fix(jans-auth): fido - #10445 modified the script and properties file…

… for fido (#10446)
JanssenProject · Dec 18, 2024 · a3c6777 · a3c6777
1 parent ff65c0f
commit a3c6777
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 31 deletions.
diff --git a/...-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py b/...-catalog/person_authentication/fido2-external-authenticator/Fido2ExternalAuthenticator.py
@@ -18,13 +18,15 @@
 from java.util.concurrent.locks import ReentrantLock
 from jakarta.ws.rs import ClientErrorException
 from jakarta.ws.rs.core import Response
-
-
+from io.jans.fido2.model.assertion import AssertionOptions
+from io.jans.fido2.model.attestation import AttestationOptions
+from io.jans.fido2.model.assertion import AssertionResult
+from io.jans.fido2.model.attestation import AttestationResult
 from io.jans.jsf2.message import FacesMessages
 from io.jans.jsf2.service import FacesService
 from jakarta.faces.context import FacesContext
 from jakarta.faces.application import FacesMessage
-
+from com.fasterxml.jackson.databind import ObjectMapper
 from jakarta.servlet.http import Cookie
 
 
@@ -76,7 +78,7 @@ def authenticate(self, configurationAttributes, requestParameters, step):
         authenticationService = CdiUtil.bean(AuthenticationService)
         identity = CdiUtil.bean(Identity)
 
-
+        mapper = ObjectMapper()
         token_response = ServerUtil.getFirstValue(requestParameters, "tokenResponse")
 
         if step == 1:
@@ -96,10 +98,10 @@ def authenticate(self, configurationAttributes, requestParameters, step):
                     return False
 
                 if auth_method == 'authenticate':
-                    print "Fido2. Prepare for step 2. Call Fido2 in order to finish authentication flow"
+                    print "Fido2. Authenticate step 2. Call Fido2 in order to finish authentication flow"
                     assertionService = Fido2ClientFactory.instance().createAssertionService(self.metaDataConfiguration)
-
-                    assertionStatus = assertionService.verify(token_response)
+                    assertionResult = mapper.readValue(token_response, AssertionResult)
+                    assertionStatus = assertionService.verify(assertionResult)
                     authenticationStatusEntity = assertionStatus.readEntity(java.lang.String)
                     print "token_response %s " % token_response
                     print "assertionStatus: %s" % assertionStatus
@@ -132,7 +134,7 @@ def authenticate(self, configurationAttributes, requestParameters, step):
             return True
         elif step == 2:
             print "Fido2. Authenticate for step 2"
-
+            
             token_response = ServerUtil.getFirstValue(requestParameters, "tokenResponse")
             if token_response == None:
                 print "Fido2. Authenticate for step 2. tokenResponse is empty"
@@ -152,8 +154,9 @@ def authenticate(self, configurationAttributes, requestParameters, step):
             if auth_method == 'authenticate':
                 print "Fido2. Prepare for step 2. Call Fido2 in order to finish authentication flow"
                 assertionService = Fido2ClientFactory.instance().createAssertionService(self.metaDataConfiguration)
-
-                assertionStatus = assertionService.verify(token_response)
+                assertionResult = mapper.readValue(token_response, AssertionResult)
+
+                assertionStatus = assertionService.verify(assertionResult)
                 authenticationStatusEntity = assertionStatus.readEntity(java.lang.String)
                 print "token_response %s " % token_response
                 print "assertionStatus: %s" % assertionStatus
@@ -167,8 +170,9 @@ def authenticate(self, configurationAttributes, requestParameters, step):
             elif auth_method == 'enroll':
                 print "Fido2. Prepare for step 2. Call Fido2 in order to finish registration flow"
                 attestationService = Fido2ClientFactory.instance().createAttestationService(self.metaDataConfiguration)
-
-                attestationStatus = attestationService.verify(token_response)
+                attestationResult = mapper.readValue(token_response, AttestationResult)
+                attestationStatus = attestationService.verify(attestationResult)
+
                 print "Fido2. token_response %s " % token_response
                 print "Fido2. attestationStatus: %s" % attestationStatus
                 print "Fido2. attestationStatus.getStatus() : %s" % attestationStatus.getStatus() 
@@ -204,9 +208,12 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
         if step == 1:
             try:
                 print "Fido2. Prepare for step 1. Call Fido2 endpoint in order to start assertion flow"
-                assertionRequest = json.dumps({ 'origin': domain, 'allowCredentials': allowList}, separators=(',', ':'))
-                print ("Assertion Request : %s" % assertionRequest)
+
+                assertionRequest = AssertionOptions()
+                assertionRequest.setOrigin(domain)
+                assertionRequest.setAllowCredentials(Arrays.asList(allowList))
                 assertionResponse = assertionService.authenticate(assertionRequest).readEntity(java.lang.String)
+
                 print "assertionResponse %s " % assertionResponse
                 identity.setWorkingParameter("fido2_assertion_request", ServerUtil.asJson(assertionResponse))
 
