diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 469e8e66e83..f8f32916226 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -52,7 +52,7 @@ RUN wget -q https://github.com/fabioz/PyDev.Debugger/archive/refs/tags/pydev_deb # =========== ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-10 11:31' +ENV CN_BUILD_DATE='2022-03-15 17:19' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war # Install Jans Auth @@ -210,11 +210,11 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ # misc stuff # ========== -LABEL name="Janssen Authorization Server" \ +LABEL name="janssenproject/auth-server" \ maintainer="Janssen Project " \ vendor="Janssen Project" \ version="1.0.0" \ - release="beta.15" \ + release="beta.16" \ summary="Janssen Authorization Server" \ description="OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)" diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile index 692576b512e..41494d2f63c 100644 --- a/docker-jans-certmanager/Dockerfile +++ b/docker-jans-certmanager/Dockerfile @@ -17,7 +17,7 @@ RUN apk update \ # JAR files required to generate OpenID Connect keys ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-07 16:25' +ENV CN_BUILD_DATE='2022-03-15 17:18' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ @@ -133,11 +133,11 @@ ENV CN_WAIT_MAX_TIME=300 \ # misc # ==== -LABEL name="Certmanager" \ +LABEL name="janssenproject/certmanager" \ maintainer="Janssen Project " \ vendor="Janssen Project" \ version="1.0.0" \ - release="b12" \ + release="beta.16" \ summary="Janssen Certmanager" \ description="Manage certs and crypto keys for Janssen Server" diff --git a/docker-jans-client-api/Dockerfile b/docker-jans-client-api/Dockerfile index 8491d17f5a7..fa9e317f981 100644 --- a/docker-jans-client-api/Dockerfile +++ b/docker-jans-client-api/Dockerfile @@ -16,7 +16,7 @@ RUN apk update \ # ========== ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-10 17:03' +ENV CN_BUILD_DATE='2022-03-15 08:49' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-client-api-server/${CN_VERSION}/jans-client-api-server-${CN_VERSION}-distribution.zip RUN wget -q ${CN_SOURCE_URL} -O /tmp/client-api.zip \ @@ -134,15 +134,15 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ # misc # ==== -LABEL name="Client API" \ +LABEL name="janssenproject/client-api" \ maintainer="Janssen Project " \ - vendor="Janssen" \ + vendor="Janssen Project" \ version="1.0.0" \ - release="b12" \ + release="beta.16" \ summary="Janssen Client API" \ description="Client software to secure apps with OAuth 2.0, OpenID Connect, and UMA" -RUN mkdir -p /etc/certs /app/templates/ /deploy /etc/jans/conf /opt/client-api/logs +RUN mkdir -p /etc/certs /app/templates/ /etc/jans/conf /opt/client-api/logs COPY scripts /app/scripts COPY templates/*.tmpl /app/templates/ RUN chmod +x /app/scripts/entrypoint.sh @@ -153,11 +153,9 @@ RUN adduser -s /bin/sh -D -G root -u 1000 1000 # adjust ownership RUN chown -R 1000:1000 /app/templates \ && chown -R 1000:1000 /etc/jans \ - && chown -R 1000:1000 /deploy \ && chown -R 1000:1000 /tmp \ && chown -R 1000:1000 /opt/client-api \ && chgrp -R 0 /tmp && chmod -R g=u /tmp \ - && chgrp -R 0 /deploy && chmod -R g=u /deploy \ && chgrp -R 0 /etc/certs && chmod -R g=u /etc/certs \ && chgrp -R 0 /etc/jans && chmod -R g=u /etc/jans \ && chgrp -R 0 /opt/client-api && chmod -R g=u /opt/client-api \ diff --git a/docker-jans-client-api/scripts/entrypoint.sh b/docker-jans-client-api/scripts/entrypoint.sh index ceabae56bda..fae269d0acb 100644 --- a/docker-jans-client-api/scripts/entrypoint.sh +++ b/docker-jans-client-api/scripts/entrypoint.sh @@ -3,11 +3,7 @@ set -e python3 /app/scripts/wait.py - -if [ ! -f /deploy/touched ]; then - python3 /app/scripts/bootstrap.py - touch /deploy/touched -fi +python3 /app/scripts/bootstrap.py # run the server # customized `/opt/client-api/bin/client-api-start.sh` diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index 3d40637fee8..19b2e958cd9 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -32,7 +32,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_ # ========== ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-10 11:34' +ENV CN_BUILD_DATE='2022-03-15 20:31' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war # Install Jans Config API @@ -175,11 +175,11 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ # misc # ==== -LABEL name="Config API" \ +LABEL name="janssenproject/config-api" \ maintainer="Janssen Project " \ - vendor="Janssen" \ + vendor="Janssen Project" \ version="1.0.0" \ - release="beta.15" \ + release="beta.16" \ summary="Janssen Config API" \ description="" diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile index 6d53fec3e0a..f20bdad2f8f 100644 --- a/docker-jans-configurator/Dockerfile +++ b/docker-jans-configurator/Dockerfile @@ -17,7 +17,7 @@ RUN apk update \ # JAR files required to generate OpenID Connect keys ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-07 16:25' +ENV CN_BUILD_DATE='2022-03-15 17:18' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ @@ -110,11 +110,11 @@ ENV CN_WAIT_MAX_TIME=300 \ # misc # ==== -LABEL name="configurator" \ - maintainer="Janssen " \ - vendor="Janssen" \ +LABEL name="janssenproject/configurator" \ + maintainer="Janssen Project " \ + vendor="Janssen Project" \ version="1.0.0" \ - release="b12" \ + release="beta.16" \ summary="Janssen Configuration Manager" \ description="Manage config and secret" diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index e4a032a26f6..e139167150d 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -35,7 +35,7 @@ EXPOSE 8080 # ===== ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-10 08:13' +ENV CN_BUILD_DATE='2022-03-15 17:18' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war # Install FIDO2 @@ -149,11 +149,11 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ # misc stuff # ========== -LABEL name="FIDO2" \ - maintainer="Janssen io " \ +LABEL name="janssenproject/fido2" \ + maintainer="Janssen Project " \ vendor="Janssen Project" \ version="1.0.0" \ - release="beta.15" \ + release="beta.16" \ summary="Janssen FIDO2" \ description="FIDO2 server" diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index d24eac27c82..0dc858fd140 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -21,7 +21,7 @@ RUN pip3 install -U pip wheel \ # jans-linux-setup sync # ===================== -ENV JANS_LINUX_SETUP_VERSION=452ce0fc0132f6ac7fd3be4a20bab560b1586dea +ENV JANS_LINUX_SETUP_VERSION=5b7fd274230c160d470ef76495d333cab1ae3b2a ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -169,11 +169,11 @@ ENV CN_CACHE_TYPE=NATIVE_PERSISTENCE \ # misc # ==== -LABEL name="Persistence" \ - maintainer="Janssen " \ +LABEL name="janssenproject/persistence-loader" \ + maintainer="Janssen Project " \ vendor="Janssen Project" \ version="1.0.0" \ - release="beta.15" \ + release="beta.16" \ summary="Janssen Authorization Server Persistence loader" \ description="Generate initial data for persistence layer" diff --git a/docker-jans-persistence-loader/scripts/spanner_setup.py b/docker-jans-persistence-loader/scripts/spanner_setup.py index ca076766f7c..957e52d89ef 100644 --- a/docker-jans-persistence-loader/scripts/spanner_setup.py +++ b/docker-jans-persistence-loader/scripts/spanner_setup.py @@ -494,6 +494,7 @@ def column_from_array(table_name, col_name): ("jansClnt", "jansDefAcrValues"), ("jansClnt", "jansLogoutURI"), ("jansPerson", "role"), + ("jansPerson", "mobile"), ]: column_to_array(mod[0], mod[1]) diff --git a/docker-jans-persistence-loader/scripts/sql_setup.py b/docker-jans-persistence-loader/scripts/sql_setup.py index 29e73009a1c..2c967eeb07c 100644 --- a/docker-jans-persistence-loader/scripts/sql_setup.py +++ b/docker-jans-persistence-loader/scripts/sql_setup.py @@ -441,6 +441,7 @@ def column_from_json(table_name, col_name): ("jansClnt", "jansDefAcrValues"), ("jansClnt", "jansLogoutURI"), ("jansPerson", "role"), + ("jansPerson", "mobile"), ]: column_to_json(mod[0], mod[1]) diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py index 17bf5d4e9da..5ec18ba8fe4 100644 --- a/docker-jans-persistence-loader/scripts/upgrade.py +++ b/docker-jans-persistence-loader/scripts/upgrade.py @@ -5,6 +5,8 @@ import os from collections import namedtuple +from ldif import LDIFParser + from jans.pycloudlib.persistence.couchbase import get_couchbase_user from jans.pycloudlib.persistence.couchbase import get_couchbase_superuser from jans.pycloudlib.persistence.couchbase import get_couchbase_password @@ -25,34 +27,14 @@ Entry = namedtuple("Entry", ["id", "attrs"]) -class BaseBackend: - """Base class for backend adapters. Must be sub-classed per - implementation details. - """ - - def __init__(self): - # self.jans_admin_ui_role_id = "inum=43F1,ou=scopes,o=jans" - # self.jans_admin_ui_claim = "inum=0A01,ou=attributes,o=jans" - self.jans_attrs = '{"spontaneousClientId":null,"spontaneousClientScopes":null,"showInConfigurationEndpoint":true}' - # SCIM users.read, SCIM users.write scopes that get added to config-api client - self.jans_scim_scopes = [ - "inum=1200.2B7428,ou=scopes,o=jans", # users.read scope - "inum=1200.0A0198,ou=scopes,o=jans", # users.write scope - ] - # jans_stat - self.jans_stat_scopes = [ - "inum=C4F7,ou=scopes,o=jans", # jans_stat - ] - - #: ID of base entry -JANS_BASE_ID = "o=jans" +JANS_BASE_DN = "o=jans" #: ID of manager group -JANS_MANAGER_GROUP = "inum=60B7,ou=groups,o=jans" +JANS_MANAGER_GROUP_DN = "inum=60B7,ou=groups,o=jans" #: ID of jans-auth config -JANS_AUTH_CONFIG_ID = "ou=jans-auth,ou=configuration,o=jans" +JANS_AUTH_CONFIG_DN = "ou=jans-auth,ou=configuration,o=jans" #: View profile scope JANS_PROFILE_SCOPE_DN = "inum=43F1,ou=scopes,o=jans" @@ -60,6 +42,20 @@ def __init__(self): #: SCIM script DN JANS_SCIM_SCRIPT_DN = "inum=2DAF-F9A5,ou=scripts,o=jans" +#: Basic script DN +JANS_BASIC_SCRIPT_DN = "inum=A51E-76DA,ou=scripts,o=jans" + +#: SCIM users.read scope +JANS_SCIM_USERS_READ_SCOPE_DN = "inum=1200.2B7428,ou=scopes,o=jans" + +#: SCIM users.write scope +JANS_SCIM_USERS_WRITE_SCOPE_DN = "inum=1200.0A0198,ou=scopes,o=jans" + +DEFAULT_JANS_ATTRS = '{"spontaneousClientId":null,"spontaneousClientScopes":null,"showInConfigurationEndpoint":true}' + +#: jans_stat scope +JANS_STAT_SCOPE_DN = "inum=C4F7,ou=scopes,o=jans" + def _transform_auth_dynamic_config(conf): should_update = False @@ -111,6 +107,10 @@ def _transform_auth_dynamic_config(conf): )) should_update = True + if "redirectUrisRegexEnabled" not in conf: + conf["redirectUrisRegexEnabled"] = True + should_update = True + # return the conf and flag to determine whether it needs update or not return conf, should_update @@ -157,8 +157,6 @@ def modify_claims(claims): def collect_claim_names(ldif_file="/app/templates/attributes.ldif"): - from ldif import LDIFParser - rows = {} with open("/app/templates/attributes.ldif", "rb") as fd: parser = LDIFParser(fd) @@ -168,9 +166,8 @@ def collect_claim_names(ldif_file="/app/templates/attributes.ldif"): return rows -class LDAPBackend(BaseBackend): +class LDAPBackend: def __init__(self, manager): - super().