Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 21826: Add and read metatype for remaining OIDC Private Key JWT config attributes #25099

Merged
merged 1 commit into from
Apr 26, 2023
Merged

Issue 21826: Add and read metatype for remaining OIDC Private Key JWT config attributes #25099

merged 1 commit into from
Apr 26, 2023
+177 −65

Conversation

ayoho
Copy link
Member

@ayoho ayoho commented Apr 24, 2023
edited
Loading

  • Adds the following attributes to the metatype for the <openidConnectClient> and <oidcLogin> elements:
    • tokenEndpointAuthSigningAlgorithm
    • keyAliasName

For #21826

@ayoho ayoho self-assigned this Apr 24, 2023
@ayoho
Copy link
Member Author

ayoho commented Apr 24, 2023

#build
#spawn.fullfat.buckets=com.ibm.ws.security.oauth_fat,com.ibm.ws.security.oidc.client_fat.1,com.ibm.ws.security.oidc.client_fat.2,com.ibm.ws.security.oidc.client_fat.backchannelLogout,com.ibm.ws.security.oidc.client_fat.backchannelLogout.saml,com.ibm.ws.security.oidc.client_fat.claimPropagation,com.ibm.ws.security.oidc.client_fat.jaxrs,com.ibm.ws.security.oidc.client_fat.spnego,com.ibm.ws.security.oidc.server_fat,com.ibm.ws.security.oidc.server_fat.backchannelLogout,com.ibm.ws.security.oidc.server_fat.jaxrs.config.commonTest,com.ibm.ws.security.oidc.server_fat.jaxrs.config.noOP,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oauth,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oidc,com.ibm.ws.security.oidc.server_fat.oidc,com.ibm.ws.security.social_fat,com.ibm.ws.security.social_fat.LibertyOP.1,com.ibm.ws.security.social_fat.LibertyOP.2,com.ibm.ws.security.social_fat.LibertyOP.backchannelLogout,com.ibm.ws.security.social_fat.LibertyOP.claimPropagation,com.ibm.ws.security.social_fat.OpenShift,com.ibm.ws.security.social_fat.delegated,com.ibm.ws.security.social_fat.multiProvider,com.ibm.ws.security.social_fat.okdServiceLogin,io.openliberty.security.jakartasec.3.0.internal_fat,io.openliberty.security.jakartasec.3.0.internal_fat.config.1,io.openliberty.security.jakartasec.3.0.internal_fat.config.2,io.openliberty.security.jakartasec.3.0.internal_fat.logout,io.openliberty.security.jakartasec.3.0.internal_fat.refresh

@LibbyBot
Copy link

Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_P_UHAOLJEe2xRt1mHVwGHw

Target locations of links might be accessible only to IBM employees.

@LibbyBot
Copy link

The build ayoho-25099-20230424-1204
https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_P_UHAOLJEe2xRt1mHVwGHw
completed and has errors or failures.

For help analyzing your personal build, go to https://libh-proxy1.fyre.ibm.com/cognitive/buildAnalysis.html?uuid=_P_UHAOLJEe2xRt1mHVwGHw

@ayoho
Issue 21826: Add and read metatype for remaining OIDC Private Key JWT…
80482ac 
… config attributes

- Adds the following attributes to the metatype for the `<openidConnectClient>` and `<oidcLogin>` elements:
    - tokenEndpointAuthSigningAlgorithm
    - keyAliasName

For OpenLiberty#21826
@ayoho ayoho force-pushed the 21826-oidcPrivateKeyJwt-2 branch from 69afc3f to 80482ac Compare April 25, 2023 13:11
@ayoho
Copy link
Member Author

