From bd2cdf8501d60959498078bbb31650965c321c73 Mon Sep 17 00:00:00 2001 From: pujavs <43700552+pujavs@users.noreply.github.com> Date: Mon, 26 Dec 2022 15:58:02 +0530 Subject: [PATCH] feat(config-api): client claim enhancement, manual spec removed (#3413) * feat(config-api): interceptor code * feat(config-api): interceptor for request * feat(config-api): interceptor code wip * feat(config-api): interceptor code wip * feat(config-api): syns with main * feat(config-api): client creation claim enhancement * feat(config-api): client creation claim enhancement --- .../docs/jans-config-api-swagger-auto.yaml | 45 +- .../docs/jans-config-api-swagger.yaml | 7311 ----------------- .../plugins/docs/user-mgt-plugin-swagger.yaml | 2 +- .../plugin/mgt/rest/UserResource.java | 8 +- .../profiles/local/test.properties | 4 +- .../configuration/AppInitializer.java | 2 +- .../interceptor/AuditLogInterceptor.java | 61 +- .../rest/resource/auth/ClientsResource.java | 66 + .../security/api/ApiProtectionService.java | 3 +- .../service/auth/AttributeService.java | 20 + .../configapi/service/auth/ClientService.java | 15 +- .../main/resources/config-api-rs-protect.json | 2 +- .../interceptor/RequestAuditInterceptor.java | 3 +- .../core/interceptor/RequestInterceptor.java | 3 +- .../jans-config-api/dynamic-conf.json | 2 +- 15 files changed, 169 insertions(+), 7378 deletions(-) delete mode 100644 jans-config-api/docs/jans-config-api-swagger.yaml diff --git a/jans-config-api/docs/jans-config-api-swagger-auto.yaml b/jans-config-api/docs/jans-config-api-swagger-auto.yaml index 69c280f1a09..3fde4a03244 100644 --- a/jans-config-api/docs/jans-config-api-swagger-auto.yaml +++ b/jans-config-api/docs/jans-config-api-swagger-auto.yaml @@ -7299,17 +7299,17 @@ components: type: string whitePagesCanView: type: boolean - adminCanEdit: + userCanAccess: + type: boolean + adminCanView: type: boolean adminCanAccess: type: boolean userCanEdit: type: boolean - userCanView: - type: boolean - adminCanView: + adminCanEdit: type: boolean - userCanAccess: + userCanView: type: boolean baseDn: type: string @@ -8470,17 +8470,8 @@ components: $ref: '#/components/schemas/SsaConfiguration' blockWebviewAuthorizationEnabled: type: boolean - fapi: - type: boolean - allResponseTypesSupported: - uniqueItems: true - type: array - items: - type: string - enum: - - code - - token - - id_token + userInfoConfiguration: + $ref: '#/components/schemas/UserInfoConfiguration' enabledFeatureFlags: uniqueItems: true type: array @@ -8508,6 +8499,17 @@ components: - STAT - PAR - SSA + allResponseTypesSupported: + uniqueItems: true + type: array + items: + type: string + enum: + - code + - token + - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn @@ -8698,6 +8700,13 @@ components: type: string sharedSecret: type: string + UserInfoConfiguration: + type: object + properties: + dateFormatterPattern: + type: object + additionalProperties: + type: string PersistenceConfiguration: type: object properties: @@ -8801,13 +8810,13 @@ components: type: boolean internal: type: boolean + locationPath: + type: string locationType: type: string enum: - ldap - file - locationPath: - type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml deleted file mode 100644 index a0d67481c16..00000000000 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ /dev/null @@ -1,7311 +0,0 @@ -openapi: 3.0.1 -info: - title: jans-config-api - description: jans-config-api - Authorization services - contact: - email: xxx@gluu.org - license: - name: License - url: 'https://github.com/JanssenProject/blob/master/LICENSE' - version: '1.0.0' -servers: - - url: 'https://jans.io/' -tags: - - name: developers - description: jans-config-api enables access to the features available via the existing Jans Authorization Server API. - - name: Attribute - - name: Default Authentication Method - - name: Cache Configuration - - name: Cache Configuration – Memcached - - name: Cache Configuration – Redis - - name: Cache Configuration – in-Memory - - name: Cache Configuration – Native-Persistence - - name: Configuration – Properties - - name: Fido2 - Configuration - - name: Configuration – SMTP - - name: Configuration – Logging - - name: Configuration – JWK - JSON Web Key (JWK) - - name: Custom Scripts - - name: Database - LDAP configuration - - name: OAuth - OpenID Connect - Clients - - name: OAuth - UMA Resources - - name: OAuth - Scopes - - name: Configuration – Agama Flow - - name: Statistics - User - - name: Health - Check - - name: Server Stats - - name: Auth - Session Management - - name: Configuration – User Management - - name: SCIM - Config Management - - name: Organization Configuration - - name: Auth Server Health - Check - - name: Admin UI - Role - - name: Admin UI - Permission - - name: Admin UI - Role-Permissions Mapping - - name: Admin UI - License -paths: - /jans-config-api/api/v1/jans-auth-server/config: - get: - summary: Gets all Jans authorization server configuration properties. - description: Gets all Jans authorization server configuration properties. - operationId: get-properties - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/properties.readonly] - tags: - - Configuration – Properties - responses: - '200': - description: OK - content: - application/json: - schema: - title: AppConfiguration - description: Jans Authorization Server config properties. - $ref: '#/components/schemas/AppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - patch: - summary: Partially modifies Jans authorization server Application configuration properties. - description: Partially modifies Jans authorization server AppConfiguration properties. - operationId: patch-properties - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/properties.write] - tags: - - Configuration – Properties - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: loggingLevel, value: DEBUG } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: AppConfiguration - description: Jans authorization server config properties. - $ref: '#/components/schemas/AppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/jans-auth-server/config/persistence: - get: - summary: Returns persistence type configured for Jans authorization server. - description: Returns persistence type configured for Jans authorization server. - operationId: get-properties-persistence - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/properties.readonly] - tags: - - Configuration – Properties - responses: - '200': - description: OK - content: - application/json: - schema: - title: PersistenceConfiguration - description: Jans Authorization Persistence Configuration object. - $ref: '#/components/schemas/PersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/fido2/config: - get: - summary: Gets Jans Authorization Server Fido2 configuration properties. - description: Gets Jans Authorization Server Fido2 configuration properties. - operationId: get-properties-fido2 - tags: - - Fido2 - Configuration - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JansFido2DynConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/fido2.readonly] - put: - summary: Updates Fido2 configuration properties. - description: Updates Fido2 configuration properties. - operationId: put-properties-fido2 - tags: - - Fido2 - Configuration - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/JansFido2DynConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JansFido2DynConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/fido2.write] - parameters: [] - /jans-config-api/fido2/registration/entries/{username}: - parameters: - - name: username - in: path - required: true - description: Username. - schema: - type: string - get: - summary: Get details of connected FIDO2 devices registered to user. - description: Get details of connected FIDO2 devices registered to user. - operationId: get-registration-entries-fido2 - tags: - - Fido2 - Configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: FIDO2 registered devices - description: List of all FIDO2 registered devices. - type: array - items: - $ref: '#/components/schemas/Fido2RegistrationEntry' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [ https://jans.io/oauth/config/fido2.readonly ] - - /jans-config-api/api/v1/attributes: - get: - summary: Gets a list of Gluu attributes. - description: 'Gets all attributes. Optionally max-size of the result, attribute status and pattern can be provided.' - operationId: get-all-attribute - tags: - - Attribute - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - description: Unauthorized - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: string - default: all - in: query - name: status - description: Status of the attribute - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - - post: - summary: Adds a new attribute. - description: Adds a new attribute. - operationId: post-attributes - tags: - - Attribute - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - responses: - '201': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - description: Unauthorized - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.write] - put: - summary: Updates an existing attribute. - description: Updates an existing attribute. - operationId: put-attributes - tags: - - Attribute - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - description: Unauthorized - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.write] - parameters: [] - '/jans-config-api/api/v1/attributes/{inum}': - parameters: - - name: inum - in: path - required: true - description: Attribute ID. - schema: - type: string - get: - summary: Gets an attribute based on inum. - description: Gets an attribute based on inum. - operationId: get-attributes-by-inum - tags: - - Attribute - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.readonly] - delete: - summary: Deletes an attribute based on inum. - description: Deletes an attribute based on inum. - operationId: delete-attributes-by-inum - tags: - - Attribute - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/attributes.delete] - patch: - summary: Partially modify a GluuAttribute. - description: Partially modify a GluuAttribute. - operationId: patch-attributes-by-inum - security: - - oauth2: [https://jans.io/oauth/config/attributes.write] - tags: - - Attribute - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: displayName, value: \"CustomAttribute\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/GluuAttribute' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/acrs: - get: - summary: Gets default authentication method. - description: Gets default authentication method. - operationId: get-acrs - tags: - - Default Authentication Method - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AuthenticationMethod' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/acrs.readonly] - put: - summary: Updates default authentication method. - description: Updates default authentication method. - operationId: put-acrs - tags: - - Default Authentication Method - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AuthenticationMethod' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AuthenticationMethod' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/acrs.write] - parameters: [] - /jans-config-api/api/v1/config/database/ldap: - get: - summary: Gets list of existing LDAP configurations. - description: Gets list of existing LDAP configurations. - operationId: get-config-database-ldap - tags: - - Database - LDAP configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: LdapConfiguration - description: List of configured LDAP configuration. - type: array - items: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.readonly] - post: - summary: Adds a new LDAP configuration. - description: Adds a new LDAP configuration. - operationId: post-config-database-ldap - tags: - - Database - LDAP configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.write] - put: - summary: Updates LDAP configuration. - description: Updates LDAP configuration. - operationId: put-config-database-ldap - tags: - - Database - LDAP configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.write] - parameters: [] - /jans-config-api/api/v1/config/database/ldap/{name}: - parameters: - - name: name - in: path - required: true - description: Name of LDAP configuration. - schema: - type: string - get: - summary: Gets an LDAP configuration by name. - description: Gets an LDAP configuration by name. - operationId: get-config-database-ldap-by-name - tags: - - Database - LDAP configuration - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.readonly] - delete: - summary: Deletes an LDAP configuration. - description: Deletes an LDAP configuration. - operationId: delete-config-database-ldap-by-name - tags: - - Database - LDAP configuration - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.delete] - patch: - summary: Partially modify an LDAP configuration. - description: Partially modify an LDAP configuration. - operationId: patch-config-database-ldap-by-name - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.write] - tags: - - Database - LDAP configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: maxConnections, value: 8 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/api/v1/config/database/ldap/test: - post: - summary: Tests an LDAP configuration. - description: Tests an LDAP configuration. - operationId: post-config-database-ldap-test - tags: - - Database - LDAP configuration - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/LdapConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - type: boolean - description: LDAP connection status true if connection is successfully established. - - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/database/ldap.readonly] - - - /jans-config-api/api/v1/config/scripts: - get: - summary: Gets a list of custom scripts. - description: Gets a list of custom scripts. - operationId: get-config-scripts - tags: - - Custom Scripts - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - - post: - summary: Adds a new custom script. - description: Adds a new custom script. - operationId: post-config-scripts - tags: - - Custom Scripts - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - responses: - '201': - description: CREATED - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.write] - put: - summary: Updates a custom script. - description: Updates a custom script. - operationId: put-config-scripts - x-cli-getdata: get-config-scripts-by-inum - tags: - - Custom Scripts - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.write] - - /jans-config-api/api/v1/config/scripts/name/{name}: - parameters: - - name: name - in: path - required: true - description: Script name. - schema: - type: string - get: - summary: Fetch custom script by name. - description: Fetch custom script by name. - operationId: get-custom-script-by-name - tags: - - Custom Scripts - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - - /jans-config-api/api/v1/config/scripts/type/{type}: - parameters: - - schema: - type: string - enum: - - '- person_authentication' - - '- introspection' - - '- resource_owner_password_credentials' - - '- application_session' - - '- cache_refresh' - - '- client_registration' - - '- id_generator' - - '- uma_rpt_policy' - - '- uma_rpt_claims' - - '- uma_claims_gathering' - - '- consent_gathering' - - '- dynamic_scope' - - '- spontaneous_scope' - - '- end_session' - - '- post_authn' - - '- scim' - - '- ciba_end_user_notification' - - '- persistence_extension' - - '- idp' - - 'revoke_token' - - 'discovery' - - 'update_token' - - 'config_api_auth' - name: type - in: path - description: Script type. - required: true - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - get: - summary: Gets list of scripts by type. - description: Gets list of scripts by type. - operationId: get-config-scripts-by-type - x-cli-ignore: true - tags: - - Custom Scripts - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - /jans-config-api/api/v1/config/scripts/inum/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - required: true - description: Script identifier. - get: - summary: Gets a script by Inum. - description: Gets a script by Inum. - operationId: get-config-scripts-by-inum - x-cli-ignore: true - tags: - - Custom Scripts - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/scripts.readonly] - /jans-config-api/api/v1/config/scripts/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - required: true - description: Script identifier. - delete: - summary: Deletes a custom script. - description: Deletes a custom script. - operationId: delete-config-scripts-by-inum - tags: - - Custom Scripts - responses: - '204': - description: No Content - '401': - description: Unauthorized - '404': - description: Not Found - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scripts.delete] - patch: - summary: Partially update custom script. - description: Partially update custom script. - operationId: patch-config-scripts-by-inum - security: - - oauth2: [https://jans.io/oauth/config/scripts.write] - tags: - - Custom Scripts - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: enabled, value: \"false\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomScript' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - - /jans-config-api/api/v1/config/cache: - get: - summary: Returns cache configuration. - description: Returns cache configuration. - operationId: get-config-cache - tags: - - Cache Configuration - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CacheConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - patch: - summary: Partially modifies cache configuration. - description: Partially modifies cache configuration. - operationId: patch-config-cache - tags: - - Cache Configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: memcachedConfiguration, value: response.memcachedConfiguration } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CacheConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/memcached: - get: - summary: Returns Memcached cache configuration. - description: Returns Memcached cache configuration. - operationId: get-config-cache-memcached - tags: - - Cache Configuration – Memcached - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates Memcached cache configuration. - description: Updates Memcached cache configuration. - operationId: put-config-cache-memcached - tags: - - Cache Configuration – Memcached - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies Memcached cache configuration. - description: Partially modifies Memcached cache configuration. - operationId: patch-config-cache-memcached - tags: - - Cache Configuration – Memcached - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: memcachedConfiguration, value: response.memcachedConfiguration } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/MemcachedConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/redis: - get: - summary: Returns Redis cache configuration. - description: Returns Redis cache configuration. - operationId: get-config-cache-redis - tags: - - Cache Configuration – Redis - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates Redis cache configuration. - description: Updates Redis cache configuration. - operationId: put-config-cache-redis - tags: - - Cache Configuration – Redis - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies Redis cache configuration. - description: Partially modifies Redis cache configuration. - operationId: patch-config-cache-redis - tags: - - Cache Configuration – Redis - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: redisConfiguration/defaultPutExpiration, value: 80 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/RedisConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/in-memory: - get: - summary: Returns in-Memory cache configuration. - description: Returns in-Memory cache configuration. - operationId: get-config-cache-in-memory - tags: - - Cache Configuration – in-Memory - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates in-Memory cache configuration. - description: Updates in-Memory cache configuration. - operationId: put-config-cache-in-memory - tags: - - Cache Configuration – in-Memory - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies In-Memory cache configuration. - description: Partially modifies In-Memory cache configuration. - operationId: patch-config-cache-in-memory - tags: - - Cache Configuration – in-Memory - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: inMemoryConfiguration/defaultPutExpiration, value: 80 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/InMemoryConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/cache/native-persistence: - get: - summary: Returns native persistence cache configuration. - description: Returns native persistence cache configuration. - operationId: get-config-cache-native-persistence - tags: - - Cache Configuration – Native-Persistence - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.readonly] - put: - summary: Updates native persistence cache configuration. - description: Updates native persistence cache configuration. - operationId: put-config-cache-native-persistence - tags: - - Cache Configuration – Native-Persistence - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - parameters: [] - patch: - summary: Partially modifies Native Persistence cache configuration. - description: Partially modifies Native Persistence cache configuration. - operationId: patch-config-cache-native-persistence - tags: - - Cache Configuration – Native-Persistence - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: nativePersistenceConfiguration/defaultPutExpiration, value: 80 } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/NativePersistenceConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/cache.write] - /jans-config-api/api/v1/config/smtp: - get: - summary: Returns SMTP server configuration. - description: Returns SMTP server configuration. - operationId: get-config-smtp - tags: - - Configuration – SMTP - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.readonly] - post: - summary: Adds SMTP server configuration. - description: Adds SMTP server configuration. - operationId: post-config-smtp - tags: - - Configuration – SMTP - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.write] - put: - summary: Updates SMTP server configuration. - description: Updates SMTP server configuration. - operationId: put-config-smtp - tags: - - Configuration – SMTP - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/SmtpConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.write] - delete: - summary: Deletes SMTP server configuration. - description: Deletes SMTP server configuration. - operationId: delete-config-smtp - tags: - - Configuration – SMTP - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.delete] - parameters: [] - /jans-config-api/api/v1/config/smtp/test: - post: - summary: Test SMTP server configuration. - description: Test SMTP server configuration. - operationId: test-config-smtp - tags: - - Configuration – SMTP - responses: - '200': - description: OK - content: - application/json: - schema: - type: boolean - description: SMTP test status true if email sent is successful. - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/smtp.readonly] - /jans-config-api/api/v1/logging: - get: - tags: - - Configuration – Logging - summary: Returns Jans Authorization Server logging settings. - description: Returns Jans Authorization Server logging settings. - operationId: get-config-logging - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LoggingConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/logging.readonly] - put: - tags: - - Configuration – Logging - summary: Updates Jans Authorization Server logging settings. - description: Updates Jans Authorization Server logging settings. - operationId: put-config-logging - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/LoggingConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/LoggingConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/logging.write] - parameters: [] - /jans-config-api/api/v1/config/jwks: - get: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Gets list of JSON Web Key (JWK) used by server. - description: 'Gets list of JSON Web Key (JWK) used by server. JWK is a JSON data structure that represents a set of public keys as a JSON object [RFC4627].' - operationId: get-config-jwks - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.readonly] - put: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Puts/replaces JWKS - description: Puts/replaces JSON Web Keys (JWKS). - operationId: put-config-jwks - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - patch: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Patch JWKS - description: Patch JSON Web Keys (JWKS). - operationId: patch-config-jwks - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[{"op": "add","path": "/keys/1", "value": { "kty": "RSA", "e": "AQAB","use": "sig","crv": "","kid": "dd570bfb-276a-44aa-a97d-667b57587108_sig_rs256","x5c": ["MIIDBDCC..."],"exp": 1599751946863,"alg": "RS256","n": "zj1NE.."