Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-auth-server): enable person authn script to have multiple a… #1074

Merged
merged 1 commit into from
Mar 18, 2022
Merged

feat(jans-auth-server): enable person authn script to have multiple a… #1074

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
111 changes: 111 additions & 0 deletions jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthnScriptAliasesTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
/*
* Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
*
* Copyright (c) 2020, Janssen Project
*/

package io.jans.as.client.ws.rs;

import io.jans.as.client.*;
import io.jans.as.client.client.AssertBuilder;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.register.ApplicationType;
import io.jans.as.model.util.StringUtils;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

import java.util.Arrays;
import java.util.List;
import java.util.UUID;

/**
* @author Javier Rojas Blum
* @version March 18, 2022
*/
public class AuthnScriptAliasesTest extends BaseTest {

@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void acrAliasTest(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) {
showTitle("acrAliasTest");

List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);

// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);

RegisterClient registerClient = newRegisterClient(registerRequest);
RegisterResponse registerResponse = registerClient.exec();

showClient(registerClient);
AssertBuilder.registerResponse(registerResponse)
.created()
.check();

String clientId = registerResponse.getClientId();

List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();

AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAcrValues(Arrays.asList("basic_alias1"));

AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint,
authorizationRequest, userId, userSecret);

AssertBuilder.authorizationResponse(authorizationResponse)
.responseTypes(responseTypes)
.check();
}

@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void acrAliasAuthorizedAcsValuesTest(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) {
showTitle("acrAliasAuthorizedAcsValuesTest");

List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);

// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setAuthorizedAcrValues(Arrays.asList(
"basic_alias1", "basic_alias2"
));

RegisterClient registerClient = newRegisterClient(registerRequest);
RegisterResponse registerResponse = registerClient.exec();

showClient(registerClient);
AssertBuilder.registerResponse(registerResponse)
.created()
.check();

String clientId = registerResponse.getClientId();

List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();

AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAcrValues(Arrays.asList("basic_alias2"));

AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint,
authorizationRequest, userId, userSecret);

AssertBuilder.authorizationResponse(authorizationResponse)
.responseTypes(responseTypes)
.check();
}
}
7 changes: 3 additions & 4 deletions jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/AuthorizedAcrValuesTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

/**
* @author Javier Rojas Blum
* @version March 17, 2022
* @version March 18, 2022
*/
public class AuthorizedAcrValuesTest extends BaseTest {

Expand Down Expand Up @@ -68,11 +68,10 @@ public void authorizedAcrValues(
.check();
}

@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Parameters({"redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void authorizedAcrValuesFail(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) {
final String redirectUris, final String redirectUri, final String sectorIdentifierUri) {
showTitle("authorizedAcrValuesFail");

List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
Expand Down
23 changes: 18 additions & 5 deletions jans-auth-server/client/src/test/resources/testng.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<suite name="jansAuthClient" parallel="tests" thread-count="4">

<listeners>
<listener class-name="io.jans.as.client.RetryListener" />
<listener class-name="io.jans.as.client.RetryListener"/>
</listeners>

<test name="JsonApplier Client test" enabled="true">
Expand Down Expand Up @@ -36,8 +36,13 @@
</classes>
</test>

<!-- Token binding -->
<test name="Authn Script Aliases Test" enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.AuthnScriptAliasesTest"/>
</classes>
</test>

<!-- Token binding -->
<test name="Token Binding test (HTTP)" enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.TokenBindingHttpTest"/>
Expand Down Expand Up @@ -96,6 +101,12 @@
</classes>
</test>

<test name="Authorized Acr Values Test" enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.AuthorizedAcrValuesTest"/>
</classes>
</test>

<!-- Authorize test -->
<test name="Authorize test (HTTP)" enabled="true">
<classes>
Expand Down Expand Up @@ -256,7 +267,7 @@
<class name="io.jans.as.client.ws.rs.SetPublicSubjectIdentifierPerClientTest"/>
</classes>
</test>

<!-- SSO with Multiple Backend Services test -->
<test name="SSO with Multiple Backend Services test (HTTP)" enabled="true">
<classes>
Expand Down Expand Up @@ -900,7 +911,8 @@
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFormPostJwtResponseTypeCodeIdTokenSignedHttpTest"/>
</classes>
</test>
<test name="Test Authorization Response Mode form_post.jwt Response Type code id_token token Encrypted" enabled="true">
<test name="Test Authorization Response Mode form_post.jwt Response Type code id_token token Encrypted"
enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFormPostJwtResponseTypeCodeIdTokenTokenEncryptedHttpTest"/>
</classes>
Expand Down Expand Up @@ -961,7 +973,8 @@
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFragmentJwtResponseTypeCodeIdTokenSignedHttpTest"/>
</classes>
</test>
<test name="Test Authorization Response Mode fragment.jwt Response Type code id_token token Encrypted" enabled="true">
<test name="Test Authorization Response Mode fragment.jwt Response Type code id_token token Encrypted"
enabled="true">
<classes>
<class name="io.jans.as.client.ws.rs.jarm.AuthorizationResponseModeFragmentJwtResponseTypeCodeIdTokenTokenEncryptedHttpTest"/>
</classes>
Expand Down
15 changes: 10 additions & 5 deletions ...erver/src/main/java/io/jans/as/server/service/external/ExternalAuthenticationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,8 @@
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import javax.inject.Named;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.Map.Entry;
import java.util.Set;

/**
* Provides factory methods needed to create external authenticator
Expand Down Expand Up @@ -498,6 +494,15 @@ public Map<Integer, Set<String>> levelToAcrMapping() {
map.put(level, acrs);
}
acrs.add(acr);

// Also publish alias configuration
if (script.getCustomScript() != null && script.getCustomScript().getAliases() != null) {
for (String alias : script.getCustomScript().getAliases()) {
if (StringUtils.isNotBlank(alias)) {
acrs.add(alias);
}
}
}
}
return map;
}
Expand Down
2 changes: 2 additions & 0 deletions jans-linux-setup/jans_setup/templates/scripts.ldif
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,8 @@ objectClass: top
objectClass: jansCustomScr
jansEnabled: false
jansProgLng: python
jansAlias: basic_alias1
jansAlias: basic_alias2

dn: inum=A910-56AB,ou=scripts,o=jans
description: Sample script for SCIM events
Expand Down