From fe913aa9bffe846119a4c8f4102ad4520fa6f015 Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Fri, 22 Sep 2023 13:19:36 -0500 Subject: [PATCH 01/18] output UTC time and update snapshots --- src/ops/SecretsOps.ts | 10 ++- src/ops/VariablesOps.ts | 10 ++- .../esv-secret-list.e2e.test.js.snap | 24 +++--- .../esv-variable-list.e2e.test.js.snap | 80 +++++++++---------- 4 files changed, 64 insertions(+), 60 deletions(-) diff --git a/src/ops/SecretsOps.ts b/src/ops/SecretsOps.ts index d094d9758..6c2b12f2a 100644 --- a/src/ops/SecretsOps.ts +++ b/src/ops/SecretsOps.ts @@ -1,4 +1,4 @@ -import { frodo } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { createKeyValueTable, @@ -48,7 +48,7 @@ export async function listSecrets(long) { 'Status'['brightCyan'], 'Description'['brightCyan'], 'Modifier'['brightCyan'], - 'Modified'['brightCyan'], + 'Modified (UTC)'['brightCyan'], ]); for (const secret of secrets) { table.push([ @@ -57,8 +57,10 @@ export async function listSecrets(long) { { hAlign: 'right', content: secret.loadedVersion }, secret.loaded ? 'loaded'['brightGreen'] : 'unloaded'['brightRed'], wordwrap(secret.description, 40), - await resolveUserName('teammember', secret.lastChangedBy), - new Date(secret.lastChangeDate).toLocaleString(), + state.getUseBearerTokenForAmApis() + ? secret.lastChangedBy + : await resolveUserName('teammember', secret.lastChangedBy), + new Date(secret.lastChangeDate).toUTCString(), ]); } printMessage(table.toString(), 'data'); diff --git a/src/ops/VariablesOps.ts b/src/ops/VariablesOps.ts index a8cfc48e4..53e5a217e 100644 --- a/src/ops/VariablesOps.ts +++ b/src/ops/VariablesOps.ts @@ -1,4 +1,4 @@ -import { frodo } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { VariableExpressionType } from '@rockcarver/frodo-lib/types/api/cloud/VariablesApi'; import { @@ -42,7 +42,7 @@ export async function listVariables(long) { 'Status'['brightCyan'], 'Description'['brightCyan'], 'Modifier'['brightCyan'], - 'Modified'['brightCyan'], + 'Modified (UTC)'['brightCyan'], ]); for (const variable of variables) { table.push([ @@ -50,8 +50,10 @@ export async function listVariables(long) { wordwrap(decodeBase64(variable.valueBase64), 40), variable.loaded ? 'loaded'['brightGreen'] : 'unloaded'['brightRed'], wordwrap(variable.description, 40), - await resolveUserName('teammember', variable.lastChangedBy), - new Date(variable.lastChangeDate).toLocaleString(), + state.getUseBearerTokenForAmApis() + ? variable.lastChangedBy + : await resolveUserName('teammember', variable.lastChangedBy), + new Date(variable.lastChangeDate).toUTCString(), ]); } printMessage(table.toString(), 'data'); diff --git a/test/e2e/__snapshots__/esv-secret-list.e2e.test.js.snap b/test/e2e/__snapshots__/esv-secret-list.e2e.test.js.snap index a2221038e..f9a721820 100644 --- a/test/e2e/__snapshots__/esv-secret-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/esv-secret-list.e2e.test.js.snap @@ -1,22 +1,22 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo esv secret list "frodo esv secret list --long": should list the ids, active/loaded versions, statuses, descriptions, modifiers, and modified times of the esv secrets 1`] = ` -"Id │ Active│ Loaded│Status│Description │Modifier │Modified - │Version│Version│ │ │ │ -esv-admin-token │ 1│ 1│loaded│Long-lived admin token │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│8/11/2022, 4:32:38 PM -esv-admin-token-1999386457729│ 1│ 1│loaded│Long-lived admin token │8d9723a9-a439-4cbf-beb4-30e52811789d│5/13/2023, 7:07:41 PM -esv-test-secret │ 2│ 2│loaded│Secret Value for testing│b672336b-41ef-428d-ae4a-e0c082875377│8/9/2023, 1:00:01 PM -esv-test-secret-1 │ 1│ 1│loaded│test secret one │b672336b-41ef-428d-ae4a-e0c082875377│8/5/2023, 9:53:17 PM +"Id │ Active│ Loaded│Status│Description │Modifier │Modified (UTC) + │Version│Version│ │ │ │ +esv-admin-token │ 1│ 1│loaded│Long-lived admin token │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│Thu, 11 Aug 2022 22:32:38 GMT +esv-admin-token-1999386457729│ 1│ 1│loaded│Long-lived admin token │8d9723a9-a439-4cbf-beb4-30e52811789d│Sun, 14 May 2023 01:07:41 GMT +esv-test-secret │ 2│ 2│loaded│Secret Value for testing│b672336b-41ef-428d-ae4a-e0c082875377│Wed, 09 Aug 2023 19:00:01 GMT +esv-test-secret-1 │ 1│ 1│loaded│test secret one │b672336b-41ef-428d-ae4a-e0c082875377│Sun, 06 Aug 2023 03:53:17 GMT " `; exports[`frodo esv secret list "frodo esv secret list -l": should list the ids, active/loaded versions, statuses, descriptions, modifiers, and modified times of the esv secrets 1`] = ` -"Id │ Active│ Loaded│Status│Description │Modifier │Modified - │Version│Version│ │ │ │ -esv-admin-token │ 1│ 1│loaded│Long-lived admin token │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│8/11/2022, 4:32:38 PM -esv-admin-token-1999386457729│ 1│ 1│loaded│Long-lived admin token │8d9723a9-a439-4cbf-beb4-30e52811789d│5/13/2023, 7:07:41 PM -esv-test-secret │ 2│ 2│loaded│Secret Value for testing│b672336b-41ef-428d-ae4a-e0c082875377│8/9/2023, 1:00:01 PM -esv-test-secret-1 │ 1│ 1│loaded│test secret one │b672336b-41ef-428d-ae4a-e0c082875377│8/5/2023, 9:53:17 PM +"Id │ Active│ Loaded│Status│Description │Modifier │Modified (UTC) + │Version│Version│ │ │ │ +esv-admin-token │ 1│ 1│loaded│Long-lived admin token │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│Thu, 11 Aug 2022 22:32:38 GMT +esv-admin-token-1999386457729│ 1│ 1│loaded│Long-lived admin token │8d9723a9-a439-4cbf-beb4-30e52811789d│Sun, 14 May 2023 01:07:41 GMT +esv-test-secret │ 2│ 2│loaded│Secret Value for testing│b672336b-41ef-428d-ae4a-e0c082875377│Wed, 09 Aug 2023 19:00:01 GMT +esv-test-secret-1 │ 1│ 1│loaded│test secret one │b672336b-41ef-428d-ae4a-e0c082875377│Sun, 06 Aug 2023 03:53:17 GMT " `; diff --git a/test/e2e/__snapshots__/esv-variable-list.e2e.test.js.snap b/test/e2e/__snapshots__/esv-variable-list.e2e.test.js.snap index fc5d8671a..bc4ff0daf 100644 --- a/test/e2e/__snapshots__/esv-variable-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/esv-variable-list.e2e.test.js.snap @@ -1,50 +1,50 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo esv variable list "frodo esv variable list --long": should list the ids, values, statuses, descriptions, modifiers, and modified times of the esv variables 1`] = ` -"Id │Value │Status│Description │Modifier │Modified -esv-blue-piller │false │loaded│Zion membership criteria. │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 4:21:38 PM -esv-ipv4-cidr-access-rules │{ "allow": [ "150.128.0.0/16", │loaded│IPv4 CIDR access rules: │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│8/25/2022, 4:54:28 PM - │"139.35.0.0/16", "101.216.0.0/16", │ │{ │ │ - │"99.72.28.182/32" ]} │ │"allow": [ │ │ - │ │ │"address/mask" │ │ - │ │ │] │ │ - │ │ │} │ │ -esv-nebuchadnezzar-crew │,"Apoc","Cypher","Mouse","Neo","Switch"]│loaded│The crew of the Nebuchadnezzar │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 3:59:58 PM - │ │ │hovercraft. │ │ -esv-nebuchadnezzar-crew-structure│"Apoc","Cypher","Mouse","Neo","Switch"]}│loaded│The structure of the crew of the │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 4:09:54 PM - │ │ │Nebuchadnezzar hovercraft. │ │ -esv-neo-age │28 │loaded│Neo's age in the matrix. │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 4:21:23 PM -esv-test-var │this is a test variable │loaded│this is a test description │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│9/1/2022, 10:23:56 PM -esv-test-var-1 │test var 1 value2 │loaded│test var one │b672336b-41ef-428d-ae4a-e0c082875377│8/9/2023, 11:42:41 AM -esv-test-var-2 │testval │loaded│A temporary test variable │b672336b-41ef-428d-ae4a-e0c082875377│8/2/2023, 3:09:01 PM -esv-trinity-phone │(312)-555-0690 │loaded│In the opening of The Matrix (1999), the│b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 2:33:28 PM - │ │ │phone number Trinity is calling from is │ │ - │ │ │traced to (312)-555-0690 │ │ -esv-volkerstestvariable1 │for jest │loaded│variable created for api testing │10ecab02-f357-4522-bc17-dfcc64744064│11/29/2022, 5:13:52 PM +"Id │Value │Status│Description │Modifier │Modified (UTC) +esv-blue-piller │false │loaded│Zion membership criteria. │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 22:21:38 GMT +esv-ipv4-cidr-access-rules │{ "allow": [ "150.128.0.0/16", │loaded│IPv4 CIDR access rules: │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│Thu, 25 Aug 2022 22:54:28 GMT + │"139.35.0.0/16", "101.216.0.0/16", │ │{ │ │ + │"99.72.28.182/32" ]} │ │"allow": [ │ │ + │ │ │"address/mask" │ │ + │ │ │] │ │ + │ │ │} │ │ +esv-nebuchadnezzar-crew │,"Apoc","Cypher","Mouse","Neo","Switch"]│loaded│The crew of the Nebuchadnezzar │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 21:59:58 GMT + │ │ │hovercraft. │ │ +esv-nebuchadnezzar-crew-structure│"Apoc","Cypher","Mouse","Neo","Switch"]}│loaded│The structure of the crew of the │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 22:09:54 GMT + │ │ │Nebuchadnezzar hovercraft. │ │ +esv-neo-age │28 │loaded│Neo's age in the matrix. │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 22:21:23 GMT +esv-test-var │this is a test variable │loaded│this is a test description │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│Fri, 02 Sep 2022 04:23:56 GMT +esv-test-var-1 │test var 1 value2 │loaded│test var one │b672336b-41ef-428d-ae4a-e0c082875377│Wed, 09 Aug 2023 17:42:41 GMT +esv-test-var-2 │testval │loaded│A temporary test variable │b672336b-41ef-428d-ae4a-e0c082875377│Wed, 02 Aug 2023 21:09:01 GMT +esv-trinity-phone │(312)-555-0690 │loaded│In the opening of The Matrix (1999), the│b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 20:33:28 GMT + │ │ │phone number Trinity is calling from is │ │ + │ │ │traced to (312)-555-0690 │ │ +esv-volkerstestvariable1 │for jest │loaded│variable created for api testing │10ecab02-f357-4522-bc17-dfcc64744064│Wed, 30 Nov 2022 00:13:52 GMT " `; exports[`frodo esv variable list "frodo esv variable list -l": should list the ids, values, statuses, descriptions, modifiers, and modified times of the esv variables 1`] = ` -"Id │Value │Status│Description │Modifier │Modified -esv-blue-piller │false │loaded│Zion membership criteria. │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 4:21:38 PM -esv-ipv4-cidr-access-rules │{ "allow": [ "150.128.0.0/16", │loaded│IPv4 CIDR access rules: │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│8/25/2022, 4:54:28 PM - │"139.35.0.0/16", "101.216.0.0/16", │ │{ │ │ - │"99.72.28.182/32" ]} │ │"allow": [ │ │ - │ │ │"address/mask" │ │ - │ │ │] │ │ - │ │ │} │ │ -esv-nebuchadnezzar-crew │,"Apoc","Cypher","Mouse","Neo","Switch"]│loaded│The crew of the Nebuchadnezzar │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 3:59:58 PM - │ │ │hovercraft. │ │ -esv-nebuchadnezzar-crew-structure│"Apoc","Cypher","Mouse","Neo","Switch"]}│loaded│The structure of the crew of the │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 4:09:54 PM - │ │ │Nebuchadnezzar hovercraft. │ │ -esv-neo-age │28 │loaded│Neo's age in the matrix. │b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 4:21:23 PM -esv-test-var │this is a test variable │loaded│this is a test description │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│9/1/2022, 10:23:56 PM -esv-test-var-1 │test var 1 value2 │loaded│test var one │b672336b-41ef-428d-ae4a-e0c082875377│8/9/2023, 11:42:41 AM -esv-test-var-2 │testval │loaded│A temporary test variable │b672336b-41ef-428d-ae4a-e0c082875377│8/2/2023, 3:09:01 PM -esv-trinity-phone │(312)-555-0690 │loaded│In the opening of The Matrix (1999), the│b672336b-41ef-428d-ae4a-e0c082875377│7/18/2023, 2:33:28 PM - │ │ │phone number Trinity is calling from is │ │ - │ │ │traced to (312)-555-0690 │ │ -esv-volkerstestvariable1 │for jest │loaded│variable created for api testing │10ecab02-f357-4522-bc17-dfcc64744064│11/29/2022, 5:13:52 PM +"Id │Value │Status│Description │Modifier │Modified (UTC) +esv-blue-piller │false │loaded│Zion membership criteria. │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 22:21:38 GMT +esv-ipv4-cidr-access-rules │{ "allow": [ "150.128.0.0/16", │loaded│IPv4 CIDR access rules: │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│Thu, 25 Aug 2022 22:54:28 GMT + │"139.35.0.0/16", "101.216.0.0/16", │ │{ │ │ + │"99.72.28.182/32" ]} │ │"allow": [ │ │ + │ │ │"address/mask" │ │ + │ │ │] │ │ + │ │ │} │ │ +esv-nebuchadnezzar-crew │,"Apoc","Cypher","Mouse","Neo","Switch"]│loaded│The crew of the Nebuchadnezzar │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 21:59:58 GMT + │ │ │hovercraft. │ │ +esv-nebuchadnezzar-crew-structure│"Apoc","Cypher","Mouse","Neo","Switch"]}│loaded│The structure of the crew of the │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 22:09:54 GMT + │ │ │Nebuchadnezzar hovercraft. │ │ +esv-neo-age │28 │loaded│Neo's age in the matrix. │b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 22:21:23 GMT +esv-test-var │this is a test variable │loaded│this is a test description │8efaa5b6-8c98-4489-9b21-ee41f5589ab7│Fri, 02 Sep 2022 04:23:56 GMT +esv-test-var-1 │test var 1 value2 │loaded│test var one │b672336b-41ef-428d-ae4a-e0c082875377│Wed, 09 Aug 2023 17:42:41 GMT +esv-test-var-2 │testval │loaded│A temporary test variable │b672336b-41ef-428d-ae4a-e0c082875377│Wed, 02 Aug 2023 21:09:01 GMT +esv-trinity-phone │(312)-555-0690 │loaded│In the opening of The Matrix (1999), the│b672336b-41ef-428d-ae4a-e0c082875377│Tue, 18 Jul 2023 20:33:28 GMT + │ │ │phone number Trinity is calling from is │ │ + │ │ │traced to (312)-555-0690 │ │ +esv-volkerstestvariable1 │for jest │loaded│variable created for api testing │10ecab02-f357-4522-bc17-dfcc64744064│Wed, 30 Nov 2022 00:13:52 GMT " `; From f6bfd8f4870e9a1854455e8712aef08ae03723af Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Fri, 22 Sep 2023 17:21:56 -0500 Subject: [PATCH 02/18] update agent tests and snapshots --- .../agent-export.e2e.test.js.snap | 3079 ++++++++++++++--- .../agent-gateway-export.e2e.test.js.snap | 99 +- .../agent-java-export.e2e.test.js.snap | 1153 +++++- test/e2e/agent-export.e2e.test.js | 31 +- test/e2e/agent-gateway-export.e2e.test.js | 31 +- test/e2e/agent-java-export.e2e.test.js | 31 +- test/e2e/agent-web-export.e2e.test.js | 27 +- 7 files changed, 3870 insertions(+), 581 deletions(-) diff --git a/test/e2e/__snapshots__/agent-export.e2e.test.js.snap b/test/e2e/__snapshots__/agent-export.e2e.test.js.snap index f405a7442..87f5a7c40 100644 --- a/test/e2e/__snapshots__/agent-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-export.e2e.test.js.snap @@ -697,6 +697,21 @@ exports[`frodo agent export "frodo agent export --all": should export all agents "status": "Inactive", "userpassword": null, }, + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, "frodo-test-java-agent": { "_id": "frodo-test-java-agent", "_type": { @@ -919,204 +934,8 @@ exports[`frodo agent export "frodo agent export --all": should export all agents "setCookieInternalMap": {}, }, }, - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Inactive", - "userpassword": null, - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 1`] = `""`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 2`] = ` -{ - "agents": { - "frodo-test-ig-agent": { - "_id": "frodo-test-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "status": "Inactive", - "userpassword": null, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 3`] = ` -{ - "agents": { - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", "_type": { "_id": "J2EEAgent", "collection": true, @@ -1266,7 +1085,6 @@ exports[`frodo agent export "frodo agent export --all-separate": should export a "userMappingMode": "USER_ID", "userPrincipalFlag": false, "userTokenName": "UserToken", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscJ2EEAgentConfig": { @@ -1337,14 +1155,6 @@ exports[`frodo agent export "frodo agent export --all-separate": should export a "setCookieInternalMap": {}, }, }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 4`] = ` -{ - "agents": { "frodo-test-web-agent": { "_id": "frodo-test-web-agent", "_type": { @@ -1507,43 +1317,227 @@ exports[`frodo agent export "frodo agent export --all-separate": should export a "secureCookies": false, }, }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 1`] = `""`; - -exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 2`] = ` -{ - "agents": { - "frodo-test-ig-agent": { - "_id": "frodo-test-ig-agent", + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", "_type": { - "_id": "IdentityGatewayAgent", + "_id": "WebAgent", "collection": true, - "name": "Identity Gateway Agents", + "name": "Web Agents", }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "status": "Inactive", - "userpassword": null, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 3`] = ` -{ - "agents": { - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", - "_type": { + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 1`] = `""`; + +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 2`] = ` +{ + "agents": { + "frodo-test-ig-agent": { + "_id": "frodo-test-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + "userpassword": null, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 3`] = ` +{ + "agents": { + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 4`] = ` +{ + "agents": { + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { "_id": "J2EEAgent", "collection": true, "name": "J2EE Agents", @@ -1768,40 +1762,2093 @@ exports[`frodo agent export "frodo agent export -A": should export all agents to } `; -exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 4`] = ` +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 5`] = ` { "agents": { - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", "_type": { - "_id": "WebAgent", + "_id": "J2EEAgent", "collection": true, - "name": "Web Agents", + "name": "J2EE Agents", }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, "clientHostnameHeader": null, "clientIpHeader": null, "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ "", ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 6`] = ` +{ + "agents": { + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 7`] = ` +{ + "agents": { + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 1`] = `""`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 2`] = ` +{ + "agents": { + "frodo-test-ig-agent": { + "_id": "frodo-test-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + "userpassword": null, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 3`] = ` +{ + "agents": { + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 4`] = ` +{ + "agents": { + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 5`] = ` +{ + "agents": { + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 6`] = ` +{ + "agents": { + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 7`] = ` +{ + "agents": { + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent export "frodo agent export -a --file my-allAlphaAgents.agent.json": should export all agents to a single file named my-allAlphaAgents.agent.json 1`] = `""`; + +exports[`frodo agent export "frodo agent export -a --file my-allAlphaAgents.agent.json": should export all agents to a single file named my-allAlphaAgents.agent.json 2`] = ` +{ + "agents": { + "frodo-test-ig-agent": { + "_id": "frodo-test-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + "userpassword": null, + }, + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, "amServicesWebAgent": { "amLoginUrl": [], "amLogoutUrl": [ @@ -1889,7 +3936,6 @@ exports[`frodo agent export "frodo agent export -A": should export all agents to "resetIdleTime": false, "ssoOnlyMode": false, "status": "Inactive", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscWebAgentConfig": { @@ -1938,9 +3984,9 @@ exports[`frodo agent export "frodo agent export -A": should export all agents to } `; -exports[`frodo agent export "frodo agent export -a --file test.json": should export all agents to a single file named test.json 1`] = `""`; +exports[`frodo agent export "frodo agent export -a": should export all agents to a single file 1`] = `""`; -exports[`frodo agent export "frodo agent export -a --file test.json": should export all agents to a single file named test.json 2`] = ` +exports[`frodo agent export "frodo agent export -a": should export all agents to a single file 2`] = ` { "agents": { "frodo-test-ig-agent": { @@ -1959,8 +4005,245 @@ exports[`frodo agent export "frodo agent export -a --file test.json": should exp "status": "Inactive", "userpassword": null, }, - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", "_type": { "_id": "J2EEAgent", "collection": true, @@ -2110,7 +4393,6 @@ exports[`frodo agent export "frodo agent export -a --file test.json": should exp "userMappingMode": "USER_ID", "userPrincipalFlag": false, "userTokenName": "UserToken", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscJ2EEAgentConfig": { @@ -2343,256 +4625,8 @@ exports[`frodo agent export "frodo agent export -a --file test.json": should exp "secureCookies": false, }, }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export -a": should export all agents to a single file 1`] = `""`; - -exports[`frodo agent export "frodo agent export -a": should export all agents to a single file 2`] = ` -{ - "agents": { - "frodo-test-ig-agent": { - "_id": "frodo-test-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "status": "Inactive", - "userpassword": null, - }, - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "userpassword": null, - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", "_type": { "_id": "WebAgent", "collection": true, @@ -2709,7 +4743,6 @@ exports[`frodo agent export "frodo agent export -a": should export all agents to "resetIdleTime": false, "ssoOnlyMode": false, "status": "Inactive", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscWebAgentConfig": { @@ -2795,9 +4828,9 @@ exports[`frodo agent export "frodo agent export -i frodo-test-ig-agent": should } `; -exports[`frodo agent export "frodo agent export -i frodo-test-web-agent -f test.json": should export the agent with agent id "frodo-test-web-agent" into file named test.json 1`] = `""`; +exports[`frodo agent export "frodo agent export -i frodo-test-web-agent -f my-frodo-test-web-agent.agent.json": should export the agent with agent id "frodo-test-web-agent" into file named my-frodo-test-web-agent.agent.json 1`] = `""`; -exports[`frodo agent export "frodo agent export -i frodo-test-web-agent -f test.json": should export the agent with agent id "frodo-test-web-agent" into file named test.json 2`] = ` +exports[`frodo agent export "frodo agent export -i frodo-test-web-agent -f my-frodo-test-web-agent.agent.json": should export the agent with agent id "frodo-test-web-agent" into file named my-frodo-test-web-agent.agent.json 2`] = ` { "agents": { "frodo-test-web-agent": { diff --git a/test/e2e/__snapshots__/agent-gateway-export.e2e.test.js.snap b/test/e2e/__snapshots__/agent-gateway-export.e2e.test.js.snap index bde19eda1..95a26e199 100644 --- a/test/e2e/__snapshots__/agent-gateway-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-gateway-export.e2e.test.js.snap @@ -58,6 +58,21 @@ exports[`frodo agent gateway export "frodo agent gateway export --all": should e "status": "Inactive", "userpassword": null, }, + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, }, "meta": Any, } @@ -89,6 +104,29 @@ exports[`frodo agent gateway export "frodo agent gateway export --all-separate": } `; +exports[`frodo agent gateway export "frodo agent gateway export --all-separate": should export all gateway agents to separate files 3`] = ` +{ + "agents": { + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, + }, + "meta": Any, +} +`; + exports[`frodo agent gateway export "frodo agent gateway export -A": should export all gateway agents to separate files 1`] = `""`; exports[`frodo agent gateway export "frodo agent gateway export -A": should export all gateway agents to separate files 2`] = ` @@ -115,9 +153,32 @@ exports[`frodo agent gateway export "frodo agent gateway export -A": should expo } `; -exports[`frodo agent gateway export "frodo agent gateway export -a --file test.json": should export all gateway agents to a single file named test.json 1`] = `""`; +exports[`frodo agent gateway export "frodo agent gateway export -A": should export all gateway agents to separate files 3`] = ` +{ + "agents": { + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent gateway export "frodo agent gateway export -a --file my-allAlphaAgents.gateway.agent.json": should export all gateway agents to a single file named my-allAlphaAgents.gateway.agent.json 1`] = `""`; -exports[`frodo agent gateway export "frodo agent gateway export -a --file test.json": should export all gateway agents to a single file named test.json 2`] = ` +exports[`frodo agent gateway export "frodo agent gateway export -a --file my-allAlphaAgents.gateway.agent.json": should export all gateway agents to a single file named my-allAlphaAgents.gateway.agent.json 2`] = ` { "agents": { "frodo-test-ig-agent": { @@ -136,6 +197,21 @@ exports[`frodo agent gateway export "frodo agent gateway export -a --file test.j "status": "Inactive", "userpassword": null, }, + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, }, "meta": Any, } @@ -162,14 +238,29 @@ exports[`frodo agent gateway export "frodo agent gateway export -a": should expo "status": "Inactive", "userpassword": null, }, + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "status": "Inactive", + }, }, "meta": Any, } `; -exports[`frodo agent gateway export "frodo agent gateway export -i frodo-test-ig-agent -f test.json": should export the gateway agent with agent id "frodo-test-ig-agent" into file named test.json 1`] = `""`; +exports[`frodo agent gateway export "frodo agent gateway export -i frodo-test-ig-agent -f my-frodo-test-ig-agent.gateway.agent.json.json": should export the gateway agent with agent id "frodo-test-ig-agent" into file named my-frodo-test-ig-agent.gateway.agent.json.json 1`] = `""`; -exports[`frodo agent gateway export "frodo agent gateway export -i frodo-test-ig-agent -f test.json": should export the gateway agent with agent id "frodo-test-ig-agent" into file named test.json 2`] = ` +exports[`frodo agent gateway export "frodo agent gateway export -i frodo-test-ig-agent -f my-frodo-test-ig-agent.gateway.agent.json.json": should export the gateway agent with agent id "frodo-test-ig-agent" into file named my-frodo-test-ig-agent.gateway.agent.json.json 2`] = ` { "agents": { "frodo-test-ig-agent": { diff --git a/test/e2e/__snapshots__/agent-java-export.e2e.test.js.snap b/test/e2e/__snapshots__/agent-java-export.e2e.test.js.snap index d6a655cde..3292dc2dd 100644 --- a/test/e2e/__snapshots__/agent-java-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-java-export.e2e.test.js.snap @@ -903,6 +903,227 @@ exports[`frodo agent java export "frodo agent java export --all": should export "setCookieInternalMap": {}, }, }, + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, }, "meta": Any, } @@ -1140,13 +1361,11 @@ exports[`frodo agent java export "frodo agent java export --all-separate": shoul } `; -exports[`frodo agent java export "frodo agent java export -A": should export all java agents to separate files 1`] = `""`; - -exports[`frodo agent java export "frodo agent java export -A": should export all java agents to separate files 2`] = ` +exports[`frodo agent java export "frodo agent java export --all-separate": should export all java agents to separate files 3`] = ` { "agents": { - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", "_type": { "_id": "J2EEAgent", "collection": true, @@ -1296,7 +1515,6 @@ exports[`frodo agent java export "frodo agent java export -A": should export all "userMappingMode": "USER_ID", "userPrincipalFlag": false, "userTokenName": "UserToken", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscJ2EEAgentConfig": { @@ -1372,9 +1590,9 @@ exports[`frodo agent java export "frodo agent java export -A": should export all } `; -exports[`frodo agent java export "frodo agent java export -a --file test.json": should export all java agents to a single file named test.json 1`] = `""`; +exports[`frodo agent java export "frodo agent java export -A": should export all java agents to separate files 1`] = `""`; -exports[`frodo agent java export "frodo agent java export -a --file test.json": should export all java agents to a single file named test.json 2`] = ` +exports[`frodo agent java export "frodo agent java export -A": should export all java agents to separate files 2`] = ` { "agents": { "frodo-test-java-agent": { @@ -1604,13 +1822,917 @@ exports[`frodo agent java export "frodo agent java export -a --file test.json": } `; -exports[`frodo agent java export "frodo agent java export -a": should export all java agents to a single file 1`] = `""`; - -exports[`frodo agent java export "frodo agent java export -a": should export all java agents to a single file 2`] = ` +exports[`frodo agent java export "frodo agent java export -A": should export all java agents to separate files 3`] = ` { "agents": { - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent java export "frodo agent java export -a --file my-allAlphaAgents.java.agent.json": should export all java agents to a single file named my-allAlphaAgents.java.agent.json 1`] = `""`; + +exports[`frodo agent java export "frodo agent java export -a --file my-allAlphaAgents.java.agent.json": should export all java agents to a single file named my-allAlphaAgents.java.agent.json 2`] = ` +{ + "agents": { + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent java export "frodo agent java export -a": should export all java agents to a single file 1`] = `""`; + +exports[`frodo agent java export "frodo agent java export -a": should export all java agents to a single file 2`] = ` +{ + "agents": { + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", "_type": { "_id": "J2EEAgent", "collection": true, @@ -1760,7 +2882,6 @@ exports[`frodo agent java export "frodo agent java export -a": should export all "userMappingMode": "USER_ID", "userPrincipalFlag": false, "userTokenName": "UserToken", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscJ2EEAgentConfig": { @@ -1836,9 +2957,9 @@ exports[`frodo agent java export "frodo agent java export -a": should export all } `; -exports[`frodo agent java export "frodo agent java export -i frodo-test-java-agent -f test.json": should export the java agent with agent id "frodo-test-java-agent" into file named test.json 1`] = `""`; +exports[`frodo agent java export "frodo agent java export -i frodo-test-java-agent -f my-frodo-test-java-agent.java.agent.json": should export the java agent with agent id "frodo-test-java-agent" into file named my-frodo-test-java-agent.java.agent.json 1`] = `""`; -exports[`frodo agent java export "frodo agent java export -i frodo-test-java-agent -f test.json": should export the java agent with agent id "frodo-test-java-agent" into file named test.json 2`] = ` +exports[`frodo agent java export "frodo agent java export -i frodo-test-java-agent -f my-frodo-test-java-agent.java.agent.json": should export the java agent with agent id "frodo-test-java-agent" into file named my-frodo-test-java-agent.java.agent.json 2`] = ` { "agents": { "frodo-test-java-agent": { diff --git a/test/e2e/agent-export.e2e.test.js b/test/e2e/agent-export.e2e.test.js index 440ae43c8..872b72cb6 100644 --- a/test/e2e/agent-export.e2e.test.js +++ b/test/e2e/agent-export.e2e.test.js @@ -56,6 +56,17 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent export -A FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent export --all-separate */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export -i frodo-test-ig-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export --agent-id frodo-test-java-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export -i frodo-test-web-agent -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export -a +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export --all +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export -A +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent export --all-separate +*/ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; @@ -71,38 +82,38 @@ const type = 'agent'; describe('frodo agent export', () => { test('"frodo agent export -i frodo-test-ig-agent": should export the agent with agent id "frodo-test-ig-agent"', async () => { - const CMD = `frodo agent export -i frodo-test-ig-agent`; const exportFile = "frodo-test-ig-agent.gateway.agent.json"; + const CMD = `frodo agent export -i frodo-test-ig-agent`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent export --agent-id frodo-test-java-agent": should export the agent with agent id "frodo-test-java-agent"', async () => { - const CMD = `frodo agent export --agent-id frodo-test-java-agent`; const exportFile = "frodo-test-java-agent.java.agent.json"; + const CMD = `frodo agent export --agent-id frodo-test-java-agent`; await testExport(CMD, env, type, exportFile); }); - test('"frodo agent export -i frodo-test-web-agent -f test.json": should export the agent with agent id "frodo-test-web-agent" into file named test.json', async () => { - const CMD = `frodo agent export -i frodo-test-web-agent -f test.json`; - const exportFile = "test.json"; + test('"frodo agent export -i frodo-test-web-agent -f my-frodo-test-web-agent.agent.json": should export the agent with agent id "frodo-test-web-agent" into file named my-frodo-test-web-agent.agent.json', async () => { + const exportFile = "my-frodo-test-web-agent.agent.json"; + const CMD = `frodo agent export -i frodo-test-web-agent -f ${exportFile}`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent export -a": should export all agents to a single file', async () => { - const CMD = `frodo agent export -a`; const exportFile = "allAlphaAgents.agent.json"; + const CMD = `frodo agent export -a`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent export --all": should export all agents to a single file', async () => { - const CMD = `frodo agent export --all`; const exportFile = "allAlphaAgents.agent.json"; + const CMD = `frodo agent export --all`; await testExport(CMD, env, type, exportFile); }); - test('"frodo agent export -a --file test.json": should export all agents to a single file named test.json', async () => { - const CMD = `frodo agent export -a --file test.json`; - const exportFile = "test.json"; + test('"frodo agent export -a --file my-allAlphaAgents.agent.json": should export all agents to a single file named my-allAlphaAgents.agent.json', async () => { + const exportFile = "my-allAlphaAgents.agent.json"; + const CMD = `frodo agent export -a --file ${exportFile}`; await testExport(CMD, env, type, exportFile); }); diff --git a/test/e2e/agent-gateway-export.e2e.test.js b/test/e2e/agent-gateway-export.e2e.test.js index 4bef1325b..c657e918f 100644 --- a/test/e2e/agent-gateway-export.e2e.test.js +++ b/test/e2e/agent-gateway-export.e2e.test.js @@ -56,6 +56,17 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent gateway export -A FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent gateway export --all-separate */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export -i frodo-test-ig-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export --agent-id frodo-test-ig-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export -i frodo-test-ig-agent -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export -a +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export --all +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export -A +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway export --all-separate +*/ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; @@ -71,38 +82,38 @@ const type = 'gateway.agent'; describe('frodo agent gateway export', () => { test('"frodo agent gateway export -i frodo-test-ig-agent": should export the gateway agent with agent id "frodo-test-ig-agent"', async () => { - const CMD = `frodo agent gateway export -i frodo-test-ig-agent`; const exportFile = "frodo-test-ig-agent.gateway.agent.json"; + const CMD = `frodo agent gateway export -i frodo-test-ig-agent`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent gateway export --agent-id frodo-test-ig-agent": should export the gateway agent with agent id "frodo-test-ig-agent"', async () => { - const CMD = `frodo agent gateway export --agent-id frodo-test-ig-agent`; const exportFile = "frodo-test-ig-agent.gateway.agent.json"; + const CMD = `frodo agent gateway export --agent-id frodo-test-ig-agent`; await testExport(CMD, env, type, exportFile); }); - test('"frodo agent gateway export -i frodo-test-ig-agent -f test.json": should export the gateway agent with agent id "frodo-test-ig-agent" into file named test.json', async () => { - const CMD = `frodo agent gateway export -i frodo-test-ig-agent -f test.json`; - const exportFile = "test.json"; + test('"frodo agent gateway export -i frodo-test-ig-agent -f my-frodo-test-ig-agent.gateway.agent.json.json": should export the gateway agent with agent id "frodo-test-ig-agent" into file named my-frodo-test-ig-agent.gateway.agent.json.json', async () => { + const exportFile = "my-frodo-test-ig-agent.gateway.agent.json.json"; + const CMD = `frodo agent gateway export -i frodo-test-ig-agent -f ${exportFile}`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent gateway export -a": should export all gateway agents to a single file', async () => { - const CMD = `frodo agent gateway export -a`; const exportFile = "allAlphaAgents.gateway.agent.json"; + const CMD = `frodo agent gateway export -a`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent gateway export --all": should export all gateway agents to a single file', async () => { - const CMD = `frodo agent gateway export --all`; const exportFile = "allAlphaAgents.gateway.agent.json"; + const CMD = `frodo agent gateway export --all`; await testExport(CMD, env, type, exportFile); }); - test('"frodo agent gateway export -a --file test.json": should export all gateway agents to a single file named test.json', async () => { - const CMD = `frodo agent gateway export -a --file test.json`; - const exportFile = "test.json"; + test('"frodo agent gateway export -a --file my-allAlphaAgents.gateway.agent.json": should export all gateway agents to a single file named my-allAlphaAgents.gateway.agent.json', async () => { + const exportFile = "my-allAlphaAgents.gateway.agent.json"; + const CMD = `frodo agent gateway export -a --file ${exportFile}`; await testExport(CMD, env, type, exportFile); }); diff --git a/test/e2e/agent-java-export.e2e.test.js b/test/e2e/agent-java-export.e2e.test.js index 71544ac48..7cff6dc48 100644 --- a/test/e2e/agent-java-export.e2e.test.js +++ b/test/e2e/agent-java-export.e2e.test.js @@ -56,6 +56,17 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent java export -A FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent java export --all-separate */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export -i frodo-test-java-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export --agent-id frodo-test-java-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export -i frodo-test-java-agent -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export -a +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export --all +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export -A +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java export --all-separate +*/ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; @@ -71,38 +82,38 @@ const type = 'java.agent'; describe('frodo agent java export', () => { test('"frodo agent java export -i frodo-test-java-agent": should export the java agent with agent id "frodo-test-java-agent"', async () => { - const CMD = `frodo agent java export -i frodo-test-java-agent`; const exportFile = "frodo-test-java-agent.java.agent.json"; + const CMD = `frodo agent java export -i frodo-test-java-agent`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent java export --agent-id frodo-test-java-agent": should export the java agent with agent id "frodo-test-java-agent"', async () => { - const CMD = `frodo agent java export --agent-id frodo-test-java-agent`; const exportFile = "frodo-test-java-agent.java.agent.json"; + const CMD = `frodo agent java export --agent-id frodo-test-java-agent`; await testExport(CMD, env, type, exportFile); }); - test('"frodo agent java export -i frodo-test-java-agent -f test.json": should export the java agent with agent id "frodo-test-java-agent" into file named test.json', async () => { - const CMD = `frodo agent java export -i frodo-test-java-agent -f test.json`; - const exportFile = "test.json"; + test('"frodo agent java export -i frodo-test-java-agent -f my-frodo-test-java-agent.java.agent.json": should export the java agent with agent id "frodo-test-java-agent" into file named my-frodo-test-java-agent.java.agent.json', async () => { + const exportFile = "my-frodo-test-java-agent.java.agent.json"; + const CMD = `frodo agent java export -i frodo-test-java-agent -f ${exportFile}`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent java export -a": should export all java agents to a single file', async () => { - const CMD = `frodo agent java export -a`; const exportFile = "allAlphaAgents.java.agent.json"; + const CMD = `frodo agent