}}]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/WebKeysConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - /jans-config-api/api/v1/config/jwks/key: - post: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Adds a new key to JSON Web Keys (JWKS) - description: Adds a new key to JSON Web Keys (JWKS). - operationId: post-config-jwks-key - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - /jans-config-api/api/v1/config/jwks/{kid}: - parameters: - - schema: - type: string - name: kid - in: path - description: The unique identifier for the key. - required: true - get: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Get a JSON Web Key based on kid - description: Get a JSON Web Key based on kid - operationId: put-config-jwk-kid - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.readonly] - patch: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Patch a specific JSON Web Key based on kid - description: Patch a specific JSON Web Key based on kid - operationId: patch-config-jwk-kid - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[{"op": "add","path": "/kty", "value": "RSA"}]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/JsonWebKey' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/jwks.write] - delete: - tags: - - Configuration – JWK - JSON Web Key (JWK) - summary: Delete a JSON Web Key based on kid - description: Delete a JSON Web Key based on kid - operationId: delete-config-jwk-kid - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/jwks.delete] - /jans-config-api/api/v1/openid/clients: - get: - tags: - - OAuth - OpenID Connect - Clients - summary: Gets list of OpenID Connect clients - description: Gets list of OpenID Connect clients - operationId: get-oauth-openid-clients - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - post: - tags: - - OAuth - OpenID Connect - Clients - summary: Create new OpenId Connect client - description: Create new OpenId Connect client - operationId: post-oauth-openid-clients - requestBody: - content: - application/json: - schema: - title: OpenID Connect Client Details. - description: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - responses: - '201': - description: Created - content: - application/json: - schema: - title: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.write] - put: - tags: - - OAuth - OpenID Connect - Clients - summary: Update OpenId Connect client. - description: Update OpenId Connect client. - operationId: put-oauth-openid-clients - requestBody: - content: - application/json: - schema: - title: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - responses: - '200': - description: OK - content: - application/json: - schema: - title: OpenID Connect Client Details. - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.write] - /jans-config-api/api/v1/openid/clients/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - description: Client identifier - required: true - get: - tags: - - OAuth - OpenID Connect - Clients - summary: Get OpenId Connect Client by Inum - description: Get OpenId Connect Client by Inum. - operationId: get-oauth-openid-clients-by-inum - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.readonly] - delete: - tags: - - OAuth - OpenID Connect - Clients - summary: Delete OpenId Connect client. - description: Delete OpenId Connect client. - operationId: delete-oauth-openid-clients-by-inum - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.delete] - patch: - tags: - - OAuth - OpenID Connect - Clients - summary: Update modified properties of OpenId Connect client by Inum. - description: Update modified properties of OpenId Connect client by Inum. - operationId: patch-oauth-openid-clients-by-inum - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: backchannel_authentication_request_signing_alg, value: false } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Client Details. - $ref: '#/components/schemas/Client' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/openid/clients.write] - - /jans-config-api/api/v1/uma/resources: - get: - tags: - - OAuth - UMA Resources - summary: Gets list of UMA resources. - description: Gets list of UMA resources. - operationId: get-oauth-uma-resources - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - - post: - tags: - - OAuth - UMA Resources - summary: Creates an UMA resource. - description: Creates an UMA resource. - operationId: post-oauth-uma-resources - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UmaResource' - responses: - '201': - description: Created - content: - application/json: - schema: - title: UMAResource - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.write] - put: - tags: - - OAuth - UMA Resources - summary: Updates an UMA resource. - description: Updates an UMA resource. - operationId: put-oauth-uma-resources - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UmaResource' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.write] - /jans-config-api/api/v1/uma/resources/{id}: - parameters: - - name: id - in: path - required: true - description: Resource description ID. - schema: - type: string - get: - tags: - - OAuth - UMA Resources - summary: Gets an UMA resource by ID. - description: Gets an UMA resource by ID. - operationId: get-oauth-uma-resources-by-id - responses: - '200': - description: OK - content: - application/json: - schema: - title: UMAResource - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.readonly] - - delete: - tags: - - OAuth - UMA Resources - summary: Deletes an UMA resource. - description: Deletes an UMA resource. - operationId: delete-oauth-uma-resources-by-id - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.delete] - - patch: - tags: - - OAuth - UMA Resources - summary: Partially updates an UMA resource by Inum. - description: Partially updates an UMA resource by Inum. - operationId: patch-oauth-uma-resources-by-id - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: clients, value: [\"client_1\",\"client_2\"] },{op:add, path: clients/2, value: \"client_3\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: UMAResource - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.write] - - - /jans-config-api/api/v1/uma/resources/clientId/{clientId}: - parameters: - - name: clientId - in: path - required: true - description: Client ID. - schema: - type: string - get: - tags: - - OAuth - UMA Resources - summary: Fetch uma resources by client id. - description: Fetch uma resources by client id. - operationId: get-oauth-uma-resources-by-clientid - responses: - '200': - description: OK - content: - application/json: - schema: - title: UMA Resource list. - description: List of UMA Resource. - items: - $ref: '#/components/schemas/UmaResource' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/uma/resources.readonly] - - - /jans-config-api/api/v1/scopes: - get: - tags: - - OAuth - Scopes - summary: Gets list of Scopes. - description: Gets list of Scopes. Optionally type to filter the scope, max-size of the result and pattern can be provided. - operationId: get-oauth-scopes - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.readonly] - parameters: - - schema: - type: string - enum: - - openid - - dynamic - - uma - - spontaneous - - oauth - in: query - name: type - description: Scope type. - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - - - post: - tags: - - OAuth - Scopes - summary: Create Scope. - description: Create Scope. - operationId: post-oauth-scopes - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.write] - put: - tags: - - OAuth - Scopes - summary: Updates existing Scope. - description: Updates existing Scope. - operationId: put-oauth-scopes - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.write] - parameters: [] - /jans-config-api/api/v1/scopes/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - required: true - - get: - tags: - - OAuth - Scopes - summary: Get Scope by Inum - description: Get Scope by Inum - operationId: get-oauth-scopes-by-inum - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/ExtendedScope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: ['https://jans.io/oauth/config/scopes.readonly'] - parameters: - - schema: - type: boolean - default: false - in: query - name: withAssociatedClients - description: Also fetch associated clients with scopes. - delete: - tags: - - OAuth - Scopes - summary: Delete Scope. - description: Delete Scope. - operationId: delete-oauth-scopes-by-inum - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.delete] - patch: - tags: - - OAuth - Scopes - summary: Update modified attributes of existing Scope by Inum. - description: Update modified attributes of existing Scope by Inum. - operationId: patch-oauth-scopes-by-id - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: clients, value: [\"client_1\",\"client_2\"] },{op:add, path: clients/2, value: \"client_3\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/Scope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/scopes.write] - - /jans-config-api/api/v1/scopes/creator/{creatorId}: - parameters: - - schema: - type: string - name: creatorId - in: path - required: true - description: Id of the scope creator. If creator is client then client_id if user then user_id. - get: - tags: - - OAuth - Scopes - summary: Get Scope by creatorId - description: Get Scope by creatorId - operationId: get-scope-by-creator - responses: - '200': - description: OK - content: - application/json: - schema: - title: Scope list. - description: List of scope. - items: - $ref: '#/components/schemas/ExtendedScope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: ['https://jans.io/oauth/config/scopes.readonly'] - - /jans-config-api/api/v1/scopes/type/{type}: - parameters: - - schema: - type: string - enum: - - openid - - dynamic - - uma - - spontaneous - - oauth - name: type - in: path - required: true - description: Type of the scope. - get: - tags: - - OAuth - Scopes - summary: Get Scope by Type - description: Get Scope by type - operationId: get-scope-by-type - responses: - '200': - description: OK - content: - application/json: - schema: - title: Scope list. - description: List of scope. - items: - $ref: '#/components/schemas/ExtendedScope' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: ['https://jans.io/oauth/config/scopes.readonly'] - - /jans-config-api/api/v1/agama: - get: - summary: Fetches all agama flow. - description: Fetches all agama flow. - operationId: get-agama-flows - tags: - - Configuration – Agama Flow - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/agama.readonly] - parameters: - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: agFlowQname - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - - schema: - type: boolean - default: false - in: query - name: includeSource - description: Boolean value true indcates source to be included in response. - - post: - summary: Create a new agama flow. - description: Create a new agama flow. - operationId: post-agama-flow - tags: - - Configuration – Agama Flow - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AgamaFlow' - responses: - '201': - description: CREATED - content: - application/json: - schema: - $ref: '#/components/schemas/AgamaFlow' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/agama.write] - - /jans-config-api/api/v1/agama/{qname}: - parameters: - - schema: - type: string - name: qname - in: path - description: flow qname. - required: true - get: - summary: Gets an agama flow based on Qname. - description: Gets an agama flow based on Qname. - operationId: get-agama-flow - tags: - - Configuration – Agama Flow - responses: - '200': - description: OK - content: - application/json: - schema: - items: - $ref: '#/components/schemas/AgamaFlow' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/agama.readonly] - - post: - summary: Create a new agama flow from source. - description: Create a new agama flow from source. - operationId: post-agama-flow-from-source - tags: - - Configuration – Agama Flow - requestBody: - content: - text/plain: - schema: - type: string - - responses: - '201': - description: CREATED - content: - application/json: - schema: - $ref: '#/components/schemas/AgamaFlow' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/agama.write] - - patch: - summary: Partially modify a Agama Flow. - description: Partially modify a Agama Flow. - operationId: patch-agama-flow - tags: - - Configuration – Agama Flow - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: enabled, value: \"false\" } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AgamaFlow' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/agama.write] - - delete: - summary: Deletes an agama flow based on Qname. - description: Deletes an agama flow based on Qname. - operationId: delete-agama-flow - tags: - - Configuration – Agama Flow - responses: - '204': - description: No Content - '401': - description: Unauthorized - '404': - description: Not Found - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/agama.delete] - - /jans-config-api/api/v1/agama/source/{qname}: - parameters: - - schema: - type: string - name: qname - in: path - description: flow qname. - required: true - - put: - summary: Update agama flow from source file. - description: Update agama flow from source file. - operationId: put-agama-flow-from-source - tags: - - Configuration – Agama Flow - requestBody: - content: - text/plain: - schema: - type: string - - responses: - '201': - description: CREATED - content: - application/json: - schema: - $ref: '#/components/schemas/AgamaFlow' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - security: - - oauth2: [https://jans.io/oauth/config/agama.write] - - /jans-config-api/api/v1/stat: - get: - summary: Provides server with basic statistic. - description: Provides server with basic statistic. - operationId: get-stat - security: - - oauth2: [https://jans.io/oauth/config/stats.readonly jans_stat] - tags: - - Statistics - User - responses: - '200': - description: OK - content: - application/json: - schema: - title: FlatStatResponse - description: Jans Authorization Server statistic data. - type: array - items: - $ref: '#/components/schemas/StatResponseItem' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - parameters: - - schema: - type: string - in: query - name: month - description: Month for which the stat report is to be fetched. The parameter is mandatory if start_month and end_month parameters are not present. - example: 202012 (2020 Dec) 202101 (2021 Jan)) - - schema: - type: string - in: query - name: start_month - description: Start-Month for which the stat report is to be fetched. - - schema: - type: string - in: query - name: end_month - description: End-Month for which the stat report is to be fetched. - - schema: - type: string - enum: - - json - - openmetrics - default: json - in: query - name: format - description: Report format - - /jans-config-api/api/v1/health: - get: - summary: Returns application health status. - description: Returns application health status. - operationId: get-config-health - tags: - - Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HealthStatus' - '500': - description: Internal Server Error - /jans-config-api/api/v1/health/live: - get: - summary: Returns application liveness status. - description: Returns application liveness status. - operationId: get-config-health-live - tags: - - Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HealthStatusItem' - '500': - description: Internal Server Error - /jans-config-api/api/v1/health/ready: - get: - summary: Returns application readiness status. - description: Returns application readiness status. - operationId: get-config-health-ready - tags: - - Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/HealthStatusItem' - '500': - description: Internal Server Error - - /jans-config-api/api/v1/health/server-stat: - get: - summary: Returns application server status. - description: Returns application server status. - operationId: get-server-stat - tags: - - Server Stats - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/StatsData' - '500': - description: Internal Server Error - - /jans-config-api/api/v1/jans-auth-server/session: - get: - summary: Returns current session. - description: Returns current session. - operationId: get-sessions - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/session.readonly] - tags: - - Auth - Session Management - responses: - '200': - description: OK - content: - application/json: - schema: - title: Auth session - description: List of auth session. - type: array - items: - $ref: '#/components/schemas/SessionId' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - - /jans-config-api/api/v1/jans-auth-server/session/{userDn}: - parameters: - - name: userDn - in: path - description: User domain name. - required: true - schema: - type: string - post: - summary: Revoke all sessions by userDn. - description: Revoke all sessions by userDn. - operationId: revoke-user-session - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/session.delete, revoke_session] - tags: - - Auth - Session Management - responses: - '200': - description: Ok - '401': - $ref: '#/components/responses/Unauthorized' - '404': - description: Not Found - '500': - description: Internal Server Error - - /jans-config-api/mgt/configuser: - get: - tags: - - Configuration – User Management - summary: Gets list of users - description: Gets list of users - operationId: get-user - responses: - "200": - description: Ok - content: - application/json: - schema: - $ref: '#/components/schemas/PagedResult' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.readonly] - parameters: - - schema: - type: integer - default: 50 - in: query - name: limit - description: Search size - max size of the results to return. - - schema: - type: string - in: query - name: pattern - description: Search pattern. - - schema: - type: integer - default: 1 - in: query - name: startIndex - description: The 1-based index of the first query result. - - schema: - type: string - default: inum - in: query - name: sortBy - description: Attribute whose value will be used to order the returned response. - - schema: - type: string - default: ascending - enum: - - ascending - - descending - in: query - name: sortOrder - description: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending". - post: - tags: - - Configuration – User Management - summary: Create new User - description: Create new User - operationId: post-user - requestBody: - content: - application/json: - schema: - title: User Details. - description: User Details. - $ref: '#/components/schemas/ExtendedCustomUser' - responses: - '201': - description: Created - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/CustomUser' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.write] - put: - tags: - - Configuration – User Management - summary: Update User. - description: Update User. - operationId: put-user - requestBody: - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/CustomUser' - responses: - '200': - description: OK - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/CustomUser' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.write] - /jans-config-api/mgt/configuser/{inum}: - parameters: - - schema: - type: string - name: inum - in: path - description: User identifier - required: true - get: - tags: - - Configuration – User Management - summary: Get User by Inum - description: Get User by Inum. - operationId: get-user-by-inum - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/CustomUser' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.readonly] - delete: - tags: - - Configuration – User Management - summary: Delete User. - description: Delete User. - operationId: delete-user - responses: - '204': - description: No Content - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.delete] - patch: - tags: - - Configuration – User Management - summary: Patch user properties by Inum. - description: Patch user properties by Inum. - operationId: patch-user-by-inum - requestBody: - content: - application/json: - schema: - type: object - $ref: '#/components/schemas/UserPatchRequest' - description: Patch request object - example: '[ {"jsonPatchString": {"op": "add", "path": "userId","value": "test-user" }, "customAttributes": [{"name": "name, displayName, birthdate, email","multiValued": true,"values": ["string"]}]}]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: User Details. - $ref: '#/components/schemas/CustomUser' - '401': - $ref: '#/components/responses/Unauthorized' - '404': - $ref: '#/components/responses/NotFound' - '500': - description: Internal Server Error - security: - - oauth2: [https://jans.io/oauth/config/user.write] - - - /jans-config-api/scim/scim-config: - get: - summary: Retrieves SCIM App configuration. - description: Retrieves SCIM configuration. - operationId: get-scim-config - security: - - oauth2: [https://jans.io/scim/config.readonly] - tags: - - SCIM - Config Management - x-cli-plugin: scim - responses: - '200': - description: OK - content: - application/json: - schema: - title: ScimAppConfiguration - description: SCIM App configuration. - $ref: '#/components/schemas/ScimAppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - patch: - summary: Partially modifies SCIM App configuration. - description: Partially modifies SCIM App configuration. - operationId: patch-scim-config - security: - - oauth2: [https://jans.io/scim/config.write] - tags: - - SCIM - Config Management - x-cli-plugin: scim - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[ {op:replace, path: loggingLevel, value: DEBUG } ]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: ScimAppConfiguration - description: SCIM App configuration. - $ref: '#/components/schemas/ScimAppConfiguration' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - - /jans-config-api/api/v1/org: - get: - summary: Retrieves organization configuration. - description: Retrieves organization configuration. - operationId: get-organization-config - security: - - oauth2: [https://jans.io/oauth/config/organization.readonly] - tags: - - Organization Configuration - responses: - '200': - description: OK - content: - application/json: - schema: - title: Organization - description: Organization configuration. - $ref: '#/components/schemas/Organization' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - patch: - summary: Partially modifies organization configuration. - description: Partially modifies organization configuration. - operationId: patch-organization-config - security: - - oauth2: [https://jans.io/oauth/config/organization.write] - tags: - - Organization Configuration - requestBody: - content: - application/json-patch+json: - schema: - type: array - items: - $ref: '#/components/schemas/PatchRequest' - description: String representing patch-document. - example: '[{"op": "add", "path": "/jsFaviconPath", "value": "/opt/jans/jetty/jans-auth/custom/static/"}]' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Organization - description: Organization configuration. - $ref: '#/components/schemas/Organization' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - - /jans-config-api/api/v1/jans-auth-server/health: - get: - summary: Returns auth server health status. - description: Returns auth server health status. - operationId: get-auth-server-health - tags: - - Auth Server Health - Check - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/AuthHealthStatus' - '500': - description: Internal Server Error - - /jans-config-api/admin-ui/adminUIRoles: - get: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Get all admin ui roles. - description: Get all admin ui roles. - operationId: get-adminui-roles - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.read] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui roles. - description: Get admin ui roles. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - post: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Add admin ui role. - description: Add admin ui role. - operationId: add-adminui-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] - requestBody: - content: - application/json: - schema: - required: - - role - $ref: '#/components/schemas/AdminRole' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Add admin ui role. - description: Add admin ui role. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Edit admin ui role. - description: Edit admin ui role. - operationId: edit-adminui-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminRole' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Edit admin ui role. - description: Edit admin ui role. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - delete: - tags: - - Admin UI - Role - x-cli-plugin: admin-ui - summary: Delete admin ui role. - description: Delete admin ui role. - operationId: delete-adminui-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminRole' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Delete admin ui role. - description: Delete admin ui role. - type: array - items: - $ref: '#/components/schemas/AdminRole' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/adminUIPermissions: - get: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Get admin ui permissions. - description: Get admin ui permissions. - operationId: get-adminui-permissions - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.read] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui permissions. - description: Get admin ui permissions. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - post: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Add admin ui permission. - description: Add admin ui permission. - operationId: add-adminui-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] - requestBody: - content: - application/json: - schema: - required: - - permission - $ref: '#/components/schemas/AdminPermission' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Add admin ui permission. - description: Add admin ui permission. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Edit admin ui permission. - description: Edit admin ui permission. - operationId: edit-adminui-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminPermission' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Edit admin ui permission. - description: Edit admin ui permission. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - delete: - tags: - - Admin UI - Permission - x-cli-plugin: admin-ui - summary: Delete admin ui permission. - description: Delete admin ui permission. - operationId: delete-adminui-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/AdminPermission' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Delete admin ui permission. - description: Delete admin ui permission. - type: array - items: - $ref: '#/components/schemas/AdminPermission' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/adminUIRolePermissionsMapping: - get: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Get admin ui role-permissions mapping. - description: Get admin ui role-permissions mapping. - operationId: get-adminui-role-permissions - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui role-permissions mapping. - description: Get admin ui role-permissions mapping. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - post: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Add role-permissions mapping. - description: Add role-permissions mapping. - operationId: Add role-permissions mapping. - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolePermissionMapping' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Add role-permissions mapping. - description: Add role-permissions mapping. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Map permissions to role. - description: Map permissions to role. - operationId: map-permissions-to-role - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolePermissionMapping' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Map permissions to role. - description: Map permissions to role. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - delete: - tags: - - Admin UI - Role-Permissions Mapping - x-cli-plugin: admin-ui - summary: Remove role-permissions mapping. - description: Remove role-permissions mapping. - operationId: remove-role-permissions-permission - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write] - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RolePermissionMapping' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Remove role-permissions mapping. - description: Remove role-permissions mapping. - type: array - items: - $ref: '#/components/schemas/RolePermissionMapping' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - /jans-config-api/admin-ui/license/isActive: - get: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Check if admin-ui license is active. - description: Check if admin-ui license is active. - operationId: is-license-active - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Check if admin-ui license is active. - description: Check if admin-ui license is active. - $ref: '#/components/schemas/LicenseApiResponse' - '400': - $ref: '#/components/schemas/LicenseApiResponse' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/schemas/LicenseApiResponse' - /jans-config-api/admin-ui/license/activateLicense: - post: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Activate license using license-key. - description: Activate license using license-key. - operationId: activate-adminui-license - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write] - requestBody: - content: - application/json: - schema: - required: - - licenseKey - $ref: '#/components/schemas/LicenseApiRequest' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Activate license using license-key. - description: Activate license using license-key. - $ref: '#/components/schemas/LicenseApiResponse' - '400': - $ref: '#/components/schemas/LicenseApiResponse' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/schemas/LicenseApiResponse' - /jans-config-api/admin-ui/license/saveApiCredentials: - post: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Save license api credentials. - description: Save license api credentials. - operationId: save-license-api-credentials - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write] - requestBody: - content: - application/json: - schema: - required: - - licenseKey - $ref: '#/components/schemas/LicenseSpringCredentials' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Save license api credentials. - description: Save license api credentials. - $ref: '#/components/schemas/LicenseApiResponse' - '400': - $ref: '#/components/schemas/LicenseApiResponse' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/schemas/LicenseApiResponse' - /jans-config-api/admin-ui/license/licenseDetails: - get: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Get admin ui license details. - description: Get admin ui license details. - operationId: get-adminui-license - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly] - responses: - '200': - description: OK - content: - application/json: - schema: - title: Get admin ui license details. - description: Get admin ui license details. - $ref: '#/components/schemas/LicenseDetailsResponse' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' - put: - tags: - - Admin UI - License - x-cli-plugin: admin-ui - summary: Edit admin ui license details. - description: Edit admin ui license details. - operationId: edit-adminui-license - security: - - oauth2: [https://jans.io/oauth/jans-auth-server/config/adminui/license.write] - requestBody: - content: - application/json: - schema: - required: - - role - $ref: '#/components/schemas/LicenseDetailsRequest' - responses: - '200': - description: OK - content: - application/json: - schema: - title: Edit admin ui license details. - description: Edit admin ui license details. - $ref: '#/components/schemas/LicenseDetailsResponse' - '400': - $ref: '#/components/responses/NotAcceptable' - '401': - $ref: '#/components/responses/Unauthorized' - '500': - $ref: '#/components/responses/InternalServerError' -components: - securitySchemes: - oauth2: - type: oauth2 - description: Authorization - flows: - clientCredentials: - tokenUrl: 'https://{op-hostname}/.../token' - scopes: - https://jans.io/oauth/jans-auth-server/config/properties.readonly: View Auth Server properties related information - https://jans.io/oauth/jans-auth-server/config/properties.write: Manage Auth Server properties related information - https://jans.io/oauth/config/fido2.readonly: View FIDO2 related information - https://jans.io/oauth/config/fido2.write: Manage FIDO2 related information - https://jans.io/oauth/config/attributes.readonly: View attribute related information - https://jans.io/oauth/config/attributes.write: Manage attribute related information - https://jans.io/oauth/config/attributes.delete: Delete attribute related information - https://jans.io/oauth/config/acrs.readonly: View ACRS related information - https://jans.io/oauth/config/acrs.write: Manage ACRS related information - https://jans.io/oauth/config/database/ldap.readonly: View LDAP database related information - https://jans.io/oauth/config/database/ldap.write: Manage LDAP database related information - https://jans.io/oauth/config/database/ldap.delete: Delete LDAP database related information - https://jans.io/oauth/config/scripts.readonly: View cache scripts information - https://jans.io/oauth/config/scripts.write: Manage scripts related information - https://jans.io/oauth/config/scripts.delete: Delete scripts related information - https://jans.io/oauth/config/cache.readonly: View cache related information - https://jans.io/oauth/config/cache.write: Manage cache related information - https://jans.io/oauth/config/smtp.readonly: View SMTP related information - https://jans.io/oauth/config/smtp.write: Manage SMTP related information - https://jans.io/oauth/config/smtp.delete: Delete SMTP related information - https://jans.io/oauth/config/logging.readonly: View logging related information - https://jans.io/oauth/config/logging.write: Manage logging related information - https://jans.io/oauth/config/jwks.readonly: View JWKS related information - https://jans.io/oauth/config/jwks.write: Manage JWKS related information - https://jans.io/oauth/config/jwks.delete: Delete JWKS related information - https://jans.io/oauth/config/openid/clients.readonly: View clients related information - https://jans.io/oauth/config/openid/clients.write: Manage clients related information - https://jans.io/oauth/config/openid/clients.delete: Delete clients related information - https://jans.io/oauth/config/scopes.readonly: View scope related information - https://jans.io/oauth/config/scopes.write: Manage scope related information - https://jans.io/oauth/config/scopes.delete: Delete scope related information - https://jans.io/oauth/config/uma/resources.readonly: View UMA Resource related information - https://jans.io/oauth/config/uma/resources.write: Manage UMA Resource related information - https://jans.io/oauth/config/uma/resources.delete: Delete UMA Resource related information - https://jans.io/oauth/config/stats.readonly: Vew server with basic statistic - https://jans.io/oauth/config/scim/users.read: Vew scim user related information - https://jans.io/oauth/config/scim/users.write: Manage scim user related information - https://jans.io/scim/config.readonly: Vew SCIM App configuration - https://jans.io/scim/config.write: Manage SCIM App configuration - https://jans.io/oauth/config/organization.readonly: View organization configuration information - https://jans.io/oauth/config/organization.write: Manage organization configuration information - https://jans.io/oauth/config/user.readonly: View user related information - https://jans.io/oauth/config/user.write: Manage user related information - https://jans.io/oauth/config/user.delete: Delete user related information - https://jans.io/oauth/config/agama.readonly: View Agama Flow related information - https://jans.io/oauth/config/agama.write: Manage Agama Flow related information - https://jans.io/oauth/config/agama.delete: Delete Agama Flow related information - https://jans.io/oauth/jans-auth-server/session.readonly: View Session related information - https://jans.io/oauth/jans-auth-server/session.delete: Delete Session information - - responses: - Found: - description: Resource Found. - content: {} - InvalidRequest: - description: Invalid parameters are provided to endpoint. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - Unauthorized: - description: Access token is missing or invalid. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - AccessDenied: - description: Invalid details provided hence access denied. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - NotFound: - description: Resource Not Found. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - NotAcceptable: - description: Request Not Acceptable. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - InternalServerError: - description: Internal error occurred. Please check log file for details. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' - schemas: - ErrorResponse: - required: - - error_code - - error_description - type: object - properties: - error_code: - type: string - error_description: - type: string - details: - type: string - - CustomScript: - type: object - description: Script - required: - - name - - script - - scriptType - - programmingLanguage - - level - properties: - dn: - type: string - inum: - description: XRI i-number. Identifier to uniquely identify the script. - type: string - name: - type: string - pattern: '^[a-zA-Z0-9_\\-\\:\\/\\.]+$' - minLength: 1 - maxLength: 60 - description: 'Custom script name. Should contain only letters, digits and underscores.' - aliases: - type: array - description: List of possible aliases for the custom script. - items: - type: string - description: - type: string - description: Details describing the script. - script: - type: string - description: Actual script. - scriptType: - type: string - description: Type of script. - enum: - - person_authentication - - introspection - - resource_owner_password_credentials - - application_session - - cache_refresh - - client_registration - - id_generator - - uma_rpt_policy - - uma_rpt_claims - - uma_claims_gathering - - consent_gathering - - dynamic_scope - - spontaneous_scope - - end_session - - post_authn - - scim - - ciba_end_user_notification - - revoke_token - - persistence_extension - - idp - - discovery - - update_token - - config_api - programmingLanguage: - type: string - enum: - - python - - java - description: Programming language of the custom script. - moduleProperties: - type: array - description: Module-level properties applicable to the script. - items: - $ref: '#/components/schemas/SimpleCustomProperty' - configurationProperties: - type: array - description: Configuration properties applicable to the script. - items: - $ref: '#/components/schemas/SimpleExtendedCustomProperty' - level: - type: integer - description: Script level. - revision: - type: integer - format: int64 - description: Update revision number of the script. - default: 0 - enabled: - type: boolean - description: boolean value indicating if script enabled. - default: false - scriptError: - type: object - description: Possible errors assosiated with the script. - $ref: '#/components/schemas/ScriptError' - modified: - type: boolean - description: boolean value indicating if the script is modified. - default: false - internal: - type: boolean - description: boolean value indicating if the script is internal. - default: false - locationPath: - type: string - baseDn: - type: string - - LdapConfiguration: - type: object - required: - - configId - - bindDN - - maxConnections - - primaryKey - - localPrimaryKey - - bindPassword - - servers - - baseDNs - - useSSL - properties: - configId: - type: string - description: Unique identifier - Name - example: auth_ldap_server - bindDN: - type: string - description: This contains the username to connect to the backend server. You need to use full DN here. As for example, cn=jans,dc=company,dc=org. - bindPassword: - type: string - description: Ldap password for binding. - servers: - type: array - description: List of LDAP authentication servers. - items: - type: string - description: Unique name of the authentication server and port number. - example: 'authserver.org:63' - maxConnections: - type: integer - description: This value defines the maximum number of connections that are allowed to read the backend Active Directory/LDAP server. - format: int32 - default: 2 - useSSL: - type: boolean - description: Enable SSL communication between Jans Server and LDAP server. - baseDNs: - type: array - description: List contains the location of the Active Directory/LDAP tree from where the Gluu Server shall read the user information. - items: - type: string - primaryKey: - type: string - description: Used to search and bind operations in configured LDAP server. - example: 'SAMAccountName,uid, email' - localPrimaryKey: - type: string - description: Used to search local user entry in Gluu Server’s internal LDAP directory. - example: 'uid, email' - useAnonymousBind: - type: boolean - description: Boolean value used to indicate if the LDAP Server will allow anonymous bind request. - default: false - enabled: - type: boolean - description: Boolean value used to indicate if the LDAP Server is enabled. Do not use this unless the server administrator has entered all the required values. - default: false - version: - type: integer - description: LDAP server version. - level: - type: integer - description: A string that indicates the level. - - - JsonWebKey: - type: object - description: JsonWebKey - required: - - kid - - kty - - use - - alg - - exp - properties: - name: - type: string - description: Name of the key. - descr: - type: string - description: key description. - kid: - type: string - description: The unique identifier for the key. - kty: - type: string - description: The family of cryptographic algorithms used with the key. - use: - type: string - description: How the key was meant to be used; sig represents the signature. - alg: - type: string - description: The specific cryptographic algorithm used with the key. - crv: - type: string - description: The crv member identifies the cryptographic curve used with the key. Values defined by this specification are P-256, P-384 and P-521. Additional crv values MAY be used, provided they are understood by implementations using that Elliptic Curve key. The crv value is case sensitive. - exp: - type: integer - format: int64 - description: Contains the token expiration timestamp - x5c: - type: array - description: The x.509 certificate chain. The first entry in the array is the certificate to use for token verification; the other certificates can be used to verify this first certificate. - items: - type: string - n: - type: string - description: The modulus for the RSA public key. - e: - type: string - description: The exponent for the RSA public key. - x: - type: string - description: The x member contains the x coordinate for the elliptic curve point. It is represented as the base64url encoding of the coordinate's big endian representation. - y: - type: string - description: The y member contains the y coordinate for the elliptic curve point. It is represented as the base64url encoding of the coordinate's big endian representation. - - PersistenceConfiguration: - title: PersistenceConfiguration - description: Persistence configuration properties. - properties: - persistenceType: - type: string - description: Jans Auth Server persistence type configured. - enum: - - ldap - - couchbase - - sql - - spanner - - hybrid - - AppConfiguration: - title: AppConfiguration - description: App configuration properties. - properties: - issuer: - type: string - description: URL using the https scheme that OP asserts as Issuer identifier. - example: 'https://server.example.com/' - baseEndpoint: - type: string - description: The base URL for endpoints. - example: 'https://server.example.com/restv1' - authorizationEndpoint: - type: string - description: The authorization endpoint URL. - example: 'https://server.example.com/restv1/authorize' - tokenEndpoint: - type: string - description: The token endpoint URL. - example: 'https://server.example.com/restv1/token' - tokenRevocationEndpoint: - type: string - description: The URL for the access_token or refresh_token revocation endpoint. - example: 'https://server.example.com/restv1/revoke' - userInfoEndpoint: - type: string - description: The User Info endpoint URL. - example: 'https://server.example.com/restv1/userinfo' - clientInfoEndpoint: - type: string - description: The Client Info endpoint URL. - example: 'https://server.example.com/restv1/clientinfo' - checkSessionIFrame: - type: string - description: URL for an OP IFrame that supports cross-origin communications for session state information with the RP Client using the HTML5 postMessage API. - example: 'https://server.example.com/opiframe.htm' - endSessionEndpoint: - type: string - description: URL at the OP to which an RP can perform a redirect to request that the end user be logged out at the OP. - example: 'https://server.example.com/restv1/end_session' - jwksUri: - type: string - description: URL of the OP\'s JSON Web Key Set (JWK) document. This contains the signing key(s) the RP uses to validate signatures from the OP. - example: 'https://server.example.com/restv1/jwks' - registrationEndpoint: - type: string - description: URL of the Registration Endpoint. - example: 'https://server.example.com/restv1/register' - openIdDiscoveryEndpoint: - type: string - description: URL for the Discovery Endpoint. - example: 'https://server.example.com/.well-known/webfinger' - openIdConfigurationEndpoint: - type: string - description: URL for the Open ID Connect Configuration Endpoint. - example: 'https://server.example.com/.well-known/openid-configuration' - idGenerationEndpoint: - type: string - description: URL for the ID Generation Endpoint. - example: 'https://server.example.com/restv1/id' - introspectionEndpoint: - type: string - description: URL for the Introspection Endpoint. - example: 'https://server.example.com/restv1/introspection' - parEndpoint: - type: string - description: URL for Pushed Authorisation Request (PAR) Endpoint. - example: 'https://server.example.com/jans-auth/restv1/par' - requirePar: - description: boolean value to indicate of Pushed Authorisation Request(PAR)is required. - type: boolean - deviceAuthzEndpoint: - type: string - description: URL for the Device Authorization. - example: 'https://server.example.com/restv1/device_authorization' - mtlsAuthorizationEndpoint: - type: string - description: URL for Mutual TLS Client Authentication and Certificate-Bound Access Tokens (MTLS) Endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls' - mtlsTokenEndpoint: - type: string - description: URL for MTLS Authorization token Endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/token' - mtlsTokenRevocationEndpoint: - type: string - description: URL for MTLS Authorization token revocation endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/revoke' - mtlsUserInfoEndpoint: - type: string - description: URL for MTLS User Info endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/userinfo' - mtlsClientInfoEndpoint: - type: string - description: URL for MTLS Client Info endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/clientinfo' - mtlsCheckSessionIFrame: - type: string - description: URL for MTLS IFrame that supports cross-origin communications for session state information with the RP Client using the HTML5 postMessage API.. - example: 'https://server.example.com/jans-auth/restv1/mtls/opiframe.htm' - mtlsEndSessionEndpoint: - type: string - description: URL for MTLS to which an RP can perform a redirect to request that the end user be logged out at the OP. - example: 'https://server.example.com/jans-auth/restv1/mtls/end_session' - mtlsJwksUri: - type: string - description: URL for MTLS of the OP\'s JSON Web Key Set (JWK) document. - example: 'https://server.example.com/jans-auth/restv1/mtls/jwks' - mtlsRegistrationEndpoint: - type: string - description: URL for MTLS Registration endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/register' - mtlsIdGenerationEndpoint: - type: string - description: URL for MTLS Id generation endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/id' - mtlsIntrospectionEndpoint: - type: string - description: URL for MTLS Introspection endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/introspection' - mtlsParEndpoint: - type: string - description: URL for MTLS Pushed Authorisation Request (PAR) endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/par' - mtlsDeviceAuthzEndpoint: - type: string - description: URL for MTLS Device Authorization endpoint. - example: 'https://server.example.com/jans-auth/restv1/mtls/device_authorization' - sessionAsJwt: - type: boolean - description: Boolean value true saves session data as a JWT. - requireRequestObjectEncryption: - type: boolean - description: Boolean value true encrypts request object. - requirePkce: - type: boolean - description: Boolean value true check for Proof Key for Code Exchange (PKCE). - allowAllValueForRevokeEndpoint: - type: boolean - description: Boolean value true allow all value for revoke endpoint. - sectorIdentifierCacheLifetimeInMinutes: - type: integer - description: Sector Identifier cache lifetime in minutes. - umaConfigurationEndpoint: - type: string - description: URL for the UMA Configuration Endpoint. - example: 'https://server.example.com/restv1/uma2-configuration' - umaRptAsJwt: - type: boolean - description: Issue RPT as JWT or as random string. - umaRptLifetime: - type: integer - description: UMA RPT lifetime. - umaTicketLifetime: - type: integer - description: UMA ticket lifetime. - umaPctLifetime: - type: integer - description: UMA PCT lifetime. - umaResourceLifetime: - type: integer - description: UMA PCT lifetime. - umaAddScopesAutomatically: - type: boolean - description: Add UMA scopes automatically if it is not registered yet. - umaValidateClaimToken: - type: boolean - description: Validate claim_token as id_token assuming it is issued by local idp. - umaGrantAccessIfNoPolicies: - type: boolean - description: Specifies whether to grant access to resources if there are no any policies associated with scopes. - umaRestrictResourceToAssociatedClient: - type: boolean - description: Restrict access to resource by associated client. - statTimerIntervalInSeconds: - type: integer - description: Statistical data capture time interval. - statAuthorizationScope: - type: string - description: Scope required for Statistical Authorization. - allowSpontaneousScopes: - type: boolean - description: Specifies whether to allow spontaneous scopes. - spontaneousScopeLifetime: - type: integer - description: The lifetime of spontaneous scope in seconds. - openidSubAttribute: - type: string - description: Specifies which LDAP attribute is used for the subject identifier claim. - example: inum - publicSubjectIdentifierPerClientEnabled: - type: boolean - description: Specifies whether public subject identifier is allowed per client. - subjectIdentifiersPerClientSupported: - type: array - description: A list of the subject identifiers supported per client. - items: - type: string - enum: - - mail - - uid - responseTypesSupported: - type: array - description: A list of the OAuth 2.0 response_type values that this OP supports. - items: - type: string - enum: - - code - - token - - id_token - responseModesSupported: - type: array - description: A list of the OAuth 2.0 Response Mode values that this OP supports. - items: - type: string - enum: - - query - - fragment - - form_post - - query.jwt - - fragment.jwt - - form_post.jwt - - jwt - grantTypesSupported: - type: array - description: A list of the OAuth 2.0 Grant Type values that this OP supports. - items: - type: string - enum: - - none - - authorization_code - - implicit - - password - - client_credentials - - refresh_token - - urn:ietf:params:oauth:grant-type:uma-ticket - - urn:openid:params:grant-type:ciba - - urn:ietf:params:oauth:grant-type:device_code - subjectTypesSupported: - type: array - description: A list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. - items: - type: string - enum: - - public - - pairwise - defaultSubjectType: - type: string - description: Default Subject Type used for Dynamic Client Registration. - enum: - - public - - pairwise - authorizationSigningAlgValuesSupported: - type: array - description: A list of the authorization signing algorithms supported. - items: - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - ES512 - - PS256 - - PS384 - - PS512 - authorizationEncryptionAlgValuesSupported: - type: array - description: A list of the authorization encryption algorithms supported. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - authorizationEncryptionEncValuesSupported: - type: array - description: A list of the authorization encryption algorithms supported. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - userInfoSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) JWA supported by the UserInfo Endpoint to encode the Claims in a JWT. - items: - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - userInfoEncryptionAlgValuesSupported: - type: array - description: A list of the JWE encryption algorithms (alg values) JWA supported by the UserInfo Endpoint to encode the Claims in a JWT. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - userInfoEncryptionEncValuesSupported: - type: array - description: A list of the JWE encryption algorithms (enc values) JWA supported by the UserInfo Endpoint to encode the Claims in a JWT. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - idTokenSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. - items: - type: string - enum: - - none - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - idTokenEncryptionAlgValuesSupported: - type: array - description: A list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - idTokenEncryptionEncValuesSupported: - type: array - description: A list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token to encode the Claims in a JWT. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - forceSignedRequestObject: - type: boolean - description: Boolean value true indicates that signed request object is mandatory. - requestObjectSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) supported by the OP for Request Objects. - items: - type: string - enum: - - none - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - requestObjectEncryptionAlgValuesSupported: - type: array - description: A list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects. - items: - type: string - enum: - - RSA1_5 - - RSA-OAEP - - A128KW - - A256KW - requestObjectEncryptionEncValuesSupported: - type: array - description: A list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects. - items: - type: string - enum: - - A128CBC+HS256 - - A256CBC+HS512 - - A128GCM - - A256GCM - tokenEndpointAuthMethodsSupported: - type: array - description: A list of Client Authentication methods supported by this Token Endpoint. - items: - type: string - enum: - - client_secret_basic - - client_secret_post - - client_secret_jwt - - private_key_jwt - tokenEndpointAuthSigningAlgValuesSupported: - type: array - description: A list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. - items: - type: string - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - dynamicRegistrationCustomAttributes: - type: array - description: Custom attributes for the Dynamic registration. - items: - type: string - enum: - - jansTrustedClnt - displayValuesSupported: - type: array - description: A list of the display parameter values that the OpenID Provider supports. - items: - type: string - enum: - - page - - popup - claimTypesSupported: - type: array - description: A list of the Claim Types that the OpenID Provider supports. - items: - type: string - enum: - - normal - jwksAlgorithmsSupported: - type: array - description: A list of algorithms that will be used in JWKS endpoint. - items: - type: string - enum: - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - - RSA1_5 - - RSA-OAEP - serviceDocumentation: - type: string - description: URL of a page containing human-readable information that developers might want or need to know when using the OpenID Provider. - format: url - example: 'http://gluu.org/docs' - claimsLocalesSupported: - type: array - description: Languages and scripts supported for values in Claims being returned. - items: - type: string - enum: - - en - idTokenTokenBindingCnfValuesSupported: - type: array - description: Array containing a list of the JWT Confirmation Method member names supported by the OP for Token Binding of ID Tokens. The presence of this parameter indicates that the OpenID Provider supports Token Binding of ID Tokens. If omitted, the default is that the OpenID Provider does not support Token Binding of ID Tokens. - items: - type: string - enum: - - tbh - uiLocalesSupported: - type: array - description: Languages and scripts supported for the user interface. - items: - type: string - enum: - - en - - es - claimsParameterSupported: - type: boolean - description: Specifies whether the OP supports use of the claim’s parameter. - requestParameterSupported: - type: boolean - description: Boolean value specifying whether the OP supports use of the request parameter. - requestUriParameterSupported: - type: boolean - description: Boolean value specifying whether the OP supports use of the request_uri parameter. - requestUriHashVerificationEnabled: - type: boolean - description: Boolean value specifying whether the OP supports use of the request_uri hash verification. - requireRequestUriRegistration: - type: boolean - description: Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter. - requestUriBlockList: - type: array - description: Block list for requestUri that can come to Authorization Endpoint (e.g. "localhost") - items: - type: string - opPolicyUri: - type: string - description: URL that the OpenID Provider provides to the person registering the Client to read about the OP\'s requirements on how the Relying Party can use the data provided by the OP. - example: 'http://ox.gluu.org/doku.php?id=jans:policy' - opTosUri: - type: string - description: URL that the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service. - example: 'http://ox.gluu.org/doku.php?id=jans:tos' - authorizationCodeLifetime: - type: integer - description: The lifetime of the Authorization Code. - refreshTokenLifetime: - type: integer - description: The lifetime of the Refresh Token. - idTokenLifetime: - type: integer - description: The lifetime of the ID Token. - example: 3600 - idTokenFilterClaimsBasedOnAccessToken: - type: boolean - description: Boolean value specifying whether idToken filters claims based on accessToken. - accessTokenLifetime: - type: integer - description: The lifetime of the short-lived Access Token. - example: 3600 - cleanServiceInterval: - type: integer - description: Time interval for the Clean Service in seconds. - example: 60 - cleanServiceBatchChunkSize: - type: integer - description: Each clean up iteration fetches chunk of expired data per base dn and removes it from storage. - example: 100 - keyRegenerationEnabled: - type: boolean - description: Boolean value specifying whether to regenerate keys. - keyRegenerationInterval: - type: integer - description: The interval for key regeneration in hours. - example: 48 - defaultSignatureAlgorithm: - type: string - description: The default signature algorithm to sign ID Tokens. - enum: - - HS256 - - HS384 - - HS512 - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - oxOpenIdConnectVersion: - type: string - description: OpenID Connect Version. - example: openidconnect-1.0 - oxId: - type: string - description: URL for the Inum generator Service. - format: url - example: 'https://server.example.com/oxid/service/jans/inum' - dynamicRegistrationExpirationTime: - type: integer - description: Expiration time in seconds for clients created with dynamic registration, -1 means never expire. - example: -1 - dynamicRegistrationPersistClientAuthorizations: - type: boolean - description: Boolean value specifying whether to persist client authorizations. - trustedClientEnabled: - type: boolean - description: Boolean value specifying whether a client is trusted and no authorization is required. - skipAuthorizationForOpenIdScopeAndPairwiseId: - type: boolean - description: If a client has only openid scope and pairwise id, person should not have to authorize. - dynamicRegistrationScopesParamEnabled: - type: boolean - description: Boolean value specifying whether to enable scopes parameter in dynamic registration. - dynamicRegistrationPasswordGrantTypeEnabled: - type: boolean - description: Boolean value specifying whether to enable Password Grant Type during Dynamic Registration. - dynamicRegistrationAllowedPasswordGrantScopes: - type: array - description: List of grant scopes for dynamic registration. - items: - type: string - dynamicRegistrationCustomObjectClass: - type: string - description: LDAP custom object class for dynamic registration. - personCustomObjectClassList: - type: array - description: LDAP custom object class list for dynamic person enrolment. - items: - type: string - persistIdTokenInLdap: - type: boolean - description: Specifies whether to persist id_token into LDAP (otherwise saves into cache). - persistRefreshTokenInLdap: - type: boolean - description: Specifies whether to persist refresh_token into LDAP (otherwise saves into cache). - allowPostLogoutRedirectWithoutValidation: - type: boolean - description: Allows post logout redirect without validation for End Session Endpoint. - invalidateSessionCookiesAfterAuthorizationFlow: - type: boolean - description: Boolean value to specify whether to invalidate `session_id` and `consent_session_id` cookies right after successful or unsuccessful authorization. - returnClientSecretOnRead: - type: boolean - description: Boolean value specifying whether a client_secret is returned on client GET or PUT. False value means not to return secret. - rejectJwtWithNoneAlg: - type: boolean - description: Boolean value specifying whether reject JWT requested or validated with algorithm None. - expirationNotificatorEnabled: - type: boolean - description: Boolean value specifying whether expiration notificator is enabled (used to identify expiration for persistence that support TTL, like Couchbase). - useNestedJwtDuringEncryption: - type: boolean - description: Boolean value specifying whether to use nested Jwt during encryption. - expirationNotificatorMapSizeLimit: - type: integer - description: The expiration notificator maximum size limit. - example: 100000 - expirationNotificatorIntervalInSeconds: - type: integer - description: The expiration notificator interval in seconds. - example: 600 - redirectUrisRegexEnabled: - type: boolean - description: Enable/Disable redirect uris validation using regular expression. - useHighestLevelScriptIfAcrScriptNotFound: - type: boolean - description: Enable/Disable usage of highest level script in case ACR script does not exist. - authenticationFiltersEnabled: - type: boolean - description: Boolean value specifying whether to enable user authentication filters. - clientAuthenticationFiltersEnabled: - type: boolean - description: Boolean value specifying whether to enable client authentication filters. - clientRegDefaultToCodeFlowWithRefresh: - type: boolean - description: Boolean value specifying whether to add Authorization Code Flow with Refresh grant during client registration. - grantTypesAndResponseTypesAutofixEnabled: - type: boolean - description: Boolean value specifying whether to Grant types and Response types can be auto fixed. - authenticationFilters: - type: array - description: List of authentication filters. - items: - $ref: '#/components/schemas/AuthenticationFilters' - clientAuthenticationFilters: - type: array - description: List of client authentication filters. - items: - $ref: '#/components/schemas/AuthenticationFilters' - corsConfigurationFilters: - type: array - description: CORS Configuration filters. - items: - $ref: '#/components/schemas/CorsConfigurationFilter' - sessionIdUnusedLifetime: - type: integer - description: The lifetime for unused session states. - sessionIdUnauthenticatedUnusedLifetime: - type: integer - description: The lifetime for unused unauthenticated session states. - sessionIdPersistOnPromptNone: - type: boolean - description: Boolean value specifying whether to persist session ID on prompt none. - sessionIdRequestParameterEnabled: - type: boolean - description: Boolean value specifying whether to enable session_id HTTP request parameter. - changeSessionIdOnAuthentication: - type: boolean - description: Boolean value specifying whether to change session_id on authentication. - sessionIdPersistInCache: - type: boolean - description: Boolean value specifying whether to persist session_id in cache. - includeSidInResponse: - type: boolean - description: Boolean value specifying whether to include sessionId in response. - sessionIdLifetime: - type: integer - description: The lifetime of session id in seconds. If 0 or -1 then expiration is not set. `session_id` cookie expires when browser session ends. - serverSessionIdLifetime: - type: integer - description: The sessionId lifetime in seconds for sessionId. By default same as sessionIdLifetime. - activeSessionAuthorizationScope: - type: string - description: Authorization Scope for active session - configurationUpdateInterval: - type: integer - description: The interval for configuration update in seconds. - enableClientGrantTypeUpdate: - type: boolean - description: Boolean value to specify if client can update Grant Type values. - dynamicGrantTypeDefault: - type: array - description: list of the OAuth 2.0 Grant Type values that it\'s possible to set via client registration API.. - items: - type: string - enum: - - none - - authorization_code - - implicit - - password - - client_credentials - - refresh_token - - 'urn:ietf:params:oauth:grant-type:uma-ticket' - - 'urn:openid:params:grant-type:ciba' - - 'urn:ietf:params:oauth:grant-type:device_code' - cssLocation: - type: string - description: The location for CSS files. - jsLocation: - type: string - description: The location for JavaScript files. - imgLocation: - type: string - description: The location for image files. - metricReporterInterval: - type: integer - description: The interval for metric reporter in seconds. - metricReporterKeepDataDays: - type: integer - description: The days to keep metric reported data. - pairwiseIdType: - type: string - description: The pairwise ID type. - pairwiseCalculationKey: - type: string - description: Key to calculate algorithmic pairwise IDs. - pairwiseCalculationSalt: - type: string - description: Salt to calculate algorithmic pairwise IDs. - shareSubjectIdBetweenClientsWithSameSectorId: - type: boolean - description: Share Subject ID between clients with same Sector ID. - webKeysStorage: - type: string - description: Web Key Storage Type. - enum: - - keystore - - pkcs11 - dnName: - type: string - description: DN of certificate issuer. - keyStoreFile: - type: string - description: The Key Store File (JKS). - example: /etc/certs/jans-auth-keys.jks - keyStoreSecret: - type: string - description: The password of the Key Store. - keySelectionStrategy: - type: string - description: Key Selection Strategy. - enum: - - OLDER - - NEWER - - FIRST - keyAlgsAllowedForGeneration: - type: array - description: List of algorithm allowed to be used for key generation. - items: - type: string - example: '\"RS256\", \"RS512\", \"ES384\", \"PS256\"' - keySignWithSameKeyButDiffAlg: - type: boolean - description: Specifies if signing to be done with same key but apply different algorithms. - staticKid: - type: string - description: Specifies static Kid - staticDecryptionKid: - type: string - description: Specifies static decryption Kid. - oxElevenTestModeToken: - type: string - description: oxEleven Test Mode Token. - oxElevenGenerateKeyEndpoint: - type: string - description: URL for the oxEleven Generate Key Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/generateKey' - oxElevenSignEndpoint: - type: string - description: URL for the oxEleven Sign Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/sign' - oxElevenVerifySignatureEndpoint: - type: string - description: URL for the oxEleven Verify Signature Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/verifySignature' - oxElevenDeleteKeyEndpoint: - type: string - description: URL for the oxEleven Delete Key Endpoint. - example: 'https://server.example.com/oxeleven/rest/oxeleven/deleteKey' - introspectionAccessTokenMustHaveUmaProtectionScope: - type: boolean - description: Reject introspection requests if access_token in Authorization header does not have uma_protection scope. - introspectionSkipAuthorization: - type: boolean - description: Specifies if authorization to be skipped for introspection. - endSessionWithAccessToken: - type: boolean - description: Accept access token to call end_session endpoint. - cookieDomain: - type: string - description: Sets cookie domain for all cookies created by OP. - enabledOAuthAuditLogging: - type: boolean - description: enabled OAuth Audit Logging. - jmsBrokerURISet: - type: array - description: JMS Broker URI Set. - format: select - items: - type: string - jmsUserName: - type: string - description: JMS UserName. - jmsPassword: - type: string - description: JMS Password. - clientWhiteList: - type: array - description: White List for Client Redirection URIs. - items: - type: string - clientBlackList: - type: array - description: Black List for Client Redirection URIs. - items: - type: string - legacyIdTokenClaims: - type: boolean - description: Include Claims in ID Token. - customHeadersWithAuthorizationResponse: - type: boolean - description: Boolean value specifying whether to enable Custom Response Header parameter to return custom headers with the Authorization Response. - frontChannelLogoutSessionSupported: - type: boolean - description: Boolean value to specify support for front channel logout session. - loggingLevel: - type: string - description: Logging level for jans-auth logger. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - OFF - loggingLayout: - type: string - description: Logging layout used for Jans Authorization Server loggers. - - text - - json - updateUserLastLogonTime: - type: boolean - description: Boolean value to specify if application should update oxLastLogonTime attribute on user authentication. - updateClientAccessTime: - type: boolean - description: Boolean value to specify if application should update oxLastAccessTime/oxLastLogonTime attributes on client authentication. - logClientIdOnClientAuthentication: - type: boolean - description: Boolean value to specify if application should log the Client ID on client authentication. - logClientNameOnClientAuthentication: - type: boolean - description: Boolean value to specify if application should log the Client Name on client authentication. - disableJdkLogger: - type: boolean - description: Boolean value specifying whether to enable JDK Loggers. - authorizationRequestCustomAllowedParameters: - type: array - description: Authorization Request Custom Allowed Parameters. - items: - $ref: '#/components/schemas/AuthorizationRequestCustomParameter' - openidScopeBackwardCompatibility: - type: boolean - description: Set to false to only allow token endpoint request for openid scope with grant type equals to authorization_code, restrict access to userinfo to scope openid and only return id_token if scope contains openid. - disableU2fEndpoint: - type: boolean - description: Enable/Disable U2F endpoints. - dcrSignatureValidationEnabled: - type: boolean - description: Boolean value enables DCR signature validation. Default is false. - dcrSignatureValidationSharedSecret: - type: string - description: Specifies shared secret for Dynamic Client Registration. - dcrSignatureValidationSoftwareStatementJwksURIClaim: - type: string - description: Specifies claim name inside software statement. Value of claim should point to JWKS URI. - dcrSignatureValidationSoftwareStatementJwksClaim: - type: string - description: Specifies claim name inside software statement. Value of claim should point to inlined JWKS. - dcrSignatureValidationJwks: - type: string - description: Specifies JWKS for all DCR's validations. - dcrSignatureValidationJwksUri: - type: string - description: Specifies JWKS URI for all DCR's validations. - dcrAuthorizationWithClientCredentials: - type: boolean - description: Boolean value indicating if DCR authorization to be performed using client credentials. - dcrAuthorizationWithMTLS: - type: boolean - description: Boolean value indicating if DCR authorization allowed with MTLS. - dcrIssuers: - type: array - description: List of DCR issuers. - items: - type: string - useLocalCache: - type: boolean - description: Boolean value specifying whether to enable local in-memory cache. - fapiCompatibility: - type: boolean - description: Boolean value specifying whether turn on FAPI compatibility mode. If true AS behaves in more strict mode. - forceIdTokenHintPrecense: - type: boolean - description: Boolean value specifying whether force id_token_hint parameter presence. - rejectEndSessionIfIdTokenExpired: - type: boolean - description: default value false. If true and id_token is not found in db, request is rejected. - allowEndSessionWithUnmatchedSid: - type: boolean - description: default value false. If true, sid check will be skipped. - forceOfflineAccessScopeToEnableRefreshToken: - type: boolean - description: Boolean value specifying whether force offline_access scope to enable refresh_token grant type. - errorReasonEnabled: - type: boolean - description: Boolean value specifying whether to return detailed reason of the error from AS.. - removeRefreshTokensForClientOnLogout: - type: boolean - description: Boolean value specifying whether to remove refresh tokens on logout. - skipRefreshTokenDuringRefreshing: - type: boolean - description: Boolean value specifying whether to skip refreshing tokens on refreshing. - refreshTokenExtendLifetimeOnRotation: - type: boolean - description: Boolean value specifying whether to extend refresh tokens on rotation. - checkUserPresenceOnRefreshToken: - type: boolean - description: Check whether user exists and is active before creating RefreshToken. Set it to true if check is needed(Default value is false - don't check.) - example: false - default: false - consentGatheringScriptBackwardCompatibility: - type: boolean - description: Boolean value specifying whether turn on Consent Gathering Script backward compatibility mode. If true AS will pick up script with higher level globally. If false AS will pick up script based on client configuration. - introspectionScriptBackwardCompatibility: - type: boolean - description: Boolean value specifying whether switch off client\'s introspection scripts (true value) and run all scripts that exists on server. - introspectionResponseScopesBackwardCompatibility: - type: boolean - description: Boolean value specifying introspection response backward compatibility mode. - softwareStatementValidationType: - type: string - description: Validation type used for software statement. - enum: - - none - - jwks - - jwks_uri - - script - softwareStatementValidationClaimName: - type: string - description: Validation claim name for software statement. - authenticationProtectionConfiguration: - type: object - description: Authentication Brute Force Protection Configuration. - $ref: '#/components/schemas/AuthenticationProtectionConfiguration' - errorHandlingMethod: - type: string - description: A list of possible error handling methods. - enum: - - internal - - remote - keepAuthenticatorAttributesOnAcrChange: - type: boolean - description: Boolean value specifying whether to keep authenticator attributes on ACR change. - disableAuthnForMaxAgeZero: - type: boolean - description: Boolean value specifying whether to disable authentication when max_age=0 (false by default) - deviceAuthzRequestExpiresIn: - type: integer - description: Expiration time given for device authorization requests. - deviceAuthzTokenPollInterval: - type: integer - description: Default interval returned to the client to process device token requests. - deviceAuthzResponseTypeToProcessAuthz: - type: string - description: Response type used to process device authz requests. - backchannelClientId: - type: string - description: Backchannel Client Id. - backchannelRedirectUri: - type: string - description: Backchannel Redirect Uri. - example: 'https://server.example.com/oxeleven/rest/backchannel/backchannelRedirectUri' - backchannelAuthenticationEndpoint: - type: string - description: Backchannel Authentication Endpoint. - example: 'https://server.example.com/oxeleven/rest/backchannel/backchannelAuthenticationEndpoint()' - backchannelDeviceRegistrationEndpoint: - type: string - description: Backchannel Device Registration Endpoint. - example: 'https://server.example.com/oxeleven/rest/backchannel/backchannelDeviceRegistrationEndpoint' - backchannelTokenDeliveryModesSupported: - type: array - description: Backchannel Token Delivery Modes Supported. - items: - type: string - enum: - - poll - - ping - - push - backchannelAuthenticationRequestSigningAlgValuesSupported: - type: array - description: Backchannel Authentication Request Signing Alg Values Supported. - items: - type: string - enum: - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - - RS384 - - RS256 - backchannelUserCodeParameterSupported: - type: boolean - description: Backchannel User Code Parameter Supported - backchannelBindingMessagePattern: - type: string - description: Backchannel Binding Message Pattern. - backchannelAuthenticationResponseExpiresIn: - type: integer - description: Backchannel Authentication Response Expires In. - backchannelAuthenticationResponseInterval: - type: integer - description: Backchannel Authentication Response Interval. - backchannelLoginHintClaims: - type: array - description: Backchannel Login Hint Claims. - items: - type: string - cibaEndUserNotificationConfig: - type: object - description: CIBA End User Notification Config. - $ref: '#/components/schemas/CIBAEndUserNotificationConfig' - backchannelRequestsProcessorJobIntervalSec: - type: integer - description: Specifies the allowable elapsed time in seconds backchannel request processor executes. - backchannelRequestsProcessorJobChunkSize: - type: integer - description: Each backchannel request processor iteration fetches chunk of data to be processed. - cibaGrantLifeExtraTimeSec: - type: integer - description: Specifies the CIBA Grant life extra time in seconds. - cibaMaxExpirationTimeAllowedSec: - type: integer - description: Specifies the CIBA token expiration time in seconds. - dpopSigningAlgValuesSupported: - type: array - description: Demonstration of Proof-of-Possession (DPoP) authorization signing algorithms supported. - items: - type: string - enum: - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - dpopTimeframe: - type: integer - description: Demonstration of Proof-of-Possession (DPoP) timeout. - default: 5 - dpopJtiCacheTime: - type: integer - description: Demonstration of Proof-of-Possession (DPoP) cache time. - default: 3600 - allowIdTokenWithoutImplicitGrantType: - type: boolean - description: Specifies if a token without implicit grant types is allowed. - discoveryCacheLifetimeInMinutes: - type: integer - description: Lifetime of discovery cache. - discoveryAllowedKeys: - type: array - description: List of configuration response claim allowed to be displayed in discovery endpoint. - items: - type: string - example: 'authorization_endpoint, token_endpoint, jwks_uri, scopes_supported, response_types_supported, response_modes_supported, etc..' - discoveryDenyKeys: - type: array - description: List of configuration response claims which must not be displayed in discovery endpoint response. - items: - type: string - example: 'id_generation_endpoint, auth_level_mapping, etc.' - featureFlags: - type: array - description: List of enabled feature flags - items: - type: string - example: 'HEALTH_CHECK, USERINFO, CLIENTINFO, ID_GENERATION, REGISTRATION, INTROSPECTION, etc..' - httpLoggingEnabled: - type: boolean - description: Enable/Disable request/response logging filter. - httpLoggingExcludePaths: - type: array - description: List of base URI for which request/response logging filter should not record activity. - items: - type: string - example: '\"/auth/img\", \"/auth/stylesheet\"' - externalLoggerConfiguration: - type: string - description: Path to external log4j2 logging configuration. - example: /identity/logviewer/configure - agamaConfiguration: - type: object - description: Engine Config which offers an alternative way to build authentication flows in Janssen server - $ref: '#/components/schemas/EngineConfig' - - - GluuAttribute: - title: GluuAttribute - description: Attribute. - type: object - required: - - name - - description - - displayName - - dataType - - status - - viewType - - editType - properties: - dn: - type: string - baseDn: - type: string - selected: - type: boolean - inum: - description: XRI i-number. Identifier to uniquely identify the attribute. - type: string - sourceAttribute: - type: string - nameIdType: - type: string - name: - type: string - description: Name of the attribute. - example: 'name, displayName, birthdate, email' - displayName: - type: string - description: - type: string - description: User friendly descriptive detail of attribute. - origin: - type: string - dataType: - type: string - description: Data Type of attribute. - enum: - - string - - numeric - - boolean - - binary - - certificate - - date - - json - editType: - type: array - description: GluuUserRole - items: - type: string - enum: - - admin - - owner - - manager - - user - - whitepages - viewType: - type: array - description: GluuUserRole - items: - type: string - enum: - - admin - - owner - - manager - - user - - whitepages - usageType: - type: array - description: GluuAttributeUsageType - items: - type: string - enum: - - openid - claimName: - type: string - seeAlso: - type: string - status: - type: string - description: Attrubute status - enum: - - active - - inactive - - expired - - register - saml1Uri: - type: string - saml2Uri: - type: string - urn: - type: string - scimCustomAttr: - type: boolean - description: Boolean value indicating if the attribute is a SCIM custom attribute - oxMultiValuedAttribute: - type: boolean - description: Boolean value indicating if the attribute can hold multiple value. - jansHideOnDiscovery: - type: boolean - description: Boolean value indicating if the attribute should be shown on that discovery page. - custom: - type: boolean - description: Boolean value indicating if it is a custom attribute. - requred: - type: boolean - description: Boolean value indicating if it is a attribute required. - attributeValidation: - type: object - description: Details of validations to be applied on the attribute - properties: - regexp: - type: string - description: Reguar expression to be used to validate the dataType. - minLength: - type: integer - maxLength: - type: integer - tooltip: - type: string - lifetime: - type: string - adminCanAccess: - type: boolean - adminCanView: - type: boolean - adminCanEdit: - type: boolean - userCanAccess: - type: boolean - userCanView: - type: boolean - userCanEdit: - type: boolean - whitePagesCanView: - type: boolean - - - - PatchRequest: - description: A JSONPatch document as defined by RFC 6902 - required: - - "op" - - "path" - properties: - op: - type: string - description: The operation to be performed - enum: - - "add" - - "remove" - - "replace" - - "move" - - "copy" - - "test" - path: - type: string - description: A JSON-Pointer - example: '/client/customattribute/[0]' - value: - type: object - description: The value to be used within the operations. - Scope: - title: Scope - description: Auth Scope. - type: object - required: - - id - - scopeType - properties: - dn: - type: string - expirationDate: - description: Expiry date of the Scope. - type: string - format: date - deletable: - description: Specifies if the scope can be deleted. - type: boolean - default: false - inum: - description: Unique id identifying the . - type: string - displayName: - description: A human-readable name of the scope. - type: string - id: - description: The base64url encoded id. - type: string - iconUrl: - description: A URL for a graphic icon representing the scope. The referenced icon MAY be used by the authorization server in any user interface it presents to the resource owner. - type: string - description: - description: A human-readable string describing the scope. - type: string - scopeType: - description: The scopes type associated with Access Tokens determine what resources will. - type: string - enum: - - openid - - dynamic - - uma - - spontaneous - - oauth - claims: - description: Claim attributes associated with the scope. - type: array - items: - type: string - defaultScope: - description: Boolean value to specify default scope. - type: boolean - groupClaims: - description: Specifies if the scope is group claims. - type: boolean - dynamicScopeScripts: - description: Dynamic Scope Scripts associated with the scope. - type: array - items: - type: string - umaAuthorizationPolicies: - description: Policies associated with scopes. - type: array - items: - type: string - attributes: - type: object - description: ScopeAttributes - properties: - spontaneousClientScopes: - type: array - items: - type: string - showInConfigurationEndpoint: - type: boolean - creatorId: - description: Id of the scope creator. If creator is client then client_id if user then user_id - type: string - creatorType: - description: Scope creator type - type: string - enum: - - none - - client - - user - - auto - creationDate: - description: Scope