I have updated to `logginglabel:INFO` from `NULL`. +Navigate to `FIDO` section where administrators can update dynamic and static +configurations. + + +![image](../../assets/tui-fido2-dynamic-configuration.png) +## Using Configuration REST API +Janssen Server Configuration REST API exposes relevant endpoints for +managing and configuring the FIDO2 Configuration. Endpoint details +are published in the [Swagger document](./../reference/openapi.md). \ No newline at end of file diff --git a/docs/assets/tui-fido2-Static-configuration.png b/docs/assets/tui-fido2-Static-configuration.png new file mode 100644 index 00000000000..8c95e51e6f5 Binary files /dev/null and b/docs/assets/tui-fido2-Static-configuration.png differ diff --git a/docs/assets/tui-fido2-add-party.png b/docs/assets/tui-fido2-add-party.png new file mode 100644 index 00000000000..a89e0711c11 Binary files /dev/null and b/docs/assets/tui-fido2-add-party.png differ diff --git a/docs/assets/tui-fido2-dynamic-configuration.png b/docs/assets/tui-fido2-dynamic-configuration.png new file mode 100644 index 00000000000..44564e96fa2 Binary files /dev/null and b/docs/assets/tui-fido2-dynamic-configuration.png differ