java export -a`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent java export --all": should export all java agents to a single file', async () => { - const CMD = `frodo agent java export --all`; const exportFile = "allAlphaAgents.java.agent.json"; + const CMD = `frodo agent java export --all`; await testExport(CMD, env, type, exportFile); }); - test('"frodo agent java export -a --file test.json": should export all java agents to a single file named test.json', async () => { - const CMD = `frodo agent java export -a --file test.json`; - const exportFile = "test.json"; + test('"frodo agent java export -a --file my-allAlphaAgents.java.agent.json": should export all java agents to a single file named my-allAlphaAgents.java.agent.json', async () => { + const exportFile = "my-allAlphaAgents.java.agent.json"; + const CMD = `frodo agent java export -a --file ${exportFile}`; await testExport(CMD, env, type, exportFile); }); diff --git a/test/e2e/agent-web-export.e2e.test.js b/test/e2e/agent-web-export.e2e.test.js index 1c66ff188..2cbd2fceb 100644 --- a/test/e2e/agent-web-export.e2e.test.js +++ b/test/e2e/agent-web-export.e2e.test.js @@ -56,6 +56,17 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent web export -A FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent web export --all-separate */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export -i frodo-test-web-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export --agent-id frodo-test-web-agent +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export -i frodo-test-web-agent -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export -a +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export --all +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export -A +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web export --all-separate +*/ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; @@ -71,38 +82,38 @@ const type = 'web.agent'; describe('frodo agent web export', () => { test('"frodo agent web export -i frodo-test-web-agent": should export the web agent with agent id "frodo-test-web-agent"', async () => { - const CMD = `frodo agent web export -i frodo-test-web-agent`; const exportFile = "frodo-test-web-agent.web.agent.json"; + const CMD = `frodo agent web export -i frodo-test-web-agent`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent web export --agent-id frodo-test-web-agent": should export the web agent with agent id "frodo-test-web-agent"', async () => { - const CMD = `frodo agent web export --agent-id frodo-test-web-agent`; const exportFile = "frodo-test-web-agent.web.agent.json"; + const CMD = `frodo agent web export --agent-id frodo-test-web-agent`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent web export -i frodo-test-web-agent -f test.json": should export the web agent with agent id "frodo-test-web-agent" into file named test.json', async () => { - const CMD = `frodo agent web export -i frodo-test-web-agent -f test.json`; - const exportFile = "test.json"; + const exportFile = "frodo-test-web-agent.web.agent.json"; + const CMD = `frodo agent web export -i frodo-test-web-agent -f ${exportFile}`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent web export -a": should export all web agents to a single file', async () => { - const CMD = `frodo agent web export -a`; const exportFile = "allAlphaAgents.web.agent.json"; + const CMD = `frodo agent web export -a`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent web export --all": should export all web agents to a single file', async () => { - const CMD = `frodo agent web export --all`; const exportFile = "allAlphaAgents.web.agent.json"; + const CMD = `frodo agent web export --all`; await testExport(CMD, env, type, exportFile); }); test('"frodo agent web export -a --file test.json": should export all web agents to a single file named test.json', async () => { - const CMD = `frodo agent web export -a --file test.json`; - const exportFile = "test.json"; + const exportFile = "my-allAlphaAgents.web.agent.json"; + const CMD = `frodo agent web export -a --file ${exportFile}`; await testExport(CMD, env, type, exportFile); }); From cdc2e74afae5a6b3ef6b1ac9a915a62b4391b8f6 Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Fri, 22 Sep 2023 20:24:41 -0500 Subject: [PATCH 03/18] update app tests and snapshots --- .../__snapshots__/app-export.e2e.test.js.snap | 51855 +++++----------- .../__snapshots__/app-list.e2e.test.js.snap | 75 +- test/e2e/app-export.e2e.test.js | 124 +- test/e2e/app-list.e2e.test.js | 8 +- 4 files changed, 14567 insertions(+), 37495 deletions(-) diff --git a/test/e2e/__snapshots__/app-export.e2e.test.js.snap b/test/e2e/__snapshots__/app-export.e2e.test.js.snap index 193d5ce67..d253d8694 100644 --- a/test/e2e/__snapshots__/app-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/app-export.e2e.test.js.snap @@ -1,15 +1,14 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`frodo app export "frodo app export --all": should export all apps to a single file 1`] = `""`; +exports[`frodo app export "frodo app export --all -f my-allAlphaApplications.application.json": should export all apps to a single file named my-allAlphaApplications.application.json 1`] = `""`; -exports[`frodo app export "frodo app export --all": should export all apps to a single file 2`] = ` +exports[`frodo app export "frodo app export --all -f my-allAlphaApplications.application.json": should export all apps to a single file named my-allAlphaApplications.application.json 2`] = ` { "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", + "testapp": { + "_id": "testapp", "_provider": { "_id": "", - "_rev": "520068704", "_type": { "_id": "oauth-oidc", "collection": false, @@ -44,6 +43,7 @@ exports[`frodo app export "frodo app export --all": should export all apps to a "urn:ietf:params:oauth:grant-type:jwt-bearer", ], "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeSubnameInTokenClaims": true, "macaroonTokenFormat": "V2", "maxAgeOfRequestObjectNbfClaim": 0, "maxDifferenceBetweenRequestObjectNbfAndExp": 0, @@ -100,7 +100,9 @@ exports[`frodo app export "frodo app export --all": should export all apps to a "defaultACR": [], "idTokenInfoClientAuthenticationEnabled": true, "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, + "loaMapping": { + "push": "Baseline-CIBA", + }, "storeOpsTokens": true, "supportedAuthorizationResponseEncryptionAlgorithms": [ "ECDH-ES+A256KW", @@ -420,35890 +422,7199 @@ exports[`frodo app export "frodo app export --all": should export all apps to a "validateScopeScript": "[Empty]", }, }, - "_rev": "609033111", "_type": { "_id": "OAuth2Client", "collection": true, "name": "OAuth2 Clients", }, "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, + "clientUri": { + "inherited": false, + "value": [], + }, + "contacts": { + "inherited": false, + "value": [], + }, + "customProperties": { + "inherited": false, + "value": [], + }, + "descriptions": { + "inherited": false, + "value": [ + "Test App", + ], + }, + "grantTypes": { + "inherited": false, + "value": [ + "authorization_code", + ], + }, + "isConsentImplied": { + "inherited": false, + "value": false, + }, + "javascriptOrigins": { + "inherited": false, + "value": [], + }, + "logoUri": { + "inherited": false, + "value": [], + }, + "mixUpMitigation": { + "inherited": false, + "value": false, + }, + "name": { + "inherited": false, + "value": [], + }, + "policyUri": { + "inherited": false, + "value": [], + }, + "refreshTokenGracePeriod": { + "inherited": false, + "value": 0, + }, + "requestUris": { + "inherited": false, + "value": [], + }, + "require_pushed_authorization_requests": { + "inherited": false, + "value": false, + }, + "responseTypes": { + "inherited": false, + "value": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + }, + "sectorIdentifierUri": { + "inherited": false, + }, + "softwareIdentity": { + "inherited": false, + }, + "softwareVersion": { + "inherited": false, + }, + "subjectType": { + "inherited": false, + "value": "public", + }, + "tokenEndpointAuthMethod": { + "inherited": false, + "value": "client_secret_basic", + }, + "tokenExchangeAuthLevel": { + "inherited": false, + "value": 0, + }, + "tosURI": { + "inherited": false, + "value": [], + }, + "updateAccessToken": { + "inherited": false, + }, }, "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "agentgroup": null, - "authorizationCodeLifetime": 120, - "clientName": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", + "accessTokenLifetime": { + "inherited": false, + "value": 0, + }, + "authorizationCodeLifetime": { + "inherited": false, + "value": 0, + }, + "clientName": { + "inherited": false, + "value": [ + "testapp", + ], + }, + "clientType": { + "inherited": false, + "value": "Confidential", + }, + "defaultScopes": { + "inherited": false, + "value": [], + }, + "loopbackInterfaceRedirection": { + "inherited": false, + "value": false, + }, + "redirectionUris": { + "inherited": false, + "value": [], + }, + "refreshTokenLifetime": { + "inherited": false, + "value": 0, + }, + "scopes": { + "inherited": false, + "value": [], + }, + "status": { + "inherited": false, + "value": "Active", + }, "userpassword": null, }, "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], + "backchannel_logout_session_required": { + "inherited": false, + "value": false, + }, + "backchannel_logout_uri": { + "inherited": false, + }, + "claims": { + "inherited": false, + "value": [], + }, + "clientSessionUri": { + "inherited": false, + }, + "defaultAcrValues": { + "inherited": false, + "value": [], + }, + "defaultMaxAge": { + "inherited": false, + "value": 600, + }, + "defaultMaxAgeEnabled": { + "inherited": false, + "value": false, + }, + "jwtTokenLifetime": { + "inherited": false, + "value": 0, + }, + "postLogoutRedirectUri": { + "inherited": false, + "value": [], + }, }, "coreUmaClientConfig": { - "claimsRedirectionUris": [], + "claimsRedirectionUris": { + "inherited": false, + "value": [], + }, }, "overrideOAuth2ClientConfig": { "accessTokenMayActScript": "[Empty]", "accessTokenModificationPluginType": "PROVIDER", "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", "authorizeEndpointDataProviderPluginType": "PROVIDER", "authorizeEndpointDataProviderScript": "[Empty]", "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, "enableRemoteConsent": false, "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", "evaluateScopePluginType": "PROVIDER", "evaluateScopeScript": "[Empty]", "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, "oidcClaimsPluginType": "PROVIDER", "oidcClaimsScript": "[Empty]", "oidcMayActScript": "[Empty]", "overrideableOIDCClaims": [], "providerOverridesEnabled": false, "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", "statelessTokensEnabled": false, "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, "usePolicyEngineForScope": false, "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", "validateScopePluginType": "PROVIDER", "validateScopeScript": "[Empty]", }, "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", + "authorizationResponseEncryptionAlgorithm": { + "inherited": false, }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], + "authorizationResponseEncryptionMethod": { + "inherited": false, }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, + "authorizationResponseSigningAlgorithm": { + "inherited": false, + "value": "RS256", }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], + "clientJwtPublicKey": { + "inherited": false, }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], + "idTokenEncryptionAlgorithm": { + "inherited": false, + "value": "RSA-OAEP-256", }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + "idTokenEncryptionEnabled": { + "inherited": false, + "value": false, }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, + "idTokenEncryptionMethod": { + "inherited": false, + "value": "A128CBC-HS256", }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + "idTokenPublicEncryptionKey": { + "inherited": false, }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, + "idTokenSignedResponseAlg": { + "inherited": false, + "value": "RS256", }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", + "jwkSet": { + "inherited": false, + }, + "jwkStoreCacheMissCacheTime": { + "inherited": false, + "value": 60000, + }, + "jwksCacheTimeout": { + "inherited": false, + "value": 3600000, + }, + "jwksUri": { + "inherited": false, + }, + "mTLSCertificateBoundAccessTokens": { + "inherited": false, + "value": false, + }, + "mTLSSubjectDN": { + "inherited": false, + }, + "mTLSTrustedCert": { + "inherited": false, + }, + "publicKeyLocation": { + "inherited": false, + "value": "jwks_uri", + }, + "requestParameterEncryptedAlg": { + "inherited": false, + }, + "requestParameterEncryptedEncryptionAlgorithm": { + "inherited": false, + "value": "A128CBC-HS256", + }, + "requestParameterSignedAlg": { + "inherited": false, + }, + "tokenEndpointAuthSigningAlgorithm": { + "inherited": false, + "value": "RS256", + }, + "tokenIntrospectionEncryptedResponseAlg": { + "inherited": false, + "value": "RSA-OAEP-256", + }, + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { + "inherited": false, + "value": "A128CBC-HS256", + }, + "tokenIntrospectionResponseFormat": { + "inherited": false, + "value": "JSON", + }, + "tokenIntrospectionSignedResponseAlg": { + "inherited": false, + "value": "RS256", + }, + "userinfoEncryptedResponseAlg": { + "inherited": false, + }, + "userinfoEncryptedResponseEncryptionAlgorithm": { + "inherited": false, + "value": "A128CBC-HS256", + }, + "userinfoResponseFormat": { + "inherited": false, + "value": "JSON", + }, + "userinfoSignedResponseAlg": { + "inherited": false, }, }, - "_rev": "114809105", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", + }, + }, + "connector": { + "EncoreAD": { + "_id": "provisioner.openicf/EncoreAD", + "configurationProperties": { + "accountObjectClasses": [ + "top", + "person", + "organizationalPerson", + "user", ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", + "accountSearchFilter": "(objectClass=User)", + "accountSynchronizationFilter": null, + "accountUserNameAttributes": [ + "uid", + "cn", ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", + "allowTreeDelete": false, + "alternateKeyStore": null, + "alternateKeyStorePassword": null, + "alternateKeyStoreType": null, + "attributesToSynchronize": [], + "authType": "simple", + "baseContexts": [ + "OU=Encore,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", + "baseContextsToSynchronize": [], + "blockSize": 100, + "changeLogBlockSize": 100, + "changeNumberAttribute": "changeNumber", + "checkAliveMinInterval": 60, + "connectionTimeout": 30000, + "convertADIntervalToISO8601": [ + "pwdLastSet", + "accountExpires", + "lockoutTime", + "lastLogon", ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1085185403", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-318736287", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "descriptions": [], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": "http://am:80/am/oauth2/connect/jwk_uri", - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "774164625", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1434622129", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - "isConsentImplied": true, - "javascriptOrigins": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - "refreshTokenLifetime": 604800, - "scopes": [ - "openid", - "profile", - "email", - "secctx", - ], - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1445881116", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - "grantTypes": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "authorizationCodeLifetime": 0, - "clientName": [ - "test2", - ], - "clientType": "Confidential", - "defaultScopes": [ - "openid", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - }, - "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", - "", - " var computedClaims = new frJava.LinkedHashMap();", - "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", - "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", - "", - " return computedClaims;", - " }", - "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", - "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", - "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", - "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", - "", - " return compositeScopes;", - " }", - "", - " // PUBLIC METHODS", - "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", - "", - " // RESULTS", - "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", - "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", - "", - " return userInfoClaims;", - "}());", - "", - ], - }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", - ], - }, - }, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 1`] = `""`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 2`] = ` -{ - "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1749759567", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 3`] = ` -{ - "application": { - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1486692171", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 4`] = ` -{ - "application": { - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1978484533", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 5`] = ` -{ - "application": { - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "119389614", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - "value": "http://am:80/am/oauth2/connect/jwk_uri", - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 6`] = ` -{ - "application": { - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "236190531", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 7`] = ` -{ - "application": { - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "878347817", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "profile", - "email", - "secctx", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export --all-separate": should export all apps to separate files 8`] = ` -{ - "application": { - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "670386148", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [ - "test2", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "openid", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", - "", - " var computedClaims = new frJava.LinkedHashMap();", - "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", - "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", - "", - " return computedClaims;", - " }", - "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", - "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", - "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", - "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", - "", - " return compositeScopes;", - " }", - "", - " // PUBLIC METHODS", - "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", - "", - " // RESULTS", - "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", - "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", - "", - " return userInfoClaims;", - "}());", - "", - ], - }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", - ], - }, - }, -} -`; - -exports[`frodo app export "frodo app export --app-id test2": should export the app with app id "test2" 1`] = `""`; - -exports[`frodo app export "frodo app export --app-id test2": should export the app with app id "test2" 2`] = ` -{ - "application": { - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "670386148", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [ - "test2", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "openid", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", - "", - " var computedClaims = new frJava.LinkedHashMap();", - "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", - "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", - "", - " return computedClaims;", - " }", - "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", - "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", - "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", - "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", - "", - " return compositeScopes;", - " }", - "", - " // PUBLIC METHODS", - "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", - "", - " // RESULTS", - "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", - "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", - "", - " return userInfoClaims;", - "}());", - "", - ], - }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", - ], - }, - }, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 1`] = `""`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 2`] = ` -{ - "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1749759567", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 3`] = ` -{ - "application": { - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1486692171", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 4`] = ` -{ - "application": { - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1978484533", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 5`] = ` -{ - "application": { - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "119389614", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - "value": "http://am:80/am/oauth2/connect/jwk_uri", - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 6`] = ` -{ - "application": { - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "236190531", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 7`] = ` -{ - "application": { - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "878347817", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "profile", - "email", - "secctx", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A --no-deps": should export all apps to separate files with no dependencies 8`] = ` -{ - "application": { - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "670386148", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [ - "test2", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "openid", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 1`] = `""`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 2`] = ` -{ - "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1749759567", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 3`] = ` -{ - "application": { - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1486692171", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 4`] = ` -{ - "application": { - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1978484533", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 5`] = ` -{ - "application": { - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "119389614", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - "value": "http://am:80/am/oauth2/connect/jwk_uri", - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 6`] = ` -{ - "application": { - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "236190531", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "Public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "fr:idm:*", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 7`] = ` -{ - "application": { - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "878347817", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": true, - }, - "javascriptOrigins": { - "inherited": false, - "value": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "refreshTokenGracePeriod": { - "inherited": false, - "value": 0, - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "require_pushed_authorization_requests": { - "inherited": false, - "value": false, - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 120, - }, - "clientName": { - "inherited": false, - "value": [], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 604800, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "profile", - "email", - "secctx", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 3600, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": { - "inherited": false, - }, - "authorizationResponseEncryptionMethod": { - "inherited": false, - }, - "authorizationResponseSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -A": should export all apps to separate files 8`] = ` -{ - "application": { - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "670386148", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": { - "inherited": false, - "value": [], - }, - "contacts": { - "inherited": false, - "value": [], - }, - "customProperties": { - "inherited": false, - "value": [], - }, - "descriptions": { - "inherited": false, - "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - }, - "grantTypes": { - "inherited": false, - "value": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - }, - "isConsentImplied": { - "inherited": false, - "value": false, - }, - "javascriptOrigins": { - "inherited": false, - "value": [], - }, - "logoUri": { - "inherited": false, - "value": [], - }, - "mixUpMitigation": { - "inherited": false, - "value": false, - }, - "name": { - "inherited": false, - "value": [], - }, - "policyUri": { - "inherited": false, - "value": [], - }, - "requestUris": { - "inherited": false, - "value": [], - }, - "responseTypes": { - "inherited": false, - "value": [ - "code", - "token", - "id_token", - ], - }, - "sectorIdentifierUri": { - "inherited": false, - }, - "softwareIdentity": { - "inherited": false, - }, - "softwareVersion": { - "inherited": false, - }, - "subjectType": { - "inherited": false, - "value": "public", - }, - "tokenEndpointAuthMethod": { - "inherited": false, - "value": "client_secret_basic", - }, - "tokenExchangeAuthLevel": { - "inherited": false, - "value": 0, - }, - "tosURI": { - "inherited": false, - "value": [], - }, - "updateAccessToken": { - "inherited": false, - }, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": { - "inherited": false, - "value": 0, - }, - "authorizationCodeLifetime": { - "inherited": false, - "value": 0, - }, - "clientName": { - "inherited": false, - "value": [ - "test2", - ], - }, - "clientType": { - "inherited": false, - "value": "Confidential", - }, - "defaultScopes": { - "inherited": false, - "value": [ - "openid", - ], - }, - "loopbackInterfaceRedirection": { - "inherited": false, - "value": false, - }, - "redirectionUris": { - "inherited": false, - "value": [], - }, - "refreshTokenLifetime": { - "inherited": false, - "value": 0, - }, - "scopes": { - "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], - }, - "status": { - "inherited": false, - "value": "Active", - }, - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": { - "inherited": false, - "value": false, - }, - "backchannel_logout_uri": { - "inherited": false, - }, - "claims": { - "inherited": false, - "value": [], - }, - "clientSessionUri": { - "inherited": false, - }, - "defaultAcrValues": { - "inherited": false, - "value": [], - }, - "defaultMaxAge": { - "inherited": false, - "value": 600, - }, - "defaultMaxAgeEnabled": { - "inherited": false, - "value": false, - }, - "jwtTokenLifetime": { - "inherited": false, - "value": 0, - }, - "postLogoutRedirectUri": { - "inherited": false, - "value": [], - }, - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": { - "inherited": false, - "value": [], - }, - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": { - "inherited": false, - }, - "idTokenEncryptionAlgorithm": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "idTokenEncryptionEnabled": { - "inherited": false, - "value": false, - }, - "idTokenEncryptionMethod": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "idTokenPublicEncryptionKey": { - "inherited": false, - }, - "idTokenSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "jwkSet": { - "inherited": false, - }, - "jwkStoreCacheMissCacheTime": { - "inherited": false, - "value": 60000, - }, - "jwksCacheTimeout": { - "inherited": false, - "value": 3600000, - }, - "jwksUri": { - "inherited": false, - }, - "mTLSCertificateBoundAccessTokens": { - "inherited": false, - "value": false, - }, - "mTLSSubjectDN": { - "inherited": false, - }, - "mTLSTrustedCert": { - "inherited": false, - }, - "publicKeyLocation": { - "inherited": false, - "value": "jwks_uri", - }, - "requestParameterEncryptedAlg": { - "inherited": false, - }, - "requestParameterEncryptedEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "requestParameterSignedAlg": { - "inherited": false, - }, - "tokenEndpointAuthSigningAlgorithm": { - "inherited": false, - "value": "RS256", - }, - "tokenIntrospectionEncryptedResponseAlg": { - "inherited": false, - "value": "RSA-OAEP-256", - }, - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "tokenIntrospectionResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "tokenIntrospectionSignedResponseAlg": { - "inherited": false, - "value": "RS256", - }, - "userinfoEncryptedResponseAlg": { - "inherited": false, - }, - "userinfoEncryptedResponseEncryptionAlgorithm": { - "inherited": false, - "value": "A128CBC-HS256", - }, - "userinfoResponseFormat": { - "inherited": false, - "value": "JSON", - }, - "userinfoSignedResponseAlg": { - "inherited": false, - }, - }, - }, - }, - "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", - "", - " var computedClaims = new frJava.LinkedHashMap();", - "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", - "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", - "", - " return computedClaims;", - " }", - "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", - "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", - "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", - "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", - "", - " return compositeScopes;", - " }", - "", - " // PUBLIC METHODS", - "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", - "", - " // RESULTS", - "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", - "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", - "", - " return userInfoClaims;", - "}());", - "", - ], - }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", - ], - }, - }, -} -`; - -exports[`frodo app export "frodo app export -a --file test.json": should export all apps to a single file named test.json 1`] = `""`; - -exports[`frodo app export "frodo app export -a --file test.json": should export all apps to a single file named test.json 2`] = ` -{ - "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "609033111", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "agentgroup": null, - "authorizationCodeLifetime": 120, - "clientName": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "114809105", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1085185403", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-318736287", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "descriptions": [], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": "http://am:80/am/oauth2/connect/jwk_uri", - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "774164625", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1434622129", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - "isConsentImplied": true, - "javascriptOrigins": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - "refreshTokenLifetime": 604800, - "scopes": [ - "openid", - "profile", - "email", - "secctx", - ], - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1445881116", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - "grantTypes": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "authorizationCodeLifetime": 0, - "clientName": [ - "test2", - ], - "clientType": "Confidential", - "defaultScopes": [ - "openid", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - }, - "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", - "", - " var computedClaims = new frJava.LinkedHashMap();", - "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", - "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", - "", - " return computedClaims;", - " }", - "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", - "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", - "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", - "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", - "", - " return compositeScopes;", - " }", - "", - " // PUBLIC METHODS", - "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", - "", - " // RESULTS", - "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", - "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", - "", - " return userInfoClaims;", - "}());", - "", - ], - }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", - ], - }, - }, -} -`; - -exports[`frodo app export "frodo app export -a --no-deps": should export all apps to a single file with no dependencies 1`] = `""`; - -exports[`frodo app export "frodo app export -a --no-deps": should export all apps to a single file with no dependencies 2`] = ` -{ - "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "609033111", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "agentgroup": null, - "authorizationCodeLifetime": 120, - "clientName": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "114809105", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1085185403", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-318736287", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "descriptions": [], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": "http://am:80/am/oauth2/connect/jwk_uri", - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "774164625", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1434622129", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - "isConsentImplied": true, - "javascriptOrigins": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - "refreshTokenLifetime": 604800, - "scopes": [ - "openid", - "profile", - "email", - "secctx", - ], - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1445881116", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", - ], - "grantTypes": [ - "authorization_code", - "refresh_token", - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "authorizationCodeLifetime": 0, - "clientName": [ - "test2", - ], - "clientType": "Confidential", - "defaultScopes": [ - "openid", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - }, - "meta": Any, - "script": {}, -} -`; - -exports[`frodo app export "frodo app export -a": should export all apps to a single file 1`] = `""`; - -exports[`frodo app export "frodo app export -a": should export all apps to a single file 2`] = ` -{ - "application": { - "23281ea7-739b-4fd1-b953-eaae73a2b497": { - "_id": "23281ea7-739b-4fd1-b953-eaae73a2b497", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "609033111", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:31:09 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "agentgroup": null, - "authorizationCodeLifetime": 120, - "clientName": [ - "23281ea7-739b-4fd1-b953-eaae73a2b497", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "accessTokenModifierClass": null, - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "customLoginUrlTemplate": null, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsClass": null, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "49a2981c-e192-4739-a0e6-c7582168bdf5": { - "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "114809105", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:07:37 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "49a2981c-e192-4739-a0e6-c7582168bdf5", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "86fca6d7-2f52-4524-92c6-b6f416071455": { - "_id": "86fca6d7-2f52-4524-92c6-b6f416071455", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-1085185403", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 8/11/2022, 5:32:32 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "86fca6d7-2f52-4524-92c6-b6f416071455", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "RCSClient": { - "_id": "RCSClient", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "-318736287", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "descriptions": [], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "fr:idm:*", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", - "clientsCanSkipConsent": true, - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "providerOverridesEnabled": true, - "statelessTokensEnabled": true, - }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": "http://am:80/am/oauth2/connect/jwk_uri", - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f": { - "_id": "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "774164625", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Created by Frodo on 5/13/2023, 8:06:50 PM", - ], - "grantTypes": [ - "client_credentials", - ], - "isConsentImplied": true, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "Public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [ - "d4c3ecbc-4b03-4ad5-b32f-464bda442e3f", - ], - "clientType": "Confidential", - "defaultScopes": [ - "fr:idm:*", - ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 604800, - "scopes": [ - "fr:idm:*", - "fr:idc:esv:*", - "dynamic_client_registration", - ], - "status": "Active", - "userpassword": null, - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "ig-oidc-app": { - "_id": "ig-oidc-app", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, - }, - "_rev": "1434622129", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - "client_credentials", - "refresh_token", - ], - "isConsentImplied": true, - "javascriptOrigins": [ - "https://ig.mytestrun.com", - "https://ig.mytestrun.com:443", - ], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 3600, - "authorizationCodeLifetime": 120, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [ - "https://ig.mytestrun.com/home/oidc/callback", - ], - "refreshTokenLifetime": 604800, - "scopes": [ - "openid", - "profile", - "email", - "secctx", - ], - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 3600, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, - }, - }, - "test2": { - "_id": "test2", - "_provider": { - "_id": "", - "_rev": "520068704", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "PasswordGrant", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, + "convertGTToISO8601": [ + "whenCreated", + "whenChanged", + ], + "credentials": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "ReilS5BMTftYl2t8OZvtaQ==", + "iv": "jdqo9Kvv2ZxpWoywTUmT7w==", + "keySize": 16, + "mac": "N7QnFAv3SNRsBzEau1iDDg==", + "purpose": "idm.config.encryption", + "salt": "ut6NNENf3Op7SOjJuXdSdw==", + "stableId": "openidm-sym-default", + }, + }, + }, + "failover": [], + "filterWithOrInsteadOfAnd": false, + "getGroupMemberId": false, + "groupMemberAttribute": "member", + "groupObjectClasses": [ + "top", + "groupOfUniqueNames", + ], + "groupSearchFilter": "(&(!