Skip to content

Commit

Permalink
feat(jans-auth-server): enable person authn script to have multiple a…
Browse files Browse the repository at this point in the history
…cr names (#1074)

Signed-off-by: Javier Rojas Blum <javier.rojas.blum@gmail.com>
  • Loading branch information
qbert2k authored Mar 18, 2022
1 parent 622bcf4 commit 1dc9250
Show file tree
Hide file tree
Showing 5 changed files with 144 additions and 14 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
/*
* Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
*
* Copyright (c) 2020, Janssen Project
*/

package io.jans.as.client.ws.rs;

import io.jans.as.client.*;
import io.jans.as.client.client.AssertBuilder;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.register.ApplicationType;
import io.jans.as.model.util.StringUtils;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

import java.util.Arrays;
import java.util.List;
import java.util.UUID;

/**
* @author Javier Rojas Blum
* @version March 18, 2022
*/
public class AuthnScriptAliasesTest extends BaseTest {

@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void acrAliasTest(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) {
showTitle("acrAliasTest");

List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);

// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

RegisterClient registerClient = newRegisterClient(registerRequest);
RegisterResponse registerResponse = registerClient.exec();

showClient(registerClient);
AssertBuilder.registerResponse(registerResponse)
.created()
.check();

String clientId = registerResponse.getClientId();

List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();

AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAcrValues(Arrays.asList("basic_alias1"));

AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint,
authorizationRequest, userId, userSecret);

AssertBuilder.authorizationResponse(authorizationResponse)
.responseTypes(responseTypes)
.check();
}

@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void acrAliasAuthorizedAcsValuesTest(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) {
showTitle("acrAliasAuthorizedAcsValuesTest");

List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);

// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setAuthorizedAcrValues(Arrays.asList(
"basic_alias1", "basic_alias2"
));

RegisterClient registerClient = newRegisterClient(registerRequest);
RegisterResponse registerResponse = registerClient.exec();

showClient(registerClient);
AssertBuilder.registerResponse(registerResponse)
.created()
.check();

String clientId = registerResponse.getClientId();

List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();

AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAcrValues(Arrays.asList("basic_alias2"));

AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint,
authorizationRequest, userId, userSecret);

AssertBuilder.authorizationResponse(authorizationResponse)
.responseTypes(responseTypes)
.check();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

/**
* @author Javier Rojas Blum
* @version March 17, 2022
* @version March 18, 2022
*/
public class AuthorizedAcrValuesTest extends BaseTest {

Expand Down Expand Up @@ -68,11 +68,10 @@ public void authorizedAcrValues(
.check();
}

@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Parameters({"redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void authorizedAcrValuesFail(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) {
final String redirectUris, final String redirectUri, final String sectorIdentifierUri) {
showTitle("authorizedAcrValuesFail");

List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
Expand Down
23 changes: 18 additions & 5 deletions jans-auth-server/client/src/test/resources/testng.xml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<suite name="jansAuthClient" parallel="tests" thread-count="4">

<listeners>
<listener class-name="io.jans.as.client.RetryListener" />
<listener class-name="io.jans.as.client.RetryListener"/>
</listeners>

<test name="JsonApplier Client test" enabled="true">
Expand Down Expand Up @@ -36,8 +36,13 @@
</classes>
</test>

<!-- Token binding -->
<test name="Authn Script Aliases Test" enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.AuthnScriptAliasesTest"/>
</classes>
</test>

<!-- Token binding -->
<test name="Token Binding test (HTTP)" enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.TokenBindingHttpTest"/>
Expand Down Expand Up @@ -96,6 +101,12 @@
</classes>
</test>

<test name="Authorized Acr Values Test" enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.AuthorizedAcrValuesTest"/>
</classes>
</test>

<!-- Authorize test -->
<test name="Authorize test (HTTP)" enabled="true">
<classes>
Expand Down Expand Up @@ -261,7 +272,7 @@
<class name="io.jans.as.client.ws.rs.SetPublicSubjectIdentifierPerClientTest"/>
</classes>
</test>

<!-- SSO with Multiple Backend Services test -->
<test name="SSO with Multiple Backend Services test (HTTP)" enabled="true">
<classes>
Expand Down Expand Up @@ -905,7 +916,8 @@
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFormPostJwtResponseTypeCodeIdTokenSignedHttpTest"/>
</classes>
</test>
<test name="Test Authorization Response Mode form_post.jwt Response Type code id_token token Encrypted" enabled="true">
<test name="Test Authorization Response Mode form_post.jwt Response Type code id_token token Encrypted"
enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFormPostJwtResponseTypeCodeIdTokenTokenEncryptedHttpTest"/>
</classes>
Expand Down Expand Up @@ -966,7 +978,8 @@
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFragmentJwtResponseTypeCodeIdTokenSignedHttpTest"/>
</classes>
</test>
<test name="Test Authorization Response Mode fragment.jwt Response Type code id_token token Encrypted" enabled="true">
<test name="Test Authorization Response Mode fragment.jwt Response Type code id_token token Encrypted"
enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFragmentJwtResponseTypeCodeIdTokenTokenEncryptedHttpTest"/>
</classes>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,8 @@
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import javax.inject.Named;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.Map.Entry;
import java.util.Set;

/**
* Provides factory methods needed to create external authenticator
Expand Down Expand Up @@ -498,6 +494,15 @@ public Map<Integer, Set<String>> levelToAcrMapping() {
map.put(level, acrs);
}
acrs.add(acr);

// Also publish alias configuration
if (script.getCustomScript() != null && script.getCustomScript().getAliases() != null) {
for (String alias : script.getCustomScript().getAliases()) {
if (StringUtils.isNotBlank(alias)) {
acrs.add(alias);
}
}
}
}
return map;
}
Expand Down
2 changes: 2 additions & 0 deletions jans-linux-setup/jans_setup/templates/scripts.ldif
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,8 @@ objectClass: top
objectClass: jansCustomScr
jansEnabled: false
jansProgLng: python
jansAlias: basic_alias1
jansAlias: basic_alias2

dn: inum=A910-56AB,ou=scripts,o=jans
description: Sample script for SCIM events
Expand Down

0 comments on commit 1dc9250

Please sign in to comment.