creation date time. - type: string - format: date - creatorAttributes: - description: Stores creator attributes - type: object - additionalProperties: - type: string - umaType: - description: Specifies if the scope is of type UMA. - type: boolean - default: false - baseDn: - type: string - - - ExtendedScope: - allOf: # Combines the Scope and the inline model - - $ref: '#/components/schemas/Scope' - - type: object - - type: object - properties: - clients: - description: Associated oidc clients - type: array - items: - $ref: '#/components/schemas/Client' - - CustomObjectAttribute: - type: object - properties: - name: - type: string - multiValued: - type: boolean - values: - type: array - items: - type: object - value: - type: object - displayValue: - type: string - - ClientAttributes: - type: object - properties: - tlsClientAuthSubjectDn: - type: string - runIntrospectionScriptBeforeJwtCreation: - type: boolean - keepClientAuthorizationAfterExpiration: - type: boolean - allowSpontaneousScopes: - type: boolean - spontaneousScopes: - type: array - items: - type: string - spontaneousScopeScriptDns: - type: array - items: - type: string - updateTokenScriptDns: - type: array - items: - type: string - backchannelLogoutUri: - type: array - items: - type: string - backchannelLogoutSessionRequired: - type: boolean - additionalAudience: - type: array - items: - type: string - postAuthnScripts: - type: array - items: - type: string - consentGatheringScripts: - type: array - items: - type: string - introspectionScripts: - type: array - items: - type: string - rptClaimsScripts: - type: array - items: - type: string - ropcScripts: - type: array - items: - type: string - parLifetime: - type: integer - format: int32 - requirePar: - type: boolean - jansAuthSignedRespAlg: - type: string - jansAuthEncRespAlg: - type: string - jansAuthEncRespEnc: - type: string - jansSubAttr: - type: string - redirectUrisRegex: - type: string - jansAuthorizedAcr: - type: array - items: - type: string - jansDefaultPromptLogin: - type: boolean - idTokenLifetime: - type: integer - format: int32 - - - Client: - type: object - required: - - redirectUris - properties: - dn: - type: string - expirationDate: - type: string - format: date-time - deletable: - type: boolean - clientSecret: - type: string - frontChannelLogoutUri: - type: string - frontChannelLogoutSessionRequired: - type: boolean - registrationAccessToken: - type: string - clientIdIssuedAt: - type: string - format: date-time - clientSecretExpiresAt: - type: string - format: date-time - redirectUris: - type: array - items: - type: string - claimRedirectUris: - type: array - items: - type: string - responseTypes: - type: array - items: - type: string - enum: - - code - - token - - id_token - grantTypes: - type: array - items: - type: string - enum: - - none - - authorization_code - - implicit - - password - - client_credentials - - refresh_token - - urn:ietf:params:oauth:grant-type:uma-ticket - - urn:ietf:params:oauth:grant-type:token-exchange - - urn:openid:params:grant-type:ciba - - urn:ietf:params:oauth:grant-type:device_code - applicationType: - type: string - enum: - - native - - web - contacts: - type: array - items: - type: string - idTokenTokenBindingCnf: - type: string - clientName: - type: string - logoUri: - type: string - clientUri: - type: string - policyUri: - type: string - tosUri: - type: string - clientNameLocalized: - $ref: '#/components/schemas/LocalizedString' - logoUriLocalized: - $ref: '#/components/schemas/LocalizedString' - clientUriLocalized: - $ref: '#/components/schemas/LocalizedString' - policyUriLocalized: - $ref: '#/components/schemas/LocalizedString' - tosUriLocalized: - $ref: '#/components/schemas/LocalizedString' - jwksUri: - type: string - jwks: - type: string - sectorIdentifierUri: - type: string - subjectType: - type: string - enum: - - pairwise - - public - idTokenSignedResponseAlg: - type: string - idTokenEncryptedResponseAlg: - type: string - idTokenEncryptedResponseEnc: - type: string - userInfoSignedResponseAlg: - type: string - userInfoEncryptedResponseAlg: - type: string - userInfoEncryptedResponseEnc: - type: string - requestObjectSigningAlg: - type: string - requestObjectEncryptionAlg: - type: string - requestObjectEncryptionEnc: - type: string - tokenEndpointAuthMethod: - type: string - tokenEndpointAuthSigningAlg: - type: string - defaultMaxAge: - type: integer - format: int32 - defaultAcrValues: - type: array - items: - type: string - initiateLoginUri: - type: string - postLogoutRedirectUris: - type: array - items: - type: string - requestUris: - type: array - items: - type: string - scopes: - type: array - items: - type: string - claims: - type: array - items: - type: string - trustedClient: - type: boolean - lastAccessTime: - type: string - format: date-time - lastLogonTime: - type: string - format: date-time - persistClientAuthorizations: - type: boolean - includeClaimsInIdToken: - type: boolean - refreshTokenLifetime: - type: integer - format: int32 - accessTokenLifetime: - type: integer - format: int32 - customAttributes: - type: array - items: - $ref: '#/components/schemas/CustomObjectAttribute' - customObjectClasses: - type: array - items: - type: string - rptAsJwt: - type: boolean - accessTokenAsJwt: - type: boolean - accessTokenSigningAlg: - type: string - disabled: - type: boolean - authorizedOrigins: - type: array - items: - type: string - softwareId: - type: string - softwareVersion: - type: string - softwareStatement: - type: string - attributes: - $ref: '#/components/schemas/ClientAttributes' - backchannelTokenDeliveryMode: - type: string - enum: - - poll - - ping - - push - backchannelClientNotificationEndpoint: - type: string - backchannelAuthenticationRequestSigningAlg: - type: string - enum: - - RS256 - - RS384 - - RS512 - - ES256 - - ES384 - - ES512 - - PS256 - - PS384 - - PS512 - backchannelUserCodeParameter: - type: boolean - description: - type: string - organization: - type: string - groups: - type: array - items: - type: string - ttl: - type: integer - format: int32 - displayName: - type: string - tokenBindingSupported: - type: boolean - authenticationMethod: - type: string - enum: - - client_secret_basic - - client_secret_post - - client_secret_jwt - - private_key_jwt - - access_token - - tls_client_auth - - self_signed_tls_client_auth - - none - baseDn: - type: string - inum: - type: string - - - UmaResource: - title: UMAResource object - description: UMAResource - type: object - required: - - name - - description - properties: - dn: - type: string - inum: - description: XRI i-number. Client Identifier to uniquely identify the UMAResource. - type: string - id: - description: Resource id. - type: string - name: - description: A human-readable name of the scope. - type: string - iconUri: - description: A URL for a graphic icon representing the resource. - type: string - scopes: - description: Applicable resource scopes. - type: array - items: - type: string - scopeExpression: - description: Resource scope expression. - type: string - clients: - description: List of client assosiated with the resource. - type: array - items: - type: string - resources: - description: List of assosiated resource. - type: array - items: - type: string - creator: - description: Resource creator or owner. - type: string - description: - description: Resource description. - type: string - type: - description: Resource type. - type: string - creationDate: - description: 'Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this resource will created.' - type: string - format: date-time - expirationDate: - description: 'Integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this resource will expire.' - type: string - format: date-time - deletable: - description: Specifies whether client is deletable. - type: boolean - default: false - SectorIdentifier: - type: object - description: Sector Identifier Details. - required: - - id - properties: - id: - description: XRI i-number. Sector Identifier to uniquely identify the sector. - type: string - description: - description: A human-readable string describing the sector. - type: string - redirectUris: - description: Redirection URI values used by the Client. One of these registered Redirection URI values must exactly match the redirect_uri parameter value used in each Authorization Request - type: array - items: - type: string - example: - - 'https://client.example.org/cb' - clientIds: - description: List of OAuth 2.0 Client Identifier valid at the Authorization Server. - type: array - items: - type: string - example: 1402.0ab17362-36cc-4ac8-9c73-20239de64364 API Requesting Party Client. - CacheConfiguration: - type: object - description: Cache Configuration Details. - properties: - cacheProviderType: - description: The cache Provider Type. - type: string - enum: - - IN_MEMORY - - MEMCACHED - - REDIS - - NATIVE_PERSISTENCE - memcachedConfiguration: - type: object - $ref: '#/components/schemas/MemcachedConfiguration' - redisConfiguration: - type: object - $ref: '#/components/schemas/RedisConfiguration' - inMemoryConfiguration: - type: object - $ref: '#/components/schemas/InMemoryConfiguration' - nativePersistenceConfiguration: - type: object - $ref: '#/components/schemas/NativePersistenceConfiguration' - MemcachedConfiguration: - description: Memcached cache configuration. - type: object - properties: - servers: - type: string - description: Server details separated by spaces. - format: url - minLength: 1 - maxOperationQueueLength: - type: integer - description: Maximum operation Queue Length. - bufferSize: - type: integer - description: Buffer Size. - defaultPutExpiration: - type: integer - description: Expiration timeout value. - connectionFactoryType: - type: string - description: The MemcachedConnectionFactoryType Type. - enum: - - DEFAULT - - BINARY - RedisConfiguration: - type: object - description: Cache Configuration - properties: - redisProviderType: - description: Type of connection. - type: string - enum: - - STANDALONE - - CLUSTER - - SHARDED - - SENTINEL - servers: - description: 'server details separated by comma e.g. ''server1:8080server2:8081''.' - type: string - title: servers - format: url - password: - description: Redis password. - type: string - defaultPutExpiration: - description: defaultPutExpiration timeout value. - type: integer - sentinelMasterGroupName: - description: Sentinel Master Group Name (required if SENTINEL type of connection is selected). - type: string - useSSL: - description: Enable SSL communication between Gluu Server and Redis cache. - type: boolean - sslTrustStoreFilePath: - description: Directory Path to Trust Store. - type: string - format: url - maxIdleConnections: - description: The cap on the number of \idle\ instances in the pool. If max idle is set too low on heavily loaded systems it is possible you will see objects being destroyed and almost immediately new objects being created. This is a result of the active threads momentarily returning objects faster than they are requesting them causing the number of idle objects to rise above max idle. The best value for max idle for heavily loaded system will vary but the default is a good starting point. - type: integer - maxTotalConnections: - description: The number of maximum connection instances in the pool. - type: integer - connectionTimeout: - description: Connection time out. - type: integer - soTimeout: - description: With this option set to a non-zero timeout a read() call on the InputStream associated with this Socket will block for only this amount of time. If the timeout expires a java.net.SocketTimeoutException is raised though the Socket is still valid. The option must be enabled prior to entering the blocking operation to have effect. The timeout must be > 0. A timeout of zero is interpreted as an infinite timeout. - type: integer - maxRetryAttempts: - description: Maximum retry attempts in case of failure. - type: integer - InMemoryConfiguration: - type: object - description: Cache configuration. - properties: - defaultPutExpiration: - description: defaultPutExpiration timeout value. - type: integer - NativePersistenceConfiguration: - type: object - description: Cache configuration. - properties: - defaultPutExpiration: - description: defaultPutExpiration timeout value. - type: integer - defaultCleanupBatchSize: - description: defaultCleanupBatchSize page size. - type: integer - deleteExpiredOnGetRequest: - type: boolean - disableAttemptUpdateBeforeInsert: - type: boolean - SmtpConfiguration: - type: object - description: SMTP configuration. - properties: - valid: - type: boolean - host: - description: Hostname of the SMTP server. - type: string - format: url - port: - description: Port number of the SMTP server. - type: integer - format: int32 - multipleOf: 1 - requires_ssl: - description: Boolean value with default value false. If true, SSL will be enabled. - type: boolean - trust_host: - type: boolean - description: Boolean value with default value false. - from_name: - description: Name of the sender. - type: string - from_email_address: - description: Email Address of the Sender. - type: string - requires_authentication: - description: Boolean value with default value false. It true it will enable sender authentication. - type: boolean - user_name: - description: Username of the SMTP. - type: string - password: - description: Password for the SMTP. - type: string - LoggingConfiguration: - type: object - description: Log configuration. - properties: - loggingLevel: - type: string - description: Logging level for Jans Authorization Server logger. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - 'OFF' - loggingLayout: - type: string - description: Logging layout used for Jans Authorization Server loggers. - enum: - - text - - json - httpLoggingEnabled: - description: To enable http request/response logging. - type: boolean - disableJdkLogger: - description: To enable/disable Jdk logging. - type: boolean - enabledOAuthAuditLogging: - description: To enable/disable OAuth audit logging. - type: boolean - externalLoggerConfiguration: - description: Path to external log4j2 configuration file. - type: string - httpLoggingExcludePaths: - description: List of paths to exclude from logger. - type: array - items: - type: string - example: - - /auth/img - - /auth/stylesheet - WebKeysConfiguration: - type: object - description: 'JSON Web Key Set (JWKS) - A JSON object that represents a set of JWKs. The JSON object MUST have a keys member, which is an array of JWKs.' - required: - - keys - properties: - keys: - type: array - description: 'List of JSON Web Key (JWK) - A JSON object that represents a cryptographic key. The members of the object represent properties of the key, including its value.' - items: - $ref: '#/components/schemas/JsonWebKey' - - AuthenticationMethod: - type: object - description: Authentication Method Configuration - properties: - defaultAcr: - type: string - description: This field controls the default authentication mechanism that is presented to users from all applications that leverage Janssen Server for authentication. - - JansFido2DynConfiguration: - type: object - description: Jans Fido2 dynamic configuration properties. - properties: - issuer: - type: string - description: URL using the https scheme for Issuer identifier. - example: 'https://server.example.com/' - baseEndpoint: - type: string - description: The base URL for Fido2 endpoints. - example: 'https://server.example.com/fido2/restv1' - cleanServiceInterval: - type: integer - description: Time interval for the Clean Service in seconds. - cleanServiceBatchChunkSize: - type: integer - default: 100 - description: Each clean up iteration fetches chunk of expired data per base dn and removes it from storage. - useLocalCache: - description: Boolean value to indicate if Local Cache is to be used. - type: boolean - disableJdkLogger: - type: boolean - description: Boolean value specifying whether to enable JDK Loggers. - loggingLevel: - type: string - description: Logging level for Fido2 logger. - loggingLayout: - type: string - description: Logging layout used for Fido2. - externalLoggerConfiguration: - type: string - description: Path to external Fido2 logging configuration. - metricReporterInterval: - type: integer - description: The interval for metric reporter in seconds. - metricReporterKeepDataDays: - type: integer - description: The days to keep report data. - metricReporterEnabled: - type: boolean - description: Boolean value specifying whether metric reporter is enabled. - personCustomObjectClassList: - type: array - description: Custom object class list for dynamic person enrolment. - items: - type: string - fido2Configuration: - description: Fido2Configuration. - $ref: '#/components/schemas/Fido2Configuration' - - Fido2RegistrationEntry: - type: object - description: Fido2 registration entry - properties: - publicKeyId: - description: Public key id - type: string - displayName: - description: Dislay name - type: string - counter: - description: counter - type: integer - deviceNotificationConf: - description: Device notification configuration - type: string - challangeHash: - description: Challange hash - type: string - registrationData: - description: Fido2 registration data. - $ref: '#/components/schemas/Fido2RegistrationData' - registrationStatus: - description: registration status - type: string - enum: - - pending - - registered - - compromised - - Fido2RegistrationData: - type: object - description: Fido2 registration data. - properties: - username: - description: Username - type: string - domain: - description: Domain - type: string - userId: - description: user id - type: string - challenge: - description: challenge - type: string - attenstationRequest: - description: Attenstation request - type: string - attenstationResponse: - description: Attenstation response - type: string - uncompressedECPoint: - description: uncompressed EC point - type: string - publicKeyId: - description: public key id - type: string - type: - description: type - type: string - counter: - description: counter - type: integer - attestationType: - description: attestation type - type: string - signatureAlgorithm: - description: signature algorithm - type: integer - applicationId: - description: application id - type: string - status: - description: status - type: string - enum: - - pending - - registered - - compromised - - Fido2Configuration: - type: object - description: Fido2 configuration properties. - properties: - authenticatorCertsFolder: - description: Authenticators certificates fodler. - type: string - mdsAccessToken: - description: MDS access token. - type: string - mdsCertsFolder: - description: MDS TOC root certificates folder. - type: string - mdsTocsFolder: - description: MDS TOC files folder. - type: string - checkU2fAttestations: - description: Boolean value indcating if U2f attestation needs to be checked. - type: boolean - userAutoEnrollment: - description: Allow to enroll users on enrollment/authentication requests. - type: boolean - unfinishedRequestExpiration: - description: Expiration time in seconds for pending enrollment/authentication requests - type: integer - authenticationHistoryExpiration: - description: Expiration time in seconds for approved authentication requests. - type: integer - serverMetadataFolder: - description: Authenticators metadata in json format. - type: string - requestedCredentialTypes: - description: List of Requested Credential Types. - type: array - items: - type: string - requestedParties: - description: Authenticators metadata in json format. - type: array - items: - $ref: '#/components/schemas/RequestedParties' - - RequestedParties: - type: object - description: Credential Type. - properties: - name: - description: Name of the Requested Party. - type: string - format: url - domains: - description: Requested Party domains. - type: array - items: - type: string - SimpleCustomProperty: - type: object - description: Simple Property. - properties: - value1: - type: string - value2: - type: string - description: - type: string - SimpleExtendedCustomProperty: - type: object - description: Simple Extended Property. - properties: - value1: - type: string - value2: - type: string - description: - type: string - hide: - type: boolean - ScriptError: - type: object - description: Possible errors assosiated with the script. - properties: - raisedAt: - type: string - format: date-time - stackTrace: - type: string - AuthenticationFilters: - type: object - description: Represents the authentication filter. - properties: - filter: - type: string - description: Filter to be used. - example: 'myCustomAttr1={0}' - bind: - type: boolean - description: Filter bind. - bind-password-attribute: - type: string - description: Filter bind password attribute. - base-dn: - type: string - description: Bind filter base distinguished name. - example: 'ou=clients,o=gluu' - CorsConfigurationFilter: - type: object - description: CORS Configuration Filter. - properties: - filterName: - type: string - description: Filter name. - corsEnabled: - type: boolean - description: Boolean value indicating if the filter is enabled. - corsAllowedOrigins: - type: string - description: A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. - corsAllowedMethods: - type: string - description: A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of Access-Control-Allow-Methods header in pre-flight response. - corsAllowedHeaders: - type: string - description: The names of the supported author request headers. - corsExposedHeaders: - type: string - description: A comma separated list of request headers that can be used when making an actual request. These headers will also be returned as part of Access-Control-Allow-Headers header in a pre-flight response. - corsSupportCredentials: - type: boolean - description: A flag that indicates whether the resource supports user credentials. This flag is exposed as part of Access-Control-Allow-Credentials header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. - corsLoggingEnabled: - type: boolean - description: Value to enable logging, Setting the value to False will disable logging. - corsPreflightMaxAge: - type: integer - description: The duration in seconds the browser is allowed