Merge branch 'main' into issue_10080

Signed-off-by: Madhumita Subramaniam <[email protected]>
JanssenProject · Dec 13, 2024 · 5e16489 · 5e16489
2 parents 9388cd9 + a71e866
commit 5e16489
Show file tree

Hide file tree

Showing 8 changed files with 83 additions and 19 deletions.
diff --git a/docs/janssen-server/fido/config.md b/docs/janssen-server/fido/config.md
@@ -7,21 +7,22 @@ tags:
 
 ### Configuration Parameters of Janssen's FIDO2 server:
 
-| Field named                 | Example                                  | Description                                                                                                                     |
-|-----------------------------|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
-| issuer                      | https://my-jans-server.jans.io           | URL using the https scheme with no query or fragment component. The OP asserts this as its Issuer Identifier                    |
-| baseEndpoint                | https://my-jans-server/jans-fido2/restv1 | Base URL of the FIDO2 server Endpoints                                                                                          |
-| cleanServiceInterval        | 60                                       | Time interval for the Clean Service in seconds.                                                                                 |
-| cleanServiceBatchChunkSize  | 10000                                    | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage.                                  |
-| useLocalCache               | true                                     | Boolean value specifying whether to enable local in-memory cache for attributes, scopes, clients and organization configuration |
-| disableJdkLogger            | true                                     | Boolean value specifying whether to enable JDK Loggers                                                                          |
-| loggingLevel                | "INFO" or "TRACE" or "DEBUG"             | Logging level for FIDO2 server                                                                                                  |
-| loggingLayout               | "text" or "json"                         | Contents of logs as plain text or json format                                                                                   |
-| externalLoggerConfiguration |                                          | Path to external log4j2 logging configuration                                                                                   |
-| metricReporterInterval      | 300                                      | The interval for metric reporter in seconds.                                                                                    |
-| metricReporterKeepDataDays  | 15                                       | The number of days to retain metric reported data in the system                                                                 |
-| metricReporterEnabled       | true                                     | Boolean value specifying whether to enable Metric Reporter                                                                      |
-| fido2Configuration          | See JSON contents in the below example   | FIDO2 Configuration                                                                                                             |
+| Field named                 | Example                                                | Description                                                                                                                     |
+|-----------------------------|--------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
+| issuer                      | https://my-jans-server.jans.io                         | URL using the https scheme with no query or fragment component. The OP asserts this as its Issuer Identifier                    |
+| baseEndpoint                | https://my-jans-server/jans-fido2/restv1               | Base URL of the FIDO2 server Endpoints
+| webAuthnEndpoint            | https://FQDN/jans-fido2/restv1/webauthn/configuration  | Base URL of the FIDO2 Web Authn Server Endpoint which return RP Origins
+| cleanServiceInterval        | 60                                                     | Time interval for the Clean Service in seconds.                                                                                 |
+| cleanServiceBatchChunkSize  | 10000                                                  | Each clean up iteration fetches chunk of expired data per base dn and removes it from storage.                                  |
+| useLocalCache               | true                                                   | Boolean value specifying whether to enable local in-memory cache for attributes, scopes, clients and organization configuration |
+| disableJdkLogger            | true                                                   | Boolean value specifying whether to enable JDK Loggers                                                                          |
+| loggingLevel                | "INFO" or "TRACE" or "DEBUG"                           | Logging level for FIDO2 server                                                                                                  |
+| loggingLayout               | "text" or "json"                                       | Contents of logs as plain text or json format                                                                                   |
+| externalLoggerConfiguration |                                                        | Path to external log4j2 logging configuration                                                                                   |
+| metricReporterInterval      | 300                                                    | The interval for metric reporter in seconds.                                                                                    |
+| metricReporterKeepDataDays  | 15                                                     | The number of days to retain metric reported data in the system                                                                 |
+| metricReporterEnabled       | true                                                   | Boolean value specifying whether to enable Metric Reporter                                                                      |
+| fido2Configuration          | See JSON contents in the below example                 | FIDO2 Configuration                                                                                                             |
 
 #### Fido2Configuration structure
 
@@ -113,6 +114,10 @@ Response:
 
 While it is not recommended that an administrator directly edits a configuration at the persistence layer, it may be useful information for a developer.
 
