fix(jans-config-api): IDP mandatory attributes missing from OpenAPI

[moabu]

Describe the bug If I pass a request with only the mandatory fields the response is that there is mandatory fields missing which are not detailed in the openAPI spec.

REQUEST:

POST /jans-config-api/kc/saml/idp/upload HTTP/1.1 Host: moabu-promoted-loon.gluu.info Accept: application/json Content-Type: multipart/form-data; boundary=71a3a049572880105baa5ce1195293c82073b60213a3909c8d6702fc9961

--71a3a049572880105baa5ce1195293c82073b60213a3909c8d6702fc9961 Content-Disposition: form-data; name="identityProvider" Content-Type: application/json

{"dn":"","inum":"","creatorId":"admin","name":"test-idp","displayName":"Test IDP",
"description":"Test IDP","realm":"jans","enabled":false,"signingCertificate":"","validateSignature":"",
"singleLogoutServiceUrl":"","nameIDPolicyFormat":"","idpEntityId":"","singleSignOnServiceUrl":"",
"encryptionPublicKey":"","providerId":"","trustEmail":false,"storeToken":false,
"addReadTokenRoleOnCreate":false,"authenticateByDefault":false,"linkOnly":false,
"firstBrokerLoginFlowAlias":"","postBrokerLoginFlowAlias":"","spMetaDataURL":"",
"spMetaDataLocation":"","idpMetaDataURL":"","idpMetaDataLocation":"","status":"",
"validationStatus":"","validationLog":null,"baseDn":"","validUntil":"","cacheDuration":""}

RESPONSE: HTTP/1.1 500 Server Error Connection: close Content-Length: 687 Cache-Control: must-revalidate,no-cache,no-store Content-Type: application/json Date: Mon, 11 Mar 2024 08:32:04 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block

{
"cause1":"io.jans.util.exception.InvalidAttributeException: IDP mandatory attribute missing - [nameIDPolicyFormat, idpEntityId, singleSignOnServiceUrl] !!!",
"servlet":"io.jans.configapi.plugin.saml.rest.ApiApplication",
"cause0":"org.jboss.resteasy.spi.UnhandledException: io.jans.util.exception.InvalidAttributeException: IDP mandatory attribute missing - [nameIDPolicyFormat, idpEntityId, singleSignOnServiceUrl] !!!",
"message":"org.jboss.resteasy.spi.UnhandledException: io.jans.util.exception.InvalidAttributeException: IDP mandatory attribute missing - [nameIDPolicyFormat, idpEntityId, singleSignOnServiceUrl] !!!",
"url":"/jans-config-api/kc/saml/idp/upload",
"status":"500"
}

[moabu]

if the mandatory properties are passed

"nameIDPolicyFormat": "urn:mace:shibboleth:1.0:nameIdentifier",
"idpEntityId": "https://moabu-promoted-loon.gluu.info/idp/shibboleth",
"singleSignOnServiceUrl": "https://moabu-promoted-loon.gluu.info/idp/profile/SAML2/POST/SSO",

REQUEST: POST /jans-config-api/kc/saml/idp/upload HTTP/1.1 Host: moabu-promoted-loon.gluu.info Accept: application/json

Content-Disposition: form-data; name="identityProvider" Content-Type: application/json

{"dn":"","inum":"","creatorId":"admin","name":"test-idp",
"displayName":"Test IDP","description":"Test IDP","realm":"jans","enabled":false,"signingCertificate":"",
"validateSignature":"","singleLogoutServiceUrl":"",
"nameIDPolicyFormat":"urn:mace:shibboleth:1.0:nameIdentifier",
"idpEntityId":"https://moabu-promoted-loon.gluu.info/idp/shibboleth",
"singleSignOnServiceUrl":"https://moabu-promoted-loon.gluu.info/idp/profile/SAML2/POST/SSO","encryptionPublicKey":"","providerId":"",
"trustEmail":false,"storeToken":false,"addReadTokenRoleOnCreate":false,
"authenticateByDefault":false,"linkOnly":false,
"firstBrokerLoginFlowAlias":"","postBrokerLoginFlowAlias":"",
"spMetaDataURL":"","spMetaDataLocation":"","idpMetaDataURL":"",
"idpMetaDataLocation":"","status":"","validationStatus":"",
"validationLog":null,"baseDn":"","validUntil":"","cacheDuration":""}

RESPONSE: HTTP/1.1 500 Server Error Connection: close Content-Length: 869 Content-Type: application/json Date: Mon, 11 Mar 2024 08:33:04 GMT Server: Apache/2.4.52 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block

{"code":"500","message":"Application Error","description":"Error while creating/updating IDP{\"addReadTokenRoleOnCreate\":true,\"displayName\":\"Test IDP\",\"trustEmail\":false,\"linkOnly\":false,\"enabled\":false,\"storeToken\":true,\"internalId\":\"2fc4f961-5da2-4142-8d4e-ab2d0eb7909e\",\"firstBrokerLoginFlowAlias\":\"\",\"providerId\":\"saml\",\"postBrokerLoginFlowAlias\":\"\",\"alias\":\"test-idp\",\"authenticateByDefault\":false,\"config\":{\"validateSignature\":\"\",\"signingCertificate\":\"\",\"singleLogoutServiceUrl\":\"\",\"nameIDPolicyFormat\":\"urn:mace:shibboleth:1.0:nameIdentifier\",\"singleSignOnServiceUrl\":\"https://moabu-promoted-loon.gluu.info/idp/profile/SAML2/POST/SSO\",\"encryptionPublicKey\":\"\",\"idpEntityId\":\"https://moabu-promoted-loon.gluu.info/idp/shibboleth\"}}, Status is Internal Server Error - {\"error\":\"unknown_error\"}"}

[pujavs]

Adding @uprightech to the issue for expert opinion and suggestions

@moabu following is my analysis

1. Issue#1: If I pass a request with only the mandatory fields the response is that there is mandatory fields missing which are not detailed in the openAPI spec. Analysis: Keycloak requires IDP Metadata details without which IDP cannot be created and hence we have enforced the minimum required fields. We are using same method for either uploading metadata file or individual metadata elements and OpenAPI Spec does not allow to specify if and else condition. Thus this check is done in the code and missing field error is thrown if check fails.

2. Issue#2: if the mandatory properties are passed then getting 500 Server Error Analysis: Response from Keycloak server is Internal Server Error -> unknown_error I verified each attribute and the issue is with firstBrokerLoginFlowAlias. Since value passed is empty string Keycloak Server tries to find the flow and does not find and thus throws error. I will check if we can get the cause in Keycloak response