to cache the result of the pre-flight request. - corsRequestDecorate: - type: boolean - description: A flag to control if CORS specific attributes should be added to the HttpServletRequest object. - - AuthenticationProtectionConfiguration: - type: object - description: Authentication Brute Force Protection Configuration. - properties: - attemptExpiration: - type: integer - description: How long store in cache information about particular login attempt. It's needed to count login attempts withing specified period of time. - maximumAllowedAttemptsWithoutDelay: - type: integer - description: How many attempts application allow without delay. - delayTime: - type: integer - description: Delay time in seconds after reaching maximumAllowedAttemptsWithoutDelay limit. - bruteForceProtectionEnabled: - type: boolean - description: Enable or disable service, This functionality can be enabled dynamically. - - CIBAEndUserNotificationConfig: - type: object - description: CIBA End User Notification Config. - properties: - apiKey: - type: string - description: API Key - authDomain: - type: string - description: Auth Domain - databaseURL: - type: string - description: Database URL - projectId: - type: string - description: Project ID - storageBucket: - type: string - description: Storage Bucket - messagingSenderId: - type: string - description: Messaging Sender ID - appId: - type: string - description: App ID - notificationUrl: - type: string - description: Notification URL - notificationKey: - type: string - description: Notification Key - publicVapidKey: - type: string - description: Public Vapid Key - - - StatResponseItem: - type: object - description: Server statistics data - properties: - month: - type: integer - monthly_active_users: - type: integer - format: int64 - description: Number of active users - default: 0 - token_count_per_granttype: - type: object - additionalProperties: - $ref: '#/components/schemas/TokenMapObject' - - TokenMapObject: - type: object - description: A hashmap with statistical item as a key and the value as statistical value. - additionalProperties: - type: integer - format: int64 - - HealthStatus: - type: object - description: Server health data - properties: - status: - type: string - description: Health parameter name - error: - type: string - description: error message in case of error - checks: - type: array - items: - $ref: '#/components/schemas/HealthStatusItem' - description: health check status details. - example: '"checks": [{"name": "jans-config-api liveness","status": "UP"},{"name": "jans-config-api readiness","status": "UP"}],"status": "UP"}' - - - HealthStatusItem: - type: object - description: Server health data - properties: - name: - type: string - description: Health parameter name - status: - type: string - description: Health parameter status - - SearchRequest: - type: object - description: Search Parameters. - properties: - schemas: - type: array - items: - type: string - description: schema details - attributes: - type: array - items: - type: string - description: attribute details - excludedAttributes: - type: array - items: - type: string - description: attribute to be excluded details - filter: - type: string - description: search filter - sortBy: - type: string - description: attribute to be used for sorting - sortOrder: - type: string - description: sorting order - startIndex: - type: integer - format: int32 - description: result start index - count: - type: integer - format: int32 - description: total count of records - - UserListResponse: - description: Results for users search. See section 3.4.2.4 of RFC 7644 - allOf: - - $ref: '#/components/schemas/BasicListResponse' - - type: object - - type: object - properties: - Resources: - type: array - items: - $ref: '#/components/schemas/UserResource' - BasicListResponse: - type: object - properties: - schemas: - type: array - items: - type: string - example: urn:ietf:params:scim:api:messages:2.0:ListResponse - totalResults: - type: integer - description: Total number of results returned by the search. The value may be larger than the number of resources returned due to pagination - startIndex: - type: integer - description: The 1-based index of the first result in the current set of search results - itemsPerPage: - type: integer - description: The number of resources returned in a results page - - UserResource: - description: Represents a user resource. See section 4.1 of RFC 7643 - allOf: - - $ref: '#/components/schemas/BaseResource' - - type: object - - type: object - properties: - externalId: - type: string - description: Identifier of the resource useful from the perspective of the provisioning client. See section 3.1 of RFC 7643 - userName: - type: string - description: Identifier for the user, typically used by the user to directly authenticate (id and externalId are opaque identifiers generally not known by users) - name: - $ref: '#/components/schemas/Name' - displayName: - type: string - description: Name of the user suitable for display to end-users - nickName: - type: string - description: Casual way to address the user in real life - profileUrl: - type: string - description: URI pointing to a location representing the User's online profile - title: - type: string - example: Vice President - userType: - type: string - description: Used to identify the relationship between the organization and the user - example: Contractor - preferredLanguage: - type: string - description: Preferred language as used in the Accept-Language HTTP header - example: en - locale: - type: string - description: Used for purposes of localizing items such as currency and dates - example: en-US - timezone: - type: string - example: America/Los_Angeles - active: - type: boolean - password: - type: string - emails: - type: array - items: - $ref: '#/components/schemas/Email' - phoneNumbers: - type: array - items: - $ref: '#/components/schemas/PhoneNumber' - ims: - type: array - items: - $ref: '#/components/schemas/InstantMessagingAddress' - photos: - type: array - items: - $ref: '#/components/schemas/Photo' - addresses: - type: array - items: - $ref: '#/components/schemas/Address' - groups: - type: array - items: - $ref: '#/components/schemas/Group' - entitlements: - type: array - items: - $ref: '#/components/schemas/Entitlement' - roles: - type: array - items: - $ref: '#/components/schemas/Role' - x509Certificates: - type: array - items: - $ref: '#/components/schemas/X509Certificate' - urn:ietf:params:scim:schemas:extension:gluu:2.0:User: - type: object - properties: {} - description: Extended attributes - - Name: - type: object - properties: - familyName: - type: string - givenName: - type: string - middleName: - type: string - honorificPrefix: - type: string - description: A "title" like "Ms.", "Mrs." - honorificSuffix: - type: string - description: Name suffix, like "Junior", "The great", "III" - formatted: - type: string - description: Full name, including all middle names, titles, and suffixes as appropriate - description: See section 4.1.1 of RFC 7643 - Email: - type: object - properties: - value: - description: E-mail addresses for the user. - type: string - example: gossow@nsfw.com - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'work' or 'home'. - type: string - example: work - primary: - type: boolean - description: Denotes if this is the preferred e-mail among others, if any - description: See section 4.1.2 of RFC 7643 - PhoneNumber: - type: object - properties: - value: - description: Phone number of the User - type: string - example: +1-555-555-8377 - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'work' or 'home' or 'mobile' etc. - type: string - example: fax - primary: - description: A Boolean value indicating the 'primary' or preferred attribute value for this attribute. - type: boolean - InstantMessagingAddress: - type: object - properties: - value: - description: Instant messaging address for the User. - type: string - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'aim', 'gtalk', 'mobile' etc. - type: string - example: gtalk - primary: - type: boolean - description: Denotes if this is the preferred messaging addressed among others, if any - description: See section 4.1.2 of RFC 7643 - Photo: - type: object - properties: - value: - description: URI of a photo of the User. - type: string - example: https://pics.nsfw.com/gossow.png - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function; e.g., 'photo' or 'thumbnail'. - type: string - example: thumbnail - primary: - type: boolean - description: Denotes if this is the preferred photo among others, if any - description: Points to a resource location representing the user's image. See section 4.1.2 of RFC 7643 - Address: - type: object - properties: - formatted: - type: string - description: The full mailing address, formatted for display or use with a mailing label. - streetAddress: - description: The full street address component, which may include house number, street name,PO BOX,etc. - type: string - example: 56 Acacia Avenue - locality: - type: string - description: City or locality of the address - region: - type: string - description: State or region of the address - postalCode: - type: string - description: Zip code - country: - type: string - description: Country expressed in ISO 3166-1 "alpha-2" code format - example: UK - type: - description: A label indicating the attribute's function; e.g., 'work' or 'home'. - type: string - example: home - primary: - type: boolean - description: Denotes if this is the preferred address among others, if any - description: Physical mailing address for this user. See section 4.1.2 of RFC 7643 - Role: - type: object - properties: - value: - description: The value of a role - type: string - example: Project manager - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function. - type: string - primary: - type: boolean - description: Denotes if this is the preferred role among others, if any - description: See section 4.1.2 of RFC 7643 - BaseResource: - type: object - properties: - schemas: - type: array - description: URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current structure - items: - type: string - id: - type: string - description: A unique identifier for a SCIM resource. See section 3.1 of RFC 7643 - meta: - $ref: '#/components/schemas/Meta' - Group: - type: object - properties: - value: - type: string - description: Group identifier - example: 180ee84f0671b1 - $ref: - type: string - description: URI associated to the group - example: https://nsfw.com/scim/restv1/v2/Groups/180ee84f0671b1 - display: - description: A human readable name, primarily used for display purposes. - type: string - example: Cult managers - type: - type: string - description: Describes how the group membership was derived - example: direct - description: See section 4.1.2 of RFC 7643 - Entitlement: - type: object - properties: - value: - description: The value of an entitlement. - type: string - example: Stakeholder - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function. - type: string - primary: - type: boolean - description: Denotes if this is the preferred entitlement among others, if any - description: Entitlements represent things a user has, like rights. See section 4.1.2 of RFC 7643 - X509Certificate: - type: object - properties: - value: - description: The value of a X509 certificate. - type: string - display: - description: A human readable name, primarily used for display purposes. - type: string - type: - description: A label indicating the attribute's function. - type: string - primary: - type: boolean - description: Denotes if this is the preferred certificate among others, if any - description: A certificate associated with the user. See section 4.1.2 of RFC 7643 - Meta: - type: object - properties: - resourceType: - type: string - created: - type: string - lastModified: - type: string - location: - type: string - description: See section 3.1 of RFC 7643 - - ScimPatchOperation: - required: - - op - type: object - properties: - op: - type: string - description: The kind of operation to perform - enum: - - add - - remove - - replace - path: - type: string - description: Required when op is remove, optional otherwise - value: - $ref: '#/components/schemas/AnyValue' - description: Only required when op is add or replace - description: See section 3.5.2 of RFC 7644 - - ScimPatchRequest: - description: Stores one or more patch operations - required: - - operations - type: object - properties: - schemas: - type: array - items: - type: string - example: urn:ietf:params:scim:api:messages:2.0:PatchOp - operations: - type: array - items: - $ref: '#/components/schemas/ScimPatchOperation' - AnyValue: - description: Can be any value - string, number, boolean, array or object - - AuthHealthStatus: - type: object - description: Auth Server health data - additionalProperties: - type: string - - AdminRole: - type: object - description: Admin role - required: - - role - properties: - role: - type: string - description: role - description: - type: string - description: role description - deletable: - type: boolean - description: can we delete the role? - AdminPermission: - type: object - description: Admin permission - required: - - permission - properties: - permission: - type: string - description: permission - description: - type: string - description: permission description - RolePermissionMapping: - type: object - description: Admin role-permission mapping - required: - - role - properties: - role: - type: string - description: role - permissions: - type: array - items: - type: string - description: permissions - LicenseDetailsRequest: - type: object - description: Admin license details request - required: - - validityPeriod - properties: - validityPeriod: - type: string - description: The license will expire on following date. - maxActivations: - type: string - description: The maximum allowed activations of this license on different machines. - licenseActive: - type: string - description: Is license active? - LicenseApiRequest: - type: object - description: Admin license api request - required: - - licenseKey - properties: - licenseKey: - type: string - description: The license-key. - LicenseSpringCredentials: - type: object - required: - - apiKey - - productCode - - sharedKey - - managementKey - properties: - apiKey: - type: string - description: The api-key. - productCode: - type: string - description: The product-code. - sharedKey: - type: string - description: The shared-key. - managementKey: - type: string - description: The management-key. - LicenseDetailsResponse: - type: object - description: Admin license details response - properties: - licenseEnabled: - type: boolean - description: Is license module enabled in admin-ui application? - default: false - productName: - type: string - description: The license is registered under following product. - productCode: - type: string - description: The short code is used in our API calls in order to identify the product. - licenseType: - type: string - description: The type of license (eg Perpetual, Time-based, Subscription, and Consumption-based licenses). - maxActivations: - type: integer - description: The license key. - licenseKey: - type: string - description: The license key. - licenseActive: - type: boolean - description: Is license active? - default: false - validityPeriod: - type: string - description: The license validity period - companyName: - type: string - description: The company name of the registered license. - customerEmail: - type: string - description: The customer email address of the registered license. - customerFirstName: - type: string - description: The customer first name. - customerLastName: - type: string - description: The customer last name. - LicenseApiResponse: - type: object - properties: - apiResult: - type: boolean - description: liceseSpring api request success status - responseMessage: - type: string - description: Response Message - responseCode: - type: integer - description: Response code - ScimAppConfiguration: - type: object - properties: - baseDN: - type: string - description: Application config Base DN - applicationUrl: - type: string - description: Application base URL - baseEndpoint: - type: string - description: SCIM base endpoint URL - personCustomObjectClass: - type: string - description: Person Object Class - oxAuthIssuer: - type: string - description: Jans Auth - Issuer identifier. - protectionMode: - type: string - enum: - - OAUTH - - BYPASS - description: SCIM Protection Mode - maxCount: - type: integer - example: Maximum number of results per page - userExtensionSchemaURI: - type: string - description: User Extension Schema URI - loggingLevel: - type: string - description: Logging level for scim logger. - enum: - - TRACE - - DEBUG - - INFO - - WARN - - ERROR - - FATAL - - OFF - loggingLayout: - type: string - description: Logging layout used for Server loggers. - externalLoggerConfiguration: - type: string - description: Path to external log4j2 logging configuration. - metricReporterInterval: - type: integer - description: The interval for metric reporter in seconds. - metricReporterKeepDataDays: - type: integer - description: The days to keep metric reported data. - metricReporterEnabled: - type: boolean - description: Metric reported data enabled flag. - disableJdkLogger: - type: boolean - description: Boolean value specifying whether to enable JDK Loggers. - useLocalCache: - type: boolean - description: Boolean value specifying whether to enable local in-memory cache. - bulkMaxOperations: - type: integer - description: Specifies maximum bulk operations. - bulkMaxPayloadSize: - type: integer - format: int64 - description: Specifies maximum payload size of bulk operations. - - Organization: - type: object - properties: - dn: - type: string - baseDn: - type: string - displayName: - type: string - maxLength: 60 - minLength: 0 - description: Organization name - description: - type: string - maxLength: 60 - minLength: 0 - description: Organization description - member: - type: string - description: String describing memberOf - countryName: - type: string - description: Organization country name - organization: - type: string - status: - type: string - managerGroup: - type: string - description: qualified id of the group - example: inum=60B7,ou=groups,o=jans - themeColor: - type: string - description: color of the theme - example: 166309 - shortName: - type: string - customMessages: - type: array - items: - type: string - title: - type: string - jsLogoPath: - type: string - description: Path to organization logo image - jsFaviconPath: - type: string - description: Path to organization favicon image - organizationTitle: - type: string - - - FacterData: - type: object - properties: - memoryfree: - type: string - description: Server free memory - swapfree: - type: string - description: Server swap free - hostname: - type: string - description: Server hostname - ipaddress: - type: string - description: Server ipaddress - uptime: - type: string - description: Server uptime - free_disk_space: - type: string - description: Server free disk space - load_average: - type: string - description: Server average load time - - - StatsData: - type: object - properties: - dbType: - type: string - description: Jans Server DB type - lastUpdate: - type: string - description: Stats update time - facterData: - type: object - $ref: '#/components/schemas/FacterData' - description: Underlying Server stats - - CustomUser: - title: User object - description: User. - type: object - required: - - userId - - mail - - displayName - - givenName - - jansStatus - properties: - dn: - type: string - description: Domain name. - baseDN: - type: string - description: Base DN for the User entity - jansStatus: - type: string - description: User status - enum: - - active - - inactive - - expired - - register - userId: - description: A domain issued and managed identifier for the user. - type: string - createdAt: - description: User creation date. - type: string - format: date-time - updatedAt: - description: Time the information of the person was last updated. Seconds from 1970-01-01T0:0:0Z - type: string - format: date-time - oxAuthPersistentJwt: - description: Persistent JWT. - type: array - items: - type: string - customAttributes: - description: dn of associated clients with the user. - type: array - items: - $ref: '#/components/schemas/CustomAttribute' - mail: - type: string - description: User mail - displayName: - type: string - description: Name of the user suitable for display to end-users - givenName: - type: string - description: User given Name - userPassword: - type: string - description: User password - inum: - description: XRI i-number. Identifier to uniquely identify the user. - type: string - - ExtendedCustomUser: - allOf: # Combines the CustomUser and the inline model - - $ref: '#/components/schemas/CustomUser' - - type: object - required: - - userPassword - properties: - userPassword: - type: string - description: User password - - UserPatchRequest: - title: User Patch Request object - description: UserPatchRequest. - type: object - properties: - jsonPatchString: - type: object - description: Possible errors assosiated with the script. - $ref: '#/components/schemas/PatchRequest' - customAttributes: - description: dn of associated clients with the user. - type: array - items: - $ref: '#/components/schemas/CustomAttribute' - - EngineConfig: - title: Agama engine configuration - description: Agama engine configuration object - type: object - properties: - enabled: - type: boolean - description: A boolean value that specifies if the engine is enabled - default: false - templatesPath: - type: string - description: Root of templates - default: '/ftl' - scriptsPath: - type: string - description: Root of the hierarchy of classes that can be added on the fly - default: '/scripts' - serializerType: - type: string - description: Used for continuations serialization - default: KRYO - enum: - - KRYO - - FST - maxItemsLoggedInCollections: - type: integer - description: Number of items to traverse in a collection when it is logged - default: 3 - minimum: 1 - pageMismatchErrorPage: - type: string - description: Location of the page used when an unexpected