ayoho commented Apr 25, 2023

#libby
#build
#spawn.fullfat.buckets=com.ibm.ws.security.oauth_fat,com.ibm.ws.security.oidc.client_fat.1,com.ibm.ws.security.oidc.client_fat.2,com.ibm.ws.security.oidc.client_fat.backchannelLogout,com.ibm.ws.security.oidc.client_fat.claimPropagation,com.ibm.ws.security.oidc.client_fat.jaxrs,com.ibm.ws.security.oidc.client_fat.spnego,com.ibm.ws.security.oidc.server_fat.backchannelLogout,com.ibm.ws.security.oidc.server_fat.jaxrs.config.commonTest,com.ibm.ws.security.oidc.server_fat.jaxrs.config.noOP,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oauth,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oidc,com.ibm.ws.security.oidc.server_fat.oidc,com.ibm.ws.security.social_fat,com.ibm.ws.security.social_fat.LibertyOP.1,com.ibm.ws.security.social_fat.LibertyOP.2,com.ibm.ws.security.social_fat.LibertyOP.backchannelLogout,com.ibm.ws.security.social_fat.LibertyOP.claimPropagation,com.ibm.ws.security.social_fat.OpenShift,com.ibm.ws.security.social_fat.delegated,com.ibm.ws.security.social_fat.multiProvider,com.ibm.ws.security.social_fat.okdServiceLogin,io.openliberty.security.jakartasec.3.0.internal_fat,io.openliberty.security.jakartasec.3.0.internal_fat.config.1,io.openliberty.security.jakartasec.3.0.internal_fat.config.2,io.openliberty.security.jakartasec.3.0.internal_fat.logout,io.openliberty.security.jakartasec.3.0.internal_fat.refresh

@LibbyBot
Copy link

Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_KF4OMONoEe2xRt1mHVwGHw

Target locations of links might be accessible only to IBM employees.

@LibbyBot
Copy link

Code analysis and actions

DO NOT DELETE THIS COMMENT.

  • 8 product code files were changed.

  • Please describe in a separate comment how you tested your changes.

  • 2 NLS files were changed and need an ID review.

  • @OpenLiberty/message-reviewer Please review.

  • dev/com.ibm.ws.security.openidconnect.client/resources/OSGI-INF/l10n/metatype.properties

  • dev/com.ibm.ws.security.social/resources/OSGI-INF/l10n/metatype.properties

@LibbyBot
Copy link

The build ayoho-25099-20230425-0702
https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_KF4OMONoEe2xRt1mHVwGHw
completed and has errors or failures.

For help analyzing your personal build, go to https://libh-proxy1.fyre.ibm.com/cognitive/buildAnalysis.html?uuid=_KF4OMONoEe2xRt1mHVwGHw

jimmy1wu
jimmy1wu approved these changes Apr 26, 2023
View reviewed changes
Copy link
Contributor

@jimmy1wu jimmy1wu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some small things that can be addressed in the next pr.

dev/com.ibm.ws.security.social/src/com/ibm/ws/security/social/internal/OidcLoginConfigImpl.java
Comment on lines +423 to +425
Tr.debug(tc, CFG_KEY_TOKEN_ENDPOINT_AUTH_SIGNING_ALGORITHM + " = " + tokenEndpointAuthSigningAlgorithm);
Tr.debug(tc, KEY_keyAliasName + " = " + keyAliasName);
Tr.debug(tc, KEY_tokenEndpointAuthMethod + " = " + tokenEndpointAuthMethod);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line 425 is a duplicate of line 422

Suggested change
Tr.debug(tc, CFG_KEY_TOKEN_ENDPOINT_AUTH_SIGNING_ALGORITHM + " = " + tokenEndpointAuthSigningAlgorithm);
Tr.debug(tc, KEY_keyAliasName + " = " + keyAliasName);
Tr.debug(tc, KEY_tokenEndpointAuthMethod + " = " + tokenEndpointAuthMethod);
Tr.debug(tc, CFG_KEY_TOKEN_ENDPOINT_AUTH_SIGNING_ALGORITHM + " = " + tokenEndpointAuthSigningAlgorithm);
Tr.debug(tc, KEY_keyAliasName + " = " + keyAliasName);

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, good catch. Not sure how I managed to do that.

dev/com.ibm.ws.security.common/src/com/ibm/ws/security/common/config/DiscoveryConfigUtils.java
}

public String adjustConfigAttributeValueBasedOnListOfSupportedValues(String discoveryDocKey, String configAttributeName, String originalConfigValue) {
String overideValue = originalConfigValue;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: overideValue -> overrideValue

@ayoho ayoho merged commit 3787fe0 into OpenLiberty:integration Apr 26, 2023
@ayoho ayoho deleted the 21826-oidcPrivateKeyJwt-2 branch April 26, 2023 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmy1wu jimmy1wu jimmy1wu approved these changes

Assignees

@ayoho ayoho

Labels
CLA Signed team:Security SSO
Projects
Security SSO
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ayoho @LibbyBot @jimmy1wu