+#### 5. WebAuthn Endpoint
+  A. The WebAuthn Endpoints retrieve the list of RP (Relying Party) Origins configured for FIDO2 authentication.
+  B. Endpoints: https://FQDN/restv1/webauthn/configuration && https://FQDN/.well-known/webauthn
+
 ##### MySQL
 ```mermaid
 erDiagram

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/ResteasyInitializer.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/ResteasyInitializer.java
@@ -9,6 +9,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import io.jans.fido2.ws.rs.controller.WebAuthnController;
 import jakarta.ws.rs.ApplicationPath;
 import jakarta.ws.rs.core.Application;
 
@@ -20,7 +21,7 @@
  * Integration with Resteasy
  * 
  * @author Yuriy Movchan
- * @version 0.1, 03/21/2017
+ * @version 0.1, 03/21/201' q;l 7
  */
 @ApplicationPath("/restv1")
 public class ResteasyInitializer extends Application {	
@@ -31,6 +32,7 @@ public Set<Class<?>> getClasses() {
         classes.add(ConfigurationController.class);
         classes.add(AssertionController.class);
         classes.add(AttestationController.class);
+        classes.add(WebAuthnController.class);
 
         return classes;
     }

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AssertionController.java b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AssertionController.java
@@ -23,6 +23,8 @@
 import org.slf4j.Logger;
 
 
+import jakarta.validation.constraints.NotNull;
+
 
 /**
  * serves request for /assertion endpoint exposed by FIDO2 sever

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AttestationController.java b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AttestationController.java
@@ -7,7 +7,6 @@
 package io.jans.fido2.ws.rs.controller;
 
 import org.slf4j.Logger;
-
 import io.jans.fido2.model.attestation.AttestationOptions;
 import io.jans.fido2.model.attestation.AttestationResult;
 import io.jans.fido2.model.attestation.PublicKeyCredentialCreationOptions;
@@ -26,6 +25,9 @@
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.ResponseBuilder;
+import java.io.IOException;
+
 
 /**
  * serves request for /attestation endpoint exposed by FIDO2 sever

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/WebAuthnController.java b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/WebAuthnController.java
@@ -0,0 +1,50 @@
+package io.jans.fido2.ws.rs.controller;
+
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.jans.fido2.model.conf.AppConfiguration;
+import io.jans.fido2.model.error.ErrorResponseFactory;
+import io.jans.fido2.service.DataMapperService;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.Response;
+
+/**
+ * The endpoint at which the requester can obtain FIDO2 WebAuthn Origins metadata
+ * configuration
+ *
+ * @author Imran Ishaq Date: 11/28/2024
+ */
+@ApplicationScoped
+@Path("/webauthn/configuration")
+public class WebAuthnController {
+    @Inject
+    private AppConfiguration appConfiguration;
+
+    @Inject
+    private DataMapperService dataMapperService;
+
+    @Inject
+    private ErrorResponseFactory errorResponseFactory;
+    @GET
+    @Produces({ "application/json" })
+    public Response getConfiguration() {
+        if (appConfiguration.getFido2Configuration() == null) {
+            throw errorResponseFactory.forbiddenException();
+        }
+
+        ObjectNode response = dataMapperService.createObjectNode();
+
+        ArrayNode originsArray = dataMapperService.createArrayNode();
+        appConfiguration.getFido2Configuration().getRequestedParties().forEach(rp -> {
+            rp.getOrigins().forEach(originsArray::add);
+        });
+        response.set("origins", originsArray);
+
+        Response.ResponseBuilder builder = Response.ok().entity(response.toString());
+        return builder.build();
+    }
+}
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/fido.py b/jans-linux-setup/jans_setup/setup_app/installers/fido.py
@@ -11,6 +11,8 @@
 from setup_app.config import Config
 from setup_app.installers.jetty import JettyInstaller
 
+Config.jans_fido2_port = '8073'
+
 class FidoInstaller(JettyInstaller):
 
     source_files = [

diff --git a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
@@ -114,8 +114,9 @@
     ProxyPass   /.well-known/openid-configuration http://localhost:%(jans_auth_port)s/jans-auth/.well-known/openid-configuration
     ProxyPass   /.well-known/webfinger http://localhost:%(jans_auth_port)s/jans-auth/.well-known/webfinger
     ProxyPass   /.well-known/uma2-configuration http://localhost:%(jans_auth_port)s/jans-auth/restv1/uma2-configuration
+    ProxyPass   /.well-known/fido2-configuration http://localhost:%(jans_fido2_port)s/jans-fido2/restv1/configuration
+    ProxyPass   /.well-known/webauthn http://localhost:%(jans_fido2_port)s/jans-fido2/restv1/webauthn/configuration
     ProxyPass   /.well-known/authzen-configuration http://localhost:%(jans_auth_port)s/jans-auth/restv1/authzen-configuration
-    ProxyPass   /.well-known/fido2-configuration http://localhost:8073/jans-fido2/restv1/configuration
     ProxyPass   /.well-known/scim-configuration http://localhost:8087/jans-scim/restv1/scim-configuration
     ProxyPass   /firebase-messaging-sw.js http://localhost:%(jans_auth_port)s/jans-auth/firebase-messaging-sw.js
     ProxyPass   /device-code http://localhost:%(jans_auth_port)s/jans-auth/device_authorization.htm

diff --git a/jans-linux-setup/jans_setup/templates/jetty/jans-fido2 b/jans-linux-setup/jans_setup/templates/jetty/jans-fido2
@@ -5,7 +5,7 @@ JAVA_OPTIONS="-server -Xms%(jans-fido2_min_heap_mem)sm -Xmx%(jans-fido2_max_heap
 JETTY_HOME=%(jetty_home)s
 JETTY_BASE=%(jetty_base)s/jans-fido2
 JETTY_USER=%(jetty_user)s
-JETTY_ARGS="jetty.http.host=localhost jetty.http.port=8073"
+JETTY_ARGS="jetty.http.host=localhost jetty.http.port=%(jans_fido2_port)s"
 TMPDIR=%(jetty_dist)s/temp
 
 export PYTHON_HOME=%(jython_home)s
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,6 +23,8 @@ @@
     import org.slf4j.Logger;
+    import jakarta.validation.constraints.NotNull;
     /**
      * serves request for /assertion endpoint exposed by FIDO2 sever
@@ Expand Down @@