(cn=Domain Users))(objectClass=group))", + "groupSynchronizationFilter": null, + "gssapiLoginContext": null, + "host": "volker-demo.ad-volker-demo.encore.forgerock.org", + "hostNameVerification": false, + "hostNameVerifierPattern": null, + "lastCheckAlive": 1674482716432, + "maintainLdapGroupMembership": false, + "maintainPosixGroupMembership": false, + "modifiersNamesToFilterOut": [], + "objectClassesToSynchronize": [ + "user", + ], + "passwordAttribute": "unicodePwd", + "passwordHashAlgorithm": "WIN-AD", + "port": 636, + "principal": "CN=root,CN=Users,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + "privateKeyAlias": null, + "readSchema": false, + "referralsHandling": "follow", + "removeLogEntryObjectClassFromFilter": true, + "resetSyncToken": "never", + "respectResourcePasswordPolicyChangeAfterReset": false, + "sendCAUDTxId": false, + "ssl": true, + "startTLS": false, + "uidAttribute": "objectGUID", + "useBlocks": true, + "useDNSSRVRecord": false, + "useOldADGUIDFormat": false, + "usePagedResultControl": true, + "useTimestampsForSync": false, + "vlvSortAttribute": "sAMAccountName", + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.ldap-connector", + "bundleVersion": "1.5.20.12", + "connectorHostRef": "adrcs", + "connectorName": "org.identityconnectors.ldap.LdapConnector", + "displayName": "LDAP Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "Group": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__ENABLE__": { + "nativeName": "__ENABLE__", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "required": false, + "type": "boolean", + "userSpecific": true, + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "type": "JAVA_TYPE_GUARDEDSTRING", + }, + "accountExpires": { + "nativeName": "accountExpires", + "nativeType": "string", + "type": "string", + }, + "c": { + "nativeName": "c", + "nativeType": "string", + "type": "string", + }, + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "required": false, + "type": "string", + }, + "co": { + "nativeName": "co", + "nativeType": "string", + "type": "string", + }, + "company": { + "nativeName": "company", + "nativeType": "string", + "type": "string", + }, + "countryCode": { + "nativeName": "countryCode", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "division": { + "nativeName": "division", + "nativeType": "string", + "type": "string", + }, + "employeeID": { + "nativeName": "employeeID", + "nativeType": "string", + "type": "string", + }, + "employeeNumber": { + "nativeName": "employeeNumber", + "nativeType": "string", + "type": "string", + }, + "employeeType": { + "nativeName": "employeeType", + "nativeType": "string", + "type": "string", + }, + "facsimileTelephoneNumber": { + "nativeName": "facsimileTelephoneNumber", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "homePhone": { + "nativeName": "homePhone", + "nativeType": "string", + "type": "string", + }, + "initials": { + "nativeName": "initials", + "nativeType": "string", + "type": "string", + }, + "l": { + "nativeName": "l", + "nativeType": "string", + "type": "string", + }, + "lastLogon": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lastLogon", + "nativeType": "string", + "type": "string", + }, + "ldapGroups": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "ldapGroups", + "nativeType": "string", + "required": false, + "type": "array", + "userSpecific": false, + }, + "lockoutTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lockoutTime", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "string", + "type": "string", + }, + "memberOf": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "middleName": { + "nativeName": "middleName", + "nativeType": "string", + "type": "string", + }, + "mobile": { + "nativeName": "mobile", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "otherHomePhone": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherHomePhone", + "nativeType": "string", + "type": "array", + }, + "physicalDeliveryOfficeName": { + "nativeName": "physicalDeliveryOfficeName", + "nativeType": "string", + "type": "string", + }, + "postOfficeBox": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "postOfficeBox", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "pwdLastSet": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "pwdLastSet", + "nativeType": "string", + "type": "string", + }, + "sAMAccountName": { + "nativeName": "sAMAccountName", + "nativeType": "string", + "type": "string", + }, + "sn": { + "nativeName": "sn", + "nativeType": "string", + "type": "string", + }, + "st": { + "nativeName": "st", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "telephoneNumber": { + "nativeName": "telephoneNumber", + "nativeType": "string", + "type": "string", + }, + "title": { + "nativeName": "title", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "userAccountControl": { + "nativeName": "userAccountControl", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + "HRLite": { + "_id": "provisioner.openicf/HRLite", + "configurationProperties": { + "abandonWhenPercentageFull": 0, + "accessToUnderlyingConnectionAllowed": true, + "alternateUsernameAllowed": false, + "authenticateScriptFileName": "HRliteAuthenticateScript.groovy", + "autoCommit": true, + "classpath": [], + "commitOnReturn": false, + "connectionProperties": null, + "createScriptFileName": "HRliteCreateScript.groovy", + "customConfiguration": null, + "customSensitiveConfiguration": null, + "customizerScriptFileName": null, + "dataSourceJNDI": null, + "debug": false, + "defaultAutoCommit": null, + "defaultCatalog": null, + "defaultReadOnly": null, + "defaultTransactionIsolation": -1, + "deleteScriptFileName": "HRliteDeleteScript.groovy", + "disabledGlobalASTTransformations": null, + "driverClassName": "com.mysql.jdbc.Driver", + "fairQueue": true, + "ignoreExceptionOnPreLoad": false, + "initSQL": null, + "initialSize": 10, + "jdbcInterceptors": null, + "jmxEnabled": true, + "logAbandoned": false, + "logValidationErrors": false, + "maxActive": 100, + "maxAge": 0, + "maxIdle": 100, + "maxWait": 30000, + "minEvictableIdleTimeMillis": 60000, + "minIdle": 10, + "minimumRecompilationInterval": 100, + "name": "Tomcat Connection Pool[1-265824587]", + "numTestsPerEvictionRun": 0, + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "73doNZivdgZ7KmuOlzFBdD/7blip0OU6uRwBDv53wcQ=", + "iv": "/C0QyOAnnUNQCovrsMgzEw==", + "keySize": 16, + "mac": "EAPShe6oCwxlTCHYC2wBlQ==", + "purpose": "idm.config.encryption", + "salt": "zYm6JkzqEzE1/0Y+o9K3+Q==", + "stableId": "openidm-sym-default", + }, + }, + }, + "propagateInterruptState": false, + "recompileGroovySource": false, + "removeAbandoned": false, + "removeAbandonedTimeout": 60, + "resolveUsernameScriptFileName": null, + "rollbackOnReturn": false, + "schemaScriptFileName": "HRliteSchemaScript.groovy", + "scriptBaseClass": null, + "scriptExtensions": [ + "groovy", + ], + "scriptOnResourceScriptFileName": null, + "scriptRoots": "/opt/forgerock/openicf/scripts/hrlite", + "searchScriptFileName": "HRliteSearchScript.groovy", + "sourceEncoding": "UTF-8", + "suspectTimeout": 0, + "syncScriptFileName": "HRliteSyncScript.groovy", + "targetDirectory": null, + "testOnBorrow": false, + "testOnConnect": false, + "testOnReturn": false, + "testScriptFileName": "HRliteTestScript.groovy", + "testWhileIdle": false, + "timeBetweenEvictionRunsMillis": 5000, + "tolerance": 10, + "updateScriptFileName": "HRliteUpdateScript.groovy", + "url": "jdbc:mysql://mariadb:3306/hrdb?autoReconnect=true", + "useDisposableConnectionFacade": true, + "useEquals": true, + "useLock": false, + "useStatementFacade": true, + "username": "hradmin", + "validationInterval": 2000, + "validationQuery": "SELECT 1 FROM DUAL", + "validationQueryTimeout": -1, + "validatorClassName": null, + "verbose": false, + "warningLevel": 1, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.scriptedsql-connector", + "bundleVersion": "1.5.20.9", + "connectorHostRef": "encorebaseline", + "connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector", + "displayName": "Scripted SQL Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "address": { + "nativeName": "address", + "nativeType": "string", + "required": true, + "type": "string", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "required": true, + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depId": { + "nativeName": "depId", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depName": { + "nativeName": "depName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "email": { + "nativeName": "email", + "nativeType": "string", + "required": true, + "type": "string", + }, + "empType": { + "nativeName": "empType", + "nativeType": "string", + "required": true, + "type": "string", + }, + "externalMail": { + "nativeName": "externalMail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "firstName": { + "nativeName": "firstName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "isManager": { + "nativeName": "isManager", + "nativeType": "string", + "required": true, + "type": "string", + }, + "jobCode": { + "nativeName": "jobCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "lastName": { + "nativeName": "lastName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "phone": { + "nativeName": "phone", + "nativeType": "string", + "required": true, + "type": "string", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "required": true, + "type": "string", + }, + "status": { + "nativeName": "status", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "department": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "department", + "nativeType": "department", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "required": true, + "type": "string", + }, + "name": { + "nativeName": "name", + "nativeType": "string", + "required": true, + "type": "string", + }, + "parent": { + "nativeName": "parent", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], + }, + }, + "0e5811ab-ef31-401b-aaa1-70b523eafa55": { + "_id": "0e5811ab-ef31-401b-aaa1-70b523eafa55", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/puzzle.svg", + "name": "engineering", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fengineering&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Froles%2Fsaml", + "idpPrivateId": "ZW5naW5lZXJpbmctSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-497", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "1b3510cf-9352-4573-9cd8-1eaf36cc629c": { + "_id": "1b3510cf-9352-4573-9cd8-1eaf36cc629c", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/eolic-energy.svg", + "name": "company", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fcompany&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fcompany%2Fsaml", + "idpPrivateId": "Y29tcGFueS1JRFA", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-481", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "368b5b11-d8db-4079-98e9-0573934aef04": { + "_id": "368b5b11-d8db-4079-98e9-0573934aef04", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/infography.svg", + "name": "sales", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fsales&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fsales%2Fsaml", + "idpPrivateId": "c2FsZXMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-503", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "9fb975e4-9723-4fac-9fe7-ee25053c6218": { + "_id": "9fb975e4-9723-4fac-9fe7-ee25053c6218", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/hot-air-balloon.svg", + "name": "benefits", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fbenefits&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fbenefits%2Fsaml", + "idpPrivateId": "YmVuZWZpdHMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-492", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322": { + "_id": "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322", + "description": "Test App", + "name": "testapp", + "ssoEntities": { + "oidcId": "testapp", + }, + "templateName": "web", + "templateVersion": "1.0", + }, + "d7f62815-a835-4e2f-a69e-25e7f9019fc2": { + "_id": "d7f62815-a835-4e2f-a69e-25e7f9019fc2", + "authoritative": false, + "connectorId": "EncoreAD", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemEncoreadUser_managedAlpha_user", + "managedAlpha_user_systemEncoreadUser", + ], + "name": "EncoreAD", + "templateName": "active.directory", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "Group": { + "properties": { + "cn": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + "User": { + "properties": { + "__ENABLE__": { + "userSpecific": true, + }, + "__NAME__": { + "userSpecific": true, + }, + "__PASSWORD__": { + "userSpecific": true, + }, + "accountExpires": { + "userSpecific": true, + }, + "c": { + "userSpecific": true, + }, + "cn": { + "userSpecific": true, + }, + "co": { + "userSpecific": true, + }, + "company": { + "userSpecific": true, + }, + "countryCode": { + "userSpecific": true, + }, + "department": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "division": { + "userSpecific": true, + }, + "employeeID": { + "userSpecific": true, + }, + "employeeNumber": { + "userSpecific": true, + }, + "employeeType": { + "userSpecific": true, + }, + "facsimileTelephoneNumber": { + "userSpecific": true, + }, + "givenName": { + "userSpecific": true, + }, + "homePhone": { + "userSpecific": true, + }, + "initials": { + "userSpecific": true, + }, + "l": { + "userSpecific": true, + }, + "lastLogon": { + "userSpecific": true, + }, + "ldapGroups": {}, + "lockoutTime": { + "userSpecific": true, + }, + "mail": { + "userSpecific": true, + }, + "manager": { + "userSpecific": true, + }, + "memberOf": { + "userSpecific": true, + }, + "middleName": { + "userSpecific": true, + }, + "mobile": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "otherHomePhone": { + "userSpecific": true, + }, + "physicalDeliveryOfficeName": { + "userSpecific": true, + }, + "postOfficeBox": { + "userSpecific": true, + }, + "postalCode": { + "userSpecific": true, + }, + "pwdLastSet": { + "userSpecific": true, + }, + "sAMAccountName": { + "userSpecific": true, + }, + "sn": { + "userSpecific": true, + }, + "st": { + "userSpecific": true, + }, + "streetAddress": { + "userSpecific": true, + }, + "telephoneNumber": { + "userSpecific": true, + }, + "title": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "userAccountControl": { + "userSpecific": true, + }, + "userPrincipalName": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], + }, + }, + "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2": { + "_id": "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2", + "description": "This is a bookmark", + "name": "MrAnderson", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://mranderson.scheuber.io", + }, + }, + "mapping": { + "managedAlpha_user_systemEncoreadUser": { + "_id": "sync/managedAlpha_user_systemEncoreadUser", + "consentRequired": false, + "displayName": "managedAlpha_user_systemEncoreadUser", + "icon": null, + "name": "managedAlpha_user_systemEncoreadUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + ], + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "cn", + "target": "cn", + }, + { + "source": "sn", + "target": "sn", + }, + { + "source": "userName", + "target": "sAMAccountName", + }, + { + "source": "", + "target": "userPrincipalName", + "transform": { + "source": "\`\${source.userName}@ad-volker-demo.encore.forgerock.org\`;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__ENABLE__", + "transform": { + "source": "(source.accountStatus==='active') ? true : false;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__NAME__", + "transform": { + "source": "(source.accountStatus=="active")? \`cn=\${source.userName},ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`:\`cn=\${source.userName},ou=Inactive,ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": "openidm.decrypt(source.custom_encryptedPassword)", + "type": "text/javascript", + }, }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, + ], + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"] or lastSync/managedAlpha_user_systemEncoreadUser pr", + }, + "target": "system/EncoreAD/User", + }, + "systemEncoreadUser_managedAlpha_user": { + "_id": "sync/systemEncoreadUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.userPrincipalName + '"'}; qry", + "type": "text/javascript", }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + ], + "displayName": "systemEncoreadUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemEncoreadUser", + "name": "systemEncoreadUser_managedAlpha_user", + "onLink": { + "globals": { + "assignmentResCollection": "managed/alpha_assignment", + }, + "source": "function javaIsEqual(old, other) { + var JsonPatch = org.forgerock.json.JsonPatch; + var JsonValue = org.forgerock.json.JsonValue; + return JsonPatch.diff(JsonValue(old), JsonValue(other)).asList().size() === 0; +} + +if (situation === "FOUND") { + var params = { + "resourceId": targetId, + "mapping": mappingConfig.links, + "linkQualifier": linkQualifier + }; + + // get the preview of the target object from the outbound mapping + var targetPreview = openidm.action("sync", "getTargetPreview", {}, params); + var attributes = []; + + // find all values where target app user has different values from the correlated IDM user + Object.keys(source).filter(function (key) { + if (key in targetPreview) { + return !javaIsEqual(source[key], targetPreview[key]); + } else { + return false + } + }).forEach(function (key) { + var attribute = { + "name": key, + "value": source[key] + }; + attributes.push(attribute); + }) + + // create override assignment if any diff was found + if (attributes.length > 0) { + var assignment = { + "name": targetId + "-overrideAssignment", + "description": targetId + "override assignment", + "mapping": mappingConfig.links, + "attributes": attributes, + "type": "__OVERRIDE__", + "members": [{"_ref": mappingConfig.target + "/" + targetId}] + }; + var assignmentResult = openidm.create(assignmentResCollection, null, assignment); + var result = openidm.action("sync", "getTargetPreview", {}, params); + Object.keys(source).forEach(function (key) { + if (typeof result[key] === "undefined" || javaIsEqual(source[key], result[key])) { + return + } + // unable to successfully recreate object being linked, delete assignment and throw exception + openidm.delete(assignmentResCollection + "/" + assignmentResult._id, null); + throw "Unable to successfully recreate " + sourceId + " with an assignment for " + targetId; + }) + } +}", + "type": "text/javascript", + }, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "postAction": { + "globals": {}, + "source": "openidm.create("managed/alpha_user/"+target._id+"/applications",null,{_ref:"managed/alpha_application/d7f62815-a835-4e2f-a69e-25e7f9019fc2"})", + "type": "text/javascript", + }, + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, + ], + "properties": [], + "runTargetPhase": false, + "source": "system/EncoreAD/User", + "target": "managed/alpha_user", + }, + "systemHrlite__account___managedAlpha_user": { + "_id": "sync/systemHrlite__account___managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "frIndexedInteger1", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "systemHrlite__account___managedAlpha_user", + "type": "text/javascript", }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", + ], + "displayName": "systemHrlite__account___managedAlpha_user", + "icon": null, + "name": "systemHrlite__account___managedAlpha_user", + "onCreate": { + "globals": {}, + "source": "// Script has access to the following variables: +// sourceObject +// targetObject +// existingTargetObject +// linkQualifier +var givenName = source.firstName; +logger.info ("this is the givenName " + givenName); +var sn = source.lastName; +logger.info ("this is the sn " + sn); + +/* first choice of username */ +var checkuserName = givenName.substring(0,1).concat(sn).toLowerCase(); +logger.info ("calculated checkuserName " + checkuserName); +/* if the userName is not found no need to go further */ +var queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" +}; + +var queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); +if (queryResult.resultCount > 0) { + /* second choice of username */ + checkuserName = givenName.substring(0,2).concat(sn).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + /* while the userName is found try above for second then add time to end until found */ + while (queryResult.resultCount > 0) { + /* timeadded to choice of username */ + var millis = String(Date.now()); + logger.info ("calculated checkuserName " + checkuserName); + checkuserName = givenName.substring(0,1).concat(sn).concat(millis.substring(millis.length - 4)).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + } +} +target.userName = checkuserName; +target.cn = checkuserName + " " + givenName + " " + sn; +target.mail = checkuserName+"@ad-volker-demo.encore.forgerock.org"; +target.password = 'Frdp-2010'; +//Mail domain is dependent on your AD domain name…. +logger.info ("Final userName " + checkuserName); +// Role assignment scripts must always return targetObject, otherwise +// other scripts and code that occur downstream of your script will +// not work as expected. +", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "EXCEPTION", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "EXCEPTION", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "UPDATE", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "", + "target": "frIndexedInteger1", + "transform": { + "source": "parseInt(source.__NAME__)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger2", + "transform": { + "source": "parseInt(source.status)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger3", + "transform": { + "source": "parseInt(source.depId)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger4", + "transform": { + "source": "parseInt(source.jobCode)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger5", + "transform": { + "source": "parseInt(source.empType)", + "type": "text/javascript", + }, + }, + { + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "city", + "target": "city", + }, + { + "source": "state", + "target": "stateProvince", + }, + { + "source": "address", + "target": "postalAddress", + }, + { + "source": "postalCode", + "target": "postalCode", + }, + { + "source": "country", + "target": "country", + }, + { + "source": "firstName", + "target": "givenName", + }, + { + "source": "lastName", + "target": "sn", + }, + { + "source": "isManager", + "target": "frIndexedString4", + }, + { + "source": "externalMail", + "target": "frIndexedString5", + }, + { + "source": "", + "target": "accountStatus", + "transform": { + "source": "(parseInt(source.status)==5)?"inactive":"active";", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": true, + "source": "system/HRLite/__ACCOUNT__", + "target": "managed/alpha_user", + "taskThreads": 1, + }, + }, + "meta": Any, + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "Y29tcGFueS1JRFA": { + "_id": "Y29tcGFueS1JRFA", + "entityId": "company-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/company", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/company", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/company", + }, + ], + "metaAlias": "/alpha/company", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/company", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/company", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/company", + }, + ], + }, + }, + }, + }, + "YmVuZWZpdHMtSURQ": { + "_id": "YmVuZWZpdHMtSURQ", + "entityId": "benefits-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/benefits", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/benefits", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/benefits", + }, + ], + "metaAlias": "/alpha/benefits", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/benefits", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/benefits", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/benefits", + }, + ], + }, + }, + }, + }, + "ZW5naW5lZXJpbmctSURQ": { + "_id": "ZW5naW5lZXJpbmctSURQ", + "entityId": "engineering-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/engineering", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/engineering", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/engineering", + }, + ], + "metaAlias": "/alpha/engineering", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/engineering", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/engineering", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/engineering", + }, + ], + }, + }, + }, + }, + "c2FsZXMtSURQ": { + "_id": "c2FsZXMtSURQ", + "entityId": "sales-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/sales", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/sales", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/sales", + }, + ], + "metaAlias": "/alpha/sales", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/sales", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/sales", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/sales", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "Y29tcGFueS1JRFA": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + "YmVuZWZpdHMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + "ZW5naW5lZXJpbmctSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", + "", + "", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", + "", + "", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", + "", + "", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", + "", + "", + ], + "c2FsZXMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + }, + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + }, + ], + }, + }, + }, + }, + }, + }, + "script": {}, +} +`; + +exports[`frodo app export "frodo app export --app-id EncoreAD": should export the app with app id "EncoreAD" 1`] = `""`; + +exports[`frodo app export "frodo app export --app-id EncoreAD": should export the app with app id "EncoreAD" 2`] = ` +{ + "application": {}, + "connector": { + "EncoreAD": { + "_id": "provisioner.openicf/EncoreAD", + "configurationProperties": { + "accountObjectClasses": [ + "top", + "person", + "organizationalPerson", + "user", + ], + "accountSearchFilter": "(objectClass=User)", + "accountSynchronizationFilter": null, + "accountUserNameAttributes": [ + "uid", + "cn", + ], + "allowTreeDelete": false, + "alternateKeyStore": null, + "alternateKeyStorePassword": null, + "alternateKeyStoreType": null, + "attributesToSynchronize": [], + "authType": "simple", + "baseContexts": [ + "OU=Encore,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + ], + "baseContextsToSynchronize": [], + "blockSize": 100, + "changeLogBlockSize": 100, + "changeNumberAttribute": "changeNumber", + "checkAliveMinInterval": 60, + "connectionTimeout": 30000, + "convertADIntervalToISO8601": [ + "pwdLastSet", + "accountExpires", + "lockoutTime", + "lastLogon", + ], + "convertGTToISO8601": [ + "whenCreated", + "whenChanged", + ], + "credentials": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "ReilS5BMTftYl2t8OZvtaQ==", + "iv": "jdqo9Kvv2ZxpWoywTUmT7w==", + "keySize": 16, + "mac": "N7QnFAv3SNRsBzEau1iDDg==", + "purpose": "idm.config.encryption", + "salt": "ut6NNENf3Op7SOjJuXdSdw==", + "stableId": "openidm-sym-default", + }, + }, + }, + "failover": [], + "filterWithOrInsteadOfAnd": false, + "getGroupMemberId": false, + "groupMemberAttribute": "member", + "groupObjectClasses": [ + "top", + "groupOfUniqueNames", + ], + "groupSearchFilter": "(&(!(cn=Domain Users))(objectClass=group))", + "groupSynchronizationFilter": null, + "gssapiLoginContext": null, + "host": "volker-demo.ad-volker-demo.encore.forgerock.org", + "hostNameVerification": false, + "hostNameVerifierPattern": null, + "lastCheckAlive": 1674482716432, + "maintainLdapGroupMembership": false, + "maintainPosixGroupMembership": false, + "modifiersNamesToFilterOut": [], + "objectClassesToSynchronize": [ + "user", + ], + "passwordAttribute": "unicodePwd", + "passwordHashAlgorithm": "WIN-AD", + "port": 636, + "principal": "CN=root,CN=Users,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + "privateKeyAlias": null, + "readSchema": false, + "referralsHandling": "follow", + "removeLogEntryObjectClassFromFilter": true, + "resetSyncToken": "never", + "respectResourcePasswordPolicyChangeAfterReset": false, + "sendCAUDTxId": false, + "ssl": true, + "startTLS": false, + "uidAttribute": "objectGUID", + "useBlocks": true, + "useDNSSRVRecord": false, + "useOldADGUIDFormat": false, + "usePagedResultControl": true, + "useTimestampsForSync": false, + "vlvSortAttribute": "sAMAccountName", + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.ldap-connector", + "bundleVersion": "1.5.20.12", + "connectorHostRef": "adrcs", + "connectorName": "org.identityconnectors.ldap.LdapConnector", + "displayName": "LDAP Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "Group": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__ENABLE__": { + "nativeName": "__ENABLE__", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "required": false, + "type": "boolean", + "userSpecific": true, + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "type": "JAVA_TYPE_GUARDEDSTRING", + }, + "accountExpires": { + "nativeName": "accountExpires", + "nativeType": "string", + "type": "string", + }, + "c": { + "nativeName": "c", + "nativeType": "string", + "type": "string", + }, + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "required": false, + "type": "string", + }, + "co": { + "nativeName": "co", + "nativeType": "string", + "type": "string", + }, + "company": { + "nativeName": "company", + "nativeType": "string", + "type": "string", + }, + "countryCode": { + "nativeName": "countryCode", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "division": { + "nativeName": "division", + "nativeType": "string", + "type": "string", + }, + "employeeID": { + "nativeName": "employeeID", + "nativeType": "string", + "type": "string", + }, + "employeeNumber": { + "nativeName": "employeeNumber", + "nativeType": "string", + "type": "string", + }, + "employeeType": { + "nativeName": "employeeType", + "nativeType": "string", + "type": "string", + }, + "facsimileTelephoneNumber": { + "nativeName": "facsimileTelephoneNumber", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "homePhone": { + "nativeName": "homePhone", + "nativeType": "string", + "type": "string", + }, + "initials": { + "nativeName": "initials", + "nativeType": "string", + "type": "string", + }, + "l": { + "nativeName": "l", + "nativeType": "string", + "type": "string", + }, + "lastLogon": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lastLogon", + "nativeType": "string", + "type": "string", + }, + "ldapGroups": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "ldapGroups", + "nativeType": "string", + "required": false, + "type": "array", + "userSpecific": false, + }, + "lockoutTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lockoutTime", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "string", + "type": "string", + }, + "memberOf": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "middleName": { + "nativeName": "middleName", + "nativeType": "string", + "type": "string", + }, + "mobile": { + "nativeName": "mobile", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "otherHomePhone": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherHomePhone", + "nativeType": "string", + "type": "array", + }, + "physicalDeliveryOfficeName": { + "nativeName": "physicalDeliveryOfficeName", + "nativeType": "string", + "type": "string", + }, + "postOfficeBox": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "postOfficeBox", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "pwdLastSet": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "pwdLastSet", + "nativeType": "string", + "type": "string", + }, + "sAMAccountName": { + "nativeName": "sAMAccountName", + "nativeType": "string", + "type": "string", + }, + "sn": { + "nativeName": "sn", + "nativeType": "string", + "type": "string", + }, + "st": { + "nativeName": "st", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "telephoneNumber": { + "nativeName": "telephoneNumber", + "nativeType": "string", + "type": "string", + }, + "title": { + "nativeName": "title", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "userAccountControl": { + "nativeName": "userAccountControl", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "managedApplication": { + "d7f62815-a835-4e2f-a69e-25e7f9019fc2": { + "_id": "d7f62815-a835-4e2f-a69e-25e7f9019fc2", + "authoritative": false, + "connectorId": "EncoreAD", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemEncoreadUser_managedAlpha_user", + "managedAlpha_user_systemEncoreadUser", + ], + "name": "EncoreAD", + "templateName": "active.directory", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "Group": { + "properties": { + "cn": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + "User": { + "properties": { + "__ENABLE__": { + "userSpecific": true, + }, + "__NAME__": { + "userSpecific": true, + }, + "__PASSWORD__": { + "userSpecific": true, + }, + "accountExpires": { + "userSpecific": true, + }, + "c": { + "userSpecific": true, + }, + "cn": { + "userSpecific": true, + }, + "co": { + "userSpecific": true, + }, + "company": { + "userSpecific": true, + }, + "countryCode": { + "userSpecific": true, + }, + "department": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "division": { + "userSpecific": true, + }, + "employeeID": { + "userSpecific": true, + }, + "employeeNumber": { + "userSpecific": true, + }, + "employeeType": { + "userSpecific": true, + }, + "facsimileTelephoneNumber": { + "userSpecific": true, + }, + "givenName": { + "userSpecific": true, + }, + "homePhone": { + "userSpecific": true, + }, + "initials": { + "userSpecific": true, + }, + "l": { + "userSpecific": true, + }, + "lastLogon": { + "userSpecific": true, + }, + "ldapGroups": {}, + "lockoutTime": { + "userSpecific": true, + }, + "mail": { + "userSpecific": true, + }, + "manager": { + "userSpecific": true, + }, + "memberOf": { + "userSpecific": true, + }, + "middleName": { + "userSpecific": true, + }, + "mobile": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "otherHomePhone": { + "userSpecific": true, + }, + "physicalDeliveryOfficeName": { + "userSpecific": true, + }, + "postOfficeBox": { + "userSpecific": true, + }, + "postalCode": { + "userSpecific": true, + }, + "pwdLastSet": { + "userSpecific": true, + }, + "sAMAccountName": { + "userSpecific": true, + }, + "sn": { + "userSpecific": true, + }, + "st": { + "userSpecific": true, + }, + "streetAddress": { + "userSpecific": true, + }, + "telephoneNumber": { + "userSpecific": true, + }, + "title": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "userAccountControl": { + "userSpecific": true, + }, + "userPrincipalName": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, }, }, - "_rev": "1445881116", - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", + }, + }, + "mapping": { + "managedAlpha_user_systemEncoreadUser": { + "_id": "sync/managedAlpha_user_systemEncoreadUser", + "consentRequired": false, + "displayName": "managedAlpha_user_systemEncoreadUser", + "icon": null, + "name": "managedAlpha_user_systemEncoreadUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "cn", + "target": "cn", + }, + { + "source": "sn", + "target": "sn", + }, + { + "source": "userName", + "target": "sAMAccountName", + }, + { + "source": "", + "target": "userPrincipalName", + "transform": { + "source": "\`\${source.userName}@ad-volker-demo.encore.forgerock.org\`;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__ENABLE__", + "transform": { + "source": "(source.accountStatus==='active') ? true : false;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__NAME__", + "transform": { + "source": "(source.accountStatus=="active")? \`cn=\${source.userName},ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`:\`cn=\${source.userName},ou=Inactive,ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": "openidm.decrypt(source.custom_encryptedPassword)", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"] or lastSync/managedAlpha_user_systemEncoreadUser pr", }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", + "target": "system/EncoreAD/User", + }, + "systemEncoreadUser_managedAlpha_user": { + "_id": "sync/systemEncoreadUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.userPrincipalName + '"'}; qry", + "type": "text/javascript", + }, + ], + "displayName": "systemEncoreadUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemEncoreadUser", + "name": "systemEncoreadUser_managedAlpha_user", + "onLink": { + "globals": { + "assignmentResCollection": "managed/alpha_assignment", + }, + "source": "function javaIsEqual(old, other) { + var JsonPatch = org.forgerock.json.JsonPatch; + var JsonValue = org.forgerock.json.JsonValue; + return JsonPatch.diff(JsonValue(old), JsonValue(other)).asList().size() === 0; +} + +if (situation === "FOUND") { + var params = { + "resourceId": targetId, + "mapping": mappingConfig.links, + "linkQualifier": linkQualifier + }; + + // get the preview of the target object from the outbound mapping + var targetPreview = openidm.action("sync", "getTargetPreview", {}, params); + var attributes = []; + + // find all values where target app user has different values from the correlated IDM user + Object.keys(source).filter(function (key) { + if (key in targetPreview) { + return !javaIsEqual(source[key], targetPreview[key]); + } else { + return false + } + }).forEach(function (key) { + var attribute = { + "name": key, + "value": source[key] + }; + attributes.push(attribute); + }) + + // create override assignment if any diff was found + if (attributes.length > 0) { + var assignment = { + "name": targetId + "-overrideAssignment", + "description": targetId + "override assignment", + "mapping": mappingConfig.links, + "attributes": attributes, + "type": "__OVERRIDE__", + "members": [{"_ref": mappingConfig.target + "/" + targetId}] + }; + var assignmentResult = openidm.create(assignmentResCollection, null, assignment); + var result = openidm.action("sync", "getTargetPreview", {}, params); + Object.keys(source).forEach(function (key) { + if (typeof result[key] === "undefined" || javaIsEqual(source[key], result[key])) { + return + } + // unable to successfully recreate object being linked, delete assignment and throw exception + openidm.delete(assignmentResCollection + "/" + assignmentResult._id, null); + throw "Unable to successfully recreate " + sourceId + " with an assignment for " + targetId; + }) + } +}", + "type": "text/javascript", + }, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "postAction": { + "globals": {}, + "source": "openidm.create("managed/alpha_user/"+target._id+"/applications",null,{_ref:"managed/alpha_application/d7f62815-a835-4e2f-a69e-25e7f9019fc2"})", + "type": "text/javascript", + }, + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "runTargetPhase": false, + "source": "system/EncoreAD/User", + "target": "managed/alpha_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 1`] = `""`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 2`] = ` +{ + "application": {}, + "connector": { + "EncoreAD": { + "_id": "provisioner.openicf/EncoreAD", + "configurationProperties": { + "accountObjectClasses": [ + "top", + "person", + "organizationalPerson", + "user", ], - "grantTypes": [ - "authorization_code", - "refresh_token", - "client_credentials", + "accountSearchFilter": "(objectClass=User)", + "accountSynchronizationFilter": null, + "accountUserNameAttributes": [ + "uid", + "cn", ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "requestUris": [], - "responseTypes": [ - "code", - "token", - "id_token", + "allowTreeDelete": false, + "alternateKeyStore": null, + "alternateKeyStorePassword": null, + "alternateKeyStoreType": null, + "attributesToSynchronize": [], + "authType": "simple", + "baseContexts": [ + "OU=Encore,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "authorizationCodeLifetime": 0, - "clientName": [ - "test2", + "baseContextsToSynchronize": [], + "blockSize": 100, + "changeLogBlockSize": 100, + "changeNumberAttribute": "changeNumber", + "checkAliveMinInterval": 60, + "connectionTimeout": 30000, + "convertADIntervalToISO8601": [ + "pwdLastSet", + "accountExpires", + "lockoutTime", + "lastLogon", ], - "clientType": "Confidential", - "defaultScopes": [ - "openid", + "convertGTToISO8601": [ + "whenCreated", + "whenChanged", ], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [ - "openid", - "fr:idm:*", + "credentials": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "ReilS5BMTftYl2t8OZvtaQ==", + "iv": "jdqo9Kvv2ZxpWoywTUmT7w==", + "keySize": 16, + "mac": "N7QnFAv3SNRsBzEau1iDDg==", + "purpose": "idm.config.encryption", + "salt": "ut6NNENf3Op7SOjJuXdSdw==", + "stableId": "openidm-sym-default", + }, + }, + }, + "failover": [], + "filterWithOrInsteadOfAnd": false, + "getGroupMemberId": false, + "groupMemberAttribute": "member", + "groupObjectClasses": [ + "top", + "groupOfUniqueNames", ], - "status": "Active", - "userpassword": null, + "groupSearchFilter": "(&(!