diff --git a/jans-auth-server/common/src/main/java/io/jans/as/common/model/ssa/SsaAttributes.java b/jans-auth-server/common/src/main/java/io/jans/as/common/model/ssa/SsaAttributes.java index 63a6d9e276f..fcea3fbd937 100644 --- a/jans-auth-server/common/src/main/java/io/jans/as/common/model/ssa/SsaAttributes.java +++ b/jans-auth-server/common/src/main/java/io/jans/as/common/model/ssa/SsaAttributes.java @@ -2,6 +2,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -80,6 +81,9 @@ public void setClientDn(String clientDn) { } public Map getCustomAttributes() { + if (customAttributes == null) { + customAttributes = new HashMap<>(); + } return customAttributes; } diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaService.java index 30e65b929c5..80b1a32f8f6 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/ssa/ws/rs/SsaService.java @@ -49,7 +49,7 @@ public Jwt generateJwt(Ssa ssa, ExecutionContext executionContext, WebKeysConfig jwt.getClaims().setIssuedAt(ssa.getCreationDate()); jwt.getClaims().setExpirationTime(ssa.getExpirationDate()); jwt.getClaims().setClaim("software_id", ssa.getAttributes().getSoftwareId()); - jwt.getClaims().setClaim("org_id", ssa.getOrgId()); + jwt.getClaims().setClaim("org_id", Long.parseLong(ssa.getOrgId())); jwt.getClaims().setClaim("software_roles", ssa.getAttributes().getSoftwareRoles()); jwt.getClaims().setClaim("grant_types", ssa.getAttributes().getGrantTypes()); diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/SsaServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/SsaServiceTest.java index 8dd4866cdf2..33acfc5799f 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/SsaServiceTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/ssa/ws/rs/SsaServiceTest.java @@ -233,7 +233,7 @@ private static void assertSsaJwt(JSONWebKey jsonWebKey, String ssaSigningAlg, St JwtClaims jwtClaims = jwt.getClaims(); assertNotNull(jwtClaims.getClaim("org_id"), "The org_id in jwt is null"); - assertEquals(jwtClaims.getClaim("org_id"), ssa.getOrgId()); + assertEquals(jwtClaims.getClaim("org_id"), Long.parseLong(ssa.getOrgId())); assertNotNull(jwtClaims.getClaim("software_id"), "The software_id in jwt is null"); assertEquals(jwtClaims.getClaim("software_id"), ssa.getAttributes().getSoftwareId()); assertNotNull(jwtClaims.getClaim("software_roles"), "The software_roles in jwt is null"); diff --git a/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json b/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json index ab2c4bdcb37..1e86209a503 100644 --- a/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json +++ b/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json @@ -244,6 +244,7 @@ "oxAuthSectorIdentifierURI": "jansSectorIdentifierURI", "oxAuthSessionAttribute": "jansSessAttr", "oxAuthSessionId": "jansSessId", + "oxAuthSsa": "jansSsa", "oxAuthSignedResponseAlg": "jansSignedRespAlg", "oxAuthSubjectType": "jansSubjectTyp", "oxAuthTokenEndpointAuthMethod": "jansTknEndpointAuthMethod", diff --git a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py index ff36a4a9a2e..6342fc8886e 100644 --- a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py +++ b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py @@ -244,7 +244,7 @@ def load_test_data(self): 'tokenEndpointAuthMethodsSupported': [ 'client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'tls_client_auth', 'self_signed_tls_client_auth', 'none' ], 'sessionIdRequestParameterEnabled': True, 'skipRefreshTokenDuringRefreshing': False, - 'featureFlags': ['unknown', 'health_check', 'userinfo', 'clientinfo', 'id_generation', 'registration', 'introspection', 'revoke_token', 'revoke_session', 'end_session', 'status_session', 'jans_configuration', 'ciba', 'uma', 'u2f', 'device_authz', 'stat', 'par'], + 'featureFlags': ['unknown', 'health_check', 'userinfo', 'clientinfo', 'id_generation', 'registration', 'introspection', 'revoke_token', 'revoke_session', 'end_session', 'status_session', 'jans_configuration', 'ciba', 'uma', 'u2f', 'device_authz', 'stat', 'par', 'ssa'], 'cleanServiceInterval':7200, 'loggingLevel': 'TRACE', } diff --git a/jans-linux-setup/jans_setup/templates/base.ldif b/jans-linux-setup/jans_setup/templates/base.ldif index 6a6db142854..4241234eaa0 100644 --- a/jans-linux-setup/jans_setup/templates/base.ldif +++ b/jans-linux-setup/jans_setup/templates/base.ldif @@ -138,3 +138,7 @@ objectClass: top objectClass: organizationalUnit ou: trustRelationships +dn: ou=ssa,o=jans +objectClass: top +objectClass: organizationalUnit +ou: ssa \ No newline at end of file diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-errors.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-errors.json index 855d63bfbc0..bb0a3b8247e 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-errors.json +++ b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-errors.json @@ -532,5 +532,27 @@ "description": "The resource owner or OpenID Provider denied the request.", "uri": null } + ], + "ssa":[ + { + "id": "invalid_request", + "description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.", + "uri": null + }, + { + "id": "unauthorized_client", + "description": "The Client is not authorized to use this authentication flow.", + "uri": null + }, + { + "id": "invalid_client", + "description": "The Client is not authorized to use this authentication flow.", + "uri": null + }, + { + "id": "unknown_error", + "description": "Unknown or not found error.", + "uri": null + } ] } diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-static-conf.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-static-conf.json index 2d2a96cfbf1..bfc3e5ec82b 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-static-conf.json +++ b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-static-conf.json @@ -17,6 +17,7 @@ "u2fBase":"ou=u2f,o=jans", "metric":"ou=statistic,o=metric", "sectorIdentifiers": "ou=sector_identifiers,o=jans", - "ciba": "ou=ciba,o=jans" + "ciba": "ou=ciba,o=jans", + "ssa": "ou=ssa,o=jans" } } diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif b/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif index cad0653b063..461280a0ad7 100644 --- a/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif +++ b/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif @@ -228,6 +228,16 @@ jansScopeTyp: uma objectClass: jansScope objectClass: top +dn: inum=SSA1-AD01,ou=scopes,o=jans +displayName: SSA Admin +inum: SSA1-AD01 +jansAttrs: {"spontaneousClientId":"","spontaneousClientScopes":[],"showInConfigurationEndpoint":true} +jansId: https://jans.io/auth/ssa.admin +jansScopeTyp: openid +objectClass: jansScope +jansDefScope: true +objectClass: top + dn: jansId=a55ede29-8f5a-461d-b06e-76caee8d40b5,ou=sector_identifiers,o=jans jansId: a55ede29-8f5a-461d-b06e-76caee8d40b5 jansRedirectURI: https://www.jans.org