Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-fido): changes to refactor requestedParties #9111 #9329

Merged
merged 1 commit into from
Sep 2, 2024
Merged

feat(jans-fido): changes to refactor requestedParties #9111 #9329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions docs/admin/config-guide/fido2-config/janssen-fido2-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ It will return the result as below:
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://jans-project.lxd",
"domains": [
"id": "https://jans-project.lxd",
"origins": [
"jans-project.lxd"
]
}
Expand Down
36 changes: 18 additions & 18 deletions docs/admin/fido/config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,21 @@ tags:

#### Fido2Configuration structure

| Field named | Example | Description |
|-----------------------------------------|----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| requestedParties | [{"name":"https://my-jans-server.jans.io","domains":["my-jans-server.jans.io"]}] | Requested party name. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |
| Field named | Example | Description |
|-----------------------------------------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| authenticatorCertsFolder | /etc/jans/conf/fido2/authenticator_cert | Authenticators certificates fodler. |
| mdsCertsFolder | /etc/jans/conf/fido2/mds/cert | MDS TOC root certificates folder. |
| mdsTocsFolder | /etc/jans/conf/fido2/mds/toc | MDS TOC files folder. |
| serverMetadataFolder | /etc/jans/conf/fido2/server_metadata | Authenticators metadata in json format. Example: virtual devices. |
| metadataUrlsProvider | https://mds3.fido.tools | String value to provide source of URLs with external metadata. |
| enabledFidoAlgorithms | ["RS256","ES256"] | |
| rp | [{"id":"https://my-jans-server.jans.io","origins":["my-jans-server.jans.io"]}] | Requested party id. |
| debugUserAutoEnrollment | false | Allow to enroll users on enrollment/authentication requests. (Useful while running tests) |
| unfinishedRequestExpiration | 180 | Expiration time in seconds for pending enrollment/authentication requests |
| authenticationHistoryExpiration | 1296000 | Expiration time in seconds for approved authentication requests. |
| disableMetadataService | false | Boolean value indicating whether the MDS download should be omitted |
| skipValidateMdsInAttestationEnabled | false | Boolean value indicating whether MDS validation should be omitted during attestation |
| assertionOptionsGenerateEndpointEnabled | false | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |

### Configuring the FIDO2 server:
#### 1. Read Configuration parameters:
Expand Down Expand Up @@ -87,10 +87,10 @@ Response:
"RS256",
"ES256"
],
"requestedParties": [
"rp": [
{
"name": "https://my.jans.server",
"domains": [
"id": "https://my.jans.server",
"origins": [
"my.jans.server"
]
}
Expand Down
6 changes: 3 additions & 3 deletions docs/admin/fido/logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,10 @@ Response:
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://my-jans-server.jans.io",
"domains":[
"id":"https://my-jans-server.jans.io",
"origins":[
"my-jans-server.jans.io"
]
}
Expand Down
64 changes: 32 additions & 32 deletions docs/admin/reference/json/properties/fido2-properties.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,36 @@ tags:

# Fido2 Configuration Properties

| Property Name | Description | |
|-----|-----|-----|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| requestedParties | Authenticators metadata in json format | [Details](#requestedparties) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
| Property Name | Description | |
|---------------------------------|-----------------------------------------------------------------------------------------------|---------------------------------------------|
| authenticationHistoryExpiration | Expiration time in seconds for approved authentication requests | [Details](#authenticationhistoryexpiration) |
| authenticatorCertsFolder | Authenticators certificates folder | [Details](#authenticatorcertsfolder) |
| baseEndpoint | The base URL for Fido2 endpoints | [Details](#baseendpoint) |
| checkU2fAttestations | Boolean value indicating if U2f attestation needs to be checked | [Details](#checku2fattestations) |
| cleanServiceBatchChunkSize | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage | [Details](#cleanservicebatchchunksize) |
| cleanServiceInterval | Time interval for the Clean Service in seconds | [Details](#cleanserviceinterval) |
| disableJdkLogger | Boolean value specifying whether to enable JDK Loggers | [Details](#disablejdklogger) |
| externalLoggerConfiguration | Path to external Fido2 logging configuration | [Details](#externalloggerconfiguration) |
| issuer | URL using the https scheme for Issuer identifier | [Details](#issuer) |
| loggingLayout | Logging layout used for Fido2 | [Details](#logginglayout) |
| loggingLevel | Logging level for Fido2 logger | [Details](#logginglevel) |
| mdsAccessToken | MDS access token | [Details](#mdsaccesstoken) |
| mdsCertsFolder | MDS TOC root certificates folder | [Details](#mdscertsfolder) |
| mdsTocsFolder | MDS TOC files folder | [Details](#mdstocsfolder) |
| metadataUrlsProvider | String value to provide source of URLs with external metadata | [Details](#metadataurlsprovider) |
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| rp | Requested Parties Authenticators metadata in json format | [Details](#rp) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |


### authenticationHistoryExpiration
Expand Down Expand Up @@ -229,9 +229,9 @@ tags:
- Default value: None


### requestedParties
### rp

- Description: Authenticators metadata in json format
- Description: Requested Parties Authenticators metadata in json format

- Required: No

Expand Down
2 changes: 1 addition & 1 deletion jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ components:
type: array
items:
type: string
requestedParties:
rp:
type: array
items:
$ref: '#/components/schemas/RequestedParty'
Expand Down
6 changes: 3 additions & 3 deletions jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/dynamiconf.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@
],
"fido2Configuration": {
"serverMetadataFolder": "/etc/gluu/conf/fido2/server_metadata",
"requestedParties": [
"rp": [
{
"name": "https://pujavs4.2.gluu.server",
"domains": [
"id": "https://pujavs4.2.gluu.server",
"origins": [
"pujavs4.2.gluu.server"
]
}
Expand Down
6 changes: 3 additions & 3 deletions jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/fido2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"serverMetadataFolder": "/etc/gluu/conf/fido2/server_metadata",
"authenticationHistoryExpiration": 1296000,
"requestedParties": [
"rp": [
{
"name": "https://pujavs3.infinity.com",
"domains": [
"id": "https://pujavs3.infinity.com",
"origins": [
"pujavs3.infinity.com"
]
}
Expand Down
6 changes: 3 additions & 3 deletions jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/ref_dynami_conf.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
"RS256",
"ES256"
],
"requestedParties":[
"rp":[
{
"name":"https://u184.gluu.info",
"domains":[
"id":"https://u184.gluu.info",
"origins":[
"u184.gluu.info"
]
}
Expand Down
2 changes: 2 additions & 0 deletions jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import java.util.List;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.jans.doc.annotation.DocProperty;

/**
Expand Down Expand Up @@ -43,6 +44,7 @@ public class Fido2Configuration {
@DocProperty(description = "List of Requested Credential Types")
private List<String> enabledFidoAlgorithms = new ArrayList<String>();
@DocProperty(description = "Authenticators metadata in json format")
@JsonProperty(value = "rp")
private List<RequestedParty> requestedParties = new ArrayList<RequestedParty>();

@DocProperty(description = "String value to provide source of URLs with external metadata")
Expand Down
22 changes: 11 additions & 11 deletions jans-fido2/model/src/main/java/io/jans/fido2/model/conf/RequestedParty.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,24 @@
@JsonIgnoreProperties(ignoreUnknown = true)
public class RequestedParty {

private String name;
private String id;

private List<String> domains = new ArrayList<String>();
private List<String> origins = new ArrayList<String>();

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
public String getId() {
return id;
}

public List<String> getDomains() {
return domains;
public void setId(String id) {
this.id = id;
}

public void setDomains(List<String> domains) {
this.domains = domains;
public List<String> getOrigins() {
return origins;
}

public void setOrigins(List<String> origins) {
this.origins = origins;
}
}
1 change: 1 addition & 0 deletions jans-fido2/server/src/main/java/io/jans/fido2/service/mds/FetchMdsProviderService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public String fetchMdsV3Endpoints(String endpoint) throws MdsClientException {
throw new MdsClientException(String.format("Error getting endpoints from mds test, status: %s, errorMessage: '%s'", response.getStatus(), response.getStatusInfo().getReasonPhrase()));
}
String responseBody = response.readEntity(String.class);
log.debug("Fetch mds getEndpoints response, body: {}", responseBody);
return responseBody;
} finally {
client.close();
Expand Down
Loading