(cn=Domain Users))(objectClass=group))", + "groupSynchronizationFilter": null, + "gssapiLoginContext": null, + "host": "volker-demo.ad-volker-demo.encore.forgerock.org", + "hostNameVerification": false, + "hostNameVerifierPattern": null, + "lastCheckAlive": 1674482716432, + "maintainLdapGroupMembership": false, + "maintainPosixGroupMembership": false, + "modifiersNamesToFilterOut": [], + "objectClassesToSynchronize": [ + "user", + ], + "passwordAttribute": "unicodePwd", + "passwordHashAlgorithm": "WIN-AD", + "port": 636, + "principal": "CN=root,CN=Users,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + "privateKeyAlias": null, + "readSchema": false, + "referralsHandling": "follow", + "removeLogEntryObjectClassFromFilter": true, + "resetSyncToken": "never", + "respectResourcePasswordPolicyChangeAfterReset": false, + "sendCAUDTxId": false, + "ssl": true, + "startTLS": false, + "uidAttribute": "objectGUID", + "useBlocks": true, + "useDNSSRVRecord": false, + "useOldADGUIDFormat": false, + "usePagedResultControl": true, + "useTimestampsForSync": false, + "vlvSortAttribute": "sAMAccountName", + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.ldap-connector", + "bundleVersion": "1.5.20.12", + "connectorHostRef": "adrcs", + "connectorName": "org.identityconnectors.ldap.LdapConnector", + "displayName": "LDAP Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "Group": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__ENABLE__": { + "nativeName": "__ENABLE__", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "required": false, + "type": "boolean", + "userSpecific": true, + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "type": "JAVA_TYPE_GUARDEDSTRING", + }, + "accountExpires": { + "nativeName": "accountExpires", + "nativeType": "string", + "type": "string", + }, + "c": { + "nativeName": "c", + "nativeType": "string", + "type": "string", + }, + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "required": false, + "type": "string", + }, + "co": { + "nativeName": "co", + "nativeType": "string", + "type": "string", + }, + "company": { + "nativeName": "company", + "nativeType": "string", + "type": "string", + }, + "countryCode": { + "nativeName": "countryCode", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "division": { + "nativeName": "division", + "nativeType": "string", + "type": "string", + }, + "employeeID": { + "nativeName": "employeeID", + "nativeType": "string", + "type": "string", + }, + "employeeNumber": { + "nativeName": "employeeNumber", + "nativeType": "string", + "type": "string", + }, + "employeeType": { + "nativeName": "employeeType", + "nativeType": "string", + "type": "string", + }, + "facsimileTelephoneNumber": { + "nativeName": "facsimileTelephoneNumber", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "homePhone": { + "nativeName": "homePhone", + "nativeType": "string", + "type": "string", + }, + "initials": { + "nativeName": "initials", + "nativeType": "string", + "type": "string", + }, + "l": { + "nativeName": "l", + "nativeType": "string", + "type": "string", + }, + "lastLogon": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lastLogon", + "nativeType": "string", + "type": "string", + }, + "ldapGroups": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "ldapGroups", + "nativeType": "string", + "required": false, + "type": "array", + "userSpecific": false, + }, + "lockoutTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lockoutTime", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "string", + "type": "string", + }, + "memberOf": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "middleName": { + "nativeName": "middleName", + "nativeType": "string", + "type": "string", + }, + "mobile": { + "nativeName": "mobile", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "otherHomePhone": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherHomePhone", + "nativeType": "string", + "type": "array", + }, + "physicalDeliveryOfficeName": { + "nativeName": "physicalDeliveryOfficeName", + "nativeType": "string", + "type": "string", + }, + "postOfficeBox": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "postOfficeBox", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "pwdLastSet": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "pwdLastSet", + "nativeType": "string", + "type": "string", + }, + "sAMAccountName": { + "nativeName": "sAMAccountName", + "nativeType": "string", + "type": "string", + }, + "sn": { + "nativeName": "sn", + "nativeType": "string", + "type": "string", + }, + "st": { + "nativeName": "st", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "telephoneNumber": { + "nativeName": "telephoneNumber", + "nativeType": "string", + "type": "string", + }, + "title": { + "nativeName": "title", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "userAccountControl": { + "nativeName": "userAccountControl", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], + }, + }, + "managedApplication": { + "d7f62815-a835-4e2f-a69e-25e7f9019fc2": { + "_id": "d7f62815-a835-4e2f-a69e-25e7f9019fc2", + "authoritative": false, + "connectorId": "EncoreAD", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemEncoreadUser_managedAlpha_user", + "managedAlpha_user_systemEncoreadUser", + ], + "name": "EncoreAD", + "templateName": "active.directory", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "Group": { + "properties": { + "cn": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + "User": { + "properties": { + "__ENABLE__": { + "userSpecific": true, + }, + "__NAME__": { + "userSpecific": true, + }, + "__PASSWORD__": { + "userSpecific": true, + }, + "accountExpires": { + "userSpecific": true, + }, + "c": { + "userSpecific": true, + }, + "cn": { + "userSpecific": true, + }, + "co": { + "userSpecific": true, + }, + "company": { + "userSpecific": true, + }, + "countryCode": { + "userSpecific": true, + }, + "department": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "division": { + "userSpecific": true, + }, + "employeeID": { + "userSpecific": true, + }, + "employeeNumber": { + "userSpecific": true, + }, + "employeeType": { + "userSpecific": true, + }, + "facsimileTelephoneNumber": { + "userSpecific": true, + }, + "givenName": { + "userSpecific": true, + }, + "homePhone": { + "userSpecific": true, + }, + "initials": { + "userSpecific": true, + }, + "l": { + "userSpecific": true, + }, + "lastLogon": { + "userSpecific": true, + }, + "ldapGroups": {}, + "lockoutTime": { + "userSpecific": true, + }, + "mail": { + "userSpecific": true, + }, + "manager": { + "userSpecific": true, + }, + "memberOf": { + "userSpecific": true, + }, + "middleName": { + "userSpecific": true, + }, + "mobile": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "otherHomePhone": { + "userSpecific": true, + }, + "physicalDeliveryOfficeName": { + "userSpecific": true, + }, + "postOfficeBox": { + "userSpecific": true, + }, + "postalCode": { + "userSpecific": true, + }, + "pwdLastSet": { + "userSpecific": true, + }, + "sAMAccountName": { + "userSpecific": true, + }, + "sn": { + "userSpecific": true, + }, + "st": { + "userSpecific": true, + }, + "streetAddress": { + "userSpecific": true, + }, + "telephoneNumber": { + "userSpecific": true, + }, + "title": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "userAccountControl": { + "userSpecific": true, + }, + "userPrincipalName": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + }, }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], + }, + }, + "mapping": { + "managedAlpha_user_systemEncoreadUser": { + "_id": "sync/managedAlpha_user_systemEncoreadUser", + "consentRequired": false, + "displayName": "managedAlpha_user_systemEncoreadUser", + "icon": null, + "name": "managedAlpha_user_systemEncoreadUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "cn", + "target": "cn", + }, + { + "source": "sn", + "target": "sn", + }, + { + "source": "userName", + "target": "sAMAccountName", + }, + { + "source": "", + "target": "userPrincipalName", + "transform": { + "source": "\`\${source.userName}@ad-volker-demo.encore.forgerock.org\`;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__ENABLE__", + "transform": { + "source": "(source.accountStatus==='active') ? true : false;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__NAME__", + "transform": { + "source": "(source.accountStatus=="active")? \`cn=\${source.userName},ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`:\`cn=\${source.userName},ou=Inactive,ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": "openidm.decrypt(source.custom_encryptedPassword)", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"] or lastSync/managedAlpha_user_systemEncoreadUser pr", }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "usePolicyEngineForScope": false, + "target": "system/EncoreAD/User", + }, + "systemEncoreadUser_managedAlpha_user": { + "_id": "sync/systemEncoreadUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.userPrincipalName + '"'}; qry", + "type": "text/javascript", + }, + ], + "displayName": "systemEncoreadUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemEncoreadUser", + "name": "systemEncoreadUser_managedAlpha_user", + "onLink": { + "globals": { + "assignmentResCollection": "managed/alpha_assignment", + }, + "source": "function javaIsEqual(old, other) { + var JsonPatch = org.forgerock.json.JsonPatch; + var JsonValue = org.forgerock.json.JsonValue; + return JsonPatch.diff(JsonValue(old), JsonValue(other)).asList().size() === 0; +} + +if (situation === "FOUND") { + var params = { + "resourceId": targetId, + "mapping": mappingConfig.links, + "linkQualifier": linkQualifier + }; + + // get the preview of the target object from the outbound mapping + var targetPreview = openidm.action("sync", "getTargetPreview", {}, params); + var attributes = []; + + // find all values where target app user has different values from the correlated IDM user + Object.keys(source).filter(function (key) { + if (key in targetPreview) { + return !javaIsEqual(source[key], targetPreview[key]); + } else { + return false + } + }).forEach(function (key) { + var attribute = { + "name": key, + "value": source[key] + }; + attributes.push(attribute); + }) + + // create override assignment if any diff was found + if (attributes.length > 0) { + var assignment = { + "name": targetId + "-overrideAssignment", + "description": targetId + "override assignment", + "mapping": mappingConfig.links, + "attributes": attributes, + "type": "__OVERRIDE__", + "members": [{"_ref": mappingConfig.target + "/" + targetId}] + }; + var assignmentResult = openidm.create(assignmentResCollection, null, assignment); + var result = openidm.action("sync", "getTargetPreview", {}, params); + Object.keys(source).forEach(function (key) { + if (typeof result[key] === "undefined" || javaIsEqual(source[key], result[key])) { + return + } + // unable to successfully recreate object being linked, delete assignment and throw exception + openidm.delete(assignmentResCollection + "/" + assignmentResult._id, null); + throw "Unable to successfully recreate " + sourceId + " with an assignment for " + targetId; + }) + } +}", + "type": "text/javascript", + }, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "postAction": { + "globals": {}, + "source": "openidm.create("managed/alpha_user/"+target._id+"/applications",null,{_ref:"managed/alpha_application/d7f62815-a835-4e2f-a69e-25e7f9019fc2"})", + "type": "text/javascript", + }, + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "runTargetPhase": false, + "source": "system/EncoreAD/User", + "target": "managed/alpha_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 3`] = ` +{ + "application": {}, + "connector": { + "HRLite": { + "_id": "provisioner.openicf/HRLite", + "configurationProperties": { + "abandonWhenPercentageFull": 0, + "accessToUnderlyingConnectionAllowed": true, + "alternateUsernameAllowed": false, + "authenticateScriptFileName": "HRliteAuthenticateScript.groovy", + "autoCommit": true, + "classpath": [], + "commitOnReturn": false, + "connectionProperties": null, + "createScriptFileName": "HRliteCreateScript.groovy", + "customConfiguration": null, + "customSensitiveConfiguration": null, + "customizerScriptFileName": null, + "dataSourceJNDI": null, + "debug": false, + "defaultAutoCommit": null, + "defaultCatalog": null, + "defaultReadOnly": null, + "defaultTransactionIsolation": -1, + "deleteScriptFileName": "HRliteDeleteScript.groovy", + "disabledGlobalASTTransformations": null, + "driverClassName": "com.mysql.jdbc.Driver", + "fairQueue": true, + "ignoreExceptionOnPreLoad": false, + "initSQL": null, + "initialSize": 10, + "jdbcInterceptors": null, + "jmxEnabled": true, + "logAbandoned": false, + "logValidationErrors": false, + "maxActive": 100, + "maxAge": 0, + "maxIdle": 100, + "maxWait": 30000, + "minEvictableIdleTimeMillis": 60000, + "minIdle": 10, + "minimumRecompilationInterval": 100, + "name": "Tomcat Connection Pool[1-265824587]", + "numTestsPerEvictionRun": 0, + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "73doNZivdgZ7KmuOlzFBdD/7blip0OU6uRwBDv53wcQ=", + "iv": "/C0QyOAnnUNQCovrsMgzEw==", + "keySize": 16, + "mac": "EAPShe6oCwxlTCHYC2wBlQ==", + "purpose": "idm.config.encryption", + "salt": "zYm6JkzqEzE1/0Y+o9K3+Q==", + "stableId": "openidm-sym-default", + }, + }, + }, + "propagateInterruptState": false, + "recompileGroovySource": false, + "removeAbandoned": false, + "removeAbandonedTimeout": 60, + "resolveUsernameScriptFileName": null, + "rollbackOnReturn": false, + "schemaScriptFileName": "HRliteSchemaScript.groovy", + "scriptBaseClass": null, + "scriptExtensions": [ + "groovy", + ], + "scriptOnResourceScriptFileName": null, + "scriptRoots": "/opt/forgerock/openicf/scripts/hrlite", + "searchScriptFileName": "HRliteSearchScript.groovy", + "sourceEncoding": "UTF-8", + "suspectTimeout": 0, + "syncScriptFileName": "HRliteSyncScript.groovy", + "targetDirectory": null, + "testOnBorrow": false, + "testOnConnect": false, + "testOnReturn": false, + "testScriptFileName": "HRliteTestScript.groovy", + "testWhileIdle": false, + "timeBetweenEvictionRunsMillis": 5000, + "tolerance": 10, + "updateScriptFileName": "HRliteUpdateScript.groovy", + "url": "jdbc:mysql://mariadb:3306/hrdb?autoReconnect=true", + "useDisposableConnectionFacade": true, + "useEquals": true, + "useLock": false, + "useStatementFacade": true, + "username": "hradmin", + "validationInterval": 2000, + "validationQuery": "SELECT 1 FROM DUAL", + "validationQueryTimeout": -1, + "validatorClassName": null, + "verbose": false, + "warningLevel": 1, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.scriptedsql-connector", + "bundleVersion": "1.5.20.9", + "connectorHostRef": "encorebaseline", + "connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector", + "displayName": "Scripted SQL Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "address": { + "nativeName": "address", + "nativeType": "string", + "required": true, + "type": "string", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "required": true, + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depId": { + "nativeName": "depId", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depName": { + "nativeName": "depName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "email": { + "nativeName": "email", + "nativeType": "string", + "required": true, + "type": "string", + }, + "empType": { + "nativeName": "empType", + "nativeType": "string", + "required": true, + "type": "string", + }, + "externalMail": { + "nativeName": "externalMail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "firstName": { + "nativeName": "firstName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "isManager": { + "nativeName": "isManager", + "nativeType": "string", + "required": true, + "type": "string", + }, + "jobCode": { + "nativeName": "jobCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "lastName": { + "nativeName": "lastName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "phone": { + "nativeName": "phone", + "nativeType": "string", + "required": true, + "type": "string", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "required": true, + "type": "string", + }, + "status": { + "nativeName": "status", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "department": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "department", + "nativeType": "department", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "required": true, + "type": "string", + }, + "name": { + "nativeName": "name", + "nativeType": "string", + "required": true, + "type": "string", + }, + "parent": { + "nativeName": "parent", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, }, - "signEncOAuth2ClientConfig": { - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + }, + }, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, }, }, }, + "mapping": { + "systemHrlite__account___managedAlpha_user": { + "_id": "sync/systemHrlite__account___managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "frIndexedInteger1", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "systemHrlite__account___managedAlpha_user", + "type": "text/javascript", + }, + ], + "displayName": "systemHrlite__account___managedAlpha_user", + "icon": null, + "name": "systemHrlite__account___managedAlpha_user", + "onCreate": { + "globals": {}, + "source": "// Script has access to the following variables: +// sourceObject +// targetObject +// existingTargetObject +// linkQualifier +var givenName = source.firstName; +logger.info ("this is the givenName " + givenName); +var sn = source.lastName; +logger.info ("this is the sn " + sn); + +/* first choice of username */ +var checkuserName = givenName.substring(0,1).concat(sn).toLowerCase(); +logger.info ("calculated checkuserName " + checkuserName); +/* if the userName is not found no need to go further */ +var queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" +}; + +var queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); +if (queryResult.resultCount > 0) { + /* second choice of username */ + checkuserName = givenName.substring(0,2).concat(sn).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + /* while the userName is found try above for second then add time to end until found */ + while (queryResult.resultCount > 0) { + /* timeadded to choice of username */ + var millis = String(Date.now()); + logger.info ("calculated checkuserName " + checkuserName); + checkuserName = givenName.substring(0,1).concat(sn).concat(millis.substring(millis.length - 4)).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + } +} +target.userName = checkuserName; +target.cn = checkuserName + " " + givenName + " " + sn; +target.mail = checkuserName+"@ad-volker-demo.encore.forgerock.org"; +target.password = 'Frdp-2010'; +//Mail domain is dependent on your AD domain name…. +logger.info ("Final userName " + checkuserName); +// Role assignment scripts must always return targetObject, otherwise +// other scripts and code that occur downstream of your script will +// not work as expected. +", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "EXCEPTION", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "EXCEPTION", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "UPDATE", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "", + "target": "frIndexedInteger1", + "transform": { + "source": "parseInt(source.__NAME__)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger2", + "transform": { + "source": "parseInt(source.status)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger3", + "transform": { + "source": "parseInt(source.depId)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger4", + "transform": { + "source": "parseInt(source.jobCode)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger5", + "transform": { + "source": "parseInt(source.empType)", + "type": "text/javascript", + }, + }, + { + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "city", + "target": "city", + }, + { + "source": "state", + "target": "stateProvince", + }, + { + "source": "address", + "target": "postalAddress", + }, + { + "source": "postalCode", + "target": "postalCode", + }, + { + "source": "country", + "target": "country", + }, + { + "source": "firstName", + "target": "givenName", + }, + { + "source": "lastName", + "target": "sn", + }, + { + "source": "isManager", + "target": "frIndexedString4", + }, + { + "source": "externalMail", + "target": "frIndexedString5", + }, + { + "source": "", + "target": "accountStatus", + "transform": { + "source": "(parseInt(source.status)==5)?"inactive":"active";", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": true, + "source": "system/HRLite/__ACCOUNT__", + "target": "managed/alpha_user", + "taskThreads": 1, + }, + }, "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", - "", - " var computedClaims = new frJava.LinkedHashMap();", - "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", - "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", - "", - " return computedClaims;", - " }", - "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", - "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", - "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", - "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", - "", - " return compositeScopes;", - " }", - "", - " // PUBLIC METHODS", - "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", - "", - " // RESULTS", +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 4`] = ` +{ + "application": {}, + "managedApplication": { + "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2": { + "_id": "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2", + "description": "This is a bookmark", + "name": "MrAnderson", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://mranderson.scheuber.io", + }, + }, + "meta": Any, +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 5`] = ` +{ + "application": {}, + "managedApplication": { + "9fb975e4-9723-4fac-9fe7-ee25053c6218": { + "_id": "9fb975e4-9723-4fac-9fe7-ee25053c6218", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/hot-air-balloon.svg", + "name": "benefits", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fbenefits&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fbenefits%2Fsaml", + "idpPrivateId": "YmVuZWZpdHMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-492", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + }, + "meta": Any, + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "YmVuZWZpdHMtSURQ": { + "_id": "YmVuZWZpdHMtSURQ", + "entityId": "benefits-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/benefits", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/benefits", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/benefits", + }, + ], + "metaAlias": "/alpha/benefits", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/benefits", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/benefits", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/benefits", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "YmVuZWZpdHMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " return userInfoClaims;", - "}());", "", ], }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + }, + ], + }, + }, + }, + }, + }, + }, + "script": {}, +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 6`] = ` +{ + "application": {}, + "managedApplication": { + "1b3510cf-9352-4573-9cd8-1eaf36cc629c": { + "_id": "1b3510cf-9352-4573-9cd8-1eaf36cc629c", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/eolic-energy.svg", + "name": "company", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fcompany&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fcompany%2Fsaml", + "idpPrivateId": "Y29tcGFueS1JRFA", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-481", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + }, + "meta": Any, + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "Y29tcGFueS1JRFA": { + "_id": "Y29tcGFueS1JRFA", + "entityId": "company-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/company", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/company", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/company", + }, + ], + "metaAlias": "/alpha/company", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/company", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/company", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/company", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "Y29tcGFueS1JRFA": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", "", - " try {", - " var request = new frJava.Request();", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", + ], + }, + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + }, + ], + }, + }, + }, + }, + }, + }, + "script": {}, +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 7`] = ` +{ + "application": {}, + "managedApplication": { + "0e5811ab-ef31-401b-aaa1-70b523eafa55": { + "_id": "0e5811ab-ef31-401b-aaa1-70b523eafa55", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/puzzle.svg", + "name": "engineering", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fengineering&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Froles%2Fsaml", + "idpPrivateId": "ZW5naW5lZXJpbmctSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-497", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + }, + "meta": Any, + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "ZW5naW5lZXJpbmctSURQ": { + "_id": "ZW5naW5lZXJpbmctSURQ", + "entityId": "engineering-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/engineering", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/engineering", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/engineering", + }, + ], + "metaAlias": "/alpha/engineering", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/engineering", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/engineering", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/engineering", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "ZW5naW5lZXJpbmctSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", + ], + }, + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + }, + ], + }, + }, + }, + }, + }, + }, + "script": {}, +} +`; + +exports[`frodo app export "frodo app export -A": should export all apps to separate files 8`] = ` +{ + "application": {}, + "managedApplication": { + "368b5b11-d8db-4079-98e9-0573934aef04": { + "_id": "368b5b11-d8db-4079-98e9-0573934aef04", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/infography.svg", + "name": "sales", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fsales&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fsales%2Fsaml", + "idpPrivateId": "c2FsZXMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-503", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + }, + "meta": Any, + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "c2FsZXMtSURQ": { + "_id": "c2FsZXMtSURQ", + "entityId": "sales-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/sales", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/sales", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/sales", + }, + ], + "metaAlias": "/alpha/sales", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/sales", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/sales", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/sales", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", + ], + "c2FsZXMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", ], }, + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + }, + ], + }, + }, + }, + }, + }, }, + "script": {}, } `; -exports[`frodo app export "frodo app export -i test2 --no-deps": should export the app with app id "test2" with no dependencies 1`] = `""`; - -exports[`frodo app export "frodo app export -i test2 --no-deps": should export the app with app id "test2" with no dependencies 2`] = ` +exports[`frodo app export "frodo app export -A": should export all apps to separate files 9`] = ` { "application": { - "test2": { - "_id": "test2", + "testapp": { + "_id": "testapp", "_provider": { "_id": "", - "_rev": "520068704", "_type": { "_id": "oauth-oidc", "collection": false, @@ -36338,6 +7649,7 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t "urn:ietf:params:oauth:grant-type:jwt-bearer", ], "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeSubnameInTokenClaims": true, "macaroonTokenFormat": "V2", "maxAgeOfRequestObjectNbfClaim": 0, "maxDifferenceBetweenRequestObjectNbfAndExp": 0, @@ -36394,7 +7706,9 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t "defaultACR": [], "idTokenInfoClientAuthenticationEnabled": true, "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, + "loaMapping": { + "push": "Baseline-CIBA", + }, "storeOpsTokens": true, "supportedAuthorizationResponseEncryptionAlgorithms": [ "ECDH-ES+A256KW", @@ -36714,7 +8028,6 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t "validateScopeScript": "[Empty]", }, }, - "_rev": "670386148", "_type": { "_id": "OAuth2Client", "collection": true, @@ -36736,15 +8049,13 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t "descriptions": { "inherited": false, "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", + "Test App", ], }, "grantTypes": { "inherited": false, "value": [ "authorization_code", - "refresh_token", - "client_credentials", ], }, "isConsentImplied": { @@ -36771,16 +8082,30 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t "inherited": false, "value": [], }, + "refreshTokenGracePeriod": { + "inherited": false, + "value": 0, + }, "requestUris": { "inherited": false, "value": [], }, + "require_pushed_authorization_requests": { + "inherited": false, + "value": false, + }, "responseTypes": { "inherited": false, "value": [ "code", "token", "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", ], }, "sectorIdentifierUri": { @@ -36824,7 +8149,7 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t "clientName": { "inherited": false, "value": [ - "test2", + "testapp", ], }, "clientType": { @@ -36833,9 +8158,7 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t }, "defaultScopes": { "inherited": false, - "value": [ - "openid", - ], + "value": [], }, "loopbackInterfaceRedirection": { "inherited": false, @@ -36851,10 +8174,7 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t }, "scopes": { "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], + "value": [], }, "status": { "inherited": false, @@ -36906,21 +8226,44 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t }, "overrideOAuth2ClientConfig": { "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", "clientsCanSkipConsent": false, "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", "oidcMayActScript": "[Empty]", "overrideableOIDCClaims": [], "providerOverridesEnabled": false, "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", "statelessTokensEnabled": false, "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": { + "inherited": false, + }, + "authorizationResponseEncryptionMethod": { + "inherited": false, + }, + "authorizationResponseSigningAlgorithm": { + "inherited": false, + "value": "RS256", + }, "clientJwtPublicKey": { "inherited": false, }, @@ -37018,21 +8361,32 @@ exports[`frodo app export "frodo app export -i test2 --no-deps": should export t }, }, }, + "managedApplication": { + "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322": { + "_id": "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322", + "description": "Test App", + "name": "testapp", + "ssoEntities": { + "oidcId": "testapp", + }, + "templateName": "web", + "templateVersion": "1.0", + }, + }, "meta": Any, "script": {}, } `; -exports[`frodo app export "frodo app export -i test2 -f test.json": should export the app with app id "test2" into file named test.json 1`] = `""`; +exports[`frodo app export "frodo app export -a --file my-other-allAlphaApplications.application.json": should export all apps to a single file named my-other-allAlphaApplications.application.json 1`] = `""`; -exports[`frodo app export "frodo app export -i test2 -f test.json": should export the app with app id "test2" into file named test.json 2`] = ` +exports[`frodo app export "frodo app export -a --file my-other-allAlphaApplications.application.json": should export all apps to a single file named my-other-allAlphaApplications.application.json 2`] = ` { "application": { - "test2": { - "_id": "test2", + "testapp": { + "_id": "testapp", "_provider": { "_id": "", - "_rev": "520068704", "_type": { "_id": "oauth-oidc", "collection": false, @@ -37067,6 +8421,7 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor "urn:ietf:params:oauth:grant-type:jwt-bearer", ], "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeSubnameInTokenClaims": true, "macaroonTokenFormat": "V2", "maxAgeOfRequestObjectNbfClaim": 0, "maxDifferenceBetweenRequestObjectNbfAndExp": 0, @@ -37123,7 +8478,9 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor "defaultACR": [], "idTokenInfoClientAuthenticationEnabled": true, "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, + "loaMapping": { + "push": "Baseline-CIBA", + }, "storeOpsTokens": true, "supportedAuthorizationResponseEncryptionAlgorithms": [ "ECDH-ES+A256KW", @@ -37443,7 +8800,6 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor "validateScopeScript": "[Empty]", }, }, - "_rev": "670386148", "_type": { "_id": "OAuth2Client", "collection": true, @@ -37465,15 +8821,13 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor "descriptions": { "inherited": false, "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", + "Test App", ], }, "grantTypes": { "inherited": false, "value": [ "authorization_code", - "refresh_token", - "client_credentials", ], }, "isConsentImplied": { @@ -37500,16 +8854,30 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor "inherited": false, "value": [], }, + "refreshTokenGracePeriod": { + "inherited": false, + "value": 0, + }, "requestUris": { "inherited": false, "value": [], }, + "require_pushed_authorization_requests": { + "inherited": false, + "value": false, + }, "responseTypes": { "inherited": false, "value": [ "code", "token", "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", ], }, "sectorIdentifierUri": { @@ -37553,7 +8921,7 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor "clientName": { "inherited": false, "value": [ - "test2", + "testapp", ], }, "clientType": { @@ -37562,9 +8930,7 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor }, "defaultScopes": { "inherited": false, - "value": [ - "openid", - ], + "value": [], }, "loopbackInterfaceRedirection": { "inherited": false, @@ -37580,10 +8946,7 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor }, "scopes": { "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], + "value": [], }, "status": { "inherited": false, @@ -37635,21 +8998,44 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor }, "overrideOAuth2ClientConfig": { "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", "clientsCanSkipConsent": false, "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", "oidcMayActScript": "[Empty]", "overrideableOIDCClaims": [], "providerOverridesEnabled": false, "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", "statelessTokensEnabled": false, "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": { + "inherited": false, + }, + "authorizationResponseEncryptionMethod": { + "inherited": false, + }, + "authorizationResponseSigningAlgorithm": { + "inherited": false, + "value": "RS256", + }, "clientJwtPublicKey": { "inherited": false, }, @@ -37747,818 +9133,3215 @@ exports[`frodo app export "frodo app export -i test2 -f test.json": should expor }, }, }, + "connector": { + "EncoreAD": { + "_id": "provisioner.openicf/EncoreAD", + "configurationProperties": { + "accountObjectClasses": [ + "top", + "person", + "organizationalPerson", + "user", + ], + "accountSearchFilter": "(objectClass=User)", + "accountSynchronizationFilter": null, + "accountUserNameAttributes": [ + "uid", + "cn", + ], + "allowTreeDelete": false, + "alternateKeyStore": null, + "alternateKeyStorePassword": null, + "alternateKeyStoreType": null, + "attributesToSynchronize": [], + "authType": "simple", + "baseContexts": [ + "OU=Encore,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + ], + "baseContextsToSynchronize": [], + "blockSize": 100, + "changeLogBlockSize": 100, + "changeNumberAttribute": "changeNumber", + "checkAliveMinInterval": 60, + "connectionTimeout": 30000, + "convertADIntervalToISO8601": [ + "pwdLastSet", + "accountExpires", + "lockoutTime", + "lastLogon", + ], + "convertGTToISO8601": [ + "whenCreated", + "whenChanged", + ], + "credentials": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "ReilS5BMTftYl2t8OZvtaQ==", + "iv": "jdqo9Kvv2ZxpWoywTUmT7w==", + "keySize": 16, + "mac": "N7QnFAv3SNRsBzEau1iDDg==", + "purpose": "idm.config.encryption", + "salt": "ut6NNENf3Op7SOjJuXdSdw==", + "stableId": "openidm-sym-default", + }, + }, + }, + "failover": [], + "filterWithOrInsteadOfAnd": false, + "getGroupMemberId": false, + "groupMemberAttribute": "member", + "groupObjectClasses": [ + "top", + "groupOfUniqueNames", + ], + "groupSearchFilter": "(&(!(cn=Domain Users))(objectClass=group))", + "groupSynchronizationFilter": null, + "gssapiLoginContext": null, + "host": "volker-demo.ad-volker-demo.encore.forgerock.org", + "hostNameVerification": false, + "hostNameVerifierPattern": null, + "lastCheckAlive": 1674482716432, + "maintainLdapGroupMembership": false, + "maintainPosixGroupMembership": false, + "modifiersNamesToFilterOut": [], + "objectClassesToSynchronize": [ + "user", + ], + "passwordAttribute": "unicodePwd", + "passwordHashAlgorithm": "WIN-AD", + "port": 636, + "principal": "CN=root,CN=Users,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + "privateKeyAlias": null, + "readSchema": false, + "referralsHandling": "follow", + "removeLogEntryObjectClassFromFilter": true, + "resetSyncToken": "never", + "respectResourcePasswordPolicyChangeAfterReset": false, + "sendCAUDTxId": false, + "ssl": true, + "startTLS": false, + "uidAttribute": "objectGUID", + "useBlocks": true, + "useDNSSRVRecord": false, + "useOldADGUIDFormat": false, + "usePagedResultControl": true, + "useTimestampsForSync": false, + "vlvSortAttribute": "sAMAccountName", + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.ldap-connector", + "bundleVersion": "1.5.20.12", + "connectorHostRef": "adrcs", + "connectorName": "org.identityconnectors.ldap.LdapConnector", + "displayName": "LDAP Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "Group": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__ENABLE__": { + "nativeName": "__ENABLE__", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "required": false, + "type": "boolean", + "userSpecific": true, + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "type": "JAVA_TYPE_GUARDEDSTRING", + }, + "accountExpires": { + "nativeName": "accountExpires", + "nativeType": "string", + "type": "string", + }, + "c": { + "nativeName": "c", + "nativeType": "string", + "type": "string", + }, + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "required": false, + "type": "string", + }, + "co": { + "nativeName": "co", + "nativeType": "string", + "type": "string", + }, + "company": { + "nativeName": "company", + "nativeType": "string", + "type": "string", + }, + "countryCode": { + "nativeName": "countryCode", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "division": { + "nativeName": "division", + "nativeType": "string", + "type": "string", + }, + "employeeID": { + "nativeName": "employeeID", + "nativeType": "string", + "type": "string", + }, + "employeeNumber": { + "nativeName": "employeeNumber", + "nativeType": "string", + "type": "string", + }, + "employeeType": { + "nativeName": "employeeType", + "nativeType": "string", + "type": "string", + }, + "facsimileTelephoneNumber": { + "nativeName": "facsimileTelephoneNumber", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "homePhone": { + "nativeName": "homePhone", + "nativeType": "string", + "type": "string", + }, + "initials": { + "nativeName": "initials", + "nativeType": "string", + "type": "string", + }, + "l": { + "nativeName": "l", + "nativeType": "string", + "type": "string", + }, + "lastLogon": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lastLogon", + "nativeType": "string", + "type": "string", + }, + "ldapGroups": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "ldapGroups", + "nativeType": "string", + "required": false, + "type": "array", + "userSpecific": false, + }, + "lockoutTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lockoutTime", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "string", + "type": "string", + }, + "memberOf": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "middleName": { + "nativeName": "middleName", + "nativeType": "string", + "type": "string", + }, + "mobile": { + "nativeName": "mobile", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "otherHomePhone": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherHomePhone", + "nativeType": "string", + "type": "array", + }, + "physicalDeliveryOfficeName": { + "nativeName": "physicalDeliveryOfficeName", + "nativeType": "string", + "type": "string", + }, + "postOfficeBox": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "postOfficeBox", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "pwdLastSet": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "pwdLastSet", + "nativeType": "string", + "type": "string", + }, + "sAMAccountName": { + "nativeName": "sAMAccountName", + "nativeType": "string", + "type": "string", + }, + "sn": { + "nativeName": "sn", + "nativeType": "string", + "type": "string", + }, + "st": { + "nativeName": "st", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "telephoneNumber": { + "nativeName": "telephoneNumber", + "nativeType": "string", + "type": "string", + }, + "title": { + "nativeName": "title", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "userAccountControl": { + "nativeName": "userAccountControl", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + "HRLite": { + "_id": "provisioner.openicf/HRLite", + "configurationProperties": { + "abandonWhenPercentageFull": 0, + "accessToUnderlyingConnectionAllowed": true, + "alternateUsernameAllowed": false, + "authenticateScriptFileName": "HRliteAuthenticateScript.groovy", + "autoCommit": true, + "classpath": [], + "commitOnReturn": false, + "connectionProperties": null, + "createScriptFileName": "HRliteCreateScript.groovy", + "customConfiguration": null, + "customSensitiveConfiguration": null, + "customizerScriptFileName": null, + "dataSourceJNDI": null, + "debug": false, + "defaultAutoCommit": null, + "defaultCatalog": null, + "defaultReadOnly": null, + "defaultTransactionIsolation": -1, + "deleteScriptFileName": "HRliteDeleteScript.groovy", + "disabledGlobalASTTransformations": null, + "driverClassName": "com.mysql.jdbc.Driver", + "fairQueue": true, + "ignoreExceptionOnPreLoad": false, + "initSQL": null, + "initialSize": 10, + "jdbcInterceptors": null, + "jmxEnabled": true, + "logAbandoned": false, + "logValidationErrors": false, + "maxActive": 100, + "maxAge": 0, + "maxIdle": 100, + "maxWait": 30000, + "minEvictableIdleTimeMillis": 60000, + "minIdle": 10, + "minimumRecompilationInterval": 100, + "name": "Tomcat Connection Pool[1-265824587]", + "numTestsPerEvictionRun": 0, + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "73doNZivdgZ7KmuOlzFBdD/7blip0OU6uRwBDv53wcQ=", + "iv": "/C0QyOAnnUNQCovrsMgzEw==", + "keySize": 16, + "mac": "EAPShe6oCwxlTCHYC2wBlQ==", + "purpose": "idm.config.encryption", + "salt": "zYm6JkzqEzE1/0Y+o9K3+Q==", + "stableId": "openidm-sym-default", + }, + }, + }, + "propagateInterruptState": false, + "recompileGroovySource": false, + "removeAbandoned": false, + "removeAbandonedTimeout": 60, + "resolveUsernameScriptFileName": null, + "rollbackOnReturn": false, + "schemaScriptFileName": "HRliteSchemaScript.groovy", + "scriptBaseClass": null, + "scriptExtensions": [ + "groovy", + ], + "scriptOnResourceScriptFileName": null, + "scriptRoots": "/opt/forgerock/openicf/scripts/hrlite", + "searchScriptFileName": "HRliteSearchScript.groovy", + "sourceEncoding": "UTF-8", + "suspectTimeout": 