fix: #2487 - SIWA and SIWG (Sign in with Apple-Google), moved to scri…

…pt-catalog (#2983)

docs/admin/recipes/social-login.md

@@ -4,17 +4,17 @@ tags:
   - recipes
 ---
 
-## Implementing Social logins 
+## Implementing Social logins
 You can use a `PersonAuthenticationType` script to allow users to sign using credentials from popular **Social Identity providers** or **Inbound Identity Providers** like Facebook, Google and Apple. After users authenticate, we provision their Social Identity Provider credentials into the Jans-auth server. No additional username, password, credentials are needed for this user.
 1. Facebook
-2. [Google](https://github.com/JanssenProject/jans/blob/main/docs/admin/recipes/social-login-google.md)
-3. [Apple](https://github.com/JanssenProject/jans/blob/main/docs/admin/recipes/social-login-apple.md)
+2. [Google](../../script-catalog/person-authentication/google-external-authenticator/README.md)
+3. [Apple](../../script-catalog/person-authentication/apple-external-authenticator/README.md)
 
-Following is a high-level diagram depicting a typical flow - user authentication on a Social Identity Platform and subsequent user provisioning on Jans-Auth server. 
+Following is a high-level diagram depicting a typical flow - user authentication on a Social Identity Platform and subsequent user provisioning on Jans-Auth server.
 
