chore(image): add agama_flow custom parameter (#3033)

JanssenProject · Nov 18, 2022 · 657af69 · 657af69
1 parent 6d1317c
commit 657af69
Show file tree

Hide file tree

Showing 8 changed files with 103 additions and 88 deletions.
diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -56,7 +56,7 @@ RUN /opt/jython/bin/pip uninstall -y pip
 # ===========
 
 ENV CN_VERSION=1.0.5-SNAPSHOT
-ENV CN_BUILD_DATE='2022-11-08 08:32'
+ENV CN_BUILD_DATE='2022-11-17 15:11'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth
@@ -118,7 +118,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     ${JETTY_BASE}/jans-auth/agama/scripts
 
 # janssenproject/jans SHA commit
-ARG JANS_SOURCE_VERSION=d1890e76c13c8c2c3dcdcc0625edd04cf552bbf9
+ENV JANS_SOURCE_VERSION=13f599830c0d6b48bd1cd6f71f3d200ec6bddfe7
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the agama code

diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile
@@ -43,7 +43,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # ==========
 
 ENV CN_VERSION=1.0.5-SNAPSHOT
-ENV CN_BUILD_DATE='2022-11-08 08:35'
+ENV CN_BUILD_DATE='2022-11-17 16:09'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
 # Install Jans Config API
@@ -74,19 +74,19 @@ RUN wget -q https://github.com/GluuFederation/gluu-snap/raw/${PYFACTER_VERSION}/
 
 RUN mkdir -p /usr/share/java
 
-ENV SCIM_PLUGIN_BUILD_DATE='2022-11-08 08:35'
+ENV SCIM_PLUGIN_BUILD_DATE='2022-11-16 18:16'
 ENV SCIM_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/scim-plugin/${CN_VERSION}/scim-plugin-${CN_VERSION}-distribution.jar
 RUN wget -q ${SCIM_PLUGIN_SOURCE_URL} -O /usr/share/java/scim-plugin.jar
 
-ENV ADMIN_UI_PLUGIN_BUILD_DATE='2022-11-08 08:35'
+ENV ADMIN_UI_PLUGIN_BUILD_DATE='2022-11-16 18:16'
 ENV ADMIN_UI_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/admin-ui-plugin/${CN_VERSION}/admin-ui-plugin-${CN_VERSION}-distribution.jar
 RUN wget -q ${ADMIN_UI_PLUGIN_SOURCE_URL} -O /usr/share/java/admin-ui-plugin.jar
 
-ENV FIDO2_PLUGIN_BUILD_DATE='2022-11-08 08:35'
+ENV FIDO2_PLUGIN_BUILD_DATE='2022-11-16 18:16'
 ENV FIDO2_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/fido2-plugin/${CN_VERSION}/fido2-plugin-${CN_VERSION}-distribution.jar
 RUN wget -q ${FIDO2_PLUGIN_SOURCE_URL} -O /usr/share/java/fido2-plugin.jar
 
-ENV USER_MGT_PLUGIN_BUILD_DATE='2022-11-08 08:35'
+ENV USER_MGT_PLUGIN_BUILD_DATE='2022-11-16 18:16'
 ENV USER_MGT_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/user-mgt-plugin/${CN_VERSION}/user-mgt-plugin-${CN_VERSION}-distribution.jar
 RUN wget -q ${USER_MGT_PLUGIN_SOURCE_URL} -O /usr/share/java/user-mgt-plugin.jar
 
@@ -114,7 +114,7 @@ RUN mkdir -p /opt/prometheus \
 # jans-linux-setup sync
 # =====================
 
-ENV JANS_SOURCE_VERSION=d1890e76c13c8c2c3dcdcc0625edd04cf552bbf9
+ENV JANS_SOURCE_VERSION=13f599830c0d6b48bd1cd6f71f3d200ec6bddfe7
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CONFIG_API_DOCS=jans-config-api/docs
 

diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile
@@ -35,7 +35,7 @@ EXPOSE 8080
 # =====
 
 ENV CN_VERSION=1.0.5-SNAPSHOT
-ENV CN_BUILD_DATE='2022-11-08 08:33'
+ENV CN_BUILD_DATE='2022-11-17 08:50'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war
 
 # Install FIDO2
@@ -54,7 +54,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \
 # jans-linux-setup sync
 # =====================
 
-ENV JANS_SOURCE_VERSION=d1890e76c13c8c2c3dcdcc0625edd04cf552bbf9
+ENV JANS_SOURCE_VERSION=13f599830c0d6b48bd1cd6f71f3d200ec6bddfe7
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

diff --git a/docker-jans-monolith/Dockerfile b/docker-jans-monolith/Dockerfile
@@ -38,7 +38,7 @@ EXPOSE 443 8080 1636
 # jans-linux-setup
 # =====================
 
-ENV JANS_SOURCE_VERSION=d1890e76c13c8c2c3dcdcc0625edd04cf552bbf9
+ENV JANS_SOURCE_VERSION=13f599830c0d6b48bd1cd6f71f3d200ec6bddfe7
 
 # cleanup
 RUN rm -rf /tmp/jans

diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
@@ -24,7 +24,7 @@ RUN python3 -m ensurepip \
 # =====================
 
 # janssenproject/jans SHA commit
-ENV JANS_SOURCE_VERSION=eea281de11013b18f715b77a5c7cf69537c668cc
+ENV JANS_SOURCE_VERSION=13f599830c0d6b48bd1cd6f71f3d200ec6bddfe7
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
 ARG JANS_CONFIG_API_DOCS=jans-config-api/docs

diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py
@@ -67,80 +67,7 @@ def _transform_auth_dynamic_config(conf):
         conf["redirectUrisRegexEnabled"] = bool(distribution != "openbanking")
         should_update = True
 
-    if distribution == "openbanking":
-        if "dcrAuthorizationWithMTLS" not in conf:
-            conf["dcrAuthorizationWithMTLS"] = False
-            should_update = True
-
-        if "scopesSupported" not in conf:
-            conf["scopesSupported"] = [
-                "openid",
-                "consents",
-                "accounts",
-                "resources",
-            ]
-            should_update = True
-
-        if "jwt" not in conf["responseModesSupported"]:
-            conf["responseModesSupported"].append("jwt")
-            should_update = True
-
-        if "private_key_jwt" not in conf["tokenEndpointAuthMethodsSupported"]:
-            conf["tokenEndpointAuthMethodsSupported"].append("private_key_jwt")
-            should_update = True
-
-        if conf["redirectUrisRegexEnabled"]:
-            conf["redirectUrisRegexEnabled"] = False
-            should_update = True
-    else:
-        if all([
-            os.environ.get("CN_PERSISTENCE_TYPE") in ("sql", "spanner"),
-            conf["personCustomObjectClassList"]
-        ]):
-            conf["personCustomObjectClassList"] = []
-            should_update = True
-
-        if "subjectIdentifiersPerClientSupported" not in conf:
-            conf["subjectIdentifiersPerClientSupported"] = ["mail", "uid"]
-            should_update = True
-
-        if "agamaConfiguration" not in conf:
-            conf["agamaConfiguration"] = {
-                "enabled": False,
-                "templatesPath": "/ftl",
-                "scriptsPath": "/scripts",
-                "serializerType": "KRYO",
-                "maxItemsLoggedInCollections": 3,
-                "pageMismatchErrorPage": "mismatch.ftl",
-                "interruptionErrorPage": "timeout.ftl",
-                "crashErrorPage": "crash.ftl",
-                "finishedFlowPage": "finished.ftl",
-                "bridgeScriptPage": "agama.xhtml",
-                "defaultResponseHeaders": {
-                    "Cache-Control": "max-age=0, no-store",
-                },
-            }
-            should_update = True
-
-        if "interruptionTime" in conf["agamaConfiguration"]:
-            conf["agamaConfiguration"].pop("interruptionTime", None)
-            should_update = True
-
-        # add Cache-Control and remove Expires, Content-Type
-        if "Cache-Control" not in conf["agamaConfiguration"]["defaultResponseHeaders"]:
-            conf["agamaConfiguration"]["defaultResponseHeaders"]["Cache-Control"] = "max-age=0, no-store"
-            conf["agamaConfiguration"]["defaultResponseHeaders"].pop("Expires", None)
-            conf["agamaConfiguration"]["defaultResponseHeaders"].pop("Content-Type", None)
-            should_update = True
-
-        for grant_type in [
-            "urn:ietf:params:oauth:grant-type:device_code",
-            "urn:ietf:params:oauth:grant-type:token-exchange",
-        ]:
-            if grant_type not in conf["dynamicGrantTypeDefault"]:
-                conf["dynamicGrantTypeDefault"].append(grant_type)
-                should_update = True
-
+    # common config in all distributions
     if "accessTokenSigningAlgValuesSupported" not in conf:
         conf["accessTokenSigningAlgValuesSupported"] = [
             "none",
@@ -221,6 +148,90 @@ def _transform_auth_dynamic_config(conf):
             conf["grantTypesSupported"].append(grant_type)
             should_update = True
 