0, + "syncScriptFileName": "HRliteSyncScript.groovy", + "targetDirectory": null, + "testOnBorrow": false, + "testOnConnect": false, + "testOnReturn": false, + "testScriptFileName": "HRliteTestScript.groovy", + "testWhileIdle": false, + "timeBetweenEvictionRunsMillis": 5000, + "tolerance": 10, + "updateScriptFileName": "HRliteUpdateScript.groovy", + "url": "jdbc:mysql://mariadb:3306/hrdb?autoReconnect=true", + "useDisposableConnectionFacade": true, + "useEquals": true, + "useLock": false, + "useStatementFacade": true, + "username": "hradmin", + "validationInterval": 2000, + "validationQuery": "SELECT 1 FROM DUAL", + "validationQueryTimeout": -1, + "validatorClassName": null, + "verbose": false, + "warningLevel": 1, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.scriptedsql-connector", + "bundleVersion": "1.5.20.9", + "connectorHostRef": "encorebaseline", + "connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector", + "displayName": "Scripted SQL Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "address": { + "nativeName": "address", + "nativeType": "string", + "required": true, + "type": "string", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "required": true, + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depId": { + "nativeName": "depId", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depName": { + "nativeName": "depName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "email": { + "nativeName": "email", + "nativeType": "string", + "required": true, + "type": "string", + }, + "empType": { + "nativeName": "empType", + "nativeType": "string", + "required": true, + "type": "string", + }, + "externalMail": { + "nativeName": "externalMail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "firstName": { + "nativeName": "firstName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "isManager": { + "nativeName": "isManager", + "nativeType": "string", + "required": true, + "type": "string", + }, + "jobCode": { + "nativeName": "jobCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "lastName": { + "nativeName": "lastName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "phone": { + "nativeName": "phone", + "nativeType": "string", + "required": true, + "type": "string", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "required": true, + "type": "string", + }, + "status": { + "nativeName": "status", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "department": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "department", + "nativeType": "department", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "required": true, + "type": "string", + }, + "name": { + "nativeName": "name", + "nativeType": "string", + "required": true, + "type": "string", + }, + "parent": { + "nativeName": "parent", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, + }, + }, + "0e5811ab-ef31-401b-aaa1-70b523eafa55": { + "_id": "0e5811ab-ef31-401b-aaa1-70b523eafa55", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/puzzle.svg", + "name": "engineering", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fengineering&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Froles%2Fsaml", + "idpPrivateId": "ZW5naW5lZXJpbmctSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-497", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "1b3510cf-9352-4573-9cd8-1eaf36cc629c": { + "_id": "1b3510cf-9352-4573-9cd8-1eaf36cc629c", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/eolic-energy.svg", + "name": "company", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fcompany&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fcompany%2Fsaml", + "idpPrivateId": "Y29tcGFueS1JRFA", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-481", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "368b5b11-d8db-4079-98e9-0573934aef04": { + "_id": "368b5b11-d8db-4079-98e9-0573934aef04", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/infography.svg", + "name": "sales", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fsales&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fsales%2Fsaml", + "idpPrivateId": "c2FsZXMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-503", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "9fb975e4-9723-4fac-9fe7-ee25053c6218": { + "_id": "9fb975e4-9723-4fac-9fe7-ee25053c6218", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/hot-air-balloon.svg", + "name": "benefits", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fbenefits&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fbenefits%2Fsaml", + "idpPrivateId": "YmVuZWZpdHMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-492", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322": { + "_id": "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322", + "description": "Test App", + "name": "testapp", + "ssoEntities": { + "oidcId": "testapp", + }, + "templateName": "web", + "templateVersion": "1.0", + }, + "d7f62815-a835-4e2f-a69e-25e7f9019fc2": { + "_id": "d7f62815-a835-4e2f-a69e-25e7f9019fc2", + "authoritative": false, + "connectorId": "EncoreAD", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemEncoreadUser_managedAlpha_user", + "managedAlpha_user_systemEncoreadUser", + ], + "name": "EncoreAD", + "templateName": "active.directory", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "Group": { + "properties": { + "cn": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + "User": { + "properties": { + "__ENABLE__": { + "userSpecific": true, + }, + "__NAME__": { + "userSpecific": true, + }, + "__PASSWORD__": { + "userSpecific": true, + }, + "accountExpires": { + "userSpecific": true, + }, + "c": { + "userSpecific": true, + }, + "cn": { + "userSpecific": true, + }, + "co": { + "userSpecific": true, + }, + "company": { + "userSpecific": true, + }, + "countryCode": { + "userSpecific": true, + }, + "department": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "division": { + "userSpecific": true, + }, + "employeeID": { + "userSpecific": true, + }, + "employeeNumber": { + "userSpecific": true, + }, + "employeeType": { + "userSpecific": true, + }, + "facsimileTelephoneNumber": { + "userSpecific": true, + }, + "givenName": { + "userSpecific": true, + }, + "homePhone": { + "userSpecific": true, + }, + "initials": { + "userSpecific": true, + }, + "l": { + "userSpecific": true, + }, + "lastLogon": { + "userSpecific": true, + }, + "ldapGroups": {}, + "lockoutTime": { + "userSpecific": true, + }, + "mail": { + "userSpecific": true, + }, + "manager": { + "userSpecific": true, + }, + "memberOf": { + "userSpecific": true, + }, + "middleName": { + "userSpecific": true, + }, + "mobile": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "otherHomePhone": { + "userSpecific": true, + }, + "physicalDeliveryOfficeName": { + "userSpecific": true, + }, + "postOfficeBox": { + "userSpecific": true, + }, + "postalCode": { + "userSpecific": true, + }, + "pwdLastSet": { + "userSpecific": true, + }, + "sAMAccountName": { + "userSpecific": true, + }, + "sn": { + "userSpecific": true, + }, + "st": { + "userSpecific": true, + }, + "streetAddress": { + "userSpecific": true, + }, + "telephoneNumber": { + "userSpecific": true, + }, + "title": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "userAccountControl": { + "userSpecific": true, + }, + "userPrincipalName": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + }, + }, + }, + "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2": { + "_id": "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2", + "description": "This is a bookmark", + "name": "MrAnderson", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://mranderson.scheuber.io", + }, + }, + "mapping": { + "managedAlpha_user_systemEncoreadUser": { + "_id": "sync/managedAlpha_user_systemEncoreadUser", + "consentRequired": false, + "displayName": "managedAlpha_user_systemEncoreadUser", + "icon": null, + "name": "managedAlpha_user_systemEncoreadUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "cn", + "target": "cn", + }, + { + "source": "sn", + "target": "sn", + }, + { + "source": "userName", + "target": "sAMAccountName", + }, + { + "source": "", + "target": "userPrincipalName", + "transform": { + "source": "\`\${source.userName}@ad-volker-demo.encore.forgerock.org\`;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__ENABLE__", + "transform": { + "source": "(source.accountStatus==='active') ? true : false;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__NAME__", + "transform": { + "source": "(source.accountStatus=="active")? \`cn=\${source.userName},ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`:\`cn=\${source.userName},ou=Inactive,ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": "openidm.decrypt(source.custom_encryptedPassword)", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"] or lastSync/managedAlpha_user_systemEncoreadUser pr", + }, + "target": "system/EncoreAD/User", + }, + "systemEncoreadUser_managedAlpha_user": { + "_id": "sync/systemEncoreadUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.userPrincipalName + '"'}; qry", + "type": "text/javascript", + }, + ], + "displayName": "systemEncoreadUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemEncoreadUser", + "name": "systemEncoreadUser_managedAlpha_user", + "onLink": { + "globals": { + "assignmentResCollection": "managed/alpha_assignment", + }, + "source": "function javaIsEqual(old, other) { + var JsonPatch = org.forgerock.json.JsonPatch; + var JsonValue = org.forgerock.json.JsonValue; + return JsonPatch.diff(JsonValue(old), JsonValue(other)).asList().size() === 0; +} + +if (situation === "FOUND") { + var params = { + "resourceId": targetId, + "mapping": mappingConfig.links, + "linkQualifier": linkQualifier + }; + + // get the preview of the target object from the outbound mapping + var targetPreview = openidm.action("sync", "getTargetPreview", {}, params); + var attributes = []; + + // find all values where target app user has different values from the correlated IDM user + Object.keys(source).filter(function (key) { + if (key in targetPreview) { + return !javaIsEqual(source[key], targetPreview[key]); + } else { + return false + } + }).forEach(function (key) { + var attribute = { + "name": key, + "value": source[key] + }; + attributes.push(attribute); + }) + + // create override assignment if any diff was found + if (attributes.length > 0) { + var assignment = { + "name": targetId + "-overrideAssignment", + "description": targetId + "override assignment", + "mapping": mappingConfig.links, + "attributes": attributes, + "type": "__OVERRIDE__", + "members": [{"_ref": mappingConfig.target + "/" + targetId}] + }; + var assignmentResult = openidm.create(assignmentResCollection, null, assignment); + var result = openidm.action("sync", "getTargetPreview", {}, params); + Object.keys(source).forEach(function (key) { + if (typeof result[key] === "undefined" || javaIsEqual(source[key], result[key])) { + return + } + // unable to successfully recreate object being linked, delete assignment and throw exception + openidm.delete(assignmentResCollection + "/" + assignmentResult._id, null); + throw "Unable to successfully recreate " + sourceId + " with an assignment for " + targetId; + }) + } +}", + "type": "text/javascript", + }, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "postAction": { + "globals": {}, + "source": "openidm.create("managed/alpha_user/"+target._id+"/applications",null,{_ref:"managed/alpha_application/d7f62815-a835-4e2f-a69e-25e7f9019fc2"})", + "type": "text/javascript", + }, + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "runTargetPhase": false, + "source": "system/EncoreAD/User", + "target": "managed/alpha_user", + }, + "systemHrlite__account___managedAlpha_user": { + "_id": "sync/systemHrlite__account___managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "frIndexedInteger1", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "systemHrlite__account___managedAlpha_user", + "type": "text/javascript", + }, + ], + "displayName": "systemHrlite__account___managedAlpha_user", + "icon": null, + "name": "systemHrlite__account___managedAlpha_user", + "onCreate": { + "globals": {}, + "source": "// Script has access to the following variables: +// sourceObject +// targetObject +// existingTargetObject +// linkQualifier +var givenName = source.firstName; +logger.info ("this is the givenName " + givenName); +var sn = source.lastName; +logger.info ("this is the sn " + sn); + +/* first choice of username */ +var checkuserName = givenName.substring(0,1).concat(sn).toLowerCase(); +logger.info ("calculated checkuserName " + checkuserName); +/* if the userName is not found no need to go further */ +var queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" +}; + +var queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); +if (queryResult.resultCount > 0) { + /* second choice of username */ + checkuserName = givenName.substring(0,2).concat(sn).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + /* while the userName is found try above for second then add time to end until found */ + while (queryResult.resultCount > 0) { + /* timeadded to choice of username */ + var millis = String(Date.now()); + logger.info ("calculated checkuserName " + checkuserName); + checkuserName = givenName.substring(0,1).concat(sn).concat(millis.substring(millis.length - 4)).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + } +} +target.userName = checkuserName; +target.cn = checkuserName + " " + givenName + " " + sn; +target.mail = checkuserName+"@ad-volker-demo.encore.forgerock.org"; +target.password = 'Frdp-2010'; +//Mail domain is dependent on your AD domain name…. +logger.info ("Final userName " + checkuserName); +// Role assignment scripts must always return targetObject, otherwise +// other scripts and code that occur downstream of your script will +// not work as expected. +", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "EXCEPTION", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "EXCEPTION", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "UPDATE", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "", + "target": "frIndexedInteger1", + "transform": { + "source": "parseInt(source.__NAME__)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger2", + "transform": { + "source": "parseInt(source.status)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger3", + "transform": { + "source": "parseInt(source.depId)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger4", + "transform": { + "source": "parseInt(source.jobCode)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger5", + "transform": { + "source": "parseInt(source.empType)", + "type": "text/javascript", + }, + }, + { + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "city", + "target": "city", + }, + { + "source": "state", + "target": "stateProvince", + }, + { + "source": "address", + "target": "postalAddress", + }, + { + "source": "postalCode", + "target": "postalCode", + }, + { + "source": "country", + "target": "country", + }, + { + "source": "firstName", + "target": "givenName", + }, + { + "source": "lastName", + "target": "sn", + }, + { + "source": "isManager", + "target": "frIndexedString4", + }, + { + "source": "externalMail", + "target": "frIndexedString5", + }, + { + "source": "", + "target": "accountStatus", + "transform": { + "source": "(parseInt(source.status)==5)?"inactive":"active";", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": true, + "source": "system/HRLite/__ACCOUNT__", + "target": "managed/alpha_user", + "taskThreads": 1, + }, + }, "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "Y29tcGFueS1JRFA": { + "_id": "Y29tcGFueS1JRFA", + "entityId": "company-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/company", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/company", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/company", + }, + ], + "metaAlias": "/alpha/company", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/company", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/company", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/company", + }, + ], + }, + }, + }, + }, + "YmVuZWZpdHMtSURQ": { + "_id": "YmVuZWZpdHMtSURQ", + "entityId": "benefits-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/benefits", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/benefits", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/benefits", + }, + ], + "metaAlias": "/alpha/benefits", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/benefits", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/benefits", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/benefits", + }, + ], + }, + }, + }, + }, + "ZW5naW5lZXJpbmctSURQ": { + "_id": "ZW5naW5lZXJpbmctSURQ", + "entityId": "engineering-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/engineering", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/engineering", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/engineering", + }, + ], + "metaAlias": "/alpha/engineering", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/engineering", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/engineering", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/engineering", + }, + ], + }, + }, + }, + }, + "c2FsZXMtSURQ": { + "_id": "c2FsZXMtSURQ", + "entityId": "sales-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/sales", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/sales", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/sales", + }, + ], + "metaAlias": "/alpha/sales", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/sales", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/sales", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/sales", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "Y29tcGFueS1JRFA": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " var computedClaims = new frJava.LinkedHashMap();", "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", + ], + "YmVuZWZpdHMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", "", - " return computedClaims;", - " }", + ], + "ZW5naW5lZXJpbmctSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " return compositeScopes;", - " }", "", - " // PUBLIC METHODS", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", "", - " // RESULTS", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", + ], + "c2FsZXMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " return userInfoClaims;", - "}());", "", ], }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + }, + ], + }, + }, + }, + }, + }, + }, + "script": {}, +} +`; + +exports[`frodo app export "frodo app export -a --no-deps -f my-yet-another-allAlphaApplications.application.json": should export all apps to a single file with no dependencies into a file named my-yet-another-allAlphaApplications.application.json 1`] = `""`; + +exports[`frodo app export "frodo app export -a --no-deps -f my-yet-another-allAlphaApplications.application.json": should export all apps to a single file with no dependencies into a file named my-yet-another-allAlphaApplications.application.json 2`] = ` +{ + "application": {}, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, + }, + }, + "0e5811ab-ef31-401b-aaa1-70b523eafa55": { + "_id": "0e5811ab-ef31-401b-aaa1-70b523eafa55", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/puzzle.svg", + "name": "engineering", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fengineering&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Froles%2Fsaml", + "idpPrivateId": "ZW5naW5lZXJpbmctSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-497", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "1b3510cf-9352-4573-9cd8-1eaf36cc629c": { + "_id": "1b3510cf-9352-4573-9cd8-1eaf36cc629c", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/eolic-energy.svg", + "name": "company", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fcompany&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fcompany%2Fsaml", + "idpPrivateId": "Y29tcGFueS1JRFA", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-481", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "368b5b11-d8db-4079-98e9-0573934aef04": { + "_id": "368b5b11-d8db-4079-98e9-0573934aef04", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/infography.svg", + "name": "sales", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fsales&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fsales%2Fsaml", + "idpPrivateId": "c2FsZXMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-503", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "9fb975e4-9723-4fac-9fe7-ee25053c6218": { + "_id": "9fb975e4-9723-4fac-9fe7-ee25053c6218", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/hot-air-balloon.svg", + "name": "benefits", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fbenefits&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fbenefits%2Fsaml", + "idpPrivateId": "YmVuZWZpdHMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-492", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322": { + "_id": "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322", + "description": "Test App", + "name": "testapp", + "ssoEntities": { + "oidcId": "testapp", + }, + "templateName": "web", + "templateVersion": "1.0", + }, + "d7f62815-a835-4e2f-a69e-25e7f9019fc2": { + "_id": "d7f62815-a835-4e2f-a69e-25e7f9019fc2", + "authoritative": false, + "connectorId": "EncoreAD", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemEncoreadUser_managedAlpha_user", + "managedAlpha_user_systemEncoreadUser", ], + "name": "EncoreAD", + "templateName": "active.directory", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "Group": { + "properties": { + "cn": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + "User": { + "properties": { + "__ENABLE__": { + "userSpecific": true, + }, + "__NAME__": { + "userSpecific": true, + }, + "__PASSWORD__": { + "userSpecific": true, + }, + "accountExpires": { + "userSpecific": true, + }, + "c": { + "userSpecific": true, + }, + "cn": { + "userSpecific": true, + }, + "co": { + "userSpecific": true, + }, + "company": { + "userSpecific": true, + }, + "countryCode": { + "userSpecific": true, + }, + "department": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "division": { + "userSpecific": true, + }, + "employeeID": { + "userSpecific": true, + }, + "employeeNumber": { + "userSpecific": true, + }, + "employeeType": { + "userSpecific": true, + }, + "facsimileTelephoneNumber": { + "userSpecific": true, + }, + "givenName": { + "userSpecific": true, + }, + "homePhone": { + "userSpecific": true, + }, + "initials": { + "userSpecific": true, + }, + "l": { + "userSpecific": true, + }, + "lastLogon": { + "userSpecific": true, + }, + "ldapGroups": {}, + "lockoutTime": { + "userSpecific": true, + }, + "mail": { + "userSpecific": true, + }, + "manager": { + "userSpecific": true, + }, + "memberOf": { + "userSpecific": true, + }, + "middleName": { + "userSpecific": true, + }, + "mobile": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "otherHomePhone": { + "userSpecific": true, + }, + "physicalDeliveryOfficeName": { + "userSpecific": true, + }, + "postOfficeBox": { + "userSpecific": true, + }, + "postalCode": { + "userSpecific": true, + }, + "pwdLastSet": { + "userSpecific": true, + }, + "sAMAccountName": { + "userSpecific": true, + }, + "sn": { + "userSpecific": true, + }, + "st": { + "userSpecific": true, + }, + "streetAddress": { + "userSpecific": true, + }, + "telephoneNumber": { + "userSpecific": true, + }, + "title": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "userAccountControl": { + "userSpecific": true, + }, + "userPrincipalName": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + }, + }, + }, + "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2": { + "_id": "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2", + "description": "This is a bookmark", + "name": "MrAnderson", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://mranderson.scheuber.io", }, }, + "meta": Any, } `; -exports[`frodo app export "frodo app export -i test2": should export the app with app id "test2" 1`] = `""`; +exports[`frodo app export "frodo app export -a": should export all apps to a single file 1`] = `""`; -exports[`frodo app export "frodo app export -i test2": should export the app with app id "test2" 2`] = ` +exports[`frodo app export "frodo app export -a": should export all apps to a single file 2`] = ` { "application": { - "test2": { - "_id": "test2", + "testapp": { + "_id": "testapp", "_provider": { "_id": "", - "_rev": "520068704", "_type": { "_id": "oauth-oidc", "collection": false, @@ -38593,6 +12376,7 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit "urn:ietf:params:oauth:grant-type:jwt-bearer", ], "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeSubnameInTokenClaims": true, "macaroonTokenFormat": "V2", "maxAgeOfRequestObjectNbfClaim": 0, "maxDifferenceBetweenRequestObjectNbfAndExp": 0, @@ -38649,7 +12433,9 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit "defaultACR": [], "idTokenInfoClientAuthenticationEnabled": true, "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, + "loaMapping": { + "push": "Baseline-CIBA", + }, "storeOpsTokens": true, "supportedAuthorizationResponseEncryptionAlgorithms": [ "ECDH-ES+A256KW", @@ -38969,7 +12755,6 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit "validateScopeScript": "[Empty]", }, }, - "_rev": "670386148", "_type": { "_id": "OAuth2Client", "collection": true, @@ -38991,15 +12776,13 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit "descriptions": { "inherited": false, "value": [ - "Modified by Frodo on 4/16/2022, 8:41:59 PM", + "Test App", ], }, "grantTypes": { "inherited": false, "value": [ "authorization_code", - "refresh_token", - "client_credentials", ], }, "isConsentImplied": { @@ -39026,16 +12809,30 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit "inherited": false, "value": [], }, + "refreshTokenGracePeriod": { + "inherited": false, + "value": 0, + }, "requestUris": { "inherited": false, "value": [], }, + "require_pushed_authorization_requests": { + "inherited": false, + "value": false, + }, "responseTypes": { "inherited": false, "value": [ "code", "token", "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", ], }, "sectorIdentifierUri": { @@ -39079,7 +12876,7 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit "clientName": { "inherited": false, "value": [ - "test2", + "testapp", ], }, "clientType": { @@ -39088,9 +12885,7 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit }, "defaultScopes": { "inherited": false, - "value": [ - "openid", - ], + "value": [], }, "loopbackInterfaceRedirection": { "inherited": false, @@ -39106,10 +12901,7 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit }, "scopes": { "inherited": false, - "value": [ - "openid", - "fr:idm:*", - ], + "value": [], }, "status": { "inherited": false, @@ -39161,21 +12953,44 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit }, "overrideOAuth2ClientConfig": { "accessTokenMayActScript": "[Empty]", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", "clientsCanSkipConsent": false, "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", "oidcMayActScript": "[Empty]", "overrideableOIDCClaims": [], "providerOverridesEnabled": false, "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", "statelessTokensEnabled": false, "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", }, "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": { + "inherited": false, + }, + "authorizationResponseEncryptionMethod": { + "inherited": false, + }, + "authorizationResponseSigningAlgorithm": { + "inherited": false, + "value": "RS256", + }, "clientJwtPublicKey": { "inherited": false, }, @@ -39273,804 +13088,4064 @@ exports[`frodo app export "frodo app export -i test2": should export the app wit }, }, }, + "connector": { + "EncoreAD": { + "_id": "provisioner.openicf/EncoreAD", + "configurationProperties": { + "accountObjectClasses": [ + "top", + "person", + "organizationalPerson", + "user", + ], + "accountSearchFilter": "(objectClass=User)", + "accountSynchronizationFilter": null, + "accountUserNameAttributes": [ + "uid", + "cn", + ], + "allowTreeDelete": false, + "alternateKeyStore": null, + "alternateKeyStorePassword": null, + "alternateKeyStoreType": null, + "attributesToSynchronize": [], + "authType": "simple", + "baseContexts": [ + "OU=Encore,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + ], + "baseContextsToSynchronize": [], + "blockSize": 100, + "changeLogBlockSize": 100, + "changeNumberAttribute": "changeNumber", + "checkAliveMinInterval": 60, + "connectionTimeout": 30000, + "convertADIntervalToISO8601": [ + "pwdLastSet", + "accountExpires", + "lockoutTime", + "lastLogon", + ], + "convertGTToISO8601": [ + "whenCreated", + "whenChanged", + ], + "credentials": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "ReilS5BMTftYl2t8OZvtaQ==", + "iv": "jdqo9Kvv2ZxpWoywTUmT7w==", + "keySize": 16, + "mac": "N7QnFAv3SNRsBzEau1iDDg==", + "purpose": "idm.config.encryption", + "salt": "ut6NNENf3Op7SOjJuXdSdw==", + "stableId": "openidm-sym-default", + }, + }, + }, + "failover": [], + "filterWithOrInsteadOfAnd": false, + "getGroupMemberId": false, + "groupMemberAttribute": "member", + "groupObjectClasses": [ + "top", + "groupOfUniqueNames", + ], + "groupSearchFilter": "(&(!(cn=Domain Users))(objectClass=group))", + "groupSynchronizationFilter": null, + "gssapiLoginContext": null, + "host": "volker-demo.ad-volker-demo.encore.forgerock.org", + "hostNameVerification": false, + "hostNameVerifierPattern": null, + "lastCheckAlive": 1674482716432, + "maintainLdapGroupMembership": false, + "maintainPosixGroupMembership": false, + "modifiersNamesToFilterOut": [], + "objectClassesToSynchronize": [ + "user", + ], + "passwordAttribute": "unicodePwd", + "passwordHashAlgorithm": "WIN-AD", + "port": 636, + "principal": "CN=root,CN=Users,DC=ad-volker-demo,DC=encore,DC=forgerock,DC=org", + "privateKeyAlias": null, + "readSchema": false, + "referralsHandling": "follow", + "removeLogEntryObjectClassFromFilter": true, + "resetSyncToken": "never", + "respectResourcePasswordPolicyChangeAfterReset": false, + "sendCAUDTxId": false, + "ssl": true, + "startTLS": false, + "uidAttribute": "objectGUID", + "useBlocks": true, + "useDNSSRVRecord": false, + "useOldADGUIDFormat": false, + "usePagedResultControl": true, + "useTimestampsForSync": false, + "vlvSortAttribute": "sAMAccountName", + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.ldap-connector", + "bundleVersion": "1.5.20.12", + "connectorHostRef": "adrcs", + "connectorName": "org.identityconnectors.ldap.LdapConnector", + "displayName": "LDAP Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "Group": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__ENABLE__": { + "nativeName": "__ENABLE__", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "required": false, + "type": "boolean", + "userSpecific": true, + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "type": "JAVA_TYPE_GUARDEDSTRING", + }, + "accountExpires": { + "nativeName": "accountExpires", + "nativeType": "string", + "type": "string", + }, + "c": { + "nativeName": "c", + "nativeType": "string", + "type": "string", + }, + "cn": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "cn", + "nativeType": "string", + "required": false, + "type": "string", + }, + "co": { + "nativeName": "co", + "nativeType": "string", + "type": "string", + }, + "company": { + "nativeName": "company", + "nativeType": "string", + "type": "string", + }, + "countryCode": { + "nativeName": "countryCode", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "division": { + "nativeName": "division", + "nativeType": "string", + "type": "string", + }, + "employeeID": { + "nativeName": "employeeID", + "nativeType": "string", + "type": "string", + }, + "employeeNumber": { + "nativeName": "employeeNumber", + "nativeType": "string", + "type": "string", + }, + "employeeType": { + "nativeName": "employeeType", + "nativeType": "string", + "type": "string", + }, + "facsimileTelephoneNumber": { + "nativeName": "facsimileTelephoneNumber", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "homePhone": { + "nativeName": "homePhone", + "nativeType": "string", + "type": "string", + }, + "initials": { + "nativeName": "initials", + "nativeType": "string", + "type": "string", + }, + "l": { + "nativeName": "l", + "nativeType": "string", + "type": "string", + }, + "lastLogon": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lastLogon", + "nativeType": "string", + "type": "string", + }, + "ldapGroups": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "ldapGroups", + "nativeType": "string", + "required": false, + "type": "array", + "userSpecific": false, + }, + "lockoutTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "lockoutTime", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "string", + "type": "string", + }, + "memberOf": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "middleName": { + "nativeName": "middleName", + "nativeType": "string", + "type": "string", + }, + "mobile": { + "nativeName": "mobile", + "nativeType": "string", + "type": "string", + }, + "objectGUID": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "objectGUID", + "nativeType": "string", + "type": "string", + }, + "otherHomePhone": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherHomePhone", + "nativeType": "string", + "type": "array", + }, + "physicalDeliveryOfficeName": { + "nativeName": "physicalDeliveryOfficeName", + "nativeType": "string", + "type": "string", + }, + "postOfficeBox": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "postOfficeBox", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "pwdLastSet": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "pwdLastSet", + "nativeType": "string", + "type": "string", + }, + "sAMAccountName": { + "nativeName": "sAMAccountName", + "nativeType": "string", + "type": "string", + }, + "sn": { + "nativeName": "sn", + "nativeType": "string", + "type": "string", + }, + "st": { + "nativeName": "st", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "telephoneNumber": { + "nativeName": "telephoneNumber", + "nativeType": "string", + "type": "string", + }, + "title": { + "nativeName": "title", + "nativeType": "string", + "type": "string", + }, + "uSNChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNChanged", + "nativeType": "string", + "type": "string", + }, + "uSNCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "uSNCreated", + "nativeType": "string", + "type": "string", + }, + "userAccountControl": { + "nativeName": "userAccountControl", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "type": "string", + }, + "whenChanged": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenChanged", + "nativeType": "string", + "type": "string", + }, + "whenCreated": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "whenCreated", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + "HRLite": { + "_id": "provisioner.openicf/HRLite", + "configurationProperties": { + "abandonWhenPercentageFull": 0, + "accessToUnderlyingConnectionAllowed": true, + "alternateUsernameAllowed": false, + "authenticateScriptFileName": "HRliteAuthenticateScript.groovy", + "autoCommit": true, + "classpath": [], + "commitOnReturn": false, + "connectionProperties": null, + "createScriptFileName": "HRliteCreateScript.groovy", + "customConfiguration": null, + "customSensitiveConfiguration": null, + "customizerScriptFileName": null, + "dataSourceJNDI": null, + "debug": false, + "defaultAutoCommit": null, + "defaultCatalog": null, + "defaultReadOnly": null, + "defaultTransactionIsolation": -1, + "deleteScriptFileName": "HRliteDeleteScript.groovy", + "disabledGlobalASTTransformations": null, + "driverClassName": "com.mysql.jdbc.Driver", + "fairQueue": true, + "ignoreExceptionOnPreLoad": false, + "initSQL": null, + "initialSize": 10, + "jdbcInterceptors": null, + "jmxEnabled": true, + "logAbandoned": false, + "logValidationErrors": false, + "maxActive": 100, + "maxAge": 0, + "maxIdle": 100, + "maxWait": 30000, + "minEvictableIdleTimeMillis": 60000, + "minIdle": 10, + "minimumRecompilationInterval": 100, + "name": "Tomcat Connection Pool[1-265824587]", + "numTestsPerEvictionRun": 0, + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "73doNZivdgZ7KmuOlzFBdD/7blip0OU6uRwBDv53wcQ=", + "iv": "/C0QyOAnnUNQCovrsMgzEw==", + "keySize": 16, + "mac": "EAPShe6oCwxlTCHYC2wBlQ==", + "purpose": "idm.config.encryption", + "salt": "zYm6JkzqEzE1/0Y+o9K3+Q==", + "stableId": "openidm-sym-default", + }, + }, + }, + "propagateInterruptState": false, + "recompileGroovySource": false, + "removeAbandoned": false, + "removeAbandonedTimeout": 60, + "resolveUsernameScriptFileName": null, + "rollbackOnReturn": false, + "schemaScriptFileName": "HRliteSchemaScript.groovy", + "scriptBaseClass": null, + "scriptExtensions": [ + "groovy", + ], + "scriptOnResourceScriptFileName": null, + "scriptRoots": "/opt/forgerock/openicf/scripts/hrlite", + "searchScriptFileName": "HRliteSearchScript.groovy", + "sourceEncoding": "UTF-8", + "suspectTimeout": 0, + "syncScriptFileName": "HRliteSyncScript.groovy", + "targetDirectory": null, + "testOnBorrow": false, + "testOnConnect": false, + "testOnReturn": false, + "testScriptFileName": "HRliteTestScript.groovy", + "testWhileIdle": false, + "timeBetweenEvictionRunsMillis": 5000, + "tolerance": 10, + "updateScriptFileName": "HRliteUpdateScript.groovy", + "url": "jdbc:mysql://mariadb:3306/hrdb?autoReconnect=true", + "useDisposableConnectionFacade": true, + "useEquals": true, + "useLock": false, + "useStatementFacade": true, + "username": "hradmin", + "validationInterval": 2000, + "validationQuery": "SELECT 1 FROM DUAL", + "validationQueryTimeout": -1, + "validatorClassName": null, + "verbose": false, + "warningLevel": 1, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.scriptedsql-connector", + "bundleVersion": "1.5.20.9", + "connectorHostRef": "encorebaseline", + "connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector", + "displayName": "Scripted SQL Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "address": { + "nativeName": "address", + "nativeType": "string", + "required": true, + "type": "string", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "required": true, + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depId": { + "nativeName": "depId", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depName": { + "nativeName": "depName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "email": { + "nativeName": "email", + "nativeType": "string", + "required": true, + "type": "string", + }, + "empType": { + "nativeName": "empType", + "nativeType": "string", + "required": true, + "type": "string", + }, + "externalMail": { + "nativeName": "externalMail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "firstName": { + "nativeName": "firstName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "isManager": { + "nativeName": "isManager", + "nativeType": "string", + "required": true, + "type": "string", + }, + "jobCode": { + "nativeName": "jobCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "lastName": { + "nativeName": "lastName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "phone": { + "nativeName": "phone", + "nativeType": "string", + "required": true, + "type": "string", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "required": true, + "type": "string", + }, + "status": { + "nativeName": "status", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "department": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "department", + "nativeType": "department", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "required": true, + "type": "string", + }, + "name": { + "nativeName": "name", + "nativeType": "string", + "required": true, + "type": "string", + }, + "parent": { + "nativeName": "parent", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, + }, + }, + "0e5811ab-ef31-401b-aaa1-70b523eafa55": { + "_id": "0e5811ab-ef31-401b-aaa1-70b523eafa55", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/puzzle.svg", + "name": "engineering", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fengineering&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Froles%2Fsaml", + "idpPrivateId": "ZW5naW5lZXJpbmctSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-497", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "1b3510cf-9352-4573-9cd8-1eaf36cc629c": { + "_id": "1b3510cf-9352-4573-9cd8-1eaf36cc629c", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/eolic-energy.svg", + "name": "company", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fcompany&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fcompany%2Fsaml", + "idpPrivateId": "Y29tcGFueS1JRFA", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-481", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "368b5b11-d8db-4079-98e9-0573934aef04": { + "_id": "368b5b11-d8db-4079-98e9-0573934aef04", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/infography.svg", + "name": "sales", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fsales&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fsales%2Fsaml", + "idpPrivateId": "c2FsZXMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-503", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "9fb975e4-9723-4fac-9fe7-ee25053c6218": { + "_id": "9fb975e4-9723-4fac-9fe7-ee25053c6218", + "authoritative": false, + "description": "Deployed via Encore", + "icon": "https://encore.forgerock.com/media/svg/misc/hot-air-balloon.svg", + "name": "benefits", + "ssoEntities": { + "domain": "openam-volker-demo.forgeblocks.com", + "idpLocation": "hosted", + "idpLoginUrl": "https://openam-volker-demo.forgeblocks.com/am/idpssoinit?metaAlias=%2Falpha%2Fbenefits&spEntityID=https%3A%2F%2Fvolker-demo.encore.forgerock.com%3A443%2Fapps%2Fweb%2Fbenefits%2Fsaml", + "idpPrivateId": "YmVuZWZpdHMtSURQ", + "key": "c88e6422-561c-4362-9cd1-6a377ad97b36-492", + "spLocation": "remote", + "spPrivateId": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + }, + "templateName": "saml", + "templateVersion": "1.0.0", + }, + "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322": { + "_id": "ab00f0cd-e7a0-44fe-9ae9-f80f0e193322", + "description": "Test App", + "name": "testapp", + "ssoEntities": { + "oidcId": "testapp", + }, + "templateName": "web", + "templateVersion": "1.0", + }, + "d7f62815-a835-4e2f-a69e-25e7f9019fc2": { + "_id": "d7f62815-a835-4e2f-a69e-25e7f9019fc2", + "authoritative": false, + "connectorId": "EncoreAD", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemEncoreadUser_managedAlpha_user", + "managedAlpha_user_systemEncoreadUser", + ], + "name": "EncoreAD", + "templateName": "active.directory", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "Group": { + "properties": { + "cn": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + "User": { + "properties": { + "__ENABLE__": { + "userSpecific": true, + }, + "__NAME__": { + "userSpecific": true, + }, + "__PASSWORD__": { + "userSpecific": true, + }, + "accountExpires": { + "userSpecific": true, + }, + "c": { + "userSpecific": true, + }, + "cn": { + "userSpecific": true, + }, + "co": { + "userSpecific": true, + }, + "company": { + "userSpecific": true, + }, + "countryCode": { + "userSpecific": true, + }, + "department": { + "userSpecific": true, + }, + "description": { + "userSpecific": true, + }, + "displayName": { + "userSpecific": true, + }, + "division": { + "userSpecific": true, + }, + "employeeID": { + "userSpecific": true, + }, + "employeeNumber": { + "userSpecific": true, + }, + "employeeType": { + "userSpecific": true, + }, + "facsimileTelephoneNumber": { + "userSpecific": true, + }, + "givenName": { + "userSpecific": true, + }, + "homePhone": { + "userSpecific": true, + }, + "initials": { + "userSpecific": true, + }, + "l": { + "userSpecific": true, + }, + "lastLogon": { + "userSpecific": true, + }, + "ldapGroups": {}, + "lockoutTime": { + "userSpecific": true, + }, + "mail": { + "userSpecific": true, + }, + "manager": { + "userSpecific": true, + }, + "memberOf": { + "userSpecific": true, + }, + "middleName": { + "userSpecific": true, + }, + "mobile": { + "userSpecific": true, + }, + "objectGUID": { + "userSpecific": true, + }, + "otherHomePhone": { + "userSpecific": true, + }, + "physicalDeliveryOfficeName": { + "userSpecific": true, + }, + "postOfficeBox": { + "userSpecific": true, + }, + "postalCode": { + "userSpecific": true, + }, + "pwdLastSet": { + "userSpecific": true, + }, + "sAMAccountName": { + "userSpecific": true, + }, + "sn": { + "userSpecific": true, + }, + "st": { + "userSpecific": true, + }, + "streetAddress": { + "userSpecific": true, + }, + "telephoneNumber": { + "userSpecific": true, + }, + "title": { + "userSpecific": true, + }, + "uSNChanged": { + "userSpecific": true, + }, + "uSNCreated": { + "userSpecific": true, + }, + "userAccountControl": { + "userSpecific": true, + }, + "userPrincipalName": { + "userSpecific": true, + }, + "whenChanged": { + "userSpecific": true, + }, + "whenCreated": { + "userSpecific": true, + }, + }, + }, + }, + }, + }, + "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2": { + "_id": "e9f2ecd5-3d50-4da0-9ca2-587dbca390e2", + "description": "This is a bookmark", + "name": "MrAnderson", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://mranderson.scheuber.io", + }, + }, + "mapping": { + "managedAlpha_user_systemEncoreadUser": { + "_id": "sync/managedAlpha_user_systemEncoreadUser", + "consentRequired": false, + "displayName": "managedAlpha_user_systemEncoreadUser", + "icon": null, + "name": "managedAlpha_user_systemEncoreadUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "cn", + "target": "cn", + }, + { + "source": "sn", + "target": "sn", + }, + { + "source": "userName", + "target": "sAMAccountName", + }, + { + "source": "", + "target": "userPrincipalName", + "transform": { + "source": "\`\${source.userName}@ad-volker-demo.encore.forgerock.org\`;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__ENABLE__", + "transform": { + "source": "(source.accountStatus==='active') ? true : false;", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__NAME__", + "transform": { + "source": "(source.accountStatus=="active")? \`cn=\${source.userName},ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`:\`cn=\${source.userName},ou=Inactive,ou=Encore,dc=ad-volker-demo,dc=encore,dc=forgerock,dc=org\`", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": "openidm.decrypt(source.custom_encryptedPassword)", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "d7f62815-a835-4e2f-a69e-25e7f9019fc2"] or lastSync/managedAlpha_user_systemEncoreadUser pr", + }, + "target": "system/EncoreAD/User", + }, + "systemEncoreadUser_managedAlpha_user": { + "_id": "sync/systemEncoreadUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.userPrincipalName + '"'}; qry", + "type": "text/javascript", + }, + ], + "displayName": "systemEncoreadUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemEncoreadUser", + "name": "systemEncoreadUser_managedAlpha_user", + "onLink": { + "globals": { + "assignmentResCollection": "managed/alpha_assignment", + }, + "source": "function javaIsEqual(old, other) { + var JsonPatch = org.forgerock.json.JsonPatch; + var JsonValue = org.forgerock.json.JsonValue; + return JsonPatch.diff(JsonValue(old), JsonValue(other)).asList().size() === 0; +} + +if (situation === "FOUND") { + var params = { + "resourceId": targetId, + "mapping": mappingConfig.links, + "linkQualifier": linkQualifier + }; + + // get the preview of the target object from the outbound mapping + var targetPreview = openidm.action("sync", "getTargetPreview", {}, params); + var attributes = []; + + // find all values where target app user has different values from the correlated IDM user + Object.keys(source).filter(function (key) { + if (key in targetPreview) { + return !javaIsEqual(source[key], targetPreview[key]); + } else { + return false + } + }).forEach(function (key) { + var attribute = { + "name": key, + "value": source[key] + }; + attributes.push(attribute); + }) + + // create override assignment if any diff was found + if (attributes.length > 0) { + var assignment = { + "name": targetId + "-overrideAssignment", + "description": targetId + "override assignment", + "mapping": mappingConfig.links, + "attributes": attributes, + "type": "__OVERRIDE__", + "members": [{"_ref": mappingConfig.target + "/" + targetId}] + }; + var assignmentResult = openidm.create(assignmentResCollection, null, assignment); + var result = openidm.action("sync", "getTargetPreview", {}, params); + Object.keys(source).forEach(function (key) { + if (typeof result[key] === "undefined" || javaIsEqual(source[key], result[key])) { + return + } + // unable to successfully recreate object being linked, delete assignment and throw exception + openidm.delete(assignmentResCollection + "/" + assignmentResult._id, null); + throw "Unable to successfully recreate " + sourceId + " with an assignment for " + targetId; + }) + } +}", + "type": "text/javascript", + }, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "postAction": { + "globals": {}, + "source": "openidm.create("managed/alpha_user/"+target._id+"/applications",null,{_ref:"managed/alpha_application/d7f62815-a835-4e2f-a69e-25e7f9019fc2"})", + "type": "text/javascript", + }, + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "runTargetPhase": false, + "source": "system/EncoreAD/User", + "target": "managed/alpha_user", + }, + "systemHrlite__account___managedAlpha_user": { + "_id": "sync/systemHrlite__account___managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "frIndexedInteger1", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "systemHrlite__account___managedAlpha_user", + "type": "text/javascript", + }, + ], + "displayName": "systemHrlite__account___managedAlpha_user", + "icon": null, + "name": "systemHrlite__account___managedAlpha_user", + "onCreate": { + "globals": {}, + "source": "// Script has access to the following variables: +// sourceObject +// targetObject +// existingTargetObject +// linkQualifier +var givenName = source.firstName; +logger.info ("this is the givenName " + givenName); +var sn = source.lastName; +logger.info ("this is the sn " + sn); + +/* first choice of username */ +var checkuserName = givenName.substring(0,1).concat(sn).toLowerCase(); +logger.info ("calculated checkuserName " + checkuserName); +/* if the userName is not found no need to go further */ +var queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" +}; + +var queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); +if (queryResult.resultCount > 0) { + /* second choice of username */ + checkuserName = givenName.substring(0,2).concat(sn).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + /* while the userName is found try above for second then add time to end until found */ + while (queryResult.resultCount > 0) { + /* timeadded to choice of username */ + var millis = String(Date.now()); + logger.info ("calculated checkuserName " + checkuserName); + checkuserName = givenName.substring(0,1).concat(sn).concat(millis.substring(millis.length - 4)).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + } +} +target.userName = checkuserName; +target.cn = checkuserName + " " + givenName + " " + sn; +target.mail = checkuserName+"@ad-volker-demo.encore.forgerock.org"; +target.password = 'Frdp-2010'; +//Mail domain is dependent on your AD domain name…. +logger.info ("Final userName " + checkuserName); +// Role assignment scripts must always return targetObject, otherwise +// other scripts and code that occur downstream of your script will +// not work as expected. +", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "EXCEPTION", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "EXCEPTION", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "UPDATE", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "", + "target": "frIndexedInteger1", + "transform": { + "source": "parseInt(source.__NAME__)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger2", + "transform": { + "source": "parseInt(source.status)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger3", + "transform": { + "source": "parseInt(source.depId)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger4", + "transform": { + "source": "parseInt(source.jobCode)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger5", + "transform": { + "source": "parseInt(source.empType)", + "type": "text/javascript", + }, + }, + { + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "city", + "target": "city", + }, + { + "source": "state", + "target": "stateProvince", + }, + { + "source": "address", + "target": "postalAddress", + }, + { + "source": "postalCode", + "target": "postalCode", + }, + { + "source": "country", + "target": "country", + }, + { + "source": "firstName", + "target": "givenName", + }, + { + "source": "lastName", + "target": "sn", + }, + { + "source": "isManager", + "target": "frIndexedString4", + }, + { + "source": "externalMail", + "target": "frIndexedString5", + }, + { + "source": "", + "target": "accountStatus", + "transform": { + "source": "(parseInt(source.status)==5)?"inactive":"active";", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": true, + "source": "system/HRLite/__ACCOUNT__", + "target": "managed/alpha_user", + "taskThreads": 1, + }, + }, "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": [ - "/*", - " * Copyright 2014-2021 ForgeRock AS. All Rights Reserved", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint.", - " * The claim values are computed for:", - " * the claims derived from the requested scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client via the claims parameter.", - " *", - " * In the CONFIGURATION AND CUSTOMIZATION section, you can", - " * define the scope-to-claims mapping, and", - " * assign to each claim a resolver function that will compute the claim value.", - " *", - " * Defined variables (class references are provided below):", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * claims - Map (5).", - " * Always present, default server provided claims.", - " * claimObjects - List (7, 2).", - " * Always present, the default server provided claims.", - " * requestedClaims - Map> (5).", - " * Always present, not empty if the request contains the claims parameter and the server has enabled", - " * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty;", - " * requested claims with no requested values will have a key but no value in the map. A key with", - " * a single value in its Set (6) indicates that this is the only value that should be returned.", - " * requestedTypedClaims - List (7, 2).", - " * Always present, the requested claims.", - " * Requested claims with no requested values will have a claim with no values.", - " * A claim with a single value indicates this is the only value that should be returned.", - " * claimsLocales - List (7).", - " * The values from the 'claims_locales' parameter.", - " * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " * In order to use the client, you may need to add", - " * org.forgerock.http.Client,", - " * org.forgerock.http.protocol.*,", - " * and org.forgerock.util.promise.PromiseImpl", - " * to the allowed Java classes in the scripting engine configuration, as described in:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html", - " *", - " * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object.", - " * The result of the last statement in the script is returned to the server.", - " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", - " * is the last (and only) statement in this script, and its return value will become the script result.", - " * Do not use "return variable" statement outside of a function definition.", - " * See RESULTS section for additional details.", - " *", - " * Class reference:", - " * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html.", - " * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html).", - " * An instance of org.forgerock.openidconnect.Claim has methods to access", - " * the claim name, requested values, locale, and whether the claim is essential.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - "*/", - "", - "(function () {", - " // SETUP", - "", - " /**", - " * Claim processing utilities.", - " * An object that contains reusable functions for processing claims.", - " * @see CLAIM PROCESSING UTILITIES section for details.", - " */", - " var utils = getUtils();", - "", - " // CONFIGURATION AND CUSTOMIZATION", - "", - " /**", - " * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a scope value to an array of claim names", - " * to specify which claims need to be processed and returned for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims}", - " * for the scope values that could be used to request claims as defined in the OIDC specification.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " *", - " * CUSTOMIZATION", - " * You can choose the claim names returned for a scope.", - " */", - " utils.setScopeClaimsMap({", - " profile: [", - " 'name',", - " 'family_name',", - " 'given_name',", - " 'zoneinfo',", - " 'locale'", - " ],", - " email: ['email'],", - " address: ['address'],", - " phone: ['phone_number']", - " });", - "", - " /**", - " * In this script, each claim", - " * derived from the requested scopes,", - " * provided by the authorization server, and", - " * requested by the client via the claims parameter", - " * will be processed by a function associated with the claim name.", - " *", - " * Call this configuration method, and pass in as the first argument", - " * an object that maps a claim name to a resolver function,", - " * which will be automatically executed for each claim processed by the script.", - " *", - " * The claim resolver function will receive the requested claim information", - " * in an instance of org.forgerock.openidconnect.Claim as the first argument.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html}", - " * for details on the Claim class.", - " *", - " * If the claim resolver function returns a value,", - " * other than undefined or null,", - " * the claim will be included in the script's results.", - " *", - " * The Claim instance provides methods to check", - " * what the name of the claim is,", - " * which values the claim request contains,", - " * whether the claim is essential, and", - " * which locale the claim is associated with.", - " * The resolver function can consider this information when computing and returning the claim value.", - " *", - " * Below, find a default configuration that is expected to work in the current environment.", - " * A reusable function, utils.getUserProfileClaimResolver(String attribute-name),", - " * is called to return a claim resolver function based on a user profile attribute.", - " * @see CLAIM RESOLVERS section for the implementation details and examples.", - " * For the address claim, an example of a claim resolver that uses another claim resolver is provided.", - " *", - " * CUSTOMIZATION", - " * You can reuse the predefined utils methods with your custom arguments.", - " * You can also specify a custom resolver function for a claim name,", - " * that will compute and return the claim value—as shown in the commented out example below.", - " */", - " utils.setClaimResolvers({", - " /*", - " // An example of a simple claim resolver function that is defined for a claim", - " // directly in the configuration object:", - " custom-claim-name: function (requestedClaim) {", - " // In this case, initially, the claim value comes straight from a user profile attribute value:", - " var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0]", - "", - " // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value.", - " // You can use:", - " // requestedClaim.getName()", - " // requestedClaim.getValues()", - " // requestedClaim.getLocale()", - " // requestedClaim.isEssential()", - "", - " return claimValue", - " },", - " */", - " /**", - " * The use of utils.getUserProfileClaimResolver shows how", - " * an argument passed to a function that returns a claim resolver", - " * becomes available to the resolver function (via its lexical context).", - " */", - " name: utils.getUserProfileClaimResolver('cn'),", - " family_name: utils.getUserProfileClaimResolver('sn'),", - " given_name: utils.getUserProfileClaimResolver('givenname'),", - " zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'),", - " locale: utils.getUserProfileClaimResolver('preferredlocale'),", - " email: utils.getUserProfileClaimResolver('mail'),", - " address: utils.getAddressClaimResolver(", - " /**", - " * The passed in user profile claim resolver function", - " * can be used by the address claim resolver function", - " * to obtain the claim value to be formatted as per the OIDC specification:", - " * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.", - " */", - " utils.getUserProfileClaimResolver('postaladdress')", - " ),", - " phone_number: utils.getUserProfileClaimResolver('telephonenumber')", - " });", - "", - " // CLAIM PROCESSING UTILITIES", - "", - " /**", - " * @returns {object} An object that contains reusable claim processing utilities.", - " * @see PUBLIC METHODS section and the return statement for the list of exported functions.", - " */", - " function getUtils () {", - " // IMPORT JAVA", - "", - " /**", - " * Provides Java scripting functionality.", - " * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}.", - " */", - " var frJava = JavaImporter(", - " org.forgerock.oauth2.core.exceptions.InvalidRequestException,", - " org.forgerock.oauth2.core.UserInfoClaims,", - " org.forgerock.openidconnect.Claim,", - "", - " java.util.LinkedHashMap,", - " java.util.ArrayList", - " );", - "", - " // SET UP CONFIGURATION", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported scope values (scopes)", - " * and the corresponding claim names for each scope value.", - " */", - " var scopeClaimsMap;", - "", - " /**", - " * Placeholder for a configuration option that contains", - " * an object that maps the supported claim names", - " * and the resolver functions returning the claim value.", - " */", - " var claimResolvers;", - "", - " /**", - " * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps each supported scope value to an array of claim names,", - " * in order to specify which claims need to be processed for the requested scopes.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details.", - " * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested.", - " * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested.", - " * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested.", - " * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested.", - " * @returns {undefined}", - " */", - " function setScopeClaimsMap(params) {", - " scopeClaimsMap = params;", - " }", - "", - " /**", - " * A (public) method that accepts an object that maps the supported claim names", - " * and the resolver functions returning the claim value,", - " * and assigns it to a (private) variable that serves as a configuration option.", - " * @param {object} params - An object that maps", - " * each supported claim name to a function that computes and returns the claim value.", - " */", - " function setClaimResolvers(params) {", - " claimResolvers = params;", - " }", - "", - " // CLAIM RESOLVERS", - "", - " /**", - " * Claim resolvers are functions that return a claim value.", - " * @param {*}", - " * @returns {*}", - " */", - "", - " /**", - " * Defines a claim resolver based on a user profile attribute.", - " * @param {string} attributeName - Name of the user profile attribute.", - " * @returns {function} A function that will determine the claim value", - " * based on the user profile attribute and the (requested) claim properties.", - " */", - " function getUserProfileClaimResolver (attributeName) {", - " /**", - " * Resolves a claim with a user profile attribute value.", - " * Returns undefined if the identity attribute is not populated,", - " * OR if the claim has requested values that do not contain the identity attribute value.", - " * ATTENTION: the aforementioned comparison is case-sensitive.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {string|HashSet|undefined}", - " */", - " function resolveClaim(claim) {", - " var userProfileValue;", - "", - " if (identity) {", - " userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName));", - "", - " if (userProfileValue && !userProfileValue.isEmpty()) {", - " if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) {", - " return userProfileValue;", - " }", - " }", - " }", - " }", - "", - " return resolveClaim;", - " }", - "", - " /**", - " * Returns an address claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional formatting to the value before returning it.", - " */", - " function getAddressClaimResolver (resolveClaim) {", - " /**", - " * Creates an address claim object from a value returned by a claim resolver,", - " * and returns the address claim object as the claim value.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value.", - " */", - " function resolveAddressClaim(claim) {", - " var claimValue = resolveClaim(claim);", - " var addressObject;", - "", - " if (isClaimValueValid(claimValue)) {", - " addressObject = new frJava.LinkedHashMap();", - "", - " addressObject.put('formatted', claimValue);", - "", - " return addressObject;", - " }", - " }", - "", - " return resolveAddressClaim;", - " }", - "", - " /**", - " * Returns an essential claim resolver based on a claim value obtained with another claim resolver.", - " * @param {function} resolveClaim - A function that returns a claim value.", - " * @returns {function} A function that will accept a claim as an argument,", - " * run the claim resolver function for the claim and obtain the claim value,", - " * and apply additional logic for essential claims.", - " */", - " function getEssentialClaimResolver (resolveClaim) {", - " /**", - " * Returns a claim value or throws an error.", - " * The claim value is obtained with a claim resolving function available from the closure.", - " * Throws an exception if the claim is essential and no value is returned for the claim.", - " *", - " * Use of this resolver is optional.", - " * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating:", - " * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present,", - " * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary,", - " * unless otherwise specified in the description of the specific claim."", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*}", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " */", - " function resolveEssentialClaim(claim) {", - " var claimValue = resolveClaim(claim);", - "", - " if (claim.isEssential() && !isClaimValueValid(claimValue)) {", - " throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName());", - " }", - "", - " return claimValue;", - " }", - "", - " return resolveEssentialClaim;", - " }", - "", - " /**", - " * Provides default resolution for a claim.", - " * Use it if a claim-specific resolver is not defined in the configuration.", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} A single value associated with this claim.", - " */", - " function resolveAnyClaim (claim) {", - " if (claim.getValues().size() === 1) {", - " return claim.getValues().toArray()[0];", - " }", - " }", - "", - " // UTILITIES", - "", - " /**", - " * Returns claim value from a set.", - " * If the set contains a single value, returns the value.", - " * If the set contains multiple values, returns the set.", - " * Otherwise, returns undefined.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @param {java.util.HashSet} set The set—for example, a user profile attribute value.", - " * @returns {string|java.util.HashSet|undefined}", - " */", - " function getClaimValueFromSet (claim, set) {", - " if (set && set.size()) {", - " if (set.size() === 1) {", - " return set.toArray()[0];", - " } else {", - " return set;", - " }", - " } else if (logger.warningEnabled()) {", - " logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName());", - " }", - " }", - "", - " function isClaimValueValid (claimValue) {", - " if (typeof claimValue === 'undefined' || claimValue === null) {", - " return false;", - " }", - "", - " return true;", - " }", - "", - " // CLAIM PROCESSING", - "", - " /**", - " * Constructs and returns an object populated with the computed claim values", - " * and the requested scopes mapped to the claim names.", - " * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " * @see RESULTS section for the use of this function.", - " */", - " function getUserInfoClaims () {", - " return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes());", - " }", - "", - " /**", - " * Creates a map of (requested) claim names populated with the computed claim values.", - " * @returns {java.util.LinkedHashMap}", - " * A map of the requested claim names and the corresponding claim values.", - " */", - " function getComputedClaims () {", - " /**", - " * Creates a complete list of claim objects from:", - " * the claims derived from the scopes,", - " * the claims provided by the authorization server,", - " * and the claims requested by the client.", - " * @returns {java.util.ArrayList}", - " * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function getClaims() {", - " /**", - " * Returns a list of claim objects for the requested scopes.", - " * Uses the scopeClaimsMap configuration option to derive the claim names;", - " * no other properties of a claim derived from a scope are populated.", - " * @returns {java.util.ArrayList}", - " * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details.", - " */", - " function convertScopeToClaims() {", - " var claims = new frJava.ArrayList();", - "", - " scopes.toArray().forEach(function (scope) {", - " if (String(scope) !== 'openid' && scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " claims.add(new frJava.Claim(claimName));", - " });", - " }", - " });", - "", - " return claims;", - " }", - "", - " var claims = new frJava.ArrayList();", - "", - " claims.addAll(convertScopeToClaims());", - " claims.addAll(claimObjects);", - " claims.addAll(requestedTypedClaims);", - "", - " return claims;", - " }", - "", - " /**", - " * Computes and returns a claim value.", - " * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object.", - " * @see claimResolvers", - " * If no resolver function is found, uses the default claim resolver function.", - " *", - " * @param {org.forgerock.openidconnect.Claim} claim", - " * An object that provides methods to obtain information/requirements associated with a claim.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details.", - " * @returns {*} Claim value.", - " * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException}", - " * Rethrows this exception if a claim resolver throws it.", - " * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver", - " * if you want to terminate the claim processing.", - " */", - " function computeClaim(claim) {", - " var resolveClaim;", - " var message;", - "", - " try {", - " resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim;", - "", - " return resolveClaim(claim);", - " } catch (e) {", - " message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e;", - "", - " if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) {", - " throw e;", - " }", - "", - " if (logger.warningEnabled()) {", - " logger.warning(message);", - " }", - " }", - " }", + "saml": { + "cot": { + "FR_COT": { + "_id": "FR_COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "engineering-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml|saml2", + "company-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml|saml2", + "sales-IDP|saml2", + "benefits-IDP|saml2", + "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml|saml2", + ], + }, + }, + "hosted": { + "Y29tcGFueS1JRFA": { + "_id": "Y29tcGFueS1JRFA", + "entityId": "company-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/company", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/company", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/company", + }, + ], + "metaAlias": "/alpha/company", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/company", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/company", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/company", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/company", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/company", + }, + ], + }, + }, + }, + }, + "YmVuZWZpdHMtSURQ": { + "_id": "YmVuZWZpdHMtSURQ", + "entityId": "benefits-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/benefits", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/benefits", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/benefits", + }, + ], + "metaAlias": "/alpha/benefits", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/benefits", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/benefits", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/benefits", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/benefits", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/benefits", + }, + ], + }, + }, + }, + }, + "ZW5naW5lZXJpbmctSURQ": { + "_id": "ZW5naW5lZXJpbmctSURQ", + "entityId": "engineering-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/engineering", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/engineering", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/engineering", + }, + ], + "metaAlias": "/alpha/engineering", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/engineering", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/engineering", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/engineering", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/engineering", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/engineering", + }, + ], + }, + }, + }, + }, + "c2FsZXMtSURQ": { + "_id": "c2FsZXMtSURQ", + "entityId": "sales-IDP", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "https://openam-volker-demo.forgeblocks.com/am/idpsaehandler/metaAlias/alpha/sales", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": { + "nameIdEncryption": false, + }, + "requestResponseSigning": { + "artifactResolve": true, + "authenticationRequest": true, + "logoutRequest": false, + "logoutResponse": false, + "manageNameIdRequest": false, + "manageNameIdResponse": false, + }, + "secretIdAndAlgorithms": { + "digestAlgorithm": [ + "http://www.w3.org/2001/04/xmlenc#sha256", + ], + "encryptionAlgorithm": [ + "http://www.w3.org/2009/xmlenc11#rsa-oaep", + ], + "signingAlgorithm": [], + }, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "SSOID", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Email", + }, + { + "binary": false, + "localAttribute": ""Standard User"", + "samlAttribute": "User.ProfileID", + }, + { + "binary": false, + "localAttribute": "sn", + "samlAttribute": "User.LastName", + }, + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "User.Username", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqSoap/IDPRole/metaAlias/alpha/sales", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "https://openam-volker-demo.forgeblocks.com/am/AIDReqUri/IDPRole/metaAlias/alpha/sales", + }, + ], + "metaAlias": "/alpha/sales", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://openam-volker-demo.forgeblocks.com/am/NIMSoap/metaAlias/alpha/sales", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "openam-volker-demo.forgeblocks.com/am/ArtifactResolver/metaAlias/alpha/sales", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPMniPOST/metaAlias/alpha/sales", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + "responseLocation": "https://openam-volker-demo.forgeblocks.com/am/IDPSloPOST/metaAlias/alpha/sales", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://openam-volker-demo.forgeblocks.com/am/SSOPOST/metaAlias/alpha/sales", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "Y29tcGFueS1JRFA": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " var computedClaims = new frJava.LinkedHashMap();", "", - " getClaims().toArray().forEach(function (claim) {", - " var claimValue = computeClaim(claim);", + ], + "YmVuZWZpdHMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " if (isClaimValueValid(claimValue)) {", - " computedClaims.put(claim.getName(), claimValue);", - " } else {", - " /**", - " * If a claim has been processed, but appears in the list again,", - " * and its value cannot be computed under the new conditions,", - " * the claim is removed from the final result.", - " *", - " * For example, a claim could be mapped to a scope and found in the user profile,", - " * but also requested by the client with required values that don't match the computed one.", - " * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}.", - " * for the relevant OIDC specification details.", - " */", - " computedClaims.remove(claim.getName());", - " }", - " });", "", - " return computedClaims;", - " }", + ], + "ZW5naW5lZXJpbmctSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " /**", - " * Creates a map of requested scopes and the corresponding claim names.", - " * @returns {java.util.LinkedHashMap}", - " */", - " function getCompositeScopes () {", - " var compositeScopes = new frJava.LinkedHashMap();", "", - " scopes.toArray().forEach(function (scope) {", - " var scopeClaims = new frJava.ArrayList();", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " if (scopeClaimsMap[scope]) {", - " scopeClaimsMap[scope].forEach(function (claimName) {", - " scopeClaims.add(claimName);", - " });", - " }", "", - " if (scopeClaims.size()) {", - " compositeScopes.put(scope, scopeClaims);", - " }", - " });", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " return compositeScopes;", - " }", "", - " // PUBLIC METHODS", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " return {", - " setScopeClaimsMap: setScopeClaimsMap,", - " setClaimResolvers: setClaimResolvers,", - " getUserProfileClaimResolver: getUserProfileClaimResolver,", - " getAddressClaimResolver: getAddressClaimResolver,", - " getEssentialClaimResolver: getEssentialClaimResolver,", - " getUserInfoClaims: getUserInfoClaims", - " };", - " }", "", - " // RESULTS", + ], + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ + "", + "", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " ", + " ", + "", "", - " /**", - " * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class", - " * populated with the computed claim values and", - " * the requested scopes mapped to the claim names.", - " * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}.", - " *", - " * Assigning it to a variable gives you an opportunity", - " * to log the content of the returned value during development.", - " */", - " var userInfoClaims = utils.getUserInfoClaims();", "", - " /*", - " logger.error(scriptName + ' results:')", - " logger.error('Values: ' + userInfoClaims.getValues())", - " logger.error('Scopes: ' + userInfoClaims.getCompositeScopes())", - " */", + ], + "c2FsZXMtSURQ": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", + "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", + "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", + "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", + "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", + "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", + "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", + "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", + "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", + "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", + "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", + "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", + "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", + "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", + "14SLgWmf1qQroU6F4FjtEEc=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", + "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", + "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", + "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", + "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", + "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", + "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", + "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", + "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", + "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", + "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", + "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", + "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", + "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", + "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + "", "", - " return userInfoClaims;", - "}());", "", ], }, - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": [ - "/*", - " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", - " *", - " * Use of this code requires a commercial software license with ForgeRock AS", - " * or with one of its affiliates. All use shall be exclusively subject", - " * to such license between the licensee and ForgeRock AS.", - " */", - "", - "/*", - " * This script lets you modify information associated with an OAuth2 access token", - " * with methods provided by the AccessToken (1) interface.", - " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", - " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", - " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", - " *", - " * Defined variables:", - " * accessToken - AccessToken (1).", - " * The access token to be updated.", - " * Mutable object, all changes to the access token will be reflected.", - " * scopes - Set (6).", - " * Always present, the requested scopes.", - " * requestProperties - Unmodifiable Map (5).", - " * Always present, contains a map of request properties:", - " * requestUri - The request URI.", - " * realm - The realm that the request relates to.", - " * requestParams - A map of the request params and/or posted data.", - " * Each value is a list of one or more properties.", - " * Please note that these should be handled in accordance with OWASP best practices:", - " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", - " * clientProperties - Unmodifiable Map (5).", - " * Present if the client specified in the request was identified, contains a map of client properties:", - " * clientId - The client's URI for the request locale.", - " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", - " * allowedResponseTypes - List of the allowed response types for the client.", - " * allowedScopes - List of the