URL is requested - default: mismatch.ftl - interruptionErrorPage: - type: string - description: Location of the page shown when a user exceeds the amount of time allowed to take a flow to completion - default: timeout.ftl - crashErrorPage: - type: string - description: Location of the page shown when an error has occured while running a flow - default: crash.ftl - finishedFlowPage: - type: string - description: Location of the page shown when a flow has finished - default: finished.ftl - bridgeScriptPage: - type: string - description: JSF page of the bridge script - default: agama.xhtml - defaultResponseHeaders: - type: object - additionalProperties: - type: string - - - FlowMetadata: - title: Metadata of an Agama flow - description: Metadata of an Agama flow - type: object - properties: - funcName: - description: For internal use only. This property should not be modified - type: string - inputs: - description: For internal use only. This property should not be modified - type: array - items: - type: string - timeout: - description: For internal use only. This property should not be modified - type: integer - format: int64 - default: 0 - displayName: - description: Name of the flow for displaying purposes - type: string - author: - description: Author of the flow - type: string - timestamp: - description: Flow creation timestamp relative to UNIX epoch - type: integer - format: int64 - default: 0 - description: - description: Descriptive details of the flow - type: string - properties: - description: Configuration parameters of the flow - type: object - additionalProperties: - type: string - - AgamaFlow: - title: Agama flow object - description: Object that represents an Agama flow - type: object - required: - - qname - properties: - dn: - description: Flow distinguished name - type: string - qname: - description: Flow qualified name - type: string - revision: - description: Revision number of the flow - type: integer - format: int64 - default: 0 - enabled: - description: Whether the flow can be launched directly from an authentication request - type: boolean - default: false - metadata: - description: Flow metadata - $ref: '#/components/schemas/FlowMetadata' - source: - description: Source code - type: string - codeError: - type: string - description: Errors in the flow source detected by Agama transpiler - - SessionId: - title: Session details - description: Session details - type: object - properties: - dn: - type: string - description: Domain name. - id: - type: string - description: Unique session id - outsideSid: - type: string - description: User session id - lastUsedAt: - description: Timestamp of session used last time. - type: string - format: date - userDn: - description: Session user domain name. - type: string - authenticationTime: - description: Session authentication time. - type: string - format: date - state: - description: Session status - type: string - enum: - - authenticated - - unauthenticated - sessionState: - description: state of session. - type: string - permissionGranted: - type: boolean - description: Boolean flag indicated if permission granted - isJwt: - type: boolean - description: Boolean flag indicated if jwt - jwt: - type: string - description: Jwt - permissionGrantedMap: - description: Map containing permission. - type: object - additionalProperties: - type: boolean - sessionAttributes: - description: Session attributes - type: object - additionalProperties: - type: string - expirationDate: - description: Expiration date. - type: string - format: date - deletable: - type: boolean - description: If permission is deletable - creationDate: - description: Session creation date. - type: string - format: date - - AuthorizationRequestCustomParameter: - title: AuthorizationRequestCustomParameter - description: AuthorizationRequestCustomParameter details - type: object - properties: - paramName: - type: string - description: Name of the custom parameter - returnInResponse: - type: boolean - description: indicates if the parameter by default will be returned in response. - default: false - - PagedResult: - type: object - properties: - start: - type: integer - format: int32 - totalEntriesCount: - type: integer - format: int32 - entriesCount: - type: integer - format: int32 - entries: - type: array - items: - type: object - - LocalizedString: - type: object - properties: - values: - type: object - additionalProperties: - type: string - value: - type: string - languageTags: - uniqueItems: true - type: array - items: - type: string diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml index 49cefa8ac12..329dc7b4369 100644 --- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml +++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml @@ -648,7 +648,7 @@ paths: requestBody: description: UserPatchRequest content: - application/json-patch+json: + application/json: schema: $ref: '#/components/schemas/UserPatchRequest' examples: diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java index edea2d0c6a4..004e4247ae6 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java @@ -2,7 +2,6 @@ import com.github.fge.jsonpatch.JsonPatchException; import io.jans.as.common.model.common.User; -import io.jans.as.common.service.common.EncryptionService; import io.jans.configapi.core.rest.BaseResource; import io.jans.configapi.core.rest.ProtectedApi; import io.jans.configapi.plugin.mgt.model.user.CustomUser; @@ -56,14 +55,9 @@ public class UserResource extends BaseResource { private static final String INUM = "inum"; private class UserPagedResult extends PagedResult{}; - - @Inject Logger logger; - @Inject - EncryptionService encryptionService; - @Inject MgtUtil mgtUtil; @@ -218,7 +212,7 @@ public Response updateUser(@Valid CustomUser customUser) @Operation(summary = "Patch user properties by Inum", description = "Patch user properties by Inum", operationId = "patch-user-by-inum", tags = { "Configuration – User Management" }, security = @SecurityRequirement(name = "oauth2", scopes = { ApiAccessConstants.USER_WRITE_ACCESS })) - @RequestBody(description = "UserPatchRequest", content = @Content(mediaType = MediaType.APPLICATION_JSON_PATCH_JSON, schema = @Schema(implementation = UserPatchRequest.class), examples = @ExampleObject(name = "Request json example", value = "example/user/user-patch.json"))) + @RequestBody(description = "UserPatchRequest", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = UserPatchRequest.class), examples = @ExampleObject(name = "Request json example", value = "example/user/user-patch.json"))) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class, description = "Patched CustomUser Object"), examples = @ExampleObject(name = "Response json example", value = "example/user/user.json"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties index 9baf27962e2..467212d9653 100644 --- a/jans-config-api/profiles/local/test.properties +++ b/jans-config-api/profiles/local/test.properties @@ -4,6 +4,6 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/con # jans.server token.endpoint=https://jans.server1/jans-auth/restv1/token token.grant.type=client_credentials -test.client.id=1800.c94f1e10-7716-4dc8-b82d-4dd1169ed4f9 -test.client.secret=2M6r3vYeQEIT +test.client.id=1800.da71aef0-977c-40f0-bbc4-fca1b8cc5aa6 +test.client.secret=uqgP0W5YIiT7 test.issuer=https://jans.server1/ \ No newline at end of file diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/configuration/AppInitializer.java b/jans-config-api/server/src/main/java/io/jans/configapi/configuration/AppInitializer.java index d80093d5928..b848ea5989f 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/configuration/AppInitializer.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/configuration/AppInitializer.java @@ -153,7 +153,7 @@ public PersistenceEntryManager createPersistenceEntryManager() throws OxIntializ @ApplicationScoped @Named("authorizationService") private AuthorizationService createAuthorizationService() { - log.error( + log.info( "============= AppInitializer::createAuthorizationService() - configurationFactory.getApiProtectionType():{} ", configurationFactory.getApiProtectionType()); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java b/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java index 3fc71b40a98..77b73ea8fc2 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/interceptor/AuditLogInterceptor.java @@ -36,6 +36,7 @@ public class AuditLogInterceptor { private static final Logger AUDIT_LOG = LoggerFactory.getLogger("audit"); + private static final Logger LOG = LoggerFactory.getLogger(AuditLogInterceptor.class); @Context UriInfo info; @@ -54,7 +55,31 @@ public class AuditLogInterceptor { public Object aroundReadFrom(InvocationContext context) throws Exception { try { - processRequest(context); + LOG.info("Audit Log Interceptor - context:{}, info:{}, request:{}, httpHeaders:{}, AUDIT_LOG:{}", context, + info, request, httpHeaders, AUDIT_LOG); + AUDIT_LOG.info("\n ********************** Request ********************** "); + + // Get Audit config + AuditLogConf auditLogConf = getAuditLogConf(); + LOG.info("auditLogConf:{}", auditLogConf); + + // Log if enabled + if (auditLogConf != null && auditLogConf.isEnabled()) { + + // Request audit + String beanClassName = context.getClass().getName(); + String method = context.getMethod().getName(); + + AUDIT_LOG.info("endpoint:{}, beanClassName:{}, method:{}, from:{}, user:{} ", info.getPath(), + beanClassName, method, request.getRemoteAddr(), httpHeaders.getHeaderString("User-inum")); + + // Header attribute audit + Map headerData = getAuditHeaderAttributes(auditLogConf); + AUDIT_LOG.info("headerData:{} ", headerData); + + // Request object audit + processRequest(context, auditLogConf); + } } catch (Exception ex) { throw new WebApplicationException(ex); @@ -62,37 +87,24 @@ public Object aroundReadFrom(InvocationContext context) throws Exception { return context.proceed(); } - private void processRequest(InvocationContext context) { + private void processRequest(InvocationContext context, AuditLogConf auditLogConf) { + LOG.info("Process Audit Log Interceptor - context:{}, auditLogConf:{}", context, auditLogConf); Object[] ctxParameters = context.getParameters(); Method method = context.getMethod(); Class[] clazzArray = method.getParameterTypes(); + LOG.debug("Audit Log Interceptor process - ctxParameters:{}, method:{}, clazzArray:{}", ctxParameters, method, + clazzArray); + if (clazzArray != null && clazzArray.length > 0) { for (int i = 0; i < clazzArray.length; i++) { - Object obj = ctxParameters[i]; - // Audit log - logAuditData(context, obj); - - } - } - } + LOG.info("Request obj:{}", obj); + AUDIT_LOG.info("objectType:{}, obj:{} ", clazzArray[i], obj); - private void logAuditData(InvocationContext context, T obj) { - try { - AuditLogConf auditLogConf = getAuditLogConf(); - if (auditLogConf != null && auditLogConf.isEnabled()) { - AUDIT_LOG.info("====== Request for endpoint:{}, method:{}, from:{}, user:{}, data:{} ", info.getPath(), - context.getMethod(), request.getRemoteAddr(), httpHeaders.getHeaderString("User-inum"), obj); - Map attributeMap = getAuditHeaderAttributes(auditLogConf); - AUDIT_LOG.info("attributeMap:{} ", attributeMap); } - - } catch (Exception ex) { - ex.printStackTrace(); } - } private AuditLogConf getAuditLogConf() { @@ -100,12 +112,13 @@ private AuditLogConf getAuditLogConf() { } private Map getAuditHeaderAttributes(AuditLogConf auditLogConf) { - + LOG.info("AuditLogInterceptor::getAuditHeaderAttributes() - auditLogConf:{}", auditLogConf); if (auditLogConf == null) { return Collections.emptyMap(); } List attributes = auditLogConf.getHeaderAttributes(); - + LOG.info("AuditLogInterceptor::getAuditHeaderAttributes() - attributes:{}", attributes); + Map attributeMap = null; if (attributes != null && !attributes.isEmpty()) { attributeMap = new HashMap<>(); @@ -115,6 +128,8 @@ private Map getAuditHeaderAttributes(AuditLogConf auditLogConf) attributeMap.put(attributeName, attributeValue); } } + + LOG.info("AuditLogInterceptor::getAuditHeaderAttributes() - attributeMap:{}", attributeMap); return attributeMap; } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java index ebea7e4f979..4dcaed8b610 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java @@ -17,11 +17,13 @@ import io.jans.configapi.core.model.SearchRequest; import io.jans.configapi.service.auth.ClientService; import io.jans.configapi.service.auth.ConfigurationService; +import io.jans.configapi.service.auth.AttributeService; import io.jans.configapi.service.auth.ScopeService; import io.jans.configapi.util.ApiAccessConstants; import io.jans.configapi.util.ApiConstants; import io.jans.configapi.util.AttributeNames; import io.jans.configapi.util.AuthUtil; +import io.jans.model.GluuAttribute; import io.jans.configapi.core.util.Jackson; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.exception.EntryPersistenceException; @@ -48,6 +50,7 @@ import jakarta.ws.rs.core.Response; import java.io.IOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.UUID; @@ -82,6 +85,9 @@ public class ClientsResource extends ConfigBaseResource { @Inject ScopeService scopeService; + @Inject + AttributeService attributeService; + @Operation(summary = "Gets list of OpenID Connect clients", description = "Gets list of OpenID Connect clients", operationId = "get-oauth-openid-clients", tags = { "OAuth - OpenID Connect - Clients" }, security = @SecurityRequirement(name = "oauth2", scopes = { ApiAccessConstants.OPENID_CLIENTS_READ_ACCESS })) @@ -156,6 +162,12 @@ public Response createOpenIdConnect(@Valid Client client) throws EncryptionExcep // scope validation checkScopeFormat(client); + // Claim validation + String[] claims = client.getClaims(); + if (client.getClaims() != null && client.getClaims().length > 0) { + validateClaim(client); + } + String clientSecret = client.getClientSecret(); if (StringHelper.isEmpty(clientSecret)) { @@ -173,7 +185,9 @@ public Response createOpenIdConnect(@Valid Client client) throws EncryptionExcep clientService.addClient(client); Client result = clientService.getClientByInum(inum); result.setClientSecret(encryptionService.decrypt(result.getClientSecret())); + result.setClaims(claims); + logger.debug("Claim post creation - result.getClaims():{} ", result.getClaims()); return Response.status(Response.Status.CREATED).entity(result).build(); } @@ -202,6 +216,12 @@ public Response updateClient(@Valid Client client) throws EncryptionException { // scope validation checkScopeFormat(client); + // Claim validation + String[] claims = client.getClaims(); + if (client.getClaims() != null && client.getClaims().length > 0) { + validateClaim(client); + } + client.setClientId(existingClient.getClientId()); client.setBaseDn(clientService.getDnForClient(inum)); client.setDeletable(client.getExpirationDate() != null); @@ -214,7 +234,9 @@ public Response updateClient(@Valid Client client) throws EncryptionException { clientService.updateClient(client); Client result = clientService.getClientByInum(existingClient.getClientId()); result.setClientSecret(encryptionService.decrypt(client.getClientSecret())); + result.setClaims(claims); + logger.debug("Claim post updation - result.getClaims():{} ", result.getClaims()); return Response.ok(result).build(); } @@ -370,4 +392,48 @@ private Scope findScopeByDn(String scopeDn) { return null; } } + + private Client validateClaim(Client client) { + if (client == null) { + return client; + } + + // check claims + logger.debug("client.getClaims():{}", client.getClaims()); + List claims = client.getClaims() != null ? Arrays.asList(client.getClaims()) : null; + logger.debug("Client claims:{}", claims); + + List validClaims = new ArrayList<>(); + List invalidClaims = new ArrayList<>(); + + for (String claim : claims) { + logger.debug("Is claim:{} valid-DN?:{}", claim, authUtil.isValidDn(claim)); + GluuAttribute gluuAttribute = null; + if (authUtil.isValidDn(claim)) { + gluuAttribute = attributeService.getAttributeUsingDn(claim); + } else { + gluuAttribute = attributeService.getAttributeUsingName(claim); + } + logger.debug("Attribute from DB - {}'", gluuAttribute); + if (gluuAttribute != null) { + validClaims.add(gluuAttribute.getDn()); + } else { + invalidClaims.add(claim); + } + } + logger.debug("Claim validation result - validClaims:{}, invalidClaims:{} ", validClaims, invalidClaims); + + if (!invalidClaims.isEmpty()) { + thorwBadRequestException("Invalid claim in request -> " + invalidClaims.toString()); + } + + // reset Claims + if (!validClaims.isEmpty()) { + String[] scopeArr = validClaims.stream().toArray(String[]::new); + client.setClaims(scopeArr); + } + + return client; + } + } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java b/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java index 9df93750ce9..b8d5d033dde 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java @@ -215,7 +215,7 @@ private void updateScopeForClientIfNeeded(String clientId) { try { Client client = this.clientService.getClientByInum(clientId); log.debug("updateScopeForClientIfNeeded() - Verify client:{} ", client); - + log.debug("updateScopeForClientIfNeeded() - 1 - client.getClientSecret():{} ", client.getClientSecret()); if (client != null) { // Assign scope // Prepare scope array @@ -245,6 +245,7 @@ private void updateScopeForClientIfNeeded(String clientId) { client = this.clientService.getClientByInum(clientId); log.debug(" Verify scopes post assignment, clientId:{}, scopes:{}", clientId, Arrays.asList(client.getScopes())); + log.debug("updateScopeForClientIfNeeded() - 2 - client.getClientSecret():{} ", client.getClientSecret()); } catch (Exception ex) { log.error("Error while searching internal client", ex); } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java index 56e0bdff28e..ac1b223e953 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AttributeService.java @@ -63,4 +63,24 @@ public PagedResult searchGluuAttributes(SearchRequest searchReque } + public GluuAttribute getAttributeUsingDn(String dn) { + GluuAttribute result = null; + try { + result = persistenceEntryManager.find(GluuAttribute.class, dn); + } catch (Exception ex) { + log.error("Failed to load attribute with dn:{}, ex:{}", dn, ex); + } + return result; + } + + public GluuAttribute getAttributeUsingName(String claimName) { + GluuAttribute gluuAttribute = null; + try { + gluuAttribute = getByClaimName(claimName); + } catch (Exception ex) { + log.error("Failed to load attribute with name:{}, ex:{}", claimName, ex); + } + return gluuAttribute; + } + } \ No newline at end of file diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java index 96c58f3e3f7..ba24587afe8 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientService.java @@ -20,7 +20,6 @@ import io.jans.as.model.crypto.signature.SignatureAlgorithm; import io.jans.as.model.register.ApplicationType; import io.jans.configapi.core.model.SearchRequest; -import io.jans.configapi.service.auth.ConfigurationService; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.model.PagedResult; import io.jans.orm.model.SortOrder; @@ -68,9 +67,9 @@ public class ClientService implements Serializable { @Inject transient AppConfiguration appConfiguration; - + @Inject - ConfigurationService configurationService; + transient ConfigurationService configurationService; public boolean contains(String clientDn) { return persistenceEntryManager.contains(clientDn, Client.class); @@ -330,11 +329,6 @@ public Client setClientDefaultAttributes(Client client, boolean update) { logger.debug("client.getScopes():{}, appConfiguration.getDynamicRegistrationScopesParamEnabled():{}", client.getScopes(), appConfiguration.getDynamicRegistrationScopesParamEnabled()); - List claims = client.getClaims() != null ? Arrays.asList(client.getClaims()) : null; - if (claims != null && !claims.isEmpty()) { - List claimsDn = attributeService.getAttributesDn(claims); - client.setClaims(claimsDn.toArray(new String[claimsDn.size()])); - } logger.debug("client.getClaims():{}, client.getAttributes().getAuthorizedAcrValues():{}", client.getClaims(), client.getAttributes().getAuthorizedAcrValues()); @@ -361,9 +355,10 @@ private void updateCustomAttributes(Client client) { // custom object class final String customOC = appConfiguration.getDynamicRegistrationCustomObjectClass(); String persistenceType = configurationService.getPersistenceType(); - if (PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceType) && StringUtils.isNotBlank(customOC)) { + if (PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceType) + && StringUtils.isNotBlank(customOC)) { client.setCustomObjectClasses(new String[] { customOC }); - }else { + } else { client.setCustomObjectClasses(null); } diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json index 1c7b1342ddd..2a113a76e2f 100644 --- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json +++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json @@ -1629,7 +1629,7 @@ } ] }, - { + { "path": "/jans-config-api/api/v1/ads-deployment", "conditions": [ { diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java index 4304c111ac8..1b7baa7159b 100644 --- a/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestAuditInterceptor.java @@ -10,9 +10,10 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; - +import java.lang.annotation.Inherited; import jakarta.interceptor.InterceptorBinding; +@Inherited @InterceptorBinding @Retention(RetentionPolicy.RUNTIME) @Target({ ElementType.TYPE, ElementType.METHOD }) diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java index 21eee7034d8..0b462d97b72 100644 --- a/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/interceptor/RequestInterceptor.java @@ -10,9 +10,10 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; - +import java.lang.annotation.Inherited; import jakarta.interceptor.InterceptorBinding; +@Inherited @InterceptorBinding @Retention(RetentionPolicy.RUNTIME) @Target({ ElementType.TYPE, ElementType.METHOD }) diff --git a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json index 9a009bba94a..4a9cbb38546 100644 --- a/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json +++ b/jans-linux-setup/jans_setup/templates/jans-config-api/dynamic-conf.json @@ -54,7 +54,7 @@ "enabled" ] }, - "auditLog": { + "auditLogConf": { "enabled": true, "headerAttributes": [ "User-inum"