feat(config-api): new fido2 endpoint, swagger spec changes for SAML T…

…R , Acr endpoint enhancement (#9240)

* fix(config-api): asset mgt endpoint fixes

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): asset upload

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): lock review comments

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock code review comments

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 delete functionality

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): acr validation

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): doc(config-api): IDP schema attribute descriptions #9187

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): uploading assets via API generates 2 entries #9178

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset mgt, fido and IDP changes

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 device endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): resolved sonar review issues

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sonar review comment fix

Signed-off-by: pujavs <pujas.works@gmail.com>

---------

Signed-off-by: pujavs <pujas.works@gmail.com>
Former-commit-id: a7d134e

jans-config-api/common/src/main/java/io/jans/configapi/model/configuration/ApiAppConfiguration.java

@@ -79,6 +79,9 @@ public class ApiAppConfiguration implements Configuration {
     @Schema(description = "Maximum number of results per page in search endpoints.")
     private int maxCount;
 
+    @Schema(description = "List of ACR values that should be excluded from active validation check.")
+    private List<String> acrExclusionList;
+
     @Schema(description = "User attribute that should not be returned in response.")
     private List<String> userExclusionAttributes;
 
@@ -99,7 +102,7 @@ public class ApiAppConfiguration implements Configuration {
 
     @Schema(description = "Asset management configuration details.")
     private AssetMgtConfiguration assetMgtConfiguration;
-    
+
     public String getServiceName() {
         return serviceName;
     }
@@ -287,6 +290,14 @@ public void setMaxCount(int maxCount) {
         }
     }
 
+    public List<String> getAcrExclusionList() {
+        return acrExclusionList;
+    }
+
+    public void setAcrExclusionList(List<String> acrExclusionList) {
+        this.acrExclusionList = acrExclusionList;
+    }
+
     public List<String> getUserExclusionAttributes() {
         return userExclusionAttributes;
     }
@@ -345,20 +356,22 @@ public void setAssetMgtConfiguration(AssetMgtConfiguration assetMgtConfiguration
 
     @Override
     public String toString() {
-        return "ApiAppConfiguration [serviceName="+serviceName+", configOauthEnabled=" + configOauthEnabled + ", disableLoggerTimer="
-                + disableLoggerTimer + ", disableAuditLogger=" + disableAuditLogger
+        return "ApiAppConfiguration [serviceName=" + serviceName + ", configOauthEnabled=" + configOauthEnabled
+                + ", disableLoggerTimer=" + disableLoggerTimer + ", disableAuditLogger=" + disableAuditLogger
                 + ", customAttributeValidationEnabled=" + customAttributeValidationEnabled + ", acrValidationEnabled="
                 + acrValidationEnabled + ", apiApprovedIssuer=" + apiApprovedIssuer + ", apiProtectionType="
-                + apiProtectionType + ", apiClientId=" + apiClientId + ", endpointInjectionEnabled="
-                + endpointInjectionEnabled + ", authIssuerUrl=" + authIssuerUrl + ", authOpenidConfigurationUrl="
-                + authOpenidConfigurationUrl + ", authOpenidIntrospectionUrl=" + authOpenidIntrospectionUrl
-                + ", authOpenidTokenUrl=" + authOpenidTokenUrl + ", authOpenidRevokeUrl=" + authOpenidRevokeUrl
-                + ", exclusiveAuthScopes=" + exclusiveAuthScopes + ", corsConfigurationFilters="
+                + apiProtectionType + ", apiClientId=" + apiClientId 
+                + ", endpointInjectionEnabled=" + endpointInjectionEnabled + ", authIssuerUrl=" + authIssuerUrl
+                + ", authOpenidConfigurationUrl=" + authOpenidConfigurationUrl + ", authOpenidIntrospectionUrl="
+                + authOpenidIntrospectionUrl + ", authOpenidTokenUrl=" + authOpenidTokenUrl + ", authOpenidRevokeUrl="
+                + authOpenidRevokeUrl + ", exclusiveAuthScopes=" + exclusiveAuthScopes + ", corsConfigurationFilters="
                 + corsConfigurationFilters + ", loggingLevel=" + loggingLevel + ", loggingLayout=" + loggingLayout
                 + ", externalLoggerConfiguration=" + externalLoggerConfiguration + ", disableJdkLogger="
-                + disableJdkLogger + ", maxCount=" + maxCount + ", userExclusionAttributes=" + userExclusionAttributes
-                + ", userMandatoryAttributes=" + userMandatoryAttributes + ", agamaConfiguration=" + agamaConfiguration
-                + ", auditLogConf=" + auditLogConf + ", dataFormatConversionConf=" + dataFormatConversionConf
-                + ", plugins=" + plugins + ", assetMgtConfiguration=" + assetMgtConfiguration + "]";
-    }
+                + disableJdkLogger + ", maxCount=" + maxCount + ", acrExclusionList=" + acrExclusionList
+                + ", userExclusionAttributes=" + userExclusionAttributes + ", userMandatoryAttributes="
+                + userMandatoryAttributes + ", agamaConfiguration=" + agamaConfiguration + ", auditLogConf="
+                + auditLogConf + ", dataFormatConversionConf=" + dataFormatConversionConf + ", plugins=" + plugins
+                + ", assetMgtConfiguration=" + assetMgtConfiguration + "]";
+    }    
+
 }

jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java

@@ -8,9 +8,6 @@ private ApiAccessConstants() {
     public static final String JANS_AUTH_CONFIG_READ_ACCESS = "https://jans.io/oauth/jans-auth-server/config/properties.readonly";
     public static final String JANS_AUTH_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/jans-auth-server/config/properties.write";
 
-    public static final String FIDO2_CONFIG_READ_ACCESS = "https://jans.io/oauth/config/fido2.readonly";
-    public static final String FIDO2_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/config/fido2.write";
-
     public static final String ATTRIBUTES_READ_ACCESS = "https://jans.io/oauth/config/attributes.readonly";
     public static final String ATTRIBUTES_WRITE_ACCESS = "https://jans.io/oauth/config/attributes.write";
     public static final String ATTRIBUTES_DELETE_ACCESS = "https://jans.io/oauth/config/attributes.delete";

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -8366,21 +8366,21 @@ components:
           $ref: '#/components/schemas/AttributeValidation'
         tooltip:
           type: string
+        selected:
+          type: boolean
+        whitePagesCanView:
+          type: boolean
         userCanView:
           type: boolean
         userCanEdit:
           type: boolean
-        adminCanView:
-          type: boolean
         adminCanEdit:
           type: boolean
-        adminCanAccess:
+        adminCanView:
           type: boolean
         userCanAccess:
           type: boolean
-        selected:
-          type: boolean
-        whitePagesCanView:
+        adminCanAccess:
           type: boolean
         baseDn:
           type: string
@@ -8531,6 +8531,15 @@ components:
           type: array
           items:
             type: string
+        applyXFrameOptionsHeaderIfUriContainsAny:
+          type: array
+          items:
+            type: string
+        xframeOptionsHeaderValue:
+          type: string
+          enum:
+          - SAMEORIGIN
+          - DENY
         responseTypesSupported:
           uniqueItems: true
           type: array
@@ -9217,8 +9226,6 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
-        fapi:
-          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -9228,6 +9235,8 @@ components:
             - code
             - token
             - id_token
+        fapi:
+          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -9994,10 +10003,10 @@ components:
           type: array
           items:
             type: object
-        displayValue:
-          type: string
         value:
           type: object
+        displayValue:
+          type: string
     LocalizedString:
       type: object
       properties:
@@ -10109,6 +10118,14 @@ components:
           type: integer
           description: Maximum number of results per page in search endpoints.
           format: int32
+        acrExclusionList:
+          type: array
+          description: List of ACR values that should be excluded from active validation
+            check.
+          items:
+            type: string
+            description: List of ACR values that should be excluded from active validation
+              check.
         userExclusionAttributes:
           type: array
           description: User attribute that should not be returned in response.
@@ -10352,14 +10369,14 @@ components:
           type: boolean
         internal:
           type: boolean
+        locationPath:
+          type: string
         locationType:
           type: string
           enum:
           - ldap
           - db
           - file
-        locationPath:
-          type: string
         baseDn:
           type: string
     ScriptError:

jans-config-api/plugins/docs/fido2-plugin-swagger.yaml

@@ -14,6 +14,7 @@ servers:
   description: The Jans server
 tags:
 - name: Fido2 - Configuration
+- name: Fido2 - Registration
 paths:
   /fido2/fido2-config:
     get:
@@ -62,6 +63,46 @@ paths:
       security:
       - oauth2:
         - https://jans.io/oauth/config/fido2.write
+  /fido2/registration/device/{uuid}:
+    delete:
+      tags:
+      - Fido2 - Registration
+      summary: Delete Fido2 Device Data based on device UID
+      description: Delete Fido2 Device Data based on device UID
+      operationId: delete-fido2-device-data
+      parameters:
+      - name: uuid
+        in: path
+        description: Unique identifier string (UUID) assigned to device.
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          description: No Content
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "401":
+          description: Unauthorized
+        "404":
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "500":
+          description: InternalServerError
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+      security:
+      - oauth2:
+        - https://jans.io/oauth/config/fido2.delete
   /fido2/registration/entries/{username}:
     get:
       tags:
@@ -92,6 +133,75 @@ paths:
       security:
       - oauth2:
         - https://jans.io/oauth/config/fido2.readonly
+  /fido2/registration:
+    get:
+      tags:
+      - Fido2 - Registration
+      summary: Get a list of Fido2RegistrationEntry.
+      description: Get a list of Fido2RegistrationEntry.
+      operationId: get-fido2-registration-data
+      parameters:
+      - name: limit
+        in: query
+        description: Search size - max size of the results to return
+        schema:
+          type: integer
+          format: int32
+          default: 50
+      - name: pattern
+        in: query
+        description: Search pattern
+        schema:
+          type: string
+          default: ""
+      - name: startIndex
+        in: query
+        description: The 1-based index of the first query result
+        schema:
+          type: integer
+          format: int32
+          default: 0
+      - name: sortBy
+        in: query
+        description: Data whose value will be used to order the returned response
+        schema:
+          type: string
+          default: jansId
+      - name: sortOrder
+        in: query
+        description: Order in which the sortBy param is applied. Allowed values are
+          "ascending" and "descending"
+        schema:
+          type: string
+          default: ascending
+      - name: fieldValuePair
+        in: query
+        description: Field and value pair for seraching
+        schema:
+          type: string
+          default: ""
+        examples:
+          Field value example:
+            description: Field value example
+            value: "mail=abc@mail.com,jansStatus=true"
+      responses:
+        "200":
+          description: Ok
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Fido2RegistrationEntryPagedResult'
+              examples:
+                Response example:
+                  description: Response example
+                  value: ""
+        "401":
+          description: Unauthorized
+        "500":
+          description: InternalServerError
+      security:
+      - oauth2:
+        - https://jans.io/oauth/config/fido2.readonly
 components:
   schemas:
     AppConfiguration:
@@ -187,6 +297,15 @@ components:
           type: array
           items:
             type: string
+    ApiError:
+      type: object
+      properties:
+        code:
+          type: string
+        message:
+          type: string
+        description:
+          type: string
     Fido2DeviceData:
       type: object
       properties:
@@ -328,14 +447,29 @@ components:
           writeOnly: true
         baseDn:
           type: string
+    Fido2RegistrationEntryPagedResult:
+      type: object
+      properties:
+        start:
+          type: integer
+          format: int32
+        totalEntriesCount:
+          type: integer
+          format: int32
+        entriesCount:
+          type: integer
+          format: int32
+        entries:
+          type: array
+          items:
+            $ref: '#/components/schemas/Fido2RegistrationEntry'
   securitySchemes:
     oauth2:
       type: oauth2
       flows:
         clientCredentials:
           tokenUrl: "https://{op-hostname}/.../token"
           scopes:
-            https://jans.io/oauth/config/fido2.readonly: View fido2 configuration
-              related information
-            https://jans.io/oauth/config/fido2.write: Manage fido2 configuration related
-              information
+            https://jans.io/oauth/config/fido2.readonly: View fido2 related information
+            https://jans.io/oauth/config/fido2.write: Manage fido2 related information
+            https://jans.io/oauth/config/fido2.delete: Delete fido2 related information