JanssenProject · yuriyz · Oct 10, 2022 · Oct 9, 2022
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -80,6 +81,9 @@ public void setClientDn(String clientDn) {
     }
 
     public Map<String, String> getCustomAttributes() {
+        if (customAttributes == null) {
+            customAttributes = new HashMap<>();
+        }
         return customAttributes;
     }
 

@@ -49,7 +49,7 @@ public Jwt generateJwt(Ssa ssa, ExecutionContext executionContext, WebKeysConfig
             jwt.getClaims().setIssuedAt(ssa.getCreationDate());
             jwt.getClaims().setExpirationTime(ssa.getExpirationDate());
             jwt.getClaims().setClaim("software_id", ssa.getAttributes().getSoftwareId());
-            jwt.getClaims().setClaim("org_id", ssa.getOrgId());
+            jwt.getClaims().setClaim("org_id", Long.parseLong(ssa.getOrgId()));
             jwt.getClaims().setClaim("software_roles", ssa.getAttributes().getSoftwareRoles());
             jwt.getClaims().setClaim("grant_types", ssa.getAttributes().getGrantTypes());
 

@@ -233,7 +233,7 @@ private static void assertSsaJwt(JSONWebKey jsonWebKey, String ssaSigningAlg, St
 
         JwtClaims jwtClaims = jwt.getClaims();
         assertNotNull(jwtClaims.getClaim("org_id"), "The org_id in jwt is null");
-        assertEquals(jwtClaims.getClaim("org_id"), ssa.getOrgId());
+        assertEquals(jwtClaims.getClaim("org_id"), Long.parseLong(ssa.getOrgId()));
         assertNotNull(jwtClaims.getClaim("software_id"), "The software_id in jwt is null");
         assertEquals(jwtClaims.getClaim("software_id"), ssa.getAttributes().getSoftwareId());
         assertNotNull(jwtClaims.getClaim("software_roles"), "The software_roles in jwt is null");

@@ -244,6 +244,7 @@
     "oxAuthSectorIdentifierURI": "jansSectorIdentifierURI",
     "oxAuthSessionAttribute": "jansSessAttr",
     "oxAuthSessionId": "jansSessId",
+    "oxAuthSsa": "jansSsa",
     "oxAuthSignedResponseAlg": "jansSignedRespAlg",
     "oxAuthSubjectType": "jansSubjectTyp",
     "oxAuthTokenEndpointAuthMethod": "jansTknEndpointAuthMethod",

@@ -244,7 +244,7 @@ def load_test_data(self):
                                     'tokenEndpointAuthMethodsSupported': [ 'client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'tls_client_auth', 'self_signed_tls_client_auth', 'none' ],
                                     'sessionIdRequestParameterEnabled': True,
                                     'skipRefreshTokenDuringRefreshing': False,
-                                    'featureFlags': ['unknown', 'health_check', 'userinfo', 'clientinfo', 'id_generation', 'registration', 'introspection', 'revoke_token', 'revoke_session', 'end_session', 'status_session', 'jans_configuration', 'ciba', 'uma', 'u2f', 'device_authz', 'stat', 'par'],
+                                    'featureFlags': ['unknown', 'health_check', 'userinfo', 'clientinfo', 'id_generation', 'registration', 'introspection', 'revoke_token', 'revoke_session', 'end_session', 'status_session', 'jans_configuration', 'ciba', 'uma', 'u2f', 'device_authz', 'stat', 'par', 'ssa'],
                                     'cleanServiceInterval':7200,
                                     'loggingLevel': 'TRACE',
                                     }

@@ -138,3 +138,7 @@ objectClass: top
 objectClass: organizationalUnit
 ou: trustRelationships
 
+dn: ou=ssa,o=jans
+objectClass: top
+objectClass: organizationalUnit
+ou: ssa
@@ -532,5 +532,27 @@
             "description": "The resource owner or OpenID Provider denied the request.",
             "uri": null
         }
+    ],
+    "ssa":[
+        {
+            "id": "invalid_request",
+            "description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.",
+            "uri": null
+        },
+        {
+            "id": "unauthorized_client",
+            "description": "The Client is not authorized to use this authentication flow.",
+            "uri": null
+        },
+        {
+            "id": "invalid_client",
+            "description": "The Client is not authorized to use this authentication flow.",
+            "uri": null
+        },
+        {
+            "id": "unknown_error",
+            "description": "Unknown or not found error.",
+            "uri": null
+        }
     ]
 }
@@ -17,6 +17,7 @@
         "u2fBase":"ou=u2f,o=jans",
         "metric":"ou=statistic,o=metric",
         "sectorIdentifiers": "ou=sector_identifiers,o=jans",
-        "ciba": "ou=ciba,o=jans"
+        "ciba": "ou=ciba,o=jans",
+        "ssa": "ou=ssa,o=jans"
     }
 }
@@ -228,6 +228,16 @@ jansScopeTyp: uma
 objectClass: jansScope
 objectClass: top
 
+dn: inum=SSA1-AD01,ou=scopes,o=jans
+displayName: SSA Admin
+inum: SSA1-AD01
+jansAttrs: {"spontaneousClientId":"","spontaneousClientScopes":[],"showInConfigurationEndpoint":true}
+jansId: https://jans.io/auth/ssa.admin
+jansScopeTyp: openid
+objectClass: jansScope
+jansDefScope: true
+objectClass: top
+
 dn: jansId=a55ede29-8f5a-461d-b06e-76caee8d40b5,ou=sector_identifiers,o=jans
 jansId: a55ede29-8f5a-461d-b06e-76caee8d40b5
 jansRedirectURI: https://www.jans.org