OPENIG-8693 Apply latest IDM Service configuration

guillaumelamirand · guillaumelamirand · commit e3c254e9dbea · 2025-09-01T15:16:33.000+02:00
diff --git a/config/7.3.0/securebanking/ig/config/dev/config/config.json b/config/7.3.0/securebanking/ig/config/dev/config/config.json
@@ -141,43 +141,6 @@
         "format": "PLAIN"
       }
     },
-    {
-      "name": "IDMClientHandler",
-      "type": "Chain",
-      "config": {
-        "filters": [
-          {
-            "type": "ResourceOwnerOAuth2ClientFilter",
-            "config": {
-              "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token",
-              "username": "&{ig.idm.user}",
-              "passwordSecretId": "ig.idm.password",
-              "secretsProvider": "SystemAndEnvSecretStore-IAM",
-              "scopes": [
-                "fr:idm:*"
-              ],
-              "endpointHandler": {
-                "type": "Chain",
-                "config": {
-                  "handler": "ForgeRockClientHandler",
-                  "filters": [
-                    {
-                      "type": "ClientSecretBasicAuthenticationFilter",
-                      "config": {
-                        "clientId": "&{ig.client.id}",
-                        "clientSecretId": "ig.client.secret",
-                        "secretsProvider": "SystemAndEnvSecretStore-IAM"
-                      }
-                    }
-                  ]
-                }
-              }
-            }
-          }
-        ],
-        "handler": "ForgeRockClientHandler"
-      }
-    },
     {
       "name": "TrustManager-OB",
       "type": "TrustManager",
@@ -234,7 +197,15 @@
       "type": "IdmService",
       "config": {
         "baseEndpoint": "&{urls.idmBaseUri}",
-        "endpointHandler": "IDMClientHandler"
+        "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token",
+        "username": "&{ig.idm.user}",
+        "passwordSecretId": "ig.idm.password",
+        "secretsProvider": "SystemAndEnvSecretStore-IAM",
+        "authMethod": "CLIENT_SECRET_BASIC",
+        "authConfig": {
+          "clientId": "&{ig.client.id}",
+          "clientSecretId": "ig.client.secret"
+        }
       }
     },
     {
diff --git a/config/7.3.0/securebanking/ig/config/prod/config/config.json b/config/7.3.0/securebanking/ig/config/prod/config/config.json
@@ -129,43 +129,6 @@
         "format": "PLAIN"
       }
     },
-    {
-      "name": "IDMClientHandler",
-      "type": "Chain",
-      "config": {
-        "filters": [
-          {
-            "type": "ResourceOwnerOAuth2ClientFilter",
-            "config": {
-              "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token",
-              "username": "&{ig.idm.user}",
-              "passwordSecretId": "ig.idm.password",
-              "secretsProvider": "SystemAndEnvSecretStore-IAM",
-              "scopes": [
-                "fr:idm:*"
-              ],
-              "endpointHandler": {
-                "type": "Chain",
-                "config": {
-                  "handler": "ForgeRockClientHandler",
-                  "filters": [
-                    {
-                      "type": "ClientSecretBasicAuthenticationFilter",
-                      "config": {
-                        "clientId": "&{ig.client.id}",
-                        "clientSecretId": "ig.client.secret",
-                        "secretsProvider": "SystemAndEnvSecretStore-IAM"
-                      }
-                    }
-                  ]
-                }
-              }
-            }
-          }
-        ],
-        "handler": "ForgeRockClientHandler"
-      }
-    },
     {
       "name": "TrustManager-OB",
       "type": "TrustManager",
@@ -222,7 +185,15 @@
       "type": "IdmService",
       "config": {
         "baseEndpoint": "&{urls.idmBaseUri}",
-        "endpointHandler": "IDMClientHandler"
+        "tokenEndpoint": "https://&{identity.platform.fqdn}/am/oauth2/realms/root/realms/&{am.realm}/access_token",
+        "username": "&{ig.idm.user}",
+        "passwordSecretId": "ig.idm.password",
+        "secretsProvider": "SystemAndEnvSecretStore-IAM",
+        "authMethod": "CLIENT_SECRET_BASIC",
+        "authConfig": {
+          "clientId": "&{ig.client.id}",
+          "clientSecretId": "ig.client.secret"
+        }
       }
     },
     {
diff --git a/config/7.3.0/securebanking/ig/routes/routes-service/100-internal-repo.json b/config/7.3.0/securebanking/ig/routes/routes-service/100-internal-repo.json
@@ -28,11 +28,10 @@
                   "type": "ScriptableHandler",
                   "config": {
                     "type": "application/x-groovy",
-                    "clientHandler": "IDMClientHandler",
                     "file": "RepoApiClient.groovy",
                     "args": {
-                      "routeArgObjApiClient": "apiClient",
-                      "routeArgIdmBaseUri": "https://&{identity.platform.fqdn}"
+                      "routeArgIdmService": "${heap[IdmService]}",
+                      "routeArgObjApiClient": "apiClient"
                     }
                   }
                 }
@@ -47,7 +46,7 @@
                     "clientHandler": "IDMClientHandler",
                     "file": "RepoUser.groovy",
                     "args": {
-                      "routeArgIdmBaseUri": "https://&{identity.platform.fqdn}",
+                      "routeArgIdmService": "${heap[IdmService]}",
                       "routeArgObjUser": "&{user.object}"
                     }
                   }
diff --git a/config/7.3.0/securebanking/ig/scripts/groovy/RepoApiClient.groovy b/config/7.3.0/securebanking/ig/scripts/groovy/RepoApiClient.groovy
@@ -1,4 +1,6 @@
 import groovy.json.JsonOutput
+import static org.forgerock.util.CloseSilentlyAsyncFunction.closeSilently;
+import static org.forgerock.util.promise.NeverThrowsException.neverThrownAsync;
 