@@ -237,7 +244,10 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
             if count > 0:
                 print "Fido2. Prepare for step 2. Call Fido2 endpoint in order to start assertion flow"
                 try:
-                    assertionRequest = json.dumps({'username': userName, 'origin': domain}, separators=(',', ':'))
+
+                    assertionRequest = AssertionOptions()
+                    assertionRequest.setUsername(userName)
+                    assertionRequest.setOrigin(domain)
                     assertionResponse = assertionService.authenticate(assertionRequest).readEntity(java.lang.String)
                     print "assertionResponse %s " % assertionResponse
 
@@ -249,10 +259,11 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
 
                 try:
                     attestationService = Fido2ClientFactory.instance().createAttestationService(metaDataConfiguration)
-                    basic_json = {'username': userName, 'displayName': userName, 'origin': domain}
-                    print " basic_json %s" % basic_json
-
-                    attestationRequest = json.dumps(basic_json)
+
+                    attestationRequest = AttestationOptions()
+                    attestationRequest.setUsername(userName)
+                    attestationRequest.setOrigin(domain)
+                    attestationRequest.setDisplayName(userName)
                     attestationResponse = attestationService.register(attestationRequest).readEntity(java.lang.String)
                 except ClientErrorException, ex:
                     print "Fido2. Prepare for step 2. Failed to start attestation flow. Exception:", sys.exc_info()[1]

diff --git a/jans-auth-server/server/src/main/resources/jans-auth.properties b/jans-auth-server/server/src/main/resources/jans-auth.properties
@@ -258,12 +258,12 @@ u2f.verification.insertkey = Insert your U2F security key.
 u2f.verification.useit=If your U2F key has a button, tap it. Otherwise you can remove it and re-insert it. 
 
 fido2.verification.stepverification=2 Step Verification
-fido2.verification.usedevice=Use your fido2 device to sign in to your Gluu account.
-fido2.verification.insertkey = Insert your fido2 security key.
-fido2.verification.useit=If your fido2 key has a button, tap it. Otherwise you can remove it and re-insert it. 
-fido2.touch.verification.usedevice=Use Touch ID on your Apple device to sign in to your Gluu account.
-fido2.touch.verification.insertkey = Place your finger on the Touch ID.
-fido2.touch.verification.useit=Click <b>Ok</b> to enable the Touch ID.
+fido2.verification.usedevice=Use your passkey to sign in to your account.
+fido2.verification.insertkey = Enable secure and password-free sign-ins for your app by integrating passkeys, allowing users to authenticate with biometrics, PINs, or security keys.
+fido2.verification.useit=Follow the instructions on your browser. 
+fido2.touch.verification.usedevice=Use your passkey to sign in to your account.
+fido2.touch.verification.insertkey = Follow the instructions on your browser.
+fido2.touch.verification.useit=Follow the instructions on your browser.
 login.use.touchID=OK
 
 otp.login=Done

diff --git a/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml b/jans-auth-server/server/src/main/webapp/auth/fido2/login.xhtml
@@ -12,9 +12,10 @@
 	<ui:define name="head">
 
 		<meta name="description" content="Janssen Project" />
-		<script src="/jans-auth/ext/resources/js/base64js.js" />
-        <script src="/jans-auth/ext/resources/js/base64url.js" />
-        <script src="/jans-auth/ext/resources/js/webauthn.js" />
+		<script src="auth/fido2/js/base64js.js" />
+		<script src="auth/fido2/js/base64url.js" />
+		<script src="auth/fido2/js/webauthn.js" />
+
 		<script type="text/javascript">
 
 

diff --git a/jans-auth-server/server/src/main/webapp/auth/fido2/passkeys.xhtml b/jans-auth-server/server/src/main/webapp/auth/fido2/passkeys.xhtml
@@ -10,9 +10,9 @@
                         if="#{not identity.loggedIn}" />
         </f:metadata>
         <ui:define name="head">
-                <script src="/jans-auth/ext/resources/js/base64js.js" />
-				<script src="/jans-auth/ext/resources/js/base64url.js" />
-				<script src="/jans-auth/ext/resources/js/webauthn.js" />
+                <script src="js/base64js.js" />
+				<script src="js/base64url.js" />
+				<script src="js/webauthn.js" />
 
                 <script>
                         var assertion_request = ${identity.getWorkingParameter('fido2_assertion_request')};