Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jans fido Review Configs #10101 #10204

Merged
merged 4 commits into from
Nov 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion docker-jans-fido2/scripts/upgrade.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ def _transform_fido2_dynamic_config(conf):
# add missing config (if not exist)
for k, v in [
("superGluuEnabled", False),
("oldU2fMigrationEnabled", True),
("metadataUrlsProvider", ""),
("errorReasonEnabled", False),
("skipDownloadMdsEnabled", False),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,7 @@ It will return the result as below:
"jansCustomPerson",
"jansPerson"
],
"superGluuEnabled": false,
"sessionIdPersistInCache": false,
"oldU2fMigrationEnabled": true,
"errorReasonEnabled": false,
"fido2Configuration": {
"authenticatorCertsFolder": "/etc/jans/conf/fido2/authenticator_cert",
Expand Down
2 changes: 0 additions & 2 deletions docs/janssen-server/fido/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,7 @@ Response:
"jansCustomPerson",
"jansPerson"
],
"superGluuEnabled": true,
"sessionIdPersistInCache": false,
"oldU2fMigrationEnabled": true,
"fido2Configuration": {
"authenticatorCertsFolder": "/etc/jans/conf/fido2/authenticator_cert",
"mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert",
Expand Down
18 changes: 0 additions & 18 deletions docs/janssen-server/reference/json/properties/fido2-properties.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,11 @@ tags:
| metricReporterEnabled | Boolean value specifying whether metric reporter is enabled | [Details](#metricreporterenabled) |
| metricReporterInterval | The interval for metric reporter in seconds | [Details](#metricreporterinterval) |
| metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
| oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
| personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
| rp | Requested Parties Authenticators metadata in json format | [Details](#rp) |
| serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
| sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
| superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
| unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
| useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
Expand Down Expand Up @@ -202,15 +200,6 @@ tags:
- Default value: None


### oldU2fMigrationEnabled

- Description: Boolean value to enable disable old oxAuth U2F enrollments migration

- Required: No

- Default value: None


### personCustomObjectClassList

- Description: Custom object class list for dynamic person enrolment
Expand Down Expand Up @@ -247,13 +236,6 @@ tags:
- Default value: None


### superGluuEnabled

- Description: Boolean value to enable disable Super Gluu extension

- Required: No

- Default value: None

### sessionIdPersistInCache

Expand Down
1 change: 0 additions & 1 deletion jans-cli-tui/cli_tui/plugins/020_fido/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,6 @@ def create_widgets(self):
style='class:outh-scope-text'
,widget_style=cli_style.black_bg_widget
),
self.app.getTitledCheckBox(_("Enable Super Gluu"), name='superGluuEnabled', checked=self.data.get('superGluuEnabled'), jans_help=self.app.get_help_from_schema(self.schema, 'superGluuEnabled'), style=cli_style.check_box, widget_style=cli_style.black_bg_widget),
Window(height=1),
VSplit([Window(),
HSplit([Button(_("Save"), handler=self.save_config)]),
Expand Down
2 changes: 0 additions & 2 deletions jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -564,8 +564,6 @@ components:
type: boolean
sessionIdPersistInCache:
type: boolean
oldU2fMigrationEnabled:
type: boolean
errorReasonEnabled:
type: boolean
fido2Configuration:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,6 @@ public class AppConfiguration implements Configuration, Serializable {
@DocProperty(description = "Boolean value specifying whether to persist session_id in cache", defaultValue = "false")
private Boolean sessionIdPersistInCache = false;

@DocProperty(description = "Boolean value to enable disable old oxAuth U2F enrollments migration")
private boolean oldU2fMigrationEnabled;

@DocProperty(description = "Boolean value specifying whether to return detailed reason of the error from Fido2. Default value is false", defaultValue = "false")
private Boolean errorReasonEnabled = false;