__init__() self.manager = manager self.client = LdapClient(manager) self.type = "ldap" @@ -206,142 +203,9 @@ def modify_entry(self, key, attrs=None, **kwargs): attrs[k] = [(mod, v)] return self.client.modify(key, attrs) - def update_people_entries(self): - # add jansAdminUIRole to default admin user - admin_inum = self.manager.config.get("admin_inum") - id_ = f"inum={admin_inum},ou=people,o=jans" - kwargs = {} - - entry = self.get_entry(id_, **kwargs) - if not entry: - return - - if "jansAdminUIRole" not in entry.attrs: - entry.attrs["jansAdminUIRole"] = ["api-admin"] - self.modify_entry(id_, entry.attrs, **kwargs) - def update_scopes_entries(self): - # add jansAdminUIRole claim to profile scope - kwargs = {} - entry = self.get_entry(JANS_PROFILE_SCOPE_DN, **kwargs) - if not entry: - return - - attrs, should_update = _transform_profile_scope(entry.attrs) - if should_update: - self.modify_entry(entry.id, attrs, **kwargs) - - def update_clients_entries(self): - # modify redirect UI of config-api client - def _update_jca_client(): - jca_client_id = self.manager.config.get("jca_client_id") - entry = self.get_entry(f"inum={jca_client_id},ou=clients,o=jans") - - if not entry: - return - - should_update = False - - hostname = self.manager.config.get("hostname") - if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]: - entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin") - should_update = True - - # add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client - for scope in (self.jans_scim_scopes + self.jans_stat_scopes): - if scope not in entry.attrs["jansScope"]: - entry.attrs["jansScope"].append(scope) - should_update = True - - if should_update: - self.modify_entry(entry.id, entry.attrs) - - # modify introspection script for token server client - def _update_token_server_client(): - token_server_admin_ui_client_id = self.manager.config.get("token_server_admin_ui_client_id") - entry = self.get_entry(f"inum={token_server_admin_ui_client_id},ou=clients,o=jans") - - if not entry: - return - - attrs, should_update = _transform_token_server_client(json.loads(entry.attrs["jansAttrs"])) - if should_update: - entry.attrs["jansAttrs"] = json.dumps(attrs) - self.modify_entry(entry.id, entry.attrs) - - _update_jca_client() - _update_token_server_client() - - def update_scim_scopes_entries(self): - # add jansAttrs to SCIM users.read and users.write scopes - ids = self.jans_scim_scopes - kwargs = {} - - for id_ in ids: - entry = self.get_entry(id_, **kwargs) - if not entry: - continue - - if "jansAttrs" not in entry.attrs: - entry.attrs[ - "jansAttrs"] = self.jans_attrs - self.modify_entry(id_, entry.attrs, **kwargs) - - def update_base_entries(self): - # add jansManagerGrp to base entry - entry = self.get_entry(JANS_BASE_ID) - if not entry: - return - - if not entry.attrs.get("jansManagerGrp"): - entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP - self.modify_entry(JANS_BASE_ID, entry.attrs) - - def update_auth_dynamic_config(self): - entry = self.get_entry(JANS_AUTH_CONFIG_ID) - if not entry: - return - - conf, should_update = _transform_auth_dynamic_config(json.loads(entry.attrs["jansConfDyn"])) - if should_update: - entry.attrs["jansConfDyn"] = json.dumps(conf) - entry.attrs["jansRevision"] += 1 - self.modify_entry(entry.id, entry.attrs) - - def update_attributes_entries(self): - kwargs = {} - rows = collect_claim_names() - - for dn, claim_name in rows.items(): - entry = self.get_entry(dn, **kwargs) - - # jansClaimName already set - if "jansClaimName" in entry.attrs and entry.attrs["jansClaimName"]: - continue - - entry.attrs["jansClaimName"] = claim_name - self.modify_entry(entry.id, entry.attrs, **kwargs) - - def feature_flags(self): - kwargs = {} - entry = self.get_entry(JANS_SCIM_SCRIPT_DN, **kwargs) - - if not entry: - return - - env_enabled = as_boolean(os.environ.get("CN_SCIM_ENABLED", False)) - script_enabled = as_boolean(entry.attrs["jansEnabled"]) - - if script_enabled == env_enabled: - return - - entry.attrs["jansEnabled"] = env_enabled - self.modify_entry(entry.id, entry.attrs, **kwargs) - - -class SQLBackend(BaseBackend): +class SQLBackend: def __init__(self, manager): - super().__init__() self.manager = manager self.client = SQLClient() self.type = "sql" @@ -359,158 +223,9 @@ def modify_entry(self, key, attrs=None, **kwargs): table_name = kwargs.get("table_name") return self.client.update(table_name, key, attrs), "" - def update_people_entries(self): - # add jansAdminUIRole to default admin user - admin_inum = self.manager.config.get("admin_inum") - id_ = doc_id_from_dn(f"inum={admin_inum},ou=people,o=jans") - kwargs = {"table_name": "jansPerson"} - - entry = self.get_entry(id_, **kwargs) - if not entry: - return - - # sql entry may have empty jansAdminUIRole hash ({"v": []}) - if not entry.attrs["jansAdminUIRole"]["v"]: - entry.attrs["jansAdminUIRole"] = {"v": ["api-admin"]} - self.modify_entry(id_, entry.attrs, **kwargs) - - def update_scopes_entries(self): - # add jansAdminUIRole claim to profile scope - kwargs = {"table_name": "jansScope"} - entry = self.get_entry(doc_id_from_dn(JANS_PROFILE_SCOPE_DN), **kwargs) - - if not entry: - return - - attrs, should_update = _transform_profile_scope(entry.attrs) - if should_update: - self.modify_entry(entry.id, attrs, **kwargs) - - def update_clients_entries(self): - # modify redirect UI of config-api client - def _update_jca_client(): - jca_client_id = self.manager.config.get("jca_client_id") - kwargs = {"table_name": "jansClnt"} - - entry = self.get_entry( - doc_id_from_dn(f"inum={jca_client_id},ou=clients,o=jans"), - **kwargs - ) - - if not entry: - return - - should_update = False - - hostname = self.manager.config.get("hostname") - - if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]["v"]: - entry.attrs["jansRedirectURI"]["v"].append(f"https://{hostname}/admin") - should_update = True - - # add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client - for scope in (self.jans_scim_scopes + self.jans_stat_scopes): - if scope not in entry.attrs["jansScope"]["v"]: - entry.attrs["jansScope"]["v"].append(scope) - should_update = True - - if should_update: - self.modify_entry(entry.id, entry.attrs, **kwargs) - - # modify introspection script for token server client - def _update_token_server_client(): - token_server_admin_ui_client_id = self.manager.config.get("token_server_admin_ui_client_id") - kwargs = {"table_name": "jansClnt"} - entry = self.get_entry( - doc_id_from_dn(f"inum={token_server_admin_ui_client_id},ou=clients,o=jans"), - **kwargs, - ) - - if not entry: - return - - attrs, should_update = _transform_token_server_client(json.loads(entry.attrs["jansAttrs"])) - if should_update: - entry.attrs["jansAttrs"] = json.dumps(attrs) - self.modify_entry(entry.id, entry.attrs, **kwargs) - - _update_jca_client() - _update_token_server_client() - - def update_scim_scopes_entries(self): - # add jansAttrs to SCIM users.read and users.write scopes - ids = [doc_id_from_dn(scope) for scope in self.jans_scim_scopes] - kwargs = {"table_name": "jansScope"} - - for id_ in ids: - entry = self.get_entry(id_, **kwargs) - if not entry: - continue - - if "jansAttrs" not in entry.attrs: - entry.attrs[ - "jansAttrs"] = self.jans_attrs - self.modify_entry(id_, entry.attrs, **kwargs) - - def update_base_entries(self): - # add jansManagerGrp to base entry - id_ = doc_id_from_dn(JANS_BASE_ID) - kwargs = {"table_name": "jansOrganization"} - - entry = self.get_entry(id_, **kwargs) - if not entry: - return - if not entry.attrs.get("jansManagerGrp"): - entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP - self.modify_entry(id_, entry.attrs, **kwargs) - - def update_auth_dynamic_config(self): - kwargs = {"table_name": "jansAppConf"} - entry = self.get_entry(doc_id_from_dn(JANS_AUTH_CONFIG_ID), **kwargs) - if not entry: - return - - conf, should_update = _transform_auth_dynamic_config(json.loads(entry.attrs["jansConfDyn"])) - if should_update: - entry.attrs["jansConfDyn"] = json.dumps(conf) - entry.attrs["jansRevision"] += 1 - self.modify_entry(entry.id, entry.attrs, **kwargs) - - def update_attributes_entries(self): - kwargs = {"table_name": "jansAttr"} - rows = collect_claim_names() - - for dn, claim_name in rows.items(): - entry = self.get_entry(doc_id_from_dn(dn), **kwargs) - - # jansClaimName already set - if "jansClaimName" in entry.attrs and entry.attrs["jansClaimName"]: - continue - - entry.attrs["jansClaimName"] = claim_name - self.modify_entry(entry.id, entry.attrs, **kwargs) - - def feature_flags(self): - kwargs = {"table_name": "jansCustomScr"} - entry = self.get_entry(doc_id_from_dn(JANS_SCIM_SCRIPT_DN), **kwargs) - - if not entry: - return - - env_enabled = as_boolean(os.environ.get("CN_SCIM_ENABLED", False)) - script_enabled = as_boolean(entry.attrs["jansEnabled"]) - - if script_enabled == env_enabled: - return - - entry.attrs["jansEnabled"] = env_enabled - self.modify_entry(entry.id, entry.attrs, **kwargs) - - -class CouchbaseBackend(BaseBackend): +class CouchbaseBackend: def __init__(self, manager): - super().__init__() self.manager = manager hostname = os.environ.get("CN_COUCHBASE_URL", "localhost") user = get_couchbase_superuser(manager) or get_couchbase_user(manager) @@ -566,100 +281,6 @@ def modify_entry(self, key, attrs=None, **kwargs): message = req.text or req.reason return status, message - def update_people_entries(self): - # add jansAdminUIRole to default admin user - admin_inum = self.manager.config.get("admin_inum") - id_ = id_from_dn(f"inum={admin_inum},ou=people,o=jans") - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - kwargs = {"bucket": f"{bucket}_user"} - - entry = self.get_entry(id_, **kwargs) - if not entry: - return - - if "jansAdminUIRole" not in entry.attrs: - entry.attrs["jansAdminUIRole"] = ["api-admin"] - self.modify_entry(id_, entry.attrs, **kwargs) - - def update_scopes_entries(self): - # add jansAdminUIRole claim to profile scope - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - entry = self.get_entry(id_from_dn(JANS_PROFILE_SCOPE_DN), **kwargs) - - if not entry: - return - - attrs, should_update = _transform_profile_scope(entry.attrs) - if should_update: - self.modify_entry(entry.id, attrs, **kwargs) - - def update_clients_entries(self): - # modify redirect UI of config-api client - def _update_jca_client(): - jca_client_id = self.manager.config.get("jca_client_id") - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - - entry = self.get_entry( - id_from_dn(f"inum={jca_client_id},ou=clients,o=jans"), - **kwargs, - ) - if not entry: - return - - should_update = False - - hostname = self.manager.config.get("hostname") - - if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]: - entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin") - should_update = True - - # add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client - for scope in (self.jans_scim_scopes + self.jans_stat_scopes): - if scope not in entry.attrs["jansScope"]: - entry.attrs["jansScope"].append(scope) - should_update = True - - if should_update: - self.modify_entry(entry.id, entry.attrs, **kwargs) - - # modify introspection script for token server client - def _update_token_server_client(): - token_server_admin_ui_client_id = self.manager.config.get("token_server_admin_ui_client_id") - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - - entry = self.get_entry( - id_from_dn(f"inum={token_server_admin_ui_client_id},ou=clients,o=jans"), - **kwargs, - ) - - if not entry: - return - - attrs, should_update = _transform_token_server_client(json.loads(entry.attrs["jansAttrs"])) - if should_update: - entry.attrs["jansAttrs"] = json.dumps(attrs) - self.modify_entry(entry.id, entry.attrs, **kwargs) - - _update_jca_client() - _update_token_server_client() - - def update_scim_scopes_entries(self): - # add jansAttrs to SCIM users.read and users.write scopes - ids = map(id_from_dn, self.jans_scim_scopes) - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - kwargs = {"bucket": bucket} - - for id_ in ids: - entry = self.get_entry(id_, **kwargs) - if not entry: - continue - - if "jansAttrs" not in entry.attrs: - entry.attrs[ - "jansAttrs"] = self.jans_attrs - self.modify_entry(id_, entry.attrs, **kwargs) - def update_misc(self): # 1 - fix objectclass for scim and config-api where it has lowecased objectclass instead of objectClass bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") @@ -681,66 +302,9 @@ def update_misc(self): # drop the index self.client.exec_query(f'DROP INDEX `{bucket}`.`def_jans_fix_oc`') - def update_base_entries(self): - # add jansManagerGrp to base entry - id_ = id_from_dn(JANS_BASE_ID) - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - kwargs = {"bucket": bucket} - - entry = self.get_entry(id_, **kwargs) - if not entry: - return - - if not entry.attrs.get("jansManagerGrp"): - entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP - self.modify_entry(id_, entry.attrs, **kwargs) - - def update_auth_dynamic_config(self): - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - entry = self.get_entry(id_from_dn(JANS_AUTH_CONFIG_ID), **kwargs) - if not entry: - return - - conf, should_update = _transform_auth_dynamic_config(entry.attrs["jansConfDyn"]) - if should_update: - entry.attrs["jansConfDyn"] = conf - entry.attrs["jansRevision"] += 1 - self.modify_entry(entry.id, entry.attrs, **kwargs) - - def update_attributes_entries(self): - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - rows = collect_claim_names() - - for dn, claim_name in rows.items(): - entry = self.get_entry(id_from_dn(dn), **kwargs) - - # jansClaimName already set - if "jansClaimName" in entry.attrs and entry.attrs["jansClaimName"]: - continue - - entry.attrs["jansClaimName"] = claim_name - self.modify_entry(entry.id, entry.attrs, **kwargs) - - def feature_flags(self): - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - entry = self.get_entry(id_from_dn(JANS_SCIM_SCRIPT_DN), **kwargs) - if not entry: - return - - env_enabled = as_boolean(os.environ.get("CN_SCIM_ENABLED", False)) - script_enabled = as_boolean(entry.attrs["jansEnabled"]) - - if script_enabled == env_enabled: - return - - entry.attrs["jansEnabled"] = env_enabled - self.modify_entry(entry.id, entry.attrs, **kwargs) - - -class SpannerBackend(BaseBackend): +class SpannerBackend: def __init__(self, manager): - super().__init__() self.manager = manager self.client = SpannerClient() self.type = "spanner" @@ -758,181 +322,320 @@ def modify_entry(self, key, attrs=None, **kwargs): table_name = kwargs.get("table_name") return self.client.update(table_name, key, attrs), "" - def update_people_entries(self): - # add jansAdminUIRole to default admin user - admin_inum = self.manager.config.get("admin_inum") - id_ = doc_id_from_dn(f"inum={admin_inum},ou=people,o=jans") - kwargs = {"table_name": "jansPerson"} - entry = self.get_entry(id_, **kwargs) - if not entry: - return +class Upgrade: + def __init__(self, manager): + self.manager = manager - # sql entry may have empty jansAdminUIRole hash ({"v": []}) - if not entry.attrs["jansAdminUIRole"]: - entry.attrs["jansAdminUIRole"] = ["api-admin"] - self.modify_entry(id_, entry.attrs, **kwargs) + persistence_type = os.environ.get("CN_PERSISTENCE_TYPE", "ldap") + if persistence_type == "sql": + backend_cls = SQLBackend + elif persistence_type == "couchbase": + backend_cls = CouchbaseBackend + elif persistence_type == "spanner": + backend_cls = SpannerBackend + else: + backend_cls = LDAPBackend + self.backend = backend_cls(manager) - def update_scopes_entries(self): - # add jansAdminUIRole claim to profile scope - kwargs = {"table_name": "jansScope"} - entry = self.get_entry(doc_id_from_dn(JANS_PROFILE_SCOPE_DN), **kwargs) + def invoke(self): + # TODO: refactor all self.backend.update_ to this class method + logger.info("Running upgrade process (if required)") + + self.update_people_entries() + self.update_scopes_entries() + self.update_clients_entries() + self.update_scim_scopes_entries() + self.update_base_entries() + + if hasattr(self.backend, "update_misc"): + self.backend.update_misc() + + self.update_auth_dynamic_config() + self.update_attributes_entries() + self.update_scripts_entries() + + def update_scripts_entries(self): + # default to ldap persistence + kwargs = {} + scim_id = JANS_SCIM_SCRIPT_DN + basic_id = JANS_BASIC_SCRIPT_DN + + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansCustomScr"} + scim_id = doc_id_from_dn(scim_id) + basic_id = doc_id_from_dn(basic_id) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + scim_id = id_from_dn(scim_id) + basic_id = id_from_dn(basic_id) + + # toggle scim script + scim_entry = self.backend.get_entry(scim_id, **kwargs) + scim_enabled = as_boolean(os.environ.get("CN_SCIM_ENABLED", False)) + + if scim_entry and scim_entry.attrs["jansEnabled"] != scim_enabled: + scim_entry.attrs["jansEnabled"] = scim_enabled + self.backend.modify_entry(scim_entry.id, scim_entry.attrs, **kwargs) + + # always enable basic script + basic_entry = self.backend.get_entry(basic_id, **kwargs) + + if basic_entry and not as_boolean(basic_entry.attrs["jansEnabled"]): + basic_entry.attrs["jansEnabled"] = True + self.backend.modify_entry(basic_entry.id, basic_entry.attrs, **kwargs) + + def update_auth_dynamic_config(self): + # default to ldap persistence + kwargs = {} + id_ = JANS_AUTH_CONFIG_DN + + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn(id_) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = id_from_dn(id_) + + entry = self.backend.get_entry(id_, **kwargs) if not entry: return - attrs, should_update = _transform_profile_scope(entry.attrs) + if self.backend.type != "couchbase": + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) + + conf, should_update = _transform_auth_dynamic_config(entry.attrs["jansConfDyn"]) + if should_update: - self.modify_entry(entry.id, attrs, **kwargs) + if self.backend.type != "couchbase": + entry.attrs["jansConfDyn"] = json.dumps(conf) - def update_clients_entries(self): - # modify redirect UI of config-api client - def _update_jca_client(): - jca_client_id = self.manager.config.get("jca_client_id") - kwargs = {"table_name": "jansClnt"} + entry.attrs["jansRevision"] += 1 + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) - entry = self.get_entry( - doc_id_from_dn(f"inum={jca_client_id},ou=clients,o=jans"), - **kwargs, - ) + def update_attributes_entries(self): + def _update_claim_names(): + # default to ldap persistence + kwargs = {} + rows = collect_claim_names() - if not entry: - return + for id_, claim_name in rows.items(): + if self.backend.type in ("sql", "spanner"): + id_ = doc_id_from_dn(id_) + kwargs = {"table_name": "jansAttr"} + elif self.backend.type == "couchbase": + id_ = id_from_dn(id_) + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - should_update = False + entry = self.backend.get_entry(id_, **kwargs) - hostname = self.manager.config.get("hostname") + if not entry: + return - if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]: - entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin") - should_update = True + # jansClaimName already set + if "jansClaimName" in entry.attrs and entry.attrs["jansClaimName"]: + continue - # add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client - for scope in (self.jans_scim_scopes + self.jans_stat_scopes): - if scope not in entry.attrs["jansScope"]: - entry.attrs["jansScope"].append(scope) - should_update = True + entry.attrs["jansClaimName"] = claim_name + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) - if should_update: - self.modify_entry(entry.id, entry.attrs, **kwargs) + def _update_mobile_attr(): + kwargs = {} + id_ = "inum=6DA6,ou=attributes,o=jans" - # modify introspection script for token server client - def _update_token_server_client(): - token_server_admin_ui_client_id = self.manager.config.get("token_server_admin_ui_client_id") - kwargs = {"table_name": "jansClnt"} - entry = self.get_entry( - doc_id_from_dn(f"inum={token_server_admin_ui_client_id},ou=clients,o=jans"), - **kwargs, - ) + if self.backend.type in ("sql", "spanner"): + id_ = doc_id_from_dn(id_) + kwargs = {"table_name": "jansAttr"} + elif self.backend.type == "couchbase": + id_ = id_from_dn(id_) + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + + entry = self.backend.get_entry(id_, **kwargs) if not entry: return - attrs, should_update = _transform_token_server_client(json.loads(entry.attrs["jansAttrs"])) - if should_update: - entry.attrs["jansAttrs"] = json.dumps(attrs) - self.modify_entry(entry.id, entry.attrs, **kwargs) + if not entry.attrs.get("jansMultivaluedAttr"): + entry.attrs["jansMultivaluedAttr"] = True + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) - _update_jca_client() - _update_token_server_client() + _update_claim_names() + _update_mobile_attr() + + def update_base_entries(self): + # default to ldap persistence + kwargs = {} + id_ = JANS_BASE_DN + + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansOrganization"} + id_ = doc_id_from_dn(id_) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = id_from_dn(id_) + + # add jansManagerGrp to base entry + entry = self.backend.get_entry(id_, **kwargs) + + if not entry: + return + + if not entry.attrs.get("jansManagerGrp"): + entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP_DN + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_scim_scopes_entries(self): + # default to ldap persistence + kwargs = {} + # add jansAttrs to SCIM users.read and users.write scopes - ids = [doc_id_from_dn(scope) for scope in self.jans_scim_scopes] - kwargs = {"table_name": "jansScope"} + for id_ in [JANS_SCIM_USERS_READ_SCOPE_DN, JANS_SCIM_USERS_WRITE_SCOPE_DN]: + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansScope"} + id_ = doc_id_from_dn(id_) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = id_from_dn(id_) + + entry = self.backend.get_entry(id_, **kwargs) - for id_ in ids: - entry = self.get_entry(id_, **kwargs) if not entry: continue if "jansAttrs" not in entry.attrs: - entry.attrs[ - "jansAttrs"] = self.jans_attrs - self.modify_entry(id_, entry.attrs, **kwargs) + entry.attrs["jansAttrs"] = DEFAULT_JANS_ATTRS + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) - def update_base_entries(self): - # add jansManagerGrp to base entry - id_ = doc_id_from_dn(JANS_BASE_ID) - kwargs = {"table_name": "jansOrganization"} + def update_scopes_entries(self): + # default to ldap persistence + kwargs = {} + id_ = JANS_PROFILE_SCOPE_DN + + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansScope"} + id_ = doc_id_from_dn(id_) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = id_from_dn(id_) + + entry = self.backend.get_entry(id_, **kwargs) - entry = self.get_entry(id_, **kwargs) if not entry: return - if not entry.attrs.get("jansManagerGrp"): - entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP - self.modify_entry(id_, entry.attrs, **kwargs) + attrs, should_update = _transform_profile_scope(entry.attrs) + if should_update: + self.backend.modify_entry(entry.id, attrs, **kwargs) + + def update_people_entries(self): + # default to ldap persistence + admin_inum = self.manager.config.get("admin_inum") + + id_ = f"inum={admin_inum},ou=people,o=jans" + kwargs = {} + + if self.backend.type in ("sql", "spanner"): + id_ = doc_id_from_dn(id_) + kwargs = {"table_name": "jansPerson"} + elif self.backend.type == "couchbase": + id_ = id_from_dn(id_) + bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") + kwargs = {"bucket": f"{bucket}_user"} + + entry = self.backend.get_entry(id_, **kwargs) - def update_auth_dynamic_config(self): - kwargs = {"table_name": "jansAppConf"} - entry = self.get_entry(doc_id_from_dn(JANS_AUTH_CONFIG_ID), **kwargs) if not entry: return - conf, should_update = _transform_auth_dynamic_config(json.loads(entry.attrs["jansConfDyn"])) + # add jansAdminUIRole to default admin user + should_update = False + + if self.backend.type == "sql" and not entry.attrs["jansAdminUIRole"]["v"]: + entry.attrs["jansAdminUIRole"] = {"v": ["api-admin"]} + should_update = True + elif self.backend.type == "spanner" and not entry.attrs["jansAdminUIRole"]: + entry.attrs["jansAdminUIRole"] = ["api-admin"] + should_update = True + else: # ldap and couchbase + if "jansAdminUIRole" not in entry.attrs: + entry.attrs["jansAdminUIRole"] = ["api-admin"] + should_update = True + if should_update: - entry.attrs["jansConfDyn"] = json.dumps(conf) - entry.attrs["jansRevision"] += 1 - self.modify_entry(entry.id, entry.attrs, **kwargs) + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) - def update_attributes_entries(self): - kwargs = {"table_name": "jansAttr"} - rows = collect_claim_names() + def update_clients_entries(self): + # modify redirect UI of config-api client + def _update_jca_client(): + kwargs = {} + jca_client_id = self.manager.config.get("jca_client_id") + id_ = f"inum={jca_client_id},ou=clients,o=jans" - for dn, claim_name in rows.items(): - entry = self.get_entry(doc_id_from_dn(dn), **kwargs) + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansClnt"} + id_ = doc_id_from_dn(id_) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = id_from_dn(id_) - # jansClaimName already set - if "jansClaimName" in entry.attrs and entry.attrs["jansClaimName"]: - continue + entry = self.backend.get_entry(id_, **kwargs) - entry.attrs["jansClaimName"] = claim_name - self.modify_entry(entry.id, entry.attrs, **kwargs) + if not entry: + return - def feature_flags(self): - kwargs = {"table_name": "jansCustomScr"} - entry = self.get_entry(doc_id_from_dn(JANS_SCIM_SCRIPT_DN), **kwargs) + should_update = False - if not entry: - return + hostname = self.manager.config.get("hostname") + scopes = [JANS_SCIM_USERS_READ_SCOPE_DN, JANS_SCIM_USERS_WRITE_SCOPE_DN, JANS_STAT_SCOPE_DN] - env_enabled = as_boolean(os.environ.get("CN_SCIM_ENABLED", False)) - script_enabled = as_boolean(entry.attrs["jansEnabled"]) + if self.backend.type == "sql": + if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]["v"]: + entry.attrs["jansRedirectURI"]["v"].append(f"https://{hostname}/admin") + should_update = True - if script_enabled == env_enabled: - return + # add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client + for scope in scopes: + if scope not in entry.attrs["jansScope"]["v"]: + entry.attrs["jansScope"]["v"].append(scope) + should_update = True - entry.attrs["jansEnabled"] = env_enabled - self.modify_entry(entry.id, entry.attrs, **kwargs) + else: # ldap, couchbase, and spanner + if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]: + entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin") + should_update = True + # add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client + for scope in scopes: + if scope not in entry.attrs["jansScope"]: + entry.attrs["jansScope"].append(scope) + should_update = True -class Upgrade: - def __init__(self, manager): - self.manager = manager + if should_update: + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) - persistence_type = os.environ.get("CN_PERSISTENCE_TYPE", "ldap") - if persistence_type == "sql": - backend_cls = SQLBackend - elif persistence_type == "couchbase": - backend_cls = CouchbaseBackend - elif persistence_type == "spanner": - backend_cls = SpannerBackend - else: - backend_cls = LDAPBackend - self.backend = backend_cls(manager) + # modify introspection script for token server client + def _update_token_server_client(): + kwargs = {} + token_server_admin_ui_client_id = self.manager.config.get("token_server_admin_ui_client_id") + id_ = f"inum={token_server_admin_ui_client_id},ou=clients,o=jans" - def invoke(self): - logger.info("Running upgrade process (if required)") - self.backend.update_people_entries() - self.backend.update_scopes_entries() - self.backend.update_clients_entries() - self.backend.update_scim_scopes_entries() - self.backend.update_base_entries() + if