From 6ee5b20388e23d8015ed226f2ba50d9ad180c6e5 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Thu, 12 Aug 2021 18:27:09 +0300
Subject: [PATCH] feat: UMA mode for SCIM (ref: #752)

---
 setup_app/installers/scim.py          | 9 ++++++++-
 setup_app/setup_options.py            | 3 ---
 setup_app/utils/arg_parser.py         | 6 +++++-
 setup_app/utils/collect_properties.py | 6 ++++--
 templates/scim/oxtrust_config.json    | 2 +-
 5 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/setup_app/installers/scim.py b/setup_app/installers/scim.py
index 96edbe94..1a92fa95 100644
--- a/setup_app/installers/scim.py
+++ b/setup_app/installers/scim.py
@@ -48,6 +48,14 @@ def installed(self):
         return os.path.exists(os.path.join(Config.jetty_base, self.service_name, 'start.ini'))
 
     def generate_configuration(self):
+
+        if base.argsp.enable_scim_test_mode:
+            Config.scim_protection_mode = 'TEST'
+        elif base.argsp.enable_scim_uma_mode:
+            Config.scim_protection_mode = 'UMA'
+        else:
+            Config.scim_protection_mode = 'OAUTH'
+
         self.logIt("Generating {} configuration".format(self.service_name))
         client_var_id_list = (
                     ('scim_rs_client_id', '1201.'),
@@ -64,7 +72,6 @@ def generate_configuration(self):
         if not Config.get('scim_rp_client_jks_pass'):
             Config.scim_rp_client_jks_pass = 'secret'
 
-        Config.scimTestMode = Config.get('scimTestMode', 'false')
         Config.enable_scim_access_policy = 'true' if Config.installPassport else 'false'
 
         #backup current jks files if exists
diff --git a/setup_app/setup_options.py b/setup_app/setup_options.py
index ba02d850..95312789 100644
--- a/setup_app/setup_options.py
+++ b/setup_app/setup_options.py
@@ -93,9 +93,6 @@ def get_setup_options():
     if base.argsp.no_httpd:
         setupOptions['installHTTPD'] = False
 
-    if base.argsp.enable_scim_test_mode:
-        setupOptions['scimTestMode'] = 'true'
-
     setupOptions['installSaml'] = base.argsp.install_shib
     setupOptions['downloadWars'] = base.argsp.w
     setupOptions['installOxAuthRP'] = base.argsp.install_oxauth_rp
diff --git a/setup_app/utils/arg_parser.py b/setup_app/utils/arg_parser.py
index 0fc72601..e9460a6e 100644
--- a/setup_app/utils/arg_parser.py
+++ b/setup_app/utils/arg_parser.py
@@ -23,7 +23,11 @@ def arg_parser():
     parser.add_argument('-t', help="Load test data", action='store_true')
     parser.add_argument('-x', help="Load test data and exit", action='store_true')
     parser.add_argument('-csx', help="Collect setup properties, save and exit", action='store_true')
-    parser.add_argument('-stm', '--enable-scim-test-mode', help="Enable Scim Test Mode", action='store_true')
+
+    scim_mode_group = parser.add_mutually_exclusive_group()
+    scim_mode_group.add_argument('-stm', '--enable-scim-test-mode', help="Enable Scim Test Mode", action='store_true')
+    scim_mode_group.add_argument('-sum', '--enable-scim-uma-mode', help="Enable Scim Uma Mode", action='store_true')
+
     parser.add_argument('--allow-pre-released-features', help="Enable options to install experimental features, not yet officially supported", action='store_true')
     parser.add_argument('--import-ldif', help="Render ldif templates from directory and import them in LDAP")
     parser.add_argument('--listen_all_interfaces', help="Allow the LDAP server to listen on all server interfaces", action='store_true')
diff --git a/setup_app/utils/collect_properties.py b/setup_app/utils/collect_properties.py
index 7424b63d..3d979cf4 100644
--- a/setup_app/utils/collect_properties.py
+++ b/setup_app/utils/collect_properties.py
@@ -203,8 +203,10 @@ def collect(self):
         if 'scimUmaResourceId' in oxTrustConfApplication:
             Config.scim_resource_oxid =  oxTrustConfApplication['scimUmaResourceId']
 
-        if 'scimTestMode' in oxTrustConfApplication:
-            Config.scimTestMode =  oxTrustConfApplication['scimTestMode']
+        if 'ScimProperties' in oxTrustConfApplication and 'protectionMode' in oxTrustConfApplication['ScimProperties']:
+            Config.scim_protection_mode = oxTrustConfApplication['ScimProperties']['protectionMode']
+        else:
+            Config.scim_protection_mode = 'OAUTH'
 
         if 'apiUmaClientKeyStorePassword' in oxTrustConfApplication:
             Config.api_rp_client_jks_pass = self.unobscure(oxTrustConfApplication['apiUmaClientKeyStorePassword'])
diff --git a/templates/scim/oxtrust_config.json b/templates/scim/oxtrust_config.json
index 76ef7666..dec1d774 100644
--- a/templates/scim/oxtrust_config.json
+++ b/templates/scim/oxtrust_config.json
@@ -1,7 +1,7 @@
 {
     "ScimProperties": {
         "maxCount": 200,
-        "protectionMode": "OAUTH"
+        "protectionMode": "%(scim_protection_mode)s"
     },
     "scimUmaClientKeyId": "",
     "scimUmaResourceId": "%(scim_resource_oxid)s",