Skip to content

Commit

Permalink
feat(jans-fido): changes to refactor requestedParties #9111
Browse files Browse the repository at this point in the history 
Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
  • Loading branch information
@shekhar16
shekhar16 committed Aug 31, 2024
1 parent 60fe227 commit 8e9b6e1
Show file tree
Hide file tree
Showing 13 changed files with 85 additions and 82 deletions.
6 changes: 3 additions & 3 deletions docs/admin/config-guide/fido2-config/janssen-fido2-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ It will return the result as below:
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://jans-project.lxd",
"domains": [
"id": "https://jans-project.lxd",
"origins": [
"jans-project.lxd"
]
}
Expand Down
36 changes: 18 additions & 18 deletions docs/admin/fido/config.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,21 @@ tags:

#### Fido2Configuration structure

| Field named | Example | Description |
|-----------------------------------------|----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| requestedParties | [{"name":"https://my-jans-server.jans.io","domains":["my-jans-server.jans.io"]}] | Requested party name. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |
| Field named | Example | Description |
|-----------------------------------------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| rp | [{"id":"https://my-jans-server.jans.io","origins":["my-jans-server.jans.io"]}] | Requested party id. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |

### Configuring the FIDO2 server:
#### 1. Read Configuration parameters:
Expand Down Expand Up @@ -87,10 +87,10 @@ Response:
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://my.jans.server",
"domains": [
"id": "https://my.jans.server",
"origins": [
"my.jans.server"
]
}
Expand Down
6 changes: 3 additions & 3 deletions docs/admin/fido/logs.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,10 @@ Response:
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://my-jans-server.jans.io",
"domains":[
"id":"https://my-jans-server.jans.io",
"origins":[
"my-jans-server.jans.io"
]
}
Expand Down
64 changes: 32 additions & 32 deletions docs/admin/reference/json/properties/fido2-properties.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,36 @@ tags:

# Fido2 Configuration Properties

| Property Name | Description | |
|-----|-----|-----|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| requestedParties | Authenticators metadata in json format | [Details](#requestedparties) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
| Property Name | Description | |
|---------------------------------|-----------------------------------------------------------------------------------------------|---------------------------------------------|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| rp | Requested Parties Authenticators metadata in json format | [Details](#rp) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |


### authenticationHistoryExpiration
Expand Down Expand Up @@ -229,9 +229,9 @@ tags:
- Default value: None


### requestedParties
### rp

- Description: Authenticators metadata in json format
- Description: Requested Parties Authenticators metadata in json format

- Required: No

Expand Down
2 changes: 1 addition & 1 deletion jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ components:
type: array
items:
type: string
requestedParties:
rp:
type: array
items:
$ref: '#/components/schemas/RequestedParty'
Expand Down
6 changes: 3 additions & 3 deletions jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/dynamiconf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@
],
"fido2Configuration": {
"serverMetadataFolder": "/etc/gluu/conf/fido2/server_metadata",
"requestedParties": [
"rp": [
{
"name": "https://pujavs4.2.gluu.server",
"domains": [
"id": "https://pujavs4.2.gluu.server",
"origins": [
"pujavs4.2.gluu.server"
]
}
Expand Down
6 changes: 3 additions & 3 deletions jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/fido2.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"serverMetadataFolder": "/etc/gluu/conf/fido2/server_metadata",
"authenticationHistoryExpiration": 1296000,
"requestedParties": [
"rp": [
{
"name": "https://pujavs3.infinity.com",
"domains": [
"id": "https://pujavs3.infinity.com",
"origins": [
"pujavs3.infinity.com"
]
}
Expand Down
6 changes: 3 additions & 3 deletions jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/ref_dynami_conf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://u184.gluu.info",
"domains":[
"id":"https://u184.gluu.info",
"origins":[
"u184.gluu.info"
]
}
Expand Down
2 changes: 2 additions & 0 deletions jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import java.util.List;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.jans.doc.annotation.DocProperty;

/**
Expand Down Expand Up @@ -43,6 +44,7 @@ public class Fido2Configuration {
@DocProperty(description = "List of Requested Credential Types")
private List<String> enabledFidoAlgorithms = new ArrayList<String>();
@DocProperty(description = "Authenticators metadata in json format")
@JsonProperty(value = "rp")
private List<RequestedParty> requestedParties = new ArrayList<RequestedParty>();

@DocProperty(description = "String value to provide source of URLs with external metadata")
Expand Down
22 changes: 11 additions & 11 deletions jans-fido2/model/src/main/java/io/jans/fido2/model/conf/RequestedParty.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,24 @@
@JsonIgnoreProperties(ignoreUnknown = true)
public class RequestedParty {

private String name;
private String id;

private List<String> domains = new ArrayList<String>();
private List<String> origins = new ArrayList<String>();

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
public String getId() {
return id;
}

public List<String> getDomains() {
return domains;
public void setId(String id) {
this.id = id;
}

public void setDomains(List<String> domains) {
this.domains = domains;
public List<String> getOrigins() {
return origins;
}

public void setOrigins(List<String> origins) {
this.origins = origins;
}
}
1 change: 1 addition & 0 deletions jans-fido2/server/src/main/java/io/jans/fido2/service/mds/FetchMdsProviderService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public String fetchMdsV3Endpoints(String endpoint) throws MdsClientException {
throw new MdsClientException(String.format("Error getting endpoints from mds test, status: %s, errorMessage: '%s'", response.getStatus(), response.getStatusInfo().getReasonPhrase()));
}
String responseBody = response.readEntity(String.class);
log.debug("Fetch mds getEndpoints response, body: {}", responseBody);
return responseBody;
} finally {
client.close();
Expand Down
Loading

0 comments on commit 8e9b6e1

Please sign in to comment.