self.backend.type in ("sql", "spanner"): + kwargs = {"table_name": "jansClnt"} + id_ = doc_id_from_dn(id_) + elif self.backend.type == "couchbase": + kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = id_from_dn(id_) - if hasattr(self.backend, "update_misc"): - self.backend.update_misc() + entry = self.backend.get_entry(id_, **kwargs) + + if not entry: + return - self.backend.update_auth_dynamic_config() - self.backend.update_attributes_entries() - self.backend.feature_flags() + attrs, should_update = _transform_token_server_client(json.loads(entry.attrs["jansAttrs"])) + if should_update: + entry.attrs["jansAttrs"] = json.dumps(attrs) + self.backend.modify_entry(entry.id, entry.attrs, **kwargs) + + _update_jca_client() + _update_token_server_client() diff --git a/docker-jans-persistence-loader/templates/gluu-casa/clients.ldif b/docker-jans-persistence-loader/templates/gluu-casa/clients.ldif index 1d373ba3197..172ed500d8c 100644 --- a/docker-jans-persistence-loader/templates/gluu-casa/clients.ldif +++ b/docker-jans-persistence-loader/templates/gluu-casa/clients.ldif @@ -10,7 +10,6 @@ jansAppTyp: web jansAttrs: {} # jansAttrs: {"tlsClientAuthSubjectDn":"","runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims":false,"keepClientAuthorizationAfterExpiration":false,"allowSpontaneousScopes":false,"spontaneousScopes":[],"spontaneousScopeScriptDns":[],"backchannelLogoutUri":[],"backchannelLogoutSessionRequired":false,"additionalAudience":[],"postAuthnScripts":[],"consentGatheringScripts":[],"introspectionScripts":[],"rptClaimsScripts":[],"parLifetime":600,"requirePar":false,"jansAuthSignedRespAlg":"RS256","jansAuthEncRespAlg":null,"jansAuthEncRespEnc":null} jansClntSecret: %(casa_client_encoded_pw)s -jansDefAcrValues: simple_password_auth jansDisabled: false jansGrantTyp: authorization_code jansGrantTyp: refresh_token diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json index 74eaa9c066b..7be5e935cf2 100644 --- a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json +++ b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json @@ -436,5 +436,5 @@ "deviceAuthzRequestExpiresIn": 1800, "deviceAuthzTokenPollInterval": 5, "deviceAuthzResponseTypeToProcessAuthz": "code", - "redirectUrisRegexEnabled": false + "redirectUrisRegexEnabled": true } diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json index 8ebd000b25a..05559f2ecb5 100644 --- a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json +++ b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.ob.json @@ -360,5 +360,5 @@ "deviceAuthzResponseTypeToProcessAuthz": "code", "staticKid": "%(staticKid)s", "forceOfflineAccessScopeToEnableRefreshToken" : false, - "redirectUrisRegexEnabled": false + "redirectUrisRegexEnabled": true } diff --git a/docker-jans-persistence-loader/templates/jans-config-api/admin-ui-clients.ldif b/docker-jans-persistence-loader/templates/jans-config-api/admin-ui-clients.ldif index c13ad2d1f0d..f735c432970 100644 --- a/docker-jans-persistence-loader/templates/jans-config-api/admin-ui-clients.ldif +++ b/docker-jans-persistence-loader/templates/jans-config-api/admin-ui-clients.ldif @@ -9,7 +9,6 @@ jansAccessTknSigAlg: RS256 jansAppTyp: web jansAttrs: {"tlsClientAuthSubjectDn":"","runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims":false,"keepClientAuthorizationAfterExpiration":false,"allowSpontaneousScopes":false,"spontaneousScopes":[],"spontaneousScopeScriptDns":[],"backchannelLogoutUri":[],"backchannelLogoutSessionRequired":false,"additionalAudience":[],"postAuthnScripts":[],"consentGatheringScripts":[],"introspectionScripts":[],"rptClaimsScripts":[],"parLifetime":600,"requirePar":false,"jansAuthSignedRespAlg":"RS256","jansAuthEncRespAlg":null,"jansAuthEncRespEnc":null} jansClntSecret: %(admin_ui_client_encoded_pw)s -jansDefAcrValues: simple_password_auth jansDisabled: false jansGrantTyp: authorization_code jansGrantTyp: refresh_token @@ -44,7 +43,6 @@ jansAccessTknSigAlg: RS256 jansAttrs: {"tlsClientAuthSubjectDn":"","runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims":true,"keepClientAuthorizationAfterExpiration":false,"allowSpontaneousScopes":false,"spontaneousScopes":[],"spontaneousScopeScriptDns":[],"backchannelLogoutUri":[],"backchannelLogoutSessionRequired":false,"additionalAudience":[],"postAuthnScripts":[],"consentGatheringScripts":[],"introspectionScripts":["inum=A44E-4F3D,ou=scripts,o=jans"],"rptClaimsScripts":[],"parLifetime":600,"requirePar":false,"jansAuthSignedRespAlg":"RS256","jansAuthEncRespAlg":null,"jansAuthEncRespEnc":null} jansAppTyp: web jansClntSecret: %(token_server_admin_ui_client_encoded_pw)s -jansDefAcrValues: simple_password_auth jansDisabled: false jansGrantTyp: authorization_code jansGrantTyp: client_credentials diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 2b43b6683c8..d7e108f0f5e 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -45,7 +45,7 @@ RUN wget -q https://ox.gluu.org/maven/org/gluufederation/jython-installer/${JYTH # ==== ENV CN_VERSION=1.0.0-SNAPSHOT -ENV CN_BUILD_DATE='2022-03-10 11:32' +ENV CN_BUILD_DATE='2022-03-15 20:30' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-scim-server/${CN_VERSION}/jans-scim-server-${CN_VERSION}.war # Install SCIM @@ -158,11 +158,11 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ # misc stuff # ========== -LABEL name="SCIM" \ +LABEL name="janssenproject/scim" \ maintainer="Janssen Project " \ vendor="Janssen Project" \ version="1.0.0" \ - release="beta.15" \ + release="beta.16" \ summary="Janssen SCIM" \ description="SCIM server"