Expand Down Expand Up @@ -205,14 +202,6 @@ public void setSessionIdPersistInCache(Boolean sessionIdPersistInCache) {
this.sessionIdPersistInCache = sessionIdPersistInCache;
}

public boolean isOldU2fMigrationEnabled() {
return oldU2fMigrationEnabled;
}

public void setOldU2fMigrationEnabled(boolean oldU2fMigrationEnabled) {
this.oldU2fMigrationEnabled = oldU2fMigrationEnabled;
}

public Boolean getErrorReasonEnabled() {
return errorReasonEnabled;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ public class Fido2Configuration {
private List<String> hints = new ArrayList<String>();
@DocProperty(description = "If authenticators have been enabled for use in a specific protected envt (enterprise authenticators)")
private boolean enterpriseAttestation = false;
@DocProperty(description = "Enum value indicating whether MDS validation should be omitted during attestation")
private String attestationMode;
@DocProperty(description = "String value indicating whether MDS validation should be omitted during attestation")
private String attestationMode = "monitor";

public String getAuthenticatorCertsFolder() {
return authenticatorCertsFolder;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@
"jansCustomPerson",
"jansPerson"
],
"superGluuEnabled": false,
"sessionIdPersistInCache": false,
"oldU2fMigrationEnabled": true,
"errorReasonEnabled": false,
"fido2Configuration":{
"authenticatorCertsFolder":"%(fido2ConfigFolder)s/authenticator_cert",
Expand All @@ -36,6 +34,7 @@
]
}
],
"metadataServers":[{"url": "https://mds.fidoalliance.org/" }],
"userAutoEnrollment":false,
"unfinishedRequestExpiration":180,
"authenticationHistoryExpiration":1296000,
Expand Down
2 changes: 0 additions & 2 deletions terraform-provider-jans/jans/fido2_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,6 @@ type JansFido2DynConfiguration struct {
MetricReporterKeepDataDays int `schema:"metric_reporter_keep_data_days" json:"metricReporterKeepDataDays,omitempty"`
PersonCustomObjectClassList []string `schema:"person_custom_object_class_list" json:"personCustomObjectClassList,omitempty"`
Fido2Configuration Fido2Configuration `schema:"fido2_configuration" json:"fido2Configuration,omitempty"`
OldU2fMigrationEnabled bool `schema:"old_u2f_migration_enabled" json:"oldU2fMigrationEnabled,omitempty"`
SuperGluuEnabled bool `schema:"super_gluu_enabled" json:"superGluuEnabled,omitempty"`
}

// GetFido2Configuration returns the current Fido2 configuration.
Expand Down
10 changes: 0 additions & 10 deletions terraform-provider-jans/jans/fido2_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,8 @@ func TestFido2Config(t *testing.T) {
origBasepoint := cfg.BaseEndpoint
cfg.BaseEndpoint = "newbasepoint"

origSuperGluuEnabled := cfg.SuperGluuEnabled
cfg.SuperGluuEnabled = true

origOldU2fMigrationEnabled := cfg.OldU2fMigrationEnabled
cfg.OldU2fMigrationEnabled = true

ret := &JansFido2DynConfiguration{
BaseEndpoint: "newbasepoint",
SuperGluuEnabled: true,
OldU2fMigrationEnabled: true,
}
updatedConfig, err := client.UpdateFido2Configuration(ctx, ret)
if err != nil {
Expand All @@ -46,8 +38,6 @@ func TestFido2Config(t *testing.T) {

t.Cleanup(func() {
ret.BaseEndpoint = origBasepoint
ret.SuperGluuEnabled = origSuperGluuEnabled
ret.OldU2fMigrationEnabled = origOldU2fMigrationEnabled
_, _ = client.UpdateFido2Configuration(ctx, ret)
})

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,7 @@ func TestResourceFido2Config_Mapping(t *testing.T) {
AuthenticationHistoryExpiration: 1296000,
enabledFidoAlgorithms: []string{"RS256", "ES256"},
},
SuperGluuEnabled: true,
OldU2fMigrationEnabled: true,

}

if err := toSchemaResource(data, cfg); err != nil {
Expand Down