allowed scopes for the client.", - " * customProperties - A map of the custom properties of the client.", - " * Lists or maps will be included as sub-maps; for example:", - " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", - " * To add custom properties to a client, update the Custom Properties field", - " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", - " * identity - AMIdentity (3).", - " * Always present, the identity of the resource owner.", - " * session - SSOToken (4).", - " * Present if the request contains the session cookie, the user's session object.", - " * scriptName - String (primitive).", - " * Always present, the display name of the script.", - " * logger - Always present, the "OAuth2Provider" debug logger instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", - " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", - " * httpClient - HTTP Client (8).", - " * Always present, the HTTP Client instance:", - " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", - " *", - " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", - " *", - " * Class reference:", - " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", - " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", - " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", - " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", - " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", - " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", - " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", - " */", - "", - "(function () {", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ip_address', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "}());", - "", - "/* EXAMPLE", - "(function () {", - " var frJava = JavaImporter(", - " org.forgerock.http.protocol.Request,", - " org.forgerock.http.protocol.Response", - " );", - "", - " // Always includes this field in the token.", - " accessToken.setField('key1', 'value1');", - "", - " // Receives and adds to the access token additional values by performing a REST call to an external service.", - " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", - " var uri = 'https://jsonplaceholder.typicode.com/posts';", - "", - " try {", - " var request = new frJava.Request();", - "", - " // You can chain methods that return the request object.", - " request.setUri(uri)", - " .setMethod('POST')", - " .setEntity(JSON.stringify({", - " updatedFields: {", - " key2: 'value2',", - " key3: 'value3'", - " }", - " }));", - "", - " // You can call a method when chaining is not possible.", - " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", - "", - " // Sends the request and receives the response.", - " var response = httpClient.send(request).getOrThrow();", - "", - " // Checks if the response status is as expected.", - " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", - " var result = JSON.parse(response.getEntity().getString());", - "", - " // Set multiple token fields at once.", - " accessToken.setFields(result.updatedFields);", - " } else {", - " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", - " }", - " } catch (e) {", - " logger.error('The request processing was interrupted. ' + e);", - "", - " // The access token request fails with the HTTP 500 error in this case.", - " throw ('Unable to obtain response from: ' + uri);", - " }", - "", - " // Adds new fields containing identity attribute values to the access token.", - " accessToken.setField('mail', identity.getAttribute('mail'));", - " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", - "", - " // Adds new fields containing the session property values.", - " // NOTE: session may not be available for non-interactive authorization grants.", - " if (session) {", - " try {", - " accessToken.setField('ipAddress', session.getProperty('Host'));", - " } catch (e) {", - " logger.error('Unable to retrieve session property value. ' + e);", - " }", - " }", - "", - " // Removes a native field from the token entry, that was set by AM.", - " // WARNING: removing native fields from the token may result in loss of functionality.", - " // accessToken.removeTokenName()", - "", - " // No return value is expected. Let it be undefined.", - "}());", - "*/", + "remote": { + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/company/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/benefits/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/sales/saml", + }, + ], + }, + }, + }, + }, + "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": { + "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", + "entityId": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true, + "authenticationRequest": false, + }, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "attributeMapper": {}, + "responseArtifactMessageEncoding": {}, + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://volker-demo.encore.forgerock.com:443/apps/web/roles/saml", + }, + ], + }, + }, + }, + }, + }, + }, + "script": {}, +} +`; + +exports[`frodo app export "frodo app export -i HRLite --no-deps -f my-nodeps-HRLite.application.json": should export the app with app id "HRLite" with no dependencies into a file named my-nodeps-HRLite.application.json 1`] = `""`; + +exports[`frodo app export "frodo app export -i HRLite --no-deps -f my-nodeps-HRLite.application.json": should export the app with app id "HRLite" with no dependencies into a file named my-nodeps-HRLite.application.json 2`] = ` +{ + "application": {}, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo app export "frodo app export -i HRLite -f my-HRLite.application.json": should export the app with app id "HRLite" into file named my-HRLite.application.json 1`] = `""`; + +exports[`frodo app export "frodo app export -i HRLite -f my-HRLite.application.json": should export the app with app id "HRLite" into file named my-HRLite.application.json 2`] = ` +{ + "application": {}, + "connector": { + "HRLite": { + "_id": "provisioner.openicf/HRLite", + "configurationProperties": { + "abandonWhenPercentageFull": 0, + "accessToUnderlyingConnectionAllowed": true, + "alternateUsernameAllowed": false, + "authenticateScriptFileName": "HRliteAuthenticateScript.groovy", + "autoCommit": true, + "classpath": [], + "commitOnReturn": false, + "connectionProperties": null, + "createScriptFileName": "HRliteCreateScript.groovy", + "customConfiguration": null, + "customSensitiveConfiguration": null, + "customizerScriptFileName": null, + "dataSourceJNDI": null, + "debug": false, + "defaultAutoCommit": null, + "defaultCatalog": null, + "defaultReadOnly": null, + "defaultTransactionIsolation": -1, + "deleteScriptFileName": "HRliteDeleteScript.groovy", + "disabledGlobalASTTransformations": null, + "driverClassName": "com.mysql.jdbc.Driver", + "fairQueue": true, + "ignoreExceptionOnPreLoad": false, + "initSQL": null, + "initialSize": 10, + "jdbcInterceptors": null, + "jmxEnabled": true, + "logAbandoned": false, + "logValidationErrors": false, + "maxActive": 100, + "maxAge": 0, + "maxIdle": 100, + "maxWait": 30000, + "minEvictableIdleTimeMillis": 60000, + "minIdle": 10, + "minimumRecompilationInterval": 100, + "name": "Tomcat Connection Pool[1-265824587]", + "numTestsPerEvictionRun": 0, + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "73doNZivdgZ7KmuOlzFBdD/7blip0OU6uRwBDv53wcQ=", + "iv": "/C0QyOAnnUNQCovrsMgzEw==", + "keySize": 16, + "mac": "EAPShe6oCwxlTCHYC2wBlQ==", + "purpose": "idm.config.encryption", + "salt": "zYm6JkzqEzE1/0Y+o9K3+Q==", + "stableId": "openidm-sym-default", + }, + }, + }, + "propagateInterruptState": false, + "recompileGroovySource": false, + "removeAbandoned": false, + "removeAbandonedTimeout": 60, + "resolveUsernameScriptFileName": null, + "rollbackOnReturn": false, + "schemaScriptFileName": "HRliteSchemaScript.groovy", + "scriptBaseClass": null, + "scriptExtensions": [ + "groovy", + ], + "scriptOnResourceScriptFileName": null, + "scriptRoots": "/opt/forgerock/openicf/scripts/hrlite", + "searchScriptFileName": "HRliteSearchScript.groovy", + "sourceEncoding": "UTF-8", + "suspectTimeout": 0, + "syncScriptFileName": "HRliteSyncScript.groovy", + "targetDirectory": null, + "testOnBorrow": false, + "testOnConnect": false, + "testOnReturn": false, + "testScriptFileName": "HRliteTestScript.groovy", + "testWhileIdle": false, + "timeBetweenEvictionRunsMillis": 5000, + "tolerance": 10, + "updateScriptFileName": "HRliteUpdateScript.groovy", + "url": "jdbc:mysql://mariadb:3306/hrdb?autoReconnect=true", + "useDisposableConnectionFacade": true, + "useEquals": true, + "useLock": false, + "useStatementFacade": true, + "username": "hradmin", + "validationInterval": 2000, + "validationQuery": "SELECT 1 FROM DUAL", + "validationQueryTimeout": -1, + "validatorClassName": null, + "verbose": false, + "warningLevel": 1, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.scriptedsql-connector", + "bundleVersion": "1.5.20.9", + "connectorHostRef": "encorebaseline", + "connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector", + "displayName": "Scripted SQL Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "address": { + "nativeName": "address", + "nativeType": "string", + "required": true, + "type": "string", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "required": true, + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depId": { + "nativeName": "depId", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depName": { + "nativeName": "depName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "email": { + "nativeName": "email", + "nativeType": "string", + "required": true, + "type": "string", + }, + "empType": { + "nativeName": "empType", + "nativeType": "string", + "required": true, + "type": "string", + }, + "externalMail": { + "nativeName": "externalMail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "firstName": { + "nativeName": "firstName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "isManager": { + "nativeName": "isManager", + "nativeType": "string", + "required": true, + "type": "string", + }, + "jobCode": { + "nativeName": "jobCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "lastName": { + "nativeName": "lastName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "phone": { + "nativeName": "phone", + "nativeType": "string", + "required": true, + "type": "string", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "required": true, + "type": "string", + }, + "status": { + "nativeName": "status", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "department": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "department", + "nativeType": "department", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "required": true, + "type": "string", + }, + "name": { + "nativeName": "name", + "nativeType": "string", + "required": true, + "type": "string", + }, + "parent": { + "nativeName": "parent", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, + }, + }, + }, + "mapping": { + "systemHrlite__account___managedAlpha_user": { + "_id": "sync/systemHrlite__account___managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "frIndexedInteger1", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "systemHrlite__account___managedAlpha_user", + "type": "text/javascript", + }, + ], + "displayName": "systemHrlite__account___managedAlpha_user", + "icon": null, + "name": "systemHrlite__account___managedAlpha_user", + "onCreate": { + "globals": {}, + "source": "// Script has access to the following variables: +// sourceObject +// targetObject +// existingTargetObject +// linkQualifier +var givenName = source.firstName; +logger.info ("this is the givenName " + givenName); +var sn = source.lastName; +logger.info ("this is the sn " + sn); + +/* first choice of username */ +var checkuserName = givenName.substring(0,1).concat(sn).toLowerCase(); +logger.info ("calculated checkuserName " + checkuserName); +/* if the userName is not found no need to go further */ +var queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" +}; + +var queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); +if (queryResult.resultCount > 0) { + /* second choice of username */ + checkuserName = givenName.substring(0,2).concat(sn).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + /* while the userName is found try above for second then add time to end until found */ + while (queryResult.resultCount > 0) { + /* timeadded to choice of username */ + var millis = String(Date.now()); + logger.info ("calculated checkuserName " + checkuserName); + checkuserName = givenName.substring(0,1).concat(sn).concat(millis.substring(millis.length - 4)).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + } +} +target.userName = checkuserName; +target.cn = checkuserName + " " + givenName + " " + sn; +target.mail = checkuserName+"@ad-volker-demo.encore.forgerock.org"; +target.password = 'Frdp-2010'; +//Mail domain is dependent on your AD domain name…. +logger.info ("Final userName " + checkuserName); +// Role assignment scripts must always return targetObject, otherwise +// other scripts and code that occur downstream of your script will +// not work as expected. +", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "EXCEPTION", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "EXCEPTION", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "UPDATE", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "", + "target": "frIndexedInteger1", + "transform": { + "source": "parseInt(source.__NAME__)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger2", + "transform": { + "source": "parseInt(source.status)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger3", + "transform": { + "source": "parseInt(source.depId)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger4", + "transform": { + "source": "parseInt(source.jobCode)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger5", + "transform": { + "source": "parseInt(source.empType)", + "type": "text/javascript", + }, + }, + { + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "city", + "target": "city", + }, + { + "source": "state", + "target": "stateProvince", + }, + { + "source": "address", + "target": "postalAddress", + }, + { + "source": "postalCode", + "target": "postalCode", + }, + { + "source": "country", + "target": "country", + }, + { + "source": "firstName", + "target": "givenName", + }, + { + "source": "lastName", + "target": "sn", + }, + { + "source": "isManager", + "target": "frIndexedString4", + }, + { + "source": "externalMail", + "target": "frIndexedString5", + }, + { + "source": "", + "target": "accountStatus", + "transform": { + "source": "(parseInt(source.status)==5)?"inactive":"active";", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": true, + "source": "system/HRLite/__ACCOUNT__", + "target": "managed/alpha_user", + "taskThreads": 1, + }, + }, + "meta": Any, +} +`; + +exports[`frodo app export "frodo app export -i HRLite": should export the app with app id "HRLite" 1`] = `""`; + +exports[`frodo app export "frodo app export -i HRLite": should export the app with app id "HRLite" 2`] = ` +{ + "application": {}, + "connector": { + "HRLite": { + "_id": "provisioner.openicf/HRLite", + "configurationProperties": { + "abandonWhenPercentageFull": 0, + "accessToUnderlyingConnectionAllowed": true, + "alternateUsernameAllowed": false, + "authenticateScriptFileName": "HRliteAuthenticateScript.groovy", + "autoCommit": true, + "classpath": [], + "commitOnReturn": false, + "connectionProperties": null, + "createScriptFileName": "HRliteCreateScript.groovy", + "customConfiguration": null, + "customSensitiveConfiguration": null, + "customizerScriptFileName": null, + "dataSourceJNDI": null, + "debug": false, + "defaultAutoCommit": null, + "defaultCatalog": null, + "defaultReadOnly": null, + "defaultTransactionIsolation": -1, + "deleteScriptFileName": "HRliteDeleteScript.groovy", + "disabledGlobalASTTransformations": null, + "driverClassName": "com.mysql.jdbc.Driver", + "fairQueue": true, + "ignoreExceptionOnPreLoad": false, + "initSQL": null, + "initialSize": 10, + "jdbcInterceptors": null, + "jmxEnabled": true, + "logAbandoned": false, + "logValidationErrors": false, + "maxActive": 100, + "maxAge": 0, + "maxIdle": 100, + "maxWait": 30000, + "minEvictableIdleTimeMillis": 60000, + "minIdle": 10, + "minimumRecompilationInterval": 100, + "name": "Tomcat Connection Pool[1-265824587]", + "numTestsPerEvictionRun": 0, + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "73doNZivdgZ7KmuOlzFBdD/7blip0OU6uRwBDv53wcQ=", + "iv": "/C0QyOAnnUNQCovrsMgzEw==", + "keySize": 16, + "mac": "EAPShe6oCwxlTCHYC2wBlQ==", + "purpose": "idm.config.encryption", + "salt": "zYm6JkzqEzE1/0Y+o9K3+Q==", + "stableId": "openidm-sym-default", + }, + }, + }, + "propagateInterruptState": false, + "recompileGroovySource": false, + "removeAbandoned": false, + "removeAbandonedTimeout": 60, + "resolveUsernameScriptFileName": null, + "rollbackOnReturn": false, + "schemaScriptFileName": "HRliteSchemaScript.groovy", + "scriptBaseClass": null, + "scriptExtensions": [ + "groovy", + ], + "scriptOnResourceScriptFileName": null, + "scriptRoots": "/opt/forgerock/openicf/scripts/hrlite", + "searchScriptFileName": "HRliteSearchScript.groovy", + "sourceEncoding": "UTF-8", + "suspectTimeout": 0, + "syncScriptFileName": "HRliteSyncScript.groovy", + "targetDirectory": null, + "testOnBorrow": false, + "testOnConnect": false, + "testOnReturn": false, + "testScriptFileName": "HRliteTestScript.groovy", + "testWhileIdle": false, + "timeBetweenEvictionRunsMillis": 5000, + "tolerance": 10, + "updateScriptFileName": "HRliteUpdateScript.groovy", + "url": "jdbc:mysql://mariadb:3306/hrdb?autoReconnect=true", + "useDisposableConnectionFacade": true, + "useEquals": true, + "useLock": false, + "useStatementFacade": true, + "username": "hradmin", + "validationInterval": 2000, + "validationQuery": "SELECT 1 FROM DUAL", + "validationQueryTimeout": -1, + "validatorClassName": null, + "verbose": false, + "warningLevel": 1, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.scriptedsql-connector", + "bundleVersion": "1.5.20.9", + "connectorHostRef": "encorebaseline", + "connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector", + "displayName": "Scripted SQL Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "address": { + "nativeName": "address", + "nativeType": "string", + "required": true, + "type": "string", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "required": true, + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depId": { + "nativeName": "depId", + "nativeType": "string", + "required": true, + "type": "string", + }, + "depName": { + "nativeName": "depName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "email": { + "nativeName": "email", + "nativeType": "string", + "required": true, + "type": "string", + }, + "empType": { + "nativeName": "empType", + "nativeType": "string", + "required": true, + "type": "string", + }, + "externalMail": { + "nativeName": "externalMail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "firstName": { + "nativeName": "firstName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "isManager": { + "nativeName": "isManager", + "nativeType": "string", + "required": true, + "type": "string", + }, + "jobCode": { + "nativeName": "jobCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "lastName": { + "nativeName": "lastName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "phone": { + "nativeName": "phone", + "nativeType": "string", + "required": true, + "type": "string", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "required": true, + "type": "string", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "required": true, + "type": "string", + }, + "status": { + "nativeName": "status", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "department": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "department", + "nativeType": "department", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "required": true, + "type": "string", + }, + "name": { + "nativeName": "name", + "nativeType": "string", + "required": true, + "type": "string", + }, + "parent": { + "nativeName": "parent", + "nativeType": "string", + "required": true, + "type": "string", + }, + "uid": { + "nativeName": "uid", + "nativeType": "string", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "managedApplication": { + "08505c1b-87ea-4ed0-ab89-20432dcc6249": { + "_id": "08505c1b-87ea-4ed0-ab89-20432dcc6249", + "authoritative": true, + "connectorId": "HRLite", + "description": "Example", + "icon": "", + "mappingNames": [ + "systemHrlite__account___managedAlpha_user", + ], + "name": "HRLite", + "templateName": "scripted.sql", + "templateVersion": "1.0.0", + "uiConfig": { + "objectTypes": { + "__ACCOUNT__": { + "properties": { + "__NAME__": {}, + "address": {}, + "city": {}, + "country": {}, + "depId": {}, + "depName": {}, + "email": {}, + "empType": {}, + "firstName": {}, + "isManager": {}, + "jobCode": {}, + "lastName": {}, + "phone": {}, + "postalCode": {}, + "state": {}, + "status": {}, + "uid": {}, + }, + }, + "department": { + "properties": { + "__NAME__": {}, + "description": {}, + "name": {}, + "parent": {}, + "uid": {}, + }, + }, + }, + }, + }, + }, + "mapping": { + "systemHrlite__account___managedAlpha_user": { + "_id": "sync/systemHrlite__account___managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "frIndexedInteger1", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "systemHrlite__account___managedAlpha_user", + "type": "text/javascript", + }, ], + "displayName": "systemHrlite__account___managedAlpha_user", + "icon": null, + "name": "systemHrlite__account___managedAlpha_user", + "onCreate": { + "globals": {}, + "source": "// Script has access to the following variables: +// sourceObject +// targetObject +// existingTargetObject +// linkQualifier +var givenName = source.firstName; +logger.info ("this is the givenName " + givenName); +var sn = source.lastName; +logger.info ("this is the sn " + sn); + +/* first choice of username */ +var checkuserName = givenName.substring(0,1).concat(sn).toLowerCase(); +logger.info ("calculated checkuserName " + checkuserName); +/* if the userName is not found no need to go further */ +var queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" +}; + +var queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); +if (queryResult.resultCount > 0) { + /* second choice of username */ + checkuserName = givenName.substring(0,2).concat(sn).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + /* while the userName is found try above for second then add time to end until found */ + while (queryResult.resultCount > 0) { + /* timeadded to choice of username */ + var millis = String(Date.now()); + logger.info ("calculated checkuserName " + checkuserName); + checkuserName = givenName.substring(0,1).concat(sn).concat(millis.substring(millis.length - 4)).toLowerCase(); + logger.info ("calculated checkuserName " + checkuserName); + queryUsername = { + _queryFilter: "/userName eq '" + checkuserName + "'" + }; + queryResult = openidm.query("/managed/alpha_user",queryUsername,["*"]); + } +} +target.userName = checkuserName; +target.cn = checkuserName + " " + givenName + " " + sn; +target.mail = checkuserName+"@ad-volker-demo.encore.forgerock.org"; +target.password = 'Frdp-2010'; +//Mail domain is dependent on your AD domain name…. +logger.info ("Final userName " + checkuserName); +// Role assignment scripts must always return targetObject, otherwise +// other scripts and code that occur downstream of your script will +// not work as expected. +", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "EXCEPTION", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "EXCEPTION", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "UPDATE", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "source": "", + "target": "frIndexedInteger1", + "transform": { + "source": "parseInt(source.__NAME__)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger2", + "transform": { + "source": "parseInt(source.status)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger3", + "transform": { + "source": "parseInt(source.depId)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger4", + "transform": { + "source": "parseInt(source.jobCode)", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "frIndexedInteger5", + "transform": { + "source": "parseInt(source.empType)", + "type": "text/javascript", + }, + }, + { + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "city", + "target": "city", + }, + { + "source": "state", + "target": "stateProvince", + }, + { + "source": "address", + "target": "postalAddress", + }, + { + "source": "postalCode", + "target": "postalCode", + }, + { + "source": "country", + "target": "country", + }, + { + "source": "firstName", + "target": "givenName", + }, + { + "source": "lastName", + "target": "sn", + }, + { + "source": "isManager", + "target": "frIndexedString4", + }, + { + "source": "externalMail", + "target": "frIndexedString5", + }, + { + "source": "", + "target": "accountStatus", + "transform": { + "source": "(parseInt(source.status)==5)?"inactive":"active";", + "type": "text/javascript", + }, + }, + ], + "runTargetPhase": true, + "source": "system/HRLite/__ACCOUNT__", + "target": "managed/alpha_user", + "taskThreads": 1, }, }, + "meta": Any, } `; diff --git a/test/e2e/__snapshots__/app-list.e2e.test.js.snap b/test/e2e/__snapshots__/app-list.e2e.test.js.snap index e948134dc..4d1107828 100644 --- a/test/e2e/__snapshots__/app-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/app-list.e2e.test.js.snap @@ -1,62 +1,39 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo app list "frodo app list --long": should list the ids, statuses, client types, grant types, scopes, and redirect URIs of the apps 1`] = ` -"Client Id │Status│Client Type │Grant Types │Scopes │Redirect URIs -23281ea7-739b-4fd1-b953-eaae73a2b497│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -49a2981c-e192-4739-a0e6-c7582168bdf5│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -86fca6d7-2f52-4524-92c6-b6f416071455│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -d4c3ecbc-4b03-4ad5-b32f-464bda442e3f│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -ig-oidc-app │Active│Confidential│Authz Code │openid │https://ig.mytestrun.com/home/oidc/callback - │ │ │Client Creds │profile │ - │ │ │Refresh Token│email │ - │ │ │ │secctx │ -RCSClient │Active│Confidential│Client Creds │fr:idm:* │ -test2 │Active│Confidential│Authz Code │openid │ - │ │ │Refresh Token│fr:idm:* │ - │ │ │Client Creds │ │ +"Name │Id │Template │Version│Authoritative│Description +benefits │9fb975e4-9723-4fac-9fe7-ee25053c6218│saml │ 1.0.0│ false│Deployed via Encore +company │1b3510cf-9352-4573-9cd8-1eaf36cc629c│saml │ 1.0.0│ false│Deployed via Encore +EncoreAD │d7f62815-a835-4e2f-a69e-25e7f9019fc2│active.directory│ 1.0.0│ false│Example +engineering│0e5811ab-ef31-401b-aaa1-70b523eafa55│saml │ 1.0.0│ false│Deployed via Encore +HRLite │08505c1b-87ea-4ed0-ab89-20432dcc6249│scripted.sql │ 1.0.0│ true│Example +MrAnderson │e9f2ecd5-3d50-4da0-9ca2-587dbca390e2│bookmark │ 1.0│ │This is a bookmark +sales │368b5b11-d8db-4079-98e9-0573934aef04│saml │ 1.0.0│ false│Deployed via Encore +testapp │ab00f0cd-e7a0-44fe-9ae9-f80f0e193322│web │ 1.0│ │Test App " `; exports[`frodo app list "frodo app list -l": should list the ids, statuses, client types, grant types, scopes, and redirect URIs of the apps 1`] = ` -"Client Id │Status│Client Type │Grant Types │Scopes │Redirect URIs -23281ea7-739b-4fd1-b953-eaae73a2b497│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -49a2981c-e192-4739-a0e6-c7582168bdf5│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -86fca6d7-2f52-4524-92c6-b6f416071455│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -d4c3ecbc-4b03-4ad5-b32f-464bda442e3f│Active│Confidential│Client Creds │fr:idm:* │ - │ │ │ │fr:idc:esv:* │ - │ │ │ │dynamic_client_registration│ -ig-oidc-app │Active│Confidential│Authz Code │openid │https://ig.mytestrun.com/home/oidc/callback - │ │ │Client Creds │profile │ - │ │ │Refresh Token│email │ - │ │ │ │secctx │ -RCSClient │Active│Confidential│Client Creds │fr:idm:* │ -test2 │Active│Confidential│Authz Code │openid │ - │ │ │Refresh Token│fr:idm:* │ - │ │ │Client Creds │ │ +"Name │Id │Template │Version│Authoritative│Description +benefits │9fb975e4-9723-4fac-9fe7-ee25053c6218│saml │ 1.0.0│ false│Deployed via Encore +company │1b3510cf-9352-4573-9cd8-1eaf36cc629c│saml │ 1.0.0│ false│Deployed via Encore +EncoreAD │d7f62815-a835-4e2f-a69e-25e7f9019fc2│active.directory│ 1.0.0│ false│Example +engineering│0e5811ab-ef31-401b-aaa1-70b523eafa55│saml │ 1.0.0│ false│Deployed via Encore +HRLite │08505c1b-87ea-4ed0-ab89-20432dcc6249│scripted.sql │ 1.0.0│ true│Example +MrAnderson │e9f2ecd5-3d50-4da0-9ca2-587dbca390e2│bookmark │ 1.0│ │This is a bookmark +sales │368b5b11-d8db-4079-98e9-0573934aef04│saml │ 1.0.0│ false│Deployed via Encore +testapp │ab00f0cd-e7a0-44fe-9ae9-f80f0e193322│web │ 1.0│ │Test App " `; exports[`frodo app list "frodo app list": should list the ids of the apps 1`] = ` -"23281ea7-739b-4fd1-b953-eaae73a2b497 -49a2981c-e192-4739-a0e6-c7582168bdf5 -86fca6d7-2f52-4524-92c6-b6f416071455 -d4c3ecbc-4b03-4ad5-b32f-464bda442e3f -ig-oidc-app -RCSClient -test2 +"benefits +company +EncoreAD +engineering +HRLite +MrAnderson +sales +testapp " `; diff --git a/test/e2e/app-export.e2e.test.js b/test/e2e/app-export.e2e.test.js index 4f10f53d4..9fa299593 100644 --- a/test/e2e/app-export.e2e.test.js +++ b/test/e2e/app-export.e2e.test.js @@ -59,80 +59,94 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo app export --all-separate FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo app export -A --no-deps */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -i HRLite +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export --app-id EncoreAD +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -i HRLite -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -i HRLite --no-deps -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -a +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export --all -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -a --no-deps -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -A +// FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export --all-separate +// FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app export -A --no-deps +*/ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; process.env['FRODO_MOCK'] = '1'; const env = { - env: process.env, + env: process.env, }; -env.env.FRODO_HOST = c.host; +env.env.FRODO_HOST = 'https://openam-volker-demo.forgeblocks.com/am'; //c.host; env.env.FRODO_SA_ID = c.saId; env.env.FRODO_SA_JWK = c.saJwk; -const type = 'oauth2.app'; +const type = 'application'; describe('frodo app export', () => { - test('"frodo app export -i test2": should export the app with app id "test2"', async () => { - const CMD = `frodo app export -i test2`; - const exportFile = "test2.oauth2.app.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export -i HRLite": should export the app with app id "HRLite"', async () => { + const exportFile = 'HRLite.application.json'; + const CMD = `frodo app export -i HRLite`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export --app-id test2": should export the app with app id "test2"', async () => { - const CMD = `frodo app export --app-id test2`; - const exportFile = "test2.oauth2.app.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export --app-id EncoreAD": should export the app with app id "EncoreAD"', async () => { + const exportFile = 'EncoreAD.application.json'; + const CMD = `frodo app export --app-id EncoreAD`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export -i test2 -f test.json": should export the app with app id "test2" into file named test.json', async () => { - const CMD = `frodo app export -i test2 -f test.json`; - const exportFile = "test.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export -i HRLite -f my-HRLite.application.json": should export the app with app id "HRLite" into file named my-HRLite.application.json', async () => { + const exportFile = 'my-HRLite.application.json'; + const CMD = `frodo app export -i HRLite -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export -i test2 --no-deps": should export the app with app id "test2" with no dependencies', async () => { - const CMD = `frodo app export -i test2 --no-deps`; - const exportFile = "test2.oauth2.app.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export -i HRLite --no-deps -f my-nodeps-HRLite.application.json": should export the app with app id "HRLite" with no dependencies into a file named my-nodeps-HRLite.application.json', async () => { + const exportFile = 'my-nodeps-HRLite.application.json'; + const CMD = `frodo app export -i HRLite --no-deps -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export -a": should export all apps to a single file', async () => { - const CMD = `frodo app export -a`; - const exportFile = "allAlphaApplications.oauth2.app.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export -a": should export all apps to a single file', async () => { + const exportFile = 'allAlphaApplications.application.json'; + const CMD = `frodo app export -a`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export --all": should export all apps to a single file', async () => { - const CMD = `frodo app export --all`; - const exportFile = "allAlphaApplications.oauth2.app.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export --all -f my-allAlphaApplications.application.json": should export all apps to a single file named my-allAlphaApplications.application.json', async () => { + const exportFile = 'my-allAlphaApplications.application.json'; + const CMD = `frodo app export --all -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export -a --file test.json": should export all apps to a single file named test.json', async () => { - const CMD = `frodo app export -a --file test.json`; - const exportFile = "test.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export -a --file my-other-allAlphaApplications.application.json": should export all apps to a single file named my-other-allAlphaApplications.application.json', async () => { + const exportFile = 'my-other-allAlphaApplications.application.json'; + const CMD = `frodo app export -a --file ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export -a --no-deps": should export all apps to a single file with no dependencies', async () => { - const CMD = `frodo app export -a --no-deps`; - const exportFile = "allAlphaApplications.oauth2.app.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo app export -a --no-deps -f my-yet-another-allAlphaApplications.application.json": should export all apps to a single file with no dependencies into a file named my-yet-another-allAlphaApplications.application.json', async () => { + const exportFile = 'my-yet-another-allAlphaApplications.application.json'; + const CMD = `frodo app export -a --no-deps -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo app export -A": should export all apps to separate files', async () => { - const CMD = `frodo app export -A`; - await testExport(CMD, env, type); - }); + test('"frodo app export -A": should export all apps to separate files', async () => { + const CMD = `frodo app export -A`; + await testExport(CMD, env, type); + }); - test('"frodo app export --all-separate": should export all apps to separate files', async () => { - const CMD = `frodo app export --all-separate`; - await testExport(CMD, env, type); - }); +// test('"frodo app export --all-separate": should export all apps to separate files', async () => { +// const CMD = `frodo app export --all-separate`; +// await testExport(CMD, env, type); +// }); - test('"frodo app export -A --no-deps": should export all apps to separate files with no dependencies', async () => { - const CMD = `frodo app export -A --no-deps`; - await testExport(CMD, env, type); - }); +// test('"frodo app export -A --no-deps": should export all apps to separate files with no dependencies', async () => { +// const CMD = `frodo app export -A --no-deps`; +// await testExport(CMD, env, type); +// }); }); diff --git a/test/e2e/app-list.e2e.test.js b/test/e2e/app-list.e2e.test.js index 988630cdc..7122b7fe4 100644 --- a/test/e2e/app-list.e2e.test.js +++ b/test/e2e/app-list.e2e.test.js @@ -51,6 +51,12 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo app list -l FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo app list --long */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app list +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app list -l +FRODO_MOCK=record FRODO_HOST=https://openam-volker-demo.forgeblocks.com/am frodo app list --long + */ import cp from 'child_process'; import { promisify } from 'util'; import { removeAnsiEscapeCodes } from './utils/TestUtils'; @@ -62,7 +68,7 @@ process.env['FRODO_MOCK'] = '1'; const env = { env: process.env, }; -env.env.FRODO_HOST = c.host; +env.env.FRODO_HOST = 'https://openam-volker-demo.forgeblocks.com/am'; //c.host; env.env.FRODO_SA_ID = c.saId; env.env.FRODO_SA_JWK = c.saJwk; From 878944c7c1c3f0af8ce80f25f0075182a3669b8c Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Fri, 22 Sep 2023 20:57:47 -0500 Subject: [PATCH 04/18] update conn tests and snapshots --- src/cli/FrodoCommand.ts | 1 + .../en/__snapshots__/conn-delete.test.js.snap | 1 + .../en/__snapshots__/conn-describe.test.js.snap | 1 + .../en/__snapshots__/conn-list.test.js.snap | 1 + .../en/__snapshots__/conn-save.test.js.snap | 4 ++++ test/e2e/__snapshots__/conn-save.e2e.test.js.snap | 13 +++++-------- test/e2e/conn-list.e2e.test.js | 6 ++++++ test/e2e/conn-save.e2e.test.js | 4 ++-- 8 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/cli/FrodoCommand.ts b/src/cli/FrodoCommand.ts index 9a54e5f18..e8b8c5981 100644 --- a/src/cli/FrodoCommand.ts +++ b/src/cli/FrodoCommand.ts @@ -210,6 +210,7 @@ export class FrodoCommand extends FrodoStubCommand { ? ` FRODO_LOG_KEY: Log API key. Overrides 'username' argument.\n` + ` FRODO_LOG_SECRET: Log API secret. Overrides 'password' argument.\n` : ``) + + ` FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'.\n` + ` FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use.\n` + ` FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'.\n` + ` FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file.\n` + diff --git a/test/client_cli/en/__snapshots__/conn-delete.test.js.snap b/test/client_cli/en/__snapshots__/conn-delete.test.js.snap index 5ba0c8237..15b6138a7 100644 --- a/test/client_cli/en/__snapshots__/conn-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/conn-delete.test.js.snap @@ -28,6 +28,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/conn-describe.test.js.snap b/test/client_cli/en/__snapshots__/conn-describe.test.js.snap index d117d2307..2bec607af 100644 --- a/test/client_cli/en/__snapshots__/conn-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/conn-describe.test.js.snap @@ -29,6 +29,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/conn-list.test.js.snap b/test/client_cli/en/__snapshots__/conn-list.test.js.snap index 293fa3d4f..6851580f5 100644 --- a/test/client_cli/en/__snapshots__/conn-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/conn-list.test.js.snap @@ -24,6 +24,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/conn-save.test.js.snap b/test/client_cli/en/__snapshots__/conn-save.test.js.snap index f1ffee024..26c04d75a 100644 --- a/test/client_cli/en/__snapshots__/conn-save.test.js.snap +++ b/test/client_cli/en/__snapshots__/conn-save.test.js.snap @@ -40,6 +40,7 @@ Evironment Variables: FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. FRODO_LOG_KEY: Log API key. Overrides '--log-api-key' option. FRODO_LOG_SECRET: Log API secret. Overrides '--log-api-secret' option. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. @@ -96,6 +97,7 @@ Evironment Variables: FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. FRODO_LOG_KEY: Log API key. Overrides '--log-api-key' option. FRODO_LOG_SECRET: Log API secret. Overrides '--log-api-secret' option. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. @@ -152,6 +154,7 @@ Evironment Variables: FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. FRODO_LOG_KEY: Log API key. Overrides '--log-api-key' option. FRODO_LOG_SECRET: Log API secret. Overrides '--log-api-secret' option. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. @@ -208,6 +211,7 @@ Evironment Variables: FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. FRODO_LOG_KEY: Log API key. Overrides '--log-api-key' option. FRODO_LOG_SECRET: Log API secret. Overrides '--log-api-secret' option. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/e2e/__snapshots__/conn-save.e2e.test.js.snap b/test/e2e/__snapshots__/conn-save.e2e.test.js.snap index 7331ecea4..c319b9f74 100644 --- a/test/e2e/__snapshots__/conn-save.e2e.test.js.snap +++ b/test/e2e/__snapshots__/conn-save.e2e.test.js.snap @@ -1,5 +1,10 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP +exports[`frodo conn save "frodo conn save --no-validate https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!": save new connection profile with existing service account and without admin account. 