search

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
https://docs.jans.io
Apache License 2.0
472 stars 75 forks source link

feat (jans-linux-setup): adding admin-ui client configuration to database #3260

Closed duttarnab closed 1 year ago

duttarnab commented 1 year ago

Parent issue# https://github.com/JanssenProject/jans/issues/3085 Currently, the admin-ui plugin reads the oidc client details from auiConfiguration.properties (placed on the server). this file contains op_host, client_id, client_secret, acrs_values, authz_endpoint, etc of oidc clients used for authentication and token generation. We will now store this information in the database (LDAP. MySQL etc..) in admin-ui configuration and remove auiConfiguration.properties. The admin-ui plugin will read the information from DB.

Steps:

  1. Add the following jansConfApp to admin-ui configuration in the database.
{ "oidcConfig": { "authServerClient": { "opHost":                "https://jans-ui.jans.io", "clientId":                "2001.5e654851-78ce-4c23-bcb2-0b26d8230630", "clientSecret":                "nJiezhKhkEIcLCKdgbgogw==", "scopes": [ "openid", "profile",                "user_name", "email" ], "acrValues": ["basic"], "redirectUri":                "https://jans-ui.jans.io/ads", "postLogoutUri":                "https://jans-ui.jans.io/ads", "frontchannelLogoutUri":                "https://jans-ui.jans.io/ads/logout" }, "tokenServerClient": {                "opHost": "https://jans-ui.jans.io", "clientId":                "2001.5e654851-78ce-4c23-bcb2-0b26d8230630", "clientSecret":                "nJiezhKhkEIcLCKdgbgogw==", "tokenEndpoint":                "https://jans-ui.jans.io/jans-auth/restv1/token", "scopes": [                "openid", "profile", "user_name", "email" ] } } }
  1. Change jansAdminConfDyn objectClass to jansAppConf.

Full configuration ldif

version: 1
dn: ou=admin-ui,ou=configuration,o=jans
objectClass: jansAppConf
objectClass: top
jansConfApp:: { "oidcConfig": { "authServerClient": { "opHost": https://%(hostname)s/admin, "clientId": %(admin_ui_client_id)s, "clientSecret": %(admin_ui_client_encoded_pw)s, "scopes": [ "openid", "profile", "user_name", "email" ], "acrValues": ["basic"], "redirectUri": https://%(hostname)s/admin, "postLogoutUri": https://%(hostname)s/admin, "frontchannelLogoutUri": https://%(hostname)s/admin/logout }, "tokenServerClient": { "opHost": https://%(hostname)s/admin, "clientId": %(admin_ui_client_id)s, "clientSecret": %(admin_ui_client_encoded_pw)s, "tokenEndpoint": https://%(hostname)s/jans-auth/restv1/token, "scopes": [ "openid", "profile", "user_name", "email" ] } } }
jansConfDyn: {"roles":[{"role":"api-viewer","description":"desc","deletable":null},{"role":"api-editor","description":"","deletable":null},{"role":"api-manager","description":"","deletable":null},{"role":"api-admin","description":"","deletable":null}],"permissions":[{"permission":"https://jans.io/oauth/config/attributes.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/attributes.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/attributes.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/acrs.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/acrs.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/acrs.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/scopes.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/scopes.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/scopes.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/scripts.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/scripts.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/scripts.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/openid/clients.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/openid/clients.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/openid/clients.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/smtp.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/smtp.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/smtp.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/logging.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/logging.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/uma/resources.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/uma/resources.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/uma/resources.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/ldap.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/ldap.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/ldap.delete","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/jwks.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/jwks.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/fido2.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/fido2.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/cache.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/cache.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/couchbase.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/couchbase.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/sql.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/database/sql.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/properties.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/properties.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/config/stats.readonly","description":null,"defaultPermissionInToken":false},{"permission":"jans_stat","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write","description":null,"defaultPermissionInToken":false},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly","description":null,"defaultPermissionInToken":true},{"permission":"https://jans.io/oauth/jans-auth-server/config/adminui/license.write","description":null,"defaultPermissionInToken":true},{"permission":"openid","description":null,"defaultPermissionInToken":true},{"permission":"https://jans.io/oauth/config/agama.write","description":"","defaultPermissionInToken":null}],"rolePermissionMapping":[{"role":"api-viewer","permissions":["https://jans.io/oauth/config/attributes.readonly","https://jans.io/oauth/config/acrs.readonly","https://jans.io/oauth/config/scopes.readonly","https://jans.io/oauth/config/scripts.readonly","https://jans.io/oauth/config/openid/clients.readonly","https://jans.io/oauth/config/smtp.readonly","https://jans.io/oauth/config/logging.readonly","https://jans.io/oauth/config/uma/resources.readonly","https://jans.io/oauth/config/database/ldap.readonly","https://jans.io/oauth/config/jwks.readonly","https://jans.io/oauth/config/fido2.readonly","https://jans.io/oauth/config/cache.readonly","https://jans.io/oauth/jans-auth-server/config/properties.readonly","https://jans.io/oauth/config/database/couchbase.readonly","https://jans.io/oauth/config/database/sql.readonly","https://jans.io/oauth/config/stats.readonly"]},{"role":"api-editor","permissions":["https://jans.io/oauth/config/attributes.readonly","https://jans.io/oauth/config/attributes.write","https://jans.io/oauth/config/acrs.readonly","https://jans.io/oauth/config/acrs.write","https://jans.io/oauth/config/scopes.readonly","https://jans.io/oauth/config/scopes.write","https://jans.io/oauth/config/scripts.readonly","https://jans.io/oauth/config/scripts.write","https://jans.io/oauth/config/openid/clients.readonly","https://jans.io/oauth/config/openid/clients.write","https://jans.io/oauth/config/smtp.readonly","https://jans.io/oauth/config/smtp.write","https://jans.io/oauth/config/logging.readonly","https://jans.io/oauth/config/logging.write","https://jans.io/oauth/config/uma/resources.readonly","https://jans.io/oauth/config/uma/resources.write","https://jans.io/oauth/config/database/ldap.readonly","https://jans.io/oauth/config/database/ldap.write","https://jans.io/oauth/config/jwks.readonly","https://jans.io/oauth/config/jwks.write","https://jans.io/oauth/config/fido2.readonly","https://jans.io/oauth/config/fido2.write","https://jans.io/oauth/config/cache.readonly","https://jans.io/oauth/config/cache.write","https://jans.io/oauth/config/database/couchbase.readonly","https://jans.io/oauth/config/database/couchbase.write","https://jans.io/oauth/config/database/sql.readonly","https://jans.io/oauth/config/database/sql.write","readonly","https://jans.io/oauth/config/stats.readonly","jans_stat"]},{"role":"api-manager","permissions":["https://jans.io/oauth/config/attributes.readonly","https://jans.io/oauth/config/attributes.write","https://jans.io/oauth/config/attributes.delete","https://jans.io/oauth/config/acrs.readonly","https://jans.io/oauth/config/acrs.write","https://jans.io/oauth/config/acrs.delete","https://jans.io/oauth/config/scopes.readonly","https://jans.io/oauth/config/scopes.write","https://jans.io/oauth/config/scopes.delete","https://jans.io/oauth/config/scripts.readonly","https://jans.io/oauth/config/scripts.write","https://jans.io/oauth/config/scripts.delete","https://jans.io/oauth/config/openid/clients.readonly","https://jans.io/oauth/config/openid/clients.write","https://jans.io/oauth/config/openid/clients.delete","https://jans.io/oauth/config/smtp.readonly","https://jans.io/oauth/config/smtp.write","https://jans.io/oauth/config/smtp.delete","https://jans.io/oauth/config/logging.readonly","https://jans.io/oauth/config/logging.write","https://jans.io/oauth/config/uma/resources.readonly","https://jans.io/oauth/config/uma/resources.write","https://jans.io/oauth/config/uma/resources.delete","https://jans.io/oauth/config/database/ldap.readonly","https://jans.io/oauth/config/database/ldap.write","https://jans.io/oauth/config/database/ldap.delete","https://jans.io/oauth/config/jwks.readonly","https://jans.io/oauth/config/jwks.write","https://jans.io/oauth/config/fido2.readonly","https://jans.io/oauth/config/fido2.write","https://jans.io/oauth/config/cache.readonly","https://jans.io/oauth/config/cache.write","https://jans.io/oauth/config/database/couchbase.readonly","https://jans.io/oauth/config/database/couchbase.write","https://jans.io/oauth/config/database/sql.readonly","https://jans.io/oauth/config/database/sql.write","readonly","https://jans.io/oauth/config/stats.readonly","jans_stat"]},{"role":"api-admin","permissions":["https://jans.io/oauth/config/attributes.readonly","https://jans.io/oauth/config/attributes.write","https://jans.io/oauth/config/attributes.delete","https://jans.io/oauth/config/acrs.readonly","https://jans.io/oauth/config/acrs.write","https://jans.io/oauth/config/acrs.delete","https://jans.io/oauth/config/scopes.readonly","https://jans.io/oauth/config/scopes.write","https://jans.io/oauth/config/scopes.delete","https://jans.io/oauth/config/scripts.readonly","https://jans.io/oauth/config/scripts.write","https://jans.io/oauth/config/scripts.delete","https://jans.io/oauth/config/openid/clients.readonly","https://jans.io/oauth/config/openid/clients.write","https://jans.io/oauth/config/openid/clients.delete","https://jans.io/oauth/config/smtp.readonly","https://jans.io/oauth/config/smtp.write","https://jans.io/oauth/config/smtp.delete","https://jans.io/oauth/config/logging.readonly","https://jans.io/oauth/config/logging.write","https://jans.io/oauth/config/uma/resources.readonly","https://jans.io/oauth/config/uma/resources.write","https://jans.io/oauth/config/uma/resources.delete","https://jans.io/oauth/config/database/ldap.readonly","https://jans.io/oauth/config/database/ldap.write","https://jans.io/oauth/config/database/ldap.delete","https://jans.io/oauth/config/jwks.readonly","https://jans.io/oauth/config/jwks.write","https://jans.io/oauth/config/fido2.readonly","https://jans.io/oauth/config/fido2.write","https://jans.io/oauth/config/cache.readonly","https://jans.io/oauth/config/cache.write","https://jans.io/oauth/config/database/couchbase.readonly","https://jans.io/oauth/config/database/couchbase.write","https://jans.io/oauth/config/database/sql.readonly","https://jans.io/oauth/config/database/sql.write","readonly","https://jans.io/oauth/config/stats.readonly","jans_stat","https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly","https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write","https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly","https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write","https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly","https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write","https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly","https://jans.io/oauth/jans-auth-server/config/adminui/license.write","https://jans.io/scim/bulk","https://jans.io/scim/users.write","https://jans.io/scim/fido.read","https://jans.io/scim/all-resources.search","https://jans.io/scim/fido2.read","https://jans.io/scim/groups.write","https://jans.io/scim/users.read","https://jans.io/scim/groups.read","https://jans.io/scim/fido2.write","https://jans.io/scim/fido.write","https://jans.io/oauth/jans-auth-server/config/properties.write","https://jans.io/oauth/jans-auth-server/config/properties.readonly","https://jans.io/oauth/config/jwks.delete","https://jans.io/oauth/config/agama.readonly","https://jans.io/oauth/config/agama.write","https://jans.io/oauth/config/agama.delete","https://jans.io/oauth/config/stats.readonly jans_stat","https://jans.io/oauth/jans-auth-server/session.readonly","https://jans.io/oauth/jans-auth-server/session.delete","revoke_session","https://jans.io/oauth/config/user.readonly","https://jans.io/oauth/config/user.write","https://jans.io/oauth/config/user.delete","https://jans.io/scim/config.readonly","https://jans.io/scim/config.write","https://jans.io/oauth/config/organization.readonly","https://jans.io/oauth/config/organization.write","https://jans.io/oauth/jans-auth-server/config/adminui/user/role.read","https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.read"]}],"licenseSpringCredentials":{"apiKey":"9816ef29-a5fa-4df7-bba7-b7ae83711d28","productCode":"adminui001","sharedKey":"FW4xYR1nFnY6ISWulhMOYSBqx1Li_10D74RznCZxVtQ","managementKey":"raGfAOAy.y9oyJYZaBb8rlM4yfTbNUB7l8InWdE2l","hardwareId":"d4debaba-896d-4874-800a-c51f2d203b1f","licenseKey":"GR2Q-6KMS-WFAK-AZAD"}}
jansRevision: 1
ou: admin-ui
  1. Remove /opt/jans/jetty/jans-config-api/custom/config/auiConfiguration.properties from installation.
duttarnab commented 1 year ago

This is a flex issue, so raised https://github.com/GluuFederation/flex/issues/650