+    # specific config per distribution
+    if distribution == "openbanking":
+        if "dcrAuthorizationWithMTLS" not in conf:
+            conf["dcrAuthorizationWithMTLS"] = False
+            should_update = True
+
+        if "scopesSupported" not in conf:
+            conf["scopesSupported"] = [
+                "openid",
+                "consents",
+                "accounts",
+                "resources",
+            ]
+            should_update = True
+
+        if "jwt" not in conf["responseModesSupported"]:
+            conf["responseModesSupported"].append("jwt")
+            should_update = True
+
+        if "private_key_jwt" not in conf["tokenEndpointAuthMethodsSupported"]:
+            conf["tokenEndpointAuthMethodsSupported"].append("private_key_jwt")
+            should_update = True
+
+        # if conf["redirectUrisRegexEnabled"]:
+        #     conf["redirectUrisRegexEnabled"] = False
+        #     should_update = True
+    else:
+        if all([
+            os.environ.get("CN_PERSISTENCE_TYPE") in ("sql", "spanner"),
+            conf["personCustomObjectClassList"]
+        ]):
+            conf["personCustomObjectClassList"] = []
+            should_update = True
+
+        if "subjectIdentifiersPerClientSupported" not in conf:
+            conf["subjectIdentifiersPerClientSupported"] = ["mail", "uid"]
+            should_update = True
+
+        if "agamaConfiguration" not in conf:
+            conf["agamaConfiguration"] = {
+                "enabled": False,
+                "templatesPath": "/ftl",
+                "scriptsPath": "/scripts",
+                "serializerType": "KRYO",
+                "maxItemsLoggedInCollections": 3,
+                "pageMismatchErrorPage": "mismatch.ftl",
+                "interruptionErrorPage": "timeout.ftl",
+                "crashErrorPage": "crash.ftl",
+                "finishedFlowPage": "finished.ftl",
+                "bridgeScriptPage": "agama.xhtml",
+                "defaultResponseHeaders": {
+                    "Cache-Control": "max-age=0, no-store",
+                },
+            }
+            should_update = True
+
+        if "interruptionTime" in conf["agamaConfiguration"]:
+            conf["agamaConfiguration"].pop("interruptionTime", None)
+            should_update = True
+
+        # add Cache-Control and remove Expires, Content-Type
+        if "Cache-Control" not in conf["agamaConfiguration"]["defaultResponseHeaders"]:
+            conf["agamaConfiguration"]["defaultResponseHeaders"]["Cache-Control"] = "max-age=0, no-store"
+            conf["agamaConfiguration"]["defaultResponseHeaders"].pop("Expires", None)
+            conf["agamaConfiguration"]["defaultResponseHeaders"].pop("Content-Type", None)
+            should_update = True
+
+        for grant_type in [
+            "urn:ietf:params:oauth:grant-type:device_code",
+            "urn:ietf:params:oauth:grant-type:token-exchange",
+        ]:
+            if grant_type not in conf["dynamicGrantTypeDefault"]:
+                conf["dynamicGrantTypeDefault"].append(grant_type)
+                should_update = True
+
+        # ensure agama_flow listed in authorizationRequestCustomAllowedParameters
+        if "agama_flow" not in [
+            p["paramName"] for p in conf["authorizationRequestCustomAllowedParameters"]
+        ]:
+            conf["authorizationRequestCustomAllowedParameters"].append({
+                "paramName": "agama_flow", "returnInResponse": False,
+            })
+            should_update = True
+
     # return the conf and flag to determine whether it needs update or not
     return conf, should_update
 

diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json
@@ -419,6 +419,10 @@
         {
             "paramName": "customParam5",
             "returnInResponse": true
+        },
+        {
+            "paramName": "agama_flow",
+            "returnInResponse": false
         }
     ],
     "legacyDynamicRegistrationScopeParam": false,

diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile
@@ -46,7 +46,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # ====
 
 ENV CN_VERSION=1.0.5-SNAPSHOT
-ENV CN_BUILD_DATE='2022-11-08 08:33'
+ENV CN_BUILD_DATE='2022-11-17 16:06'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-scim-server/${CN_VERSION}/jans-scim-server-${CN_VERSION}.war
 
 # Install SCIM
@@ -84,7 +84,7 @@ RUN mkdir -p /opt/prometheus \
 # jans-linux-setup sync
 # =====================
 
-ENV JANS_SOURCE_VERSION=d1890e76c13c8c2c3dcdcc0625edd04cf552bbf9
+ENV JANS_SOURCE_VERSION=13f599830c0d6b48bd1cd6f71f3d200ec6bddfe7
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources