feat: add support for role-based client (i.e. jans-cli) (#956)

JanssenProject · Mar 3, 2022 · 306bd52 · 306bd52
1 parent 4f9d76c
commit 306bd52
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
@@ -57,7 +57,8 @@ RUN cd /tmp/jans \
     && cp ${JANS_SETUP_DIR}/static/cache-refresh/o_site.ldif /app/templates/o_site.ldif \
     && cp -R ${JANS_SETUP_DIR}/templates/jans-fido2 /app/templates/jans-fido2 \
     && cp -R ${JANS_SETUP_DIR}/templates/jans-scim /app/templates/jans-scim \
-    && cp ${JANS_SETUP_DIR}/templates/jans-config-api/config.ldif /app/templates/jans-config-api/config.ldif
+    && cp ${JANS_SETUP_DIR}/templates/jans-config-api/config.ldif /app/templates/jans-config-api/config.ldif \
+    && cp -R ${JANS_SETUP_DIR}/templates/jans-cli /app/templates/jans-cli
 
 # TODO: casa should be moved from this image
 ARG GLUU_CASA_VERSION=6aa59af5f7001d8587ca4a9b6c688c861faec5eb

diff --git a/docker-jans-persistence-loader/scripts/utils.py b/docker-jans-persistence-loader/scripts/utils.py
@@ -336,6 +336,27 @@ def merge_casa_ctx(manager, ctx):
     return ctx
 
 
+def merge_jans_cli_ctx(manager, ctx):
+    # jans-cli client
+    ctx["role_based_client_id"] = manager.config.get("role_based_client_id")
+    if not ctx["role_based_client_id"]:
+        ctx["role_based_client_id"] = f"2000.{uuid4()}"
+        manager.config.set("role_based_client_id", ctx["role_based_client_id"])
+
+    ctx["role_based_client_pw"] = manager.secret.get("role_based_client_pw")
+    if not ctx["role_based_client_pw"]:
+        ctx["role_based_client_pw"] = get_random_chars()
+        manager.secret.set("role_based_client_pw", ctx["role_based_client_pw"])
+
+    ctx["role_based_client_encoded_pw"] = manager.secret.get("role_based_client_encoded_pw")
+    if not ctx["role_based_client_encoded_pw"]:
+        ctx["role_based_client_encoded_pw"] = encode_text(
+            ctx["role_based_client_pw"], manager.secret.get("encoded_salt"),
+        ).decode()
+        manager.secret.set("role_based_client_encoded_pw", ctx["role_based_client_encoded_pw"])
+    return ctx
+
+
 def prepare_template_ctx(manager):
     opt_scopes = json.loads(manager.config.get("optional_scopes", "[]"))
 
@@ -345,6 +366,7 @@ def prepare_template_ctx(manager):
     ctx = merge_config_api_ctx(ctx)
     ctx = merge_fido2_ctx(ctx)
     ctx = merge_scim_ctx(ctx)
+    ctx = merge_jans_cli_ctx(manager, ctx)
 
     if "casa" in opt_scopes:
         ctx = merge_casa_ctx(manager, ctx)
@@ -384,6 +406,7 @@ def default_files():
             "jans-config-api/admin-ui-clients.ldif",
             "jans-auth/configuration.ldif",
             "jans-auth/role-scope-mappings.ldif",
+            "jans-cli/client.ldif",
         ]
 
         if "scim" in optional_scopes: