From 306bd524bb1f3139aaed9ca3b3be91390de70fe7 Mon Sep 17 00:00:00 2001 From: Isman Firmansyah Date: Fri, 4 Mar 2022 00:45:14 +0700 Subject: [PATCH] feat: add support for role-based client (i.e. jans-cli) (#956) --- docker-jans-persistence-loader/Dockerfile | 3 ++- .../scripts/utils.py | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 3e39131e14a..d5f5a126d2b 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -57,7 +57,8 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/cache-refresh/o_site.ldif /app/templates/o_site.ldif \ && cp -R ${JANS_SETUP_DIR}/templates/jans-fido2 /app/templates/jans-fido2 \ && cp -R ${JANS_SETUP_DIR}/templates/jans-scim /app/templates/jans-scim \ - && cp ${JANS_SETUP_DIR}/templates/jans-config-api/config.ldif /app/templates/jans-config-api/config.ldif + && cp ${JANS_SETUP_DIR}/templates/jans-config-api/config.ldif /app/templates/jans-config-api/config.ldif \ + && cp -R ${JANS_SETUP_DIR}/templates/jans-cli /app/templates/jans-cli # TODO: casa should be moved from this image ARG GLUU_CASA_VERSION=6aa59af5f7001d8587ca4a9b6c688c861faec5eb diff --git a/docker-jans-persistence-loader/scripts/utils.py b/docker-jans-persistence-loader/scripts/utils.py index 991840b3a85..b6d7e220581 100644 --- a/docker-jans-persistence-loader/scripts/utils.py +++ b/docker-jans-persistence-loader/scripts/utils.py @@ -336,6 +336,27 @@ def merge_casa_ctx(manager, ctx): return ctx +def merge_jans_cli_ctx(manager, ctx): + # jans-cli client + ctx["role_based_client_id"] = manager.config.get("role_based_client_id") + if not ctx["role_based_client_id"]: + ctx["role_based_client_id"] = f"2000.{uuid4()}" + manager.config.set("role_based_client_id", ctx["role_based_client_id"]) + + ctx["role_based_client_pw"] = manager.secret.get("role_based_client_pw") + if not ctx["role_based_client_pw"]: + ctx["role_based_client_pw"] = get_random_chars() + manager.secret.set("role_based_client_pw", ctx["role_based_client_pw"]) + + ctx["role_based_client_encoded_pw"] = manager.secret.get("role_based_client_encoded_pw") + if not ctx["role_based_client_encoded_pw"]: + ctx["role_based_client_encoded_pw"] = encode_text( + ctx["role_based_client_pw"], manager.secret.get("encoded_salt"), + ).decode() + manager.secret.set("role_based_client_encoded_pw", ctx["role_based_client_encoded_pw"]) + return ctx + + def prepare_template_ctx(manager): opt_scopes = json.loads(manager.config.get("optional_scopes", "[]")) @@ -345,6 +366,7 @@ def prepare_template_ctx(manager): ctx = merge_config_api_ctx(ctx) ctx = merge_fido2_ctx(ctx) ctx = merge_scim_ctx(ctx) + ctx = merge_jans_cli_ctx(manager, ctx) if "casa" in opt_scopes: ctx = merge_casa_ctx(manager, ctx) @@ -384,6 +406,7 @@ def default_files(): "jans-config-api/admin-ui-clients.ldif", "jans-auth/configuration.ldif", "jans-auth/role-scope-mappings.ldif", + "jans-cli/client.ldif", ] if "scim" in optional_scopes: