From 4bea2f47ff5a472a68bd0c7de402e82f752875ac Mon Sep 17 00:00:00 2001 From: Javier Rojas Blum Date: Fri, 18 Mar 2022 16:49:55 -0300 Subject: [PATCH] feat(jans-auth-server): enable person authn script to have multiple acr names Signed-off-by: Javier Rojas Blum --- .../client/ws/rs/AuthnScriptAliasesTest.java | 111 ++++++++++++++++++ .../client/ws/rs/AuthorizedAcrValuesTest.java | 7 +- .../client/src/test/resources/testng.xml | 23 +++- .../ExternalAuthenticationService.java | 15 ++- .../jans_setup/templates/scripts.ldif | 2 + 5 files changed, 144 insertions(+), 14 deletions(-) create mode 100644 jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthnScriptAliasesTest.java diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthnScriptAliasesTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthnScriptAliasesTest.java new file mode 100644 index 00000000000..d64fa0a10b3 --- /dev/null +++ b/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthnScriptAliasesTest.java @@ -0,0 +1,111 @@ +/* + * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.as.client.ws.rs; + +import io.jans.as.client.*; +import io.jans.as.client.client.AssertBuilder; +import io.jans.as.model.common.ResponseType; +import io.jans.as.model.register.ApplicationType; +import io.jans.as.model.util.StringUtils; +import org.testng.annotations.Parameters; +import org.testng.annotations.Test; + +import java.util.Arrays; +import java.util.List; +import java.util.UUID; + +/** + * @author Javier Rojas Blum + * @version March 18, 2022 + */ +public class AuthnScriptAliasesTest extends BaseTest { + + @Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) + @Test + public void acrAliasTest( + final String userId, final String userSecret, final String redirectUris, final String redirectUri, + final String sectorIdentifierUri) { + showTitle("acrAliasTest"); + + List responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); + + // 1. Register client + RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", + StringUtils.spaceSeparatedToList(redirectUris)); + registerRequest.setResponseTypes(responseTypes); + registerRequest.setSectorIdentifierUri(sectorIdentifierUri); + + RegisterClient registerClient = newRegisterClient(registerRequest); + RegisterResponse registerResponse = registerClient.exec(); + + showClient(registerClient); + AssertBuilder.registerResponse(registerResponse) + .created() + .check(); + + String clientId = registerResponse.getClientId(); + + List scopes = Arrays.asList("openid", "profile", "address", "email"); + String state = UUID.randomUUID().toString(); + String nonce = UUID.randomUUID().toString(); + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); + authorizationRequest.setState(state); + authorizationRequest.setAcrValues(Arrays.asList("basic_alias1")); + + AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, + authorizationRequest, userId, userSecret); + + AssertBuilder.authorizationResponse(authorizationResponse) + .responseTypes(responseTypes) + .check(); + } + + @Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) + @Test + public void acrAliasAuthorizedAcsValuesTest( + final String userId, final String userSecret, final String redirectUris, final String redirectUri, + final String sectorIdentifierUri) { + showTitle("acrAliasAuthorizedAcsValuesTest"); + + List responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); + + // 1. Register client + RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", + StringUtils.spaceSeparatedToList(redirectUris)); + registerRequest.setResponseTypes(responseTypes); + registerRequest.setSectorIdentifierUri(sectorIdentifierUri); + registerRequest.setAuthorizedAcrValues(Arrays.asList( + "basic_alias1", "basic_alias2" + )); + + RegisterClient registerClient = newRegisterClient(registerRequest); + RegisterResponse registerResponse = registerClient.exec(); + + showClient(registerClient); + AssertBuilder.registerResponse(registerResponse) + .created() + .check(); + + String clientId = registerResponse.getClientId(); + + List scopes = Arrays.asList("openid", "profile", "address", "email"); + String state = UUID.randomUUID().toString(); + String nonce = UUID.randomUUID().toString(); + + AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); + authorizationRequest.setState(state); + authorizationRequest.setAcrValues(Arrays.asList("basic_alias2")); + + AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, + authorizationRequest, userId, userSecret); + + AssertBuilder.authorizationResponse(authorizationResponse) + .responseTypes(responseTypes) + .check(); + } +} diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthorizedAcrValuesTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthorizedAcrValuesTest.java index bd7a5e0ba64..6ebbc5bc896 100644 --- a/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthorizedAcrValuesTest.java +++ b/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthorizedAcrValuesTest.java @@ -20,7 +20,7 @@ /** * @author Javier Rojas Blum - * @version March 17, 2022 + * @version March 18, 2022 */ public class AuthorizedAcrValuesTest extends BaseTest { @@ -68,11 +68,10 @@ public void authorizedAcrValues( .check(); } - @Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) + @Parameters({"redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void authorizedAcrValuesFail( - final String userId, final String userSecret, final String redirectUris, final String redirectUri, - final String sectorIdentifierUri) { + final String redirectUris, final String redirectUri, final String sectorIdentifierUri) { showTitle("authorizedAcrValuesFail"); List responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); diff --git a/jans-auth-server/client/src/test/resources/testng.xml b/jans-auth-server/client/src/test/resources/testng.xml index 678435f2b97..57706f73ec9 100644 --- a/jans-auth-server/client/src/test/resources/testng.xml +++ b/jans-auth-server/client/src/test/resources/testng.xml @@ -3,7 +3,7 @@ - + @@ -36,8 +36,13 @@ - + + + + + + @@ -96,6 +101,12 @@ + + + + + + @@ -256,7 +267,7 @@ - + @@ -900,7 +911,8 @@ - + @@ -961,7 +973,8 @@ - + diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthenticationService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthenticationService.java index 0ff62f209b3..79f7ab834a8 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthenticationService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthenticationService.java @@ -29,12 +29,8 @@ import javax.enterprise.event.Observes; import javax.inject.Inject; import javax.inject.Named; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.Map.Entry; -import java.util.Set; /** * Provides factory methods needed to create external authenticator @@ -498,6 +494,15 @@ public Map> levelToAcrMapping() { map.put(level, acrs); } acrs.add(acr); + + // Also publish alias configuration + if (script.getCustomScript() != null && script.getCustomScript().getAliases() != null) { + for (String alias : script.getCustomScript().getAliases()) { + if (StringUtils.isNotBlank(alias)) { + acrs.add(alias); + } + } + } } return map; } diff --git a/jans-linux-setup/jans_setup/templates/scripts.ldif b/jans-linux-setup/jans_setup/templates/scripts.ldif index 1e7281a74d3..60f00d5a747 100644 --- a/jans-linux-setup/jans_setup/templates/scripts.ldif +++ b/jans-linux-setup/jans_setup/templates/scripts.ldif @@ -393,6 +393,8 @@ objectClass: top objectClass: jansCustomScr jansEnabled: false jansProgLng: python +jansAlias: basic_alias1 +jansAlias: basic_alias2 dn: inum=A910-56AB,ou=scripts,o=jans description: Sample script for SCIM events