Skip to content

Commit

Permalink
feat(jans-fido): changes to refactor requestedParties #9111 (#9329)
Browse files Browse the repository at this point in the history
Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
  • Loading branch information
shekhar16 authored Sep 2, 2024
1 parent 6ae6aa3 commit 40aac09
Show file tree
Hide file tree
Showing 13 changed files with 85 additions and 82 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ It will return the result as below:
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://jans-project.lxd",
"domains": [
"id": "https://jans-project.lxd",
"origins": [
"jans-project.lxd"
]
}
Expand Down
36 changes: 18 additions & 18 deletions docs/admin/fido/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,21 @@ tags:

#### Fido2Configuration structure

| Field named | Example | Description |
|-----------------------------------------|----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| requestedParties | [{"name":"https://my-jans-server.jans.io","domains":["my-jans-server.jans.io"]}] | Requested party name. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |
| Field named | Example | Description |
|-----------------------------------------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| rp | [{"id":"https://my-jans-server.jans.io","origins":["my-jans-server.jans.io"]}] | Requested party id. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |

### Configuring the FIDO2 server:
#### 1. Read Configuration parameters:
Expand Down Expand Up @@ -87,10 +87,10 @@ Response:
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://my.jans.server",
"domains": [
"id": "https://my.jans.server",
"origins": [
"my.jans.server"
]
}
Expand Down
6 changes: 3 additions & 3 deletions docs/admin/fido/logs.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,10 @@ Response:
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://my-jans-server.jans.io",
"domains":[
"id":"https://my-jans-server.jans.io",
"origins":[
"my-jans-server.jans.io"
]
}
Expand Down
64 changes: 32 additions & 32 deletions docs/admin/reference/json/properties/fido2-properties.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,36 @@ tags:

# Fido2 Configuration Properties

| Property Name | Description | |
|-----|-----|-----|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| requestedParties | Authenticators metadata in json format | [Details](#requestedparties) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
| Property Name | Description | |
|---------------------------------|-----------------------------------------------------------------------------------------------|---------------------------------------------|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| rp | Requested Parties Authenticators metadata in json format | [Details](#rp) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |


### authenticationHistoryExpiration
Expand Down Expand Up @@ -229,9 +229,9 @@ tags:
- Default value: None


### requestedParties
### rp

- Description: Authenticators metadata in json format
- Description: Requested Parties Authenticators metadata in json format

- Required: No

Expand Down
2 changes: 1 addition & 1 deletion jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ components:
type: array
items:
type: string
requestedParties:
rp:
type: array
items:
$ref: '#/components/schemas/RequestedParty'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@
],
"fido2Configuration": {
"serverMetadataFolder": "/etc/gluu/conf/fido2/server_metadata",
"requestedParties": [
"rp": [
{
"name": "https://pujavs4.2.gluu.server",
"domains": [
"id": "https://pujavs4.2.gluu.server",
"origins": [
"pujavs4.2.gluu.server"
]
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"serverMetadataFolder": "/etc/gluu/conf/fido2/server_metadata",
"authenticationHistoryExpiration": 1296000,
"requestedParties": [
"rp": [
{
"name": "https://pujavs3.infinity.com",
"domains": [
"id": "https://pujavs3.infinity.com",
"origins": [
"pujavs3.infinity.com"
]
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://u184.gluu.info",
"domains":[
"id":"https://u184.gluu.info",
"origins":[
"u184.gluu.info"
]
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import java.util.List;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.jans.doc.annotation.DocProperty;

/**
Expand Down Expand Up @@ -43,6 +44,7 @@ public class Fido2Configuration {
@DocProperty(description = "List of Requested Credential Types")
private List<String> enabledFidoAlgorithms = new ArrayList<String>();
@DocProperty(description = "Authenticators metadata in json format")
@JsonProperty(value = "rp")
private List<RequestedParty> requestedParties = new ArrayList<RequestedParty>();

@DocProperty(description = "String value to provide source of URLs with external metadata")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,24 @@
@JsonIgnoreProperties(ignoreUnknown = true)
public class RequestedParty {

private String name;
private String id;

private List<String> domains = new ArrayList<String>();
private List<String> origins = new ArrayList<String>();

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
public String getId() {
return id;
}

public List<String> getDomains() {
return domains;
public void setId(String id) {
this.id = id;
}

public void setDomains(List<String> domains) {
this.domains = domains;
public List<String> getOrigins() {
return origins;
}

public void setOrigins(List<String> origins) {
this.origins = origins;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public String fetchMdsV3Endpoints(String endpoint) throws MdsClientException {
throw new MdsClientException(String.format("Error getting endpoints from mds test, status: %s, errorMessage: '%s'", response.getStatus(), response.getStatusInfo().getReasonPhrase()));
}
String responseBody = response.readEntity(String.class);
log.debug("Fetch mds getEndpoints response, body: {}", responseBody);
return responseBody;
} finally {
client.close();
Expand Down
Loading

0 comments on commit 40aac09

Please sign in to comment.