 You can copy paste this sequence in [https://sequencediagram.org/](https://sequencediagram.org/)
 ```
-title Social login 
+title Social login
 Jans AS<-User agent: 1. Invoke /authorize endpoint
 Jans AS->User agent: 2. Discovery: Present list of remote IDPs (Google, Apple, FB...)
 User agent->Jans AS: 3. Select IDP (e.g. click on button)

docs/admin/recipes/social-login-apple.md → docs/script-catalog/person_authentication/apple-external-authenticator/README.md

@@ -4,27 +4,27 @@ tags:
   - recipes
 ---
 
-## Social Login with Apple 
+## Social Login with Apple
 
 An out-of-the-box feature, the Sign-in with Apple Authentication script is a `PersonAuthenticationType` script which enables a user to sign-in using Apple credentials. After users authenticate using their Apple credentials, their Apple credentials are provisioned into the Jans-auth server.
 
-## Prerequisites 
+## Prerequisites
 
-- A Jans-auth Server (installation instructions [here](https://github.com/JanssenProject/jans/tree/main/jans-linux-setup#readme))    
-- The [Sign-in with Apple authentication script](https://github.com/JanssenProject/jans/tree/main/jans-linux-setup/jans_setup/static/extension/person_authentication/AppleExternalAuthenticator.py) (included in the default Jans-auth Server distribution);   
+- A Jans-auth Server installation
+- The [Sign-in with Apple authentication script](./AppleExternalAuthenticator.py) (included in the default Jans-auth Server distribution);   
 - An [Apple developer account](https://developer.apple.com/).     
 
 ## Configurations at Apple Identity Provider:
-You will need to configure a service id, linked to your App identifier. For each website that uses Sign In with Apple, register a services identifier (Services ID) and configure your domain and return URL. 
+You will need to configure a service id, linked to your App identifier. For each website that uses Sign In with Apple, register a services identifier (Services ID) and configure your domain and return URL.
 1. Under `Certificates, Identifiers and Profiles` --> `Identifiers` --> Click on the `+` button
 2. In the `Register a new identifier` select `Service ID`
 3. After filling out the description and identifier name, save the Service ID
 4. Now edit the saved Service ID and enable the `Sign in with Apple` checkbox and click `Configure` button
-5. Configure the Janssen's server's callback url `https://<your.janssen.server>/postlogin.htm` as a `Website URL` 
+5. Configure the Janssen's server's callback url `https://<your.janssen.server>/postlogin.htm` as a `Website URL`
 
 ## Configure jans-auth server
 
-Configure the custom script: 
+Configure the custom script:
 ### Properties
 
 The custom script has the following properties:    
@@ -34,7 +34,7 @@ The custom script has the following properties:
 |`apple_client_id`		|Name of Service ID on developer.apple.com. 	| `com.company.name`|
 |`apple_jwks`		| Apple’s public JWK to validate Apple Identity Token | `https://appleid.apple.com/auth/keys`|
 
-To update this setting in Jans persistence, follow this [link](https://github.com/JanssenProject/jans-cli/blob/main/docs/cli/cli-custom-scripts.md#update-an-existing-custom-script) 
+To update this setting in Jans persistence, follow this [link](https://github.com/JanssenProject/jans-cli/blob/main/docs/cli/cli-custom-scripts.md#update-an-existing-custom-script)
 
 ### Enable Sign-in with Apple Authentication script
 By default, users will get the default authentication mechanism as specified above. However, using the OpenID Connect acr_values parameter, web and mobile clients can request any enabled authentication mechanism.
@@ -67,7 +67,7 @@ Steps:
 
 :memo: **NOTE**
 
-To make sure `apple` has been enabled successfully as a default authentication method, you can check your Janssen Server's OpenID Connect configuration by navigating to the following URL: `https://<hostname>/.well-known/openid-configuration`. Find `"acr_values_supported":` and you should see `"apple"`. 
+To make sure `apple` has been enabled successfully as a default authentication method, you can check your Janssen Server's OpenID Connect configuration by navigating to the following URL: `https://<hostname>/.well-known/openid-configuration`. Find `"acr_values_supported":` and you should see `"apple"`.
 
 ## Test the feature - Sign-in with Apple
 To test , enter the complete URL for authorization in a browser or create a simple webpage with a link that simulates the user sign-in attempt. If the server is configured properly, the first page for the selected authentication method will be displayed to the user.
@@ -76,8 +76,3 @@ An example of a complete URL looks like this -
 ```
 https://<your.jans.server>/jans-auth/authorize.htm?response_type=code&redirect_uri=https://<your.jans.server>/admin&client_id=<replace_with_inum_client_id>&scope=openid+profile+email+user_name&state=faad2cdjfdddjfkdf&nonce=dajdffdfsdcfff
 ```
-
-
-
-
-

docs/script-catalog/person_authentication/fido2-external-authenticator/README.md

@@ -6,13 +6,13 @@
 FIDO2 is comprised of the [W3C’s Web Authentication specification (WebAuthn)](https://www.w3.org/TR/webauthn/) and FIDO’s corresponding [Client-to-Authenticator Protocol (CTAP)](https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html). WebAuthn defines a standard web API that can be built into browsers and related web platform infrastructure to enable online services to use FIDO Authentication. CTAP enables external devices such as mobile handsets or FIDO Security Keys to work with WebAuthn and serve as authenticators to desktop applications and web services.
 
 This document explains how to use the Janssen Auth Server's built-in 
-[FIDO2 interception script](https://github.com/JanssenProject/jans/blob/main/jans-linux-setup/jans_setup/static/extension/person_authentication/Fido2ExternalAuthenticator.py) 
-to implement a two-step, two-factor authentication (2FA) with username / password as the first step, and any FIDO2 device as the second step. 
