feat(config-api): saml config-api plugin

[pujavs]

New plugin to support SAML functionality.
Jans SAML to use Keycloak as identity Provider(IdP). New config-api plugin to expose endpoints to create and manage trust relationships and persist in DB.

Based on discussion with @uprightech

1. config-saml-plugin is not using Keycloak API.
2. config-saml-plugin will upload metadata file on server using existing DocumentStore
3. trust-relationship endpoint to expose methods to create and manage trust-relationship in DB

• GET: Need list of trust-relationship
• POST: Create trust-relationship .
• PUT: Update trust-relationship
• DELETE: Delete trust-relationship

4. Config to be declared in DB

[pujavs]

1.Keycloak client endpoints- This will be basically Trust Relationships. Implemented using keycloak-admin-client-jakarta using https://www.keycloak.org/docs-api/21.1.0/javadocs/org/keycloak/admin/client/resource/class-use/ClientResource.html****

1. Local testing video:
   https://github.com/JanssenProject/jans/assets/43700552/83f44040-093e-4bc8-bf70-b72041173d4d

2. Local testing screenshots:

• GET: Need list of SAML clients
  

• POST: Create SAML client.
  

• PUT: Update SAML client
  

• DELETE: Delete SAML client
  

[pujavs]

Implemented and tested following endpoints:

1. /jans-config-api/saml/trust-relationship endpoints: GET, POST,PUT,DELETE
   https://github.com/JanssenProject/jans/assets/43700552/5a412abe-b820-453e-929c-af97c485fb8f

2. /jans-config-api/saml/samlConfig endpoints: GET, PUT & PATCH
   saml-plugin-config.zip

[pujavs]

Review on config-saml-plugin by @uprightech as of 27-Jul-2023

• Remove redirectUris. The reason being that this will be set by another
• software.
• webOrigins doesn't have a place either
• jansSAMLMetaDataFilter should be removed too. It's only relevant to Shibboleth IDP and there
• must be a better way to handle this.
• jansIsFed should also be removed. Let's not handle federations early at this stage.
• Also, temporarily , let's remove the entityType attribute. Again, there surely is a better
• way to handle such. I would prefer a trust relationship for now represents a Single SP. We
• will handle federations later on.
• What is the jansProfileConf attribute for please , I could not find a clear reference
• Do we need a protocol attribute ?
• I see the endpoint for a trustRelationship allows a trustRelationship to be created without
• a metadata file. That's a problem as it's needed to extract SP meta as we discussed once before
• (at least the entityID). I think trustrelationship creation should fail if at the very least
• a metadata file (or a metadata source) is not specified.
• Is there a reason why we have a separate SamlIdpService just to save files ?
• Beyond that, there are a few tweaks that will be done in time as we use the API in a real case scenario. They're not imporant for now.

[pujavs]

Comments by @pujavs. Thankyou for your review comment Rolain Bonaventure

• I will remove the fields that you mentioned to be removed.
• protocol filed is used to specify if it's Openid or SAML. This field name is from keycloak api, do you want me to remove this as well?
• In trustRelationship endpoint, I have declared two methods for POST one with trustRelationship object only that you have pointed out and one with trustRelationship object and metadatfile -> https://github.com/JanssenProject/jans/blob/jans-config-5148/jans-config-api/plugins/saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java#L126
  I thought that in future if we support trust relationship creation with URI etc then this will be useful.
  But as you have confirmed that this is not required as of now then I will remove it.
• SamlIdpService: I have segregated the code with respect to Documentstore related functionality, I will be adding metafile validation code here or any other handling of metadata