 def fapiInteractionId = request.getHeaders().getFirst("x-fapi-interaction-id");
 if(fapiInteractionId == null) fapiInteractionId = "No x-fapi-interaction-id";
@@ -28,36 +30,33 @@ def apiClientId = splitUri[splitUri.length - 1];
 logger.debug(SCRIPT_NAME + "Looking up API Client {}",apiClientId)
 
 apiClientRequest.setUri(routeArgIdmBaseUri + "/openidm/managed/" + routeArgObjApiClient + "/" + apiClientId)
-
-http.send(apiClientRequest).then(apiClientResponse -> {
-    apiClientRequest.close()
-    logger.debug(SCRIPT_NAME + "Back from IDM")
-
-    def apiClientResponseStatus = apiClientResponse.getStatus();
-
-    if (apiClientResponseStatus != Status.OK) {
-        message = "Failed to get API Client details"
-        logger.error(message)
-        response.status = apiClientResponseStatus
-        response.entity = "{ \"error\":\"" + message + "\"}"
-        return response
-    }
-
-    def apiClientResponseContent = apiClientResponse.getEntity();
-    def apiClientResponseObject = apiClientResponseContent.getJson();
-
-    def responseObj = [
-            "id": apiClientResponseObject.id,
-            "name": apiClientResponseObject.name,
-            "officialName": apiClientResponseObject.name,
-            "oauth2ClientId": apiClientResponseObject.oauth2ClientId,
-            "logoUri": apiClientResponseObject.logoUri
-    ]
-
-    def responseJson = JsonOutput.toJson(responseObj);
-    logger.debug(SCRIPT_NAME + "Final JSON " + responseJson)
-
-    response.entity = responseJson;
-    return response
-
-}).then(response -> { return response })
+idmService.send(context, apiClientRequest)
+          .thenAsync(closeSilently(response -> {
+              logger.debug(SCRIPT_NAME + "Back from IDM")
+              def apiClientResponseStatus = apiClientResponse.getStatus();
+
+              if (apiClientResponseStatus != Status.OK) {
+                  message = "Failed to get API Client details"
+                  logger.error(message)
+                  response.status = apiClientResponseStatus
+                  response.entity = "{ \"error\":\"" + message + "\"}"
+                  return response
+              }
+              return response.getEntity()
+                             .getJsonAsync()
+                             .then(json -> {
+                                 def responseObj = [
+                                         "id"            : json.id,
+                                         "name"          : json.name,
+                                         "officialName"  : json.name,
+                                         "oauth2ClientId": json.oauth2ClientId,
+                                         "logoUri"       : json.logoUri
+                                 ]
+
+                                 def responseJson = JsonOutput.toJson(responseObj);
+                                 logger.debug(SCRIPT_NAME + "Final JSON " + responseJson)
+
+                                 response.entity = responseJson;
+                                 return response
+                             });
+          }), neverThrownAsync())
diff --git a/config/7.3.0/securebanking/ig/scripts/groovy/RepoUser.groovy b/config/7.3.0/securebanking/ig/scripts/groovy/RepoUser.groovy
@@ -39,47 +39,39 @@ if(Objects.nonNull(uriQuery)){
  - curl -i -v http://ig:80/repo/users?_queryFilter=userName+eq+%22<Cloud platform user name>%22
  - curl -i -v http://ig:80/repo/users/<Cloud platform user ID>
  */
-
-http.send(userRequest).then(userResponse -> {
-    userRequest.close()
-    logger.debug(SCRIPT_NAME + "Back from IDM")
-
-    def userResponseStatus = userResponse.getStatus();
-    logger.debug(SCRIPT_NAME + " status {}", userResponseStatus)
-
-    if (userResponseStatus != Status.OK) {
-        return errorResponse("User details not found", userResponseStatus)
-    }
-