+[FIDO2 interception script](https://github.com/JanssenProject/jans/blob/main/jans-linux-setup/jans_setup/static/extension/person_authentication/Fido2ExternalAuthenticator.py)
+to implement a two-step, two-factor authentication (2FA) with username / password as the first step, and any FIDO2 device as the second step.
 
 ## Prerequisites
 - A Janssen Server ([installation instructions](https://github.com/JanssenProject/jans#installation))      
 - [FIDO2 interception script](https://github.com/JanssenProject/jans/blob/main/docs/script-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py) (included in the default Janssen Server distribution);     
-- At least one FIDO2 device for testing, like one of the devices [listed below](#fido2-devices). 
+- At least one FIDO2 device for testing, like one of the devices [listed below](#fido2-devices).
 
 ### FIDO2 devices
 Some well known FIDO2 devices and manufacturers include:           
@@ -24,7 +24,7 @@ Some well known FIDO2 devices and manufacturers include:
 - [AuthenTrend](https://authentrend.com/)
 - [Apple's built-in Touch ID](https://support.apple.com/en-in/guide/mac-help/mchl16fbf90a/mac)
 
-[Purchase FIDO2 devices on Amazon](https://www.amazon.com/s/ref=nb_sb_noss/146-0120855-4781335?url=search-alias%3Daps&field-keywords=fido2). Or, check [FIDO's certified products](https://fidoalliance.org/certification/fido-certified-products/) for a comprehensive list of FIDO2 devices (sort by `Specification` == `FIDO2`). 
+[Purchase FIDO2 devices on Amazon](https://www.amazon.com/s/ref=nb_sb_noss/146-0120855-4781335?url=search-alias%3Daps&field-keywords=fido2). Or, check [FIDO's certified products](https://fidoalliance.org/certification/fido-certified-products/) for a comprehensive list of FIDO2 devices (sort by `Specification` == `FIDO2`).
 
 ## Properties
 The script has the following properties
@@ -37,18 +37,18 @@ The script has the following properties
 
 By default, users will get the default authentication mechanism as specified above. However, **using the OpenID Connect acr_values parameter, web and mobile clients can request any enabled authentication mechanism**.
 
-1. Obtain the json contents of `fido2` custom script by using a jans-cli command like `get-config-scripts-by-type`, `get-config-scripts-by-inum` etc. 
+1. Obtain the json contents of `fido2` custom script by using a jans-cli command like `get-config-scripts-by-type`, `get-config-scripts-by-inum` etc.
 
 e.g : `/opt/jans/jans-cli/config-cli.py --operation-id get-config-scripts-by-type --url-suffix type:PERSON_AUTHENTICATION` , `/opt/jans/jans-cli/config-cli.py --operation-id get-config-scripts-by-inum --url-suffix inum:6122281b-b55d-4dd0-8115-b098eeeee2b7`
 
 2. [Update the custom script](https://github.com/JanssenProject/jans-cli/blob/main/docs/cli/cli-custom-scripts.md#update-an-existing-custom-script) and change the `enabled` attribute to `true`  
 
-Now FIDO2 is an available authentication mechanism for your Janssen Server. This means that, using OpenID Connect `acr_values`, applications can now request FIDO2 authentication for users. 
+Now FIDO2 is an available authentication mechanism for your Janssen Server. This means that, using OpenID Connect `acr_values`, applications can now request FIDO2 authentication for users.
 
-!!! Note 
-    To make sure FIDO2 has been enabled successfully, you can check your Janssen's Auth Server OpenID Connect 
-    configuration by navigating to the following URL: `https://<hostname>/.well-known/openid-configuration`. 
-    Find `"acr_values_supported":` and you should see `"fido2"`. 
+!!! Note
+    To make sure FIDO2 has been enabled successfully, you can check your Janssen's Auth Server OpenID Connect
+    configuration by navigating to the following URL: `https://<hostname>/.well-known/openid-configuration`.
+    Find `"acr_values_supported":` and you should see `"fido2"`.
 
 ## Enable FIDO2 Script as default authentication script:
 Use this [link](https://github.com/JanssenProject/jans-cli/blob/main/docs/cli/cli-default-authentication-method.md) as a reference.
@@ -73,24 +73,24 @@ Below is an illustration of the Janssen Server's default FIDO2 login page:
 
 ![fido2](https://github.com/JanssenProject/jans/raw/main/docs/assets/image_fido2.png)
 
-The design is being rendered from the [FIDO2 xhtml page](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml). To customize the look and feel of this page, follow the [customization guide](https://jans.io/docs/admin/developer/customization/customize-web-pages/). 
+The design is being rendered from the [FIDO2 xhtml page](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml). To customize the look and feel of this page, follow the [customization guide](https://jans.io/docs/admin/developer/customization/customize-web-pages/).
 
-## Using FIDO2 tokens 
+## Using FIDO2 tokens
 
 ### Credential enrollment
-FIDO2 device enrollment happens during the first authentication attempt. 
+FIDO2 device enrollment happens during the first authentication attempt.
 
 ### Subsequent authentications
-All subsequent FIDO2 authentications for that user account will require the enrolled FIDO2 key. 
+All subsequent FIDO2 authentications for that user account will require the enrolled FIDO2 key.
 
 ### FIDO2 credential management
-A user's FIDO2 devices can be removed by a Janssen administrator in LDAP under the user entry as shown in the below screenshot. 
+A user's FIDO2 devices can be removed by a Janssen administrator in LDAP under the user entry as shown in the below screenshot.
 
 ![fido2](https://github.com/JanssenProject/jans/raw/main/docs/assets/image-fido2-ldap-structure.png)
 Diagram source in mermaid.live
 ```
 graph TD
-     
+
     A[ou=jans] --> K(ou=people)
     K --> K1[inum=....]
     K1 --> K11[ou=fido2_register]
@@ -124,7 +124,7 @@ graph TD
     K32 --> K321[jansId=....]
     K32 --> K322[jansId=....]
     K32 --> K323[jansId=....]
-    
+
 ```
 
 ### FIDO2 discovery endpoint