-    def userResponseContent = userResponse.getEntity()
-
-    logger.debug(SCRIPT_NAME + "response JSON {}", userResponseContent.getJson().result)
-
-    // build response Object
-    def userResponseObject = userResponseContent.getJson()
-    if(queryFilter){
-        if(userResponseContent.getJson().result.isEmpty()){
-            return errorResponse("User details not found", Status.NOT_FOUND)
-        }
-        userResponseObject = userResponseContent.getJson().result[0]
-    }
-
-    def responseObj = [
-            "id": userResponseObject._id,
-            "userName": userResponseObject.userName,
-            "givenName": userResponseObject.givenName,
-            "surname": userResponseObject.sn,
-            "mail": userResponseObject.mail,
-            "accountStatus": userResponseObject.accountStatus
-    ]
-
-    def responseJson = JsonOutput.toJson(responseObj)
-    logger.debug(SCRIPT_NAME + "Final JSON " + responseJson)
-
-    response.entity = responseJson;
-    return response
-
-}).then(response -> { return response })
+idmService.send(context, userRequest)
+          .thenAsync(closeSilently(response -> {
+              logger.debug(SCRIPT_NAME + "Back from IDM")
+              def userResponseStatus = userResponse.getStatus();
+              logger.debug(SCRIPT_NAME + " status {}", userResponseStatus)
+              if (userResponseStatus != Status.OK) {
+                  return errorResponse("User details not found", userResponseStatus)
+              }
+              return response.getEntity()
+                             .getJsonAsync()
+                             .then(json -> {
+                                 if(queryFilter){
+                                     if(json.isEmpty()){
+                                         return errorResponse("User details not found", Status.NOT_FOUND)
+                                     }
+                                     userResponseObject = userResponseContent.getJson().result[0]
+                                 }
+                                 def responseObj = [
+                                         "id": json._id,
+                                         "userName": json.userName,
+                                         "givenName": json.givenName,
+                                         "surname": json.sn,
+                                         "mail": json.mail,
+                                         "accountStatus": json.accountStatus
+                                 ]
+
+                                 def responseJson = JsonOutput.toJson(responseObj)
+                                 logger.debug(SCRIPT_NAME + "Final JSON " + responseJson)
+
+                                 response.entity = responseJson;
+                                 return response
+                             });
+          }), neverThrownAsync())
 
 def errorResponse(String message, userResponseStatus) {
     logger.error(SCRIPT_NAME + message)

Original file line number	Diff line number	Diff line change
`@@ -28,11 +28,10 @@`
`28`	`28`	`"type": "ScriptableHandler",`
`29`	`29`	`"config": {`
`30`	`30`	`"type": "application/x-groovy",`
`31`		`- "clientHandler": "IDMClientHandler",`
`32`	`31`	`"file": "RepoApiClient.groovy",`
`33`	`32`	`"args": {`
`34`		`- "routeArgObjApiClient": "apiClient",`
`35`		`- "routeArgIdmBaseUri": "https://&{identity.platform.fqdn}"`
	`33`	`+ "routeArgIdmService": "${heap[IdmService]}",`
	`34`	`+ "routeArgObjApiClient": "apiClient"`
`36`	`35`	`}`
`37`	`36`	`}`
`38`	`37`	`}`
`@@ -47,7 +46,7 @@`
`47`	`46`	`"clientHandler": "IDMClientHandler",`
`48`	`47`	`"file": "RepoUser.groovy",`
`49`	`48`	`"args": {`
`50`		`- "routeArgIdmBaseUri": "https://&{identity.platform.fqdn}",`
	`49`	`+ "routeArgIdmService": "${heap[IdmService]}",`
`51`	`50`	`"routeArgObjUser": "&{user.object}"`
`52`	`51`	`}`
`53`	`52`	`}`