1`] = ` +"Saved connection profile https://openam-frodo-dev.forgeblocks.com/am +" +`; + exports[`frodo conn save "frodo conn save --sa-id b672336b-41ef-428d-ae4a-e0c082875377 --sa-jwk-file test/fs_tmp/conn-save-jwk.json https://openam-frodo-dev.forgeblocks.com/am": save new connection profile with existing service account and without admin account. 1`] = ` "Connected to https://openam-frodo-dev.forgeblocks.com/am [alpha] as service account frodo-test [b672336b-41ef-428d-ae4a-e0c082875377] - Validating service account b672336b-41ef-428d-ae4a-e0c082875377... @@ -8,11 +13,3 @@ Validated and added service account with id b672336b-41ef-428d-ae4a-e0c082875377 Saved connection profile https://openam-frodo-dev.forgeblocks.com/am " `; - -exports[`frodo conn save "frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!": save new connection profile with existing service account and without admin account. 1`] = ` -"Connected to https://openam-frodo-dev.forgeblocks.com/am [alpha] as user volker.scheuber@forgerock.com -Created and added service account Frodo-SA-1687293271764 with id 17051145-f82a-47b0-8e73-91f27e2cb622 to profile. -Created log API key 2e3e7162c6861fdc50a10b6353ada65a and secret. -Saved connection profile https://openam-frodo-dev.forgeblocks.com/am -" -`; diff --git a/test/e2e/conn-list.e2e.test.js b/test/e2e/conn-list.e2e.test.js index 778d6db17..a6d87b293 100644 --- a/test/e2e/conn-list.e2e.test.js +++ b/test/e2e/conn-list.e2e.test.js @@ -51,6 +51,12 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo conn list -l FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo conn list --long */ + +/* +FRODO_CONNECTION_PROFILES_PATH=~/temp/frodo/Connections.json FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo conn list +FRODO_CONNECTION_PROFILES_PATH=~/temp/frodo/Connections.json FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo conn list -l +FRODO_CONNECTION_PROFILES_PATH=~/temp/frodo/Connections.json FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo conn list --long + */ import cp from 'child_process'; import { promisify } from 'util'; import { removeAnsiEscapeCodes } from './utils/TestUtils'; diff --git a/test/e2e/conn-save.e2e.test.js b/test/e2e/conn-save.e2e.test.js index 19bfd3323..f72e67f4d 100644 --- a/test/e2e/conn-save.e2e.test.js +++ b/test/e2e/conn-save.e2e.test.js @@ -69,8 +69,8 @@ afterAll(() => { }); describe('frodo conn save', () => { - test.skip(`"frodo conn save ${c.host} ${c.user} ${c.pass}": save new connection profile with existing service account and without admin account.`, async () => { - const CMD = `frodo conn save ${c.host} ${c.user} ${c.pass}`; + test(`"frodo conn save --no-validate ${c.host} ${c.user} ${c.pass}": save new connection profile with existing service account and without admin account.`, async () => { + const CMD = `frodo conn save --no-validate ${c.host} ${c.user} ${c.pass}`; const { stderr } = await exec(CMD, env); expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot(); }); From 3f96006eb2c9e3653c168c452386805801dce4ab Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 09:10:07 -0500 Subject: [PATCH 05/18] updated tests and snapshots --- .../__snapshots__/agent-delete.test.js.snap | 1 + .../__snapshots__/agent-describe.test.js.snap | 1 + .../__snapshots__/agent-export.test.js.snap | 1 + .../agent-gateway-delete.test.js.snap | 1 + .../agent-gateway-describe.test.js.snap | 1 + .../agent-gateway-export.test.js.snap | 1 + .../agent-gateway-import.test.js.snap | 1 + .../agent-gateway-list.test.js.snap | 1 + .../__snapshots__/agent-import.test.js.snap | 1 + .../agent-java-delete.test.js.snap | 1 + .../agent-java-describe.test.js.snap | 1 + .../agent-java-export.test.js.snap | 1 + .../agent-java-import.test.js.snap | 1 + .../agent-java-list.test.js.snap | 1 + .../en/__snapshots__/agent-list.test.js.snap | 1 + .../agent-web-delete.test.js.snap | 1 + .../agent-web-describe.test.js.snap | 1 + .../agent-web-export.test.js.snap | 1 + .../agent-web-import.test.js.snap | 1 + .../__snapshots__/agent-web-list.test.js.snap | 1 + .../en/__snapshots__/agent-web.test.js.snap | 1 + .../agent-export.e2e.test.js.snap | 847 ----------------- .../agent-gateway-list.e2e.test.js.snap | 13 +- .../agent-java-list.e2e.test.js.snap | 11 +- .../__snapshots__/agent-list.e2e.test.js.snap | 25 +- .../agent-web-export.e2e.test.js.snap | 849 +++++++++++++++++- .../agent-web-list.e2e.test.js.snap | 13 +- test/e2e/agent-export.e2e.test.js | 8 +- test/e2e/agent-gateway-list.e2e.test.js | 6 + test/e2e/agent-java-list.e2e.test.js | 6 + test/e2e/agent-list.e2e.test.js | 6 + test/e2e/agent-web-list.e2e.test.js | 6 + 32 files changed, 924 insertions(+), 887 deletions(-) diff --git a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap index 18ced6ded..0ed459ee0 100644 --- a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap @@ -59,6 +59,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap index 92bb9a738..88dc08778 100644 --- a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap @@ -58,6 +58,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-export.test.js.snap index 910664f91..aa4ec4197 100644 --- a/test/client_cli/en/__snapshots__/agent-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-export.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap index 9f4fd5468..dd24c38ad 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap @@ -60,6 +60,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap index e569138c0..2447e50b4 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap @@ -58,6 +58,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap index de9013663..fe5904f2f 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap index 42f83cf11..fe3474e4e 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap @@ -65,6 +65,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap index f2906a536..2dad77153 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-import.test.js.snap index bbef871f5..4c18859ae 100644 --- a/test/client_cli/en/__snapshots__/agent-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-import.test.js.snap @@ -63,6 +63,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap index 00734f001..3bf81ff53 100644 --- a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap @@ -59,6 +59,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap index 7daeef7b4..c001dec73 100644 --- a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap @@ -58,6 +58,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap index 50d314846..9dba884ab 100644 --- a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap index bfbf91e24..f19775749 100644 --- a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap @@ -65,6 +65,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap index 725400a8c..2e0df423d 100644 --- a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-list.test.js.snap index 6ee8223e2..ca9f32848 100644 --- a/test/client_cli/en/__snapshots__/agent-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap index dfe692523..7e2d908e2 100644 --- a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap @@ -59,6 +59,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap index e93a4b3a2..c97132451 100644 --- a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap @@ -58,6 +58,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap index 4a2a0ac79..4c06c740b 100644 --- a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap index d8e497b87..7bb6de220 100644 --- a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap @@ -65,6 +65,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap index fae844535..464a2c3a6 100644 --- a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/agent-web.test.js.snap b/test/client_cli/en/__snapshots__/agent-web.test.js.snap index 70dbaac39..a6b761467 100644 --- a/test/client_cli/en/__snapshots__/agent-web.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web.test.js.snap @@ -61,6 +61,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/e2e/__snapshots__/agent-export.e2e.test.js.snap b/test/e2e/__snapshots__/agent-export.e2e.test.js.snap index 87f5a7c40..94c147113 100644 --- a/test/e2e/__snapshots__/agent-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-export.e2e.test.js.snap @@ -1483,853 +1483,6 @@ exports[`frodo agent export "frodo agent export --all": should export all agents } `; -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 1`] = `""`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 2`] = ` -{ - "agents": { - "frodo-test-ig-agent": { - "_id": "frodo-test-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "status": "Inactive", - "userpassword": null, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 3`] = ` -{ - "agents": { - "frodo-test-ig-agent2": { - "_id": "frodo-test-ig-agent2", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "status": "Inactive", - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 4`] = ` -{ - "agents": { - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "userpassword": null, - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 5`] = ` -{ - "agents": { - "frodo-test-java-agent2": { - "_id": "frodo-test-java-agent2", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 6`] = ` -{ - "agents": { - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Inactive", - "userpassword": null, - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo agent export "frodo agent export --all-separate": should export all agents to separate files 7`] = ` -{ - "agents": { - "frodo-test-web-agent2": { - "_id": "frodo-test-web-agent2", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Inactive", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 1`] = `""`; exports[`frodo agent export "frodo agent export -A": should export all agents to separate files 2`] = ` diff --git a/test/e2e/__snapshots__/agent-gateway-list.e2e.test.js.snap b/test/e2e/__snapshots__/agent-gateway-list.e2e.test.js.snap index dbcaa3d98..df7af253e 100644 --- a/test/e2e/__snapshots__/agent-gateway-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-gateway-list.e2e.test.js.snap @@ -1,18 +1,21 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo agent gateway list "frodo agent gateway list --long": should list the ids and statuses of the gateway agents 1`] = ` -"Gateway Agent Id │Status -frodo-test-ig-agent│Inactive +"Gateway Agent Id │Status +frodo-test-ig-agent2│Inactive +frodo-test-ig-agent │Inactive " `; exports[`frodo agent gateway list "frodo agent gateway list -l": should list the ids and statuses of the gateway agents 1`] = ` -"Gateway Agent Id │Status -frodo-test-ig-agent│Inactive +"Gateway Agent Id │Status +frodo-test-ig-agent2│Inactive +frodo-test-ig-agent │Inactive " `; exports[`frodo agent gateway list "frodo agent gateway list": should list the ids of the gateway agents 1`] = ` -"frodo-test-ig-agent +"frodo-test-ig-agent2 +frodo-test-ig-agent " `; diff --git a/test/e2e/__snapshots__/agent-java-list.e2e.test.js.snap b/test/e2e/__snapshots__/agent-java-list.e2e.test.js.snap index e8bf5a02a..9124d0378 100644 --- a/test/e2e/__snapshots__/agent-java-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-java-list.e2e.test.js.snap @@ -1,18 +1,21 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo agent java list "frodo agent java list --long": should list the ids and statuses of the java agents 1`] = ` -"Java Agent Id │Status -frodo-test-java-agent│Inactive +"Java Agent Id │Status +frodo-test-java-agent │Inactive +frodo-test-java-agent2│Inactive " `; exports[`frodo agent java list "frodo agent java list -l": should list the ids and statuses of the java agents 1`] = ` -"Java Agent Id │Status -frodo-test-java-agent│Inactive +"Java Agent Id │Status +frodo-test-java-agent │Inactive +frodo-test-java-agent2│Inactive " `; exports[`frodo agent java list "frodo agent java list": should list the ids of the java agents 1`] = ` "frodo-test-java-agent +frodo-test-java-agent2 " `; diff --git a/test/e2e/__snapshots__/agent-list.e2e.test.js.snap b/test/e2e/__snapshots__/agent-list.e2e.test.js.snap index 6328f4293..57731ae44 100644 --- a/test/e2e/__snapshots__/agent-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-list.e2e.test.js.snap @@ -1,24 +1,33 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo agent list "frodo agent list --long": should list the ids, statuses, and types of the agents 1`] = ` -"Agent Id │Status │Agent Type -frodo-test-ig-agent │Inactive│Identity Gateway Agents -frodo-test-java-agent│Inactive│J2EE Agents -frodo-test-web-agent │Inactive│Web Agents +"Agent Id │Status │Agent Type +frodo-test-ig-agent │Inactive│Identity Gateway Agents +frodo-test-ig-agent2 │Inactive│Identity Gateway Agents +frodo-test-java-agent │Inactive│J2EE Agents +frodo-test-java-agent2│Inactive│J2EE Agents +frodo-test-web-agent │Inactive│Web Agents +frodo-test-web-agent2 │Inactive│Web Agents " `; exports[`frodo agent list "frodo agent list -l": should list the ids, statuses, and types of the agents 1`] = ` -"Agent Id │Status │Agent Type -frodo-test-ig-agent │Inactive│Identity Gateway Agents -frodo-test-java-agent│Inactive│J2EE Agents -frodo-test-web-agent │Inactive│Web Agents +"Agent Id │Status │Agent Type +frodo-test-ig-agent │Inactive│Identity Gateway Agents +frodo-test-ig-agent2 │Inactive│Identity Gateway Agents +frodo-test-java-agent │Inactive│J2EE Agents +frodo-test-java-agent2│Inactive│J2EE Agents +frodo-test-web-agent │Inactive│Web Agents +frodo-test-web-agent2 │Inactive│Web Agents " `; exports[`frodo agent list "frodo agent list": should list the ids of the agents 1`] = ` "frodo-test-ig-agent +frodo-test-ig-agent2 frodo-test-java-agent +frodo-test-java-agent2 frodo-test-web-agent +frodo-test-web-agent2 " `; diff --git a/test/e2e/__snapshots__/agent-web-export.e2e.test.js.snap b/test/e2e/__snapshots__/agent-web-export.e2e.test.js.snap index cc8854276..e885db9f9 100644 --- a/test/e2e/__snapshots__/agent-web-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-web-export.e2e.test.js.snap @@ -658,6 +658,167 @@ exports[`frodo agent web export "frodo agent web export --all": should export al "secureCookies": false, }, }, + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, }, "meta": Any, } @@ -835,13 +996,11 @@ exports[`frodo agent web export "frodo agent web export --all-separate": should } `; -exports[`frodo agent web export "frodo agent web export -A": should export all web agents to separate files 1`] = `""`; - -exports[`frodo agent web export "frodo agent web export -A": should export all web agents to separate files 2`] = ` +exports[`frodo agent web export "frodo agent web export --all-separate": should export all web agents to separate files 3`] = ` { "agents": { - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", "_type": { "_id": "WebAgent", "collection": true, @@ -958,7 +1117,6 @@ exports[`frodo agent web export "frodo agent web export -A": should export all w "resetIdleTime": false, "ssoOnlyMode": false, "status": "Inactive", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscWebAgentConfig": { @@ -1007,9 +1165,9 @@ exports[`frodo agent web export "frodo agent web export -A": should export all w } `; -exports[`frodo agent web export "frodo agent web export -a --file test.json": should export all web agents to a single file named test.json 1`] = `""`; +exports[`frodo agent web export "frodo agent web export -A": should export all web agents to separate files 1`] = `""`; -exports[`frodo agent web export "frodo agent web export -a --file test.json": should export all web agents to a single file named test.json 2`] = ` +exports[`frodo agent web export "frodo agent web export -A": should export all web agents to separate files 2`] = ` { "agents": { "frodo-test-web-agent": { @@ -1179,13 +1337,677 @@ exports[`frodo agent web export "frodo agent web export -a --file test.json": sh } `; -exports[`frodo agent web export "frodo agent web export -a": should export all web agents to a single file 1`] = `""`; - -exports[`frodo agent web export "frodo agent web export -a": should export all web agents to a single file 2`] = ` +exports[`frodo agent web export "frodo agent web export -A": should export all web agents to separate files 3`] = ` { "agents": { - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent web export "frodo agent web export -a --file test.json": should export all web agents to a single file named test.json 1`] = `""`; + +exports[`frodo agent web export "frodo agent web export -a --file test.json": should export all web agents to a single file named test.json 2`] = ` +{ + "agents": { + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo agent web export "frodo agent web export -a": should export all web agents to a single file 1`] = `""`; + +exports[`frodo agent web export "frodo agent web export -a": should export all web agents to a single file 2`] = ` +{ + "agents": { + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Inactive", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", "_type": { "_id": "WebAgent", "collection": true, @@ -1302,7 +2124,6 @@ exports[`frodo agent web export "frodo agent web export -a": should export all w "resetIdleTime": false, "ssoOnlyMode": false, "status": "Inactive", - "userpassword": null, "webSocketConnectionIntervalInMinutes": 30, }, "miscWebAgentConfig": { diff --git a/test/e2e/__snapshots__/agent-web-list.e2e.test.js.snap b/test/e2e/__snapshots__/agent-web-list.e2e.test.js.snap index 4e4370697..1654a063e 100644 --- a/test/e2e/__snapshots__/agent-web-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/agent-web-list.e2e.test.js.snap @@ -1,18 +1,21 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo agent web list "frodo agent web list --long": should list the ids and statuses of the web agents 1`] = ` -"Web Agent Id │Status -frodo-test-web-agent│Inactive +"Web Agent Id │Status +frodo-test-web-agent2│Inactive +frodo-test-web-agent │Inactive " `; exports[`frodo agent web list "frodo agent web list -l": should list the ids and statuses of the web agents 1`] = ` -"Web Agent Id │Status -frodo-test-web-agent│Inactive +"Web Agent Id │Status +frodo-test-web-agent2│Inactive +frodo-test-web-agent │Inactive " `; exports[`frodo agent web list "frodo agent web list": should list the ids of the web agents 1`] = ` -"frodo-test-web-agent +"frodo-test-web-agent2 +frodo-test-web-agent " `; diff --git a/test/e2e/agent-export.e2e.test.js b/test/e2e/agent-export.e2e.test.js index 872b72cb6..d58b128d1 100644 --- a/test/e2e/agent-export.e2e.test.js +++ b/test/e2e/agent-export.e2e.test.js @@ -122,8 +122,8 @@ describe('frodo agent export', () => { await testExport(CMD, env, type); }); - test('"frodo agent export --all-separate": should export all agents to separate files', async () => { - const CMD = `frodo agent export --all-separate`; - await testExport(CMD, env, type); - }); + // test('"frodo agent export --all-separate": should export all agents to separate files', async () => { + // const CMD = `frodo agent export --all-separate`; + // await testExport(CMD, env, type); + // }); }); diff --git a/test/e2e/agent-gateway-list.e2e.test.js b/test/e2e/agent-gateway-list.e2e.test.js index 96032c7ac..5b4fd31c6 100644 --- a/test/e2e/agent-gateway-list.e2e.test.js +++ b/test/e2e/agent-gateway-list.e2e.test.js @@ -51,6 +51,12 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent gateway list -l FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent gateway list --long */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway list +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway list -l +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent gateway list --long + */ import cp from 'child_process'; import { promisify } from 'util'; import { removeAnsiEscapeCodes } from './utils/TestUtils'; diff --git a/test/e2e/agent-java-list.e2e.test.js b/test/e2e/agent-java-list.e2e.test.js index bbdda258d..ab94a2c82 100644 --- a/test/e2e/agent-java-list.e2e.test.js +++ b/test/e2e/agent-java-list.e2e.test.js @@ -51,6 +51,12 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent java list -l FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent java list --long */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java list +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java list -l +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent java list --long + */ import cp from 'child_process'; import { promisify } from 'util'; import { removeAnsiEscapeCodes } from './utils/TestUtils'; diff --git a/test/e2e/agent-list.e2e.test.js b/test/e2e/agent-list.e2e.test.js index 37d5ca5a3..7dc225b76 100644 --- a/test/e2e/agent-list.e2e.test.js +++ b/test/e2e/agent-list.e2e.test.js @@ -51,6 +51,12 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent list -l FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent list --long */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent list +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent list -l +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent list --long + */ import cp from 'child_process'; import { promisify } from 'util'; import { removeAnsiEscapeCodes } from './utils/TestUtils'; diff --git a/test/e2e/agent-web-list.e2e.test.js b/test/e2e/agent-web-list.e2e.test.js index d4b5ef678..bb5730f77 100644 --- a/test/e2e/agent-web-list.e2e.test.js +++ b/test/e2e/agent-web-list.e2e.test.js @@ -51,6 +51,12 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent web list -l FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo agent web list --long */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web list +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web list -l +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo agent web list --long + */ import cp from 'child_process'; import { promisify } from 'util'; import { removeAnsiEscapeCodes } from './utils/TestUtils'; From 81c0553e19fc4e9ec4a8120881339f33c8c601ec Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 09:34:20 -0500 Subject: [PATCH 06/18] update cli help snapshots --- .../admin-add-autoid-static-user-mapping.test.js.snap | 1 + ...dmin-create-oauth2-client-with-admin-privileges.test.js.snap | 1 + .../en/__snapshots__/admin-get-access-token.test.js.snap | 1 + .../admin-grant-oauth2-client-admin-privileges.test.js.snap | 1 + .../admin-hide-generic-extension-attributes.test.js.snap | 1 + ...admin-list-oauth2-clients-with-admin-privileges.test.js.snap | 1 + ...dmin-list-oauth2-clients-with-custom-privileges.test.js.snap | 1 + .../__snapshots__/admin-list-static-user-mappings.test.js.snap | 1 + .../__snapshots__/admin-remove-static-user-mapping.test.js.snap | 1 + .../en/__snapshots__/admin-repair-org-model.test.js.snap | 1 + .../admin-revoke-oauth2-client-admin-privileges.test.js.snap | 1 + .../admin-show-generic-extension-attributes.test.js.snap | 1 + test/client_cli/en/__snapshots__/app-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/app-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/app-list.test.js.snap | 1 + .../en/__snapshots__/email-template-export.test.js.snap | 1 + .../en/__snapshots__/email-template-import.test.js.snap | 1 + .../en/__snapshots__/email-template-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-apply.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap | 1 + .../en/__snapshots__/esv-secret-describe.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap | 1 + .../en/__snapshots__/esv-secret-version-activate.test.js.snap | 1 + .../en/__snapshots__/esv-secret-version-create.test.js.snap | 1 + .../en/__snapshots__/esv-secret-version-deactivate.test.js.snap | 1 + .../en/__snapshots__/esv-secret-version-delete.test.js.snap | 1 + .../en/__snapshots__/esv-secret-version-list.test.js.snap | 1 + .../en/__snapshots__/esv-variable-create.test.js.snap | 1 + .../en/__snapshots__/esv-variable-delete.test.js.snap | 1 + .../en/__snapshots__/esv-variable-describe.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap | 1 + test/client_cli/en/__snapshots__/idm-count.test.js.snap | 1 + test/client_cli/en/__snapshots__/idm-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/idm-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/idm-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/idp-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/idp-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/idp-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/info.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-delete.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-describe.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-disable.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-enable.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/journey-prune.test.js.snap | 1 + test/client_cli/en/__snapshots__/log-fetch.test.js.snap | 2 ++ test/client_cli/en/__snapshots__/log-list.test.js.snap | 2 ++ test/client_cli/en/__snapshots__/log-tail.test.js.snap | 2 ++ .../en/__snapshots__/realm-add-custom-domain.test.js.snap | 1 + test/client_cli/en/__snapshots__/realm-describe.test.js.snap | 1 + test/client_cli/en/__snapshots__/realm-list.test.js.snap | 1 + .../en/__snapshots__/realm-remove-custom-domain.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-delete.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-describe.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/saml-list.test.js.snap | 1 + .../en/__snapshots__/saml-metadata-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/script-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/script-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/script-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/service-delete.test.js.snap | 1 + test/client_cli/en/__snapshots__/service-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/service-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/service-list.test.js.snap | 1 + test/client_cli/en/__snapshots__/theme-delete.test.js.snap | 1 + test/client_cli/en/__snapshots__/theme-export.test.js.snap | 1 + test/client_cli/en/__snapshots__/theme-import.test.js.snap | 1 + test/client_cli/en/__snapshots__/theme-list.test.js.snap | 1 + 77 files changed, 80 insertions(+) diff --git a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap index e7913b47e..a0c1bdf1e 100644 --- a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap index 5d8e5e948..ba566b2b5 100644 --- a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap @@ -74,6 +74,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap index 625361604..827f7e2bb 100644 --- a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap index 4c9d8f72f..413686b6e 100644 --- a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap index 96e9b3b05..5cc4b4ca4 100644 --- a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap @@ -55,6 +55,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap index 9a4dc0e4a..9e2384713 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap @@ -53,6 +53,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap index 2274c2e9e..185b79ba3 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap @@ -53,6 +53,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap index 67e73e581..c8bfa3e13 100644 --- a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap index cc2d95329..e35f693db 100644 --- a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap index 1e4370324..683c89926 100644 --- a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap @@ -56,6 +56,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap index ee60f9188..1c9527715 100644 --- a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap index 8b67a78ce..6392515fb 100644 --- a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap @@ -55,6 +55,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/app-export.test.js.snap b/test/client_cli/en/__snapshots__/app-export.test.js.snap index 3107447f6..482c8be9f 100644 --- a/test/client_cli/en/__snapshots__/app-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-export.test.js.snap @@ -61,6 +61,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/app-import.test.js.snap b/test/client_cli/en/__snapshots__/app-import.test.js.snap index 5bbbb4a32..8a848a22b 100644 --- a/test/client_cli/en/__snapshots__/app-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-import.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/app-list.test.js.snap b/test/client_cli/en/__snapshots__/app-list.test.js.snap index 0f925a44c..951be1b1a 100644 --- a/test/client_cli/en/__snapshots__/app-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/email-template-export.test.js.snap b/test/client_cli/en/__snapshots__/email-template-export.test.js.snap index 2c531d62e..09fef6ea2 100644 --- a/test/client_cli/en/__snapshots__/email-template-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-export.test.js.snap @@ -71,6 +71,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/email-template-import.test.js.snap b/test/client_cli/en/__snapshots__/email-template-import.test.js.snap index f1db3f891..09682493f 100644 --- a/test/client_cli/en/__snapshots__/email-template-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-import.test.js.snap @@ -76,6 +76,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/email-template-list.test.js.snap b/test/client_cli/en/__snapshots__/email-template-list.test.js.snap index 49a0be619..be1251425 100644 --- a/test/client_cli/en/__snapshots__/email-template-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-apply.test.js.snap b/test/client_cli/en/__snapshots__/esv-apply.test.js.snap index 7d28e3437..9a0b3b582 100644 --- a/test/client_cli/en/__snapshots__/esv-apply.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-apply.test.js.snap @@ -63,6 +63,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap index dbb193676..3d38c49cf 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap @@ -66,6 +66,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap index 5a7db65cb..8169a6745 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap index 35efbe341..8b1ad769a 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap @@ -61,6 +61,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap index 39f99eb02..dbe164300 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap index 095937879..5bbdfffaf 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap index a1726f144..54e8daa18 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap index 5dfa6f41d..3e00127f1 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap index f5dfcdb00..2fecdaf9b 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap index a45be02e4..637fa707a 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap @@ -63,6 +63,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap index 1ed0b2837..411139d26 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap index 31259c328..2e221fd57 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap @@ -67,6 +67,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap index a4a811246..106775bfc 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap @@ -66,6 +66,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap index 99ff65432..ab6762a9a 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap index 198a0d658..4861f7d26 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap index 61923eba0..43f436671 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idm-count.test.js.snap b/test/client_cli/en/__snapshots__/idm-count.test.js.snap index 1b1a5eab7..14c7f903d 100644 --- a/test/client_cli/en/__snapshots__/idm-count.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-count.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idm-export.test.js.snap b/test/client_cli/en/__snapshots__/idm-export.test.js.snap index 997926764..94d670307 100644 --- a/test/client_cli/en/__snapshots__/idm-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-export.test.js.snap @@ -80,6 +80,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idm-import.test.js.snap b/test/client_cli/en/__snapshots__/idm-import.test.js.snap index 4fc14ae0d..504e26cf2 100644 --- a/test/client_cli/en/__snapshots__/idm-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-import.test.js.snap @@ -77,6 +77,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idm-list.test.js.snap b/test/client_cli/en/__snapshots__/idm-list.test.js.snap index c6874da15..71b5dadec 100644 --- a/test/client_cli/en/__snapshots__/idm-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-list.test.js.snap @@ -53,6 +53,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idp-export.test.js.snap b/test/client_cli/en/__snapshots__/idp-export.test.js.snap index 50ee0500f..9785edee6 100644 --- a/test/client_cli/en/__snapshots__/idp-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-export.test.js.snap @@ -61,6 +61,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idp-import.test.js.snap b/test/client_cli/en/__snapshots__/idp-import.test.js.snap index ec5b12115..a14a3e2f8 100644 --- a/test/client_cli/en/__snapshots__/idp-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-import.test.js.snap @@ -59,6 +59,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/idp-list.test.js.snap b/test/client_cli/en/__snapshots__/idp-list.test.js.snap index 68a57d98d..3d69c2baa 100644 --- a/test/client_cli/en/__snapshots__/idp-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-list.test.js.snap @@ -53,6 +53,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/info.test.js.snap b/test/client_cli/en/__snapshots__/info.test.js.snap index 8dfae7a0c..4df6c2cc2 100644 --- a/test/client_cli/en/__snapshots__/info.test.js.snap +++ b/test/client_cli/en/__snapshots__/info.test.js.snap @@ -51,6 +51,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-delete.test.js.snap b/test/client_cli/en/__snapshots__/journey-delete.test.js.snap index 28f15e635..d75618b71 100644 --- a/test/client_cli/en/__snapshots__/journey-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-delete.test.js.snap @@ -67,6 +67,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-describe.test.js.snap b/test/client_cli/en/__snapshots__/journey-describe.test.js.snap index 85f8d83a2..e20972af0 100644 --- a/test/client_cli/en/__snapshots__/journey-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-describe.test.js.snap @@ -80,6 +80,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-disable.test.js.snap b/test/client_cli/en/__snapshots__/journey-disable.test.js.snap index afe4bd2b7..e72e26a27 100644 --- a/test/client_cli/en/__snapshots__/journey-disable.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-disable.test.js.snap @@ -59,6 +59,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-enable.test.js.snap b/test/client_cli/en/__snapshots__/journey-enable.test.js.snap index 50dc847ab..f8ed1631f 100644 --- a/test/client_cli/en/__snapshots__/journey-enable.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-enable.test.js.snap @@ -59,6 +59,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-export.test.js.snap b/test/client_cli/en/__snapshots__/journey-export.test.js.snap index f846e7105..719760e4f 100644 --- a/test/client_cli/en/__snapshots__/journey-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-export.test.js.snap @@ -82,6 +82,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-import.test.js.snap b/test/client_cli/en/__snapshots__/journey-import.test.js.snap index a757eaf49..5968d8c5c 100644 --- a/test/client_cli/en/__snapshots__/journey-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-import.test.js.snap @@ -72,6 +72,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-list.test.js.snap b/test/client_cli/en/__snapshots__/journey-list.test.js.snap index a54ddd137..2054b1660 100644 --- a/test/client_cli/en/__snapshots__/journey-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-list.test.js.snap @@ -55,6 +55,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/journey-prune.test.js.snap b/test/client_cli/en/__snapshots__/journey-prune.test.js.snap index a666063f9..04520adfd 100644 --- a/test/client_cli/en/__snapshots__/journey-prune.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-prune.test.js.snap @@ -55,6 +55,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/log-fetch.test.js.snap b/test/client_cli/en/__snapshots__/log-fetch.test.js.snap index 87f696b5f..f3f86f8fa 100644 --- a/test/client_cli/en/__snapshots__/log-fetch.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-fetch.test.js.snap @@ -66,6 +66,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. @@ -140,6 +141,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/log-list.test.js.snap b/test/client_cli/en/__snapshots__/log-list.test.js.snap index 44dc70abf..984d4b65b 100644 --- a/test/client_cli/en/__snapshots__/log-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-list.test.js.snap @@ -38,6 +38,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. @@ -84,6 +85,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/log-tail.test.js.snap b/test/client_cli/en/__snapshots__/log-tail.test.js.snap index ee063b5e4..2c885dfb0 100644 --- a/test/client_cli/en/__snapshots__/log-tail.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-tail.test.js.snap @@ -56,6 +56,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. @@ -120,6 +121,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap b/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap index a7fa8569e..14e8441e5 100644 --- a/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/realm-describe.test.js.snap b/test/client_cli/en/__snapshots__/realm-describe.test.js.snap index a561112ea..18fa85d2f 100644 --- a/test/client_cli/en/__snapshots__/realm-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-describe.test.js.snap @@ -53,6 +53,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/realm-list.test.js.snap b/test/client_cli/en/__snapshots__/realm-list.test.js.snap index 1959e53bd..f0130e7d5 100644 --- a/test/client_cli/en/__snapshots__/realm-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap b/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap index e8d3f71a2..7e5159750 100644 --- a/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap index d6fb3868a..04ade365c 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap @@ -61,6 +61,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap index e11292e10..1ff926390 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap @@ -63,6 +63,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap index 77b2f1b44..c7833ec4c 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-delete.test.js.snap b/test/client_cli/en/__snapshots__/saml-delete.test.js.snap index d68f13509..07ea98fd9 100644 --- a/test/client_cli/en/__snapshots__/saml-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-delete.test.js.snap @@ -62,6 +62,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-describe.test.js.snap b/test/client_cli/en/__snapshots__/saml-describe.test.js.snap index d2287a427..d7e9b887b 100644 --- a/test/client_cli/en/__snapshots__/saml-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-describe.test.js.snap @@ -61,6 +61,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-export.test.js.snap index 5f3db048d..72861d191 100644 --- a/test/client_cli/en/__snapshots__/saml-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-export.test.js.snap @@ -70,6 +70,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-import.test.js.snap b/test/client_cli/en/__snapshots__/saml-import.test.js.snap index c94bf8d67..64bb2797f 100644 --- a/test/client_cli/en/__snapshots__/saml-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-import.test.js.snap @@ -69,6 +69,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-list.test.js.snap b/test/client_cli/en/__snapshots__/saml-list.test.js.snap index 22107c453..b5acd22b2 100644 --- a/test/client_cli/en/__snapshots__/saml-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap index 548e7d882..a4072ce05 100644 --- a/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap @@ -67,6 +67,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/script-export.test.js.snap b/test/client_cli/en/__snapshots__/script-export.test.js.snap index 1ce7547a6..4f1acf3a4 100644 --- a/test/client_cli/en/__snapshots__/script-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-export.test.js.snap @@ -67,6 +67,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/script-import.test.js.snap b/test/client_cli/en/__snapshots__/script-import.test.js.snap index 03a770e19..a23d7213e 100644 --- a/test/client_cli/en/__snapshots__/script-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-import.test.js.snap @@ -71,6 +71,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/script-list.test.js.snap b/test/client_cli/en/__snapshots__/script-list.test.js.snap index 5aedaf581..ac2079a37 100644 --- a/test/client_cli/en/__snapshots__/script-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/service-delete.test.js.snap b/test/client_cli/en/__snapshots__/service-delete.test.js.snap index b21993b30..f759419b3 100644 --- a/test/client_cli/en/__snapshots__/service-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-delete.test.js.snap @@ -56,6 +56,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/service-export.test.js.snap b/test/client_cli/en/__snapshots__/service-export.test.js.snap index 63d126128..9204eff1a 100644 --- a/test/client_cli/en/__snapshots__/service-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-export.test.js.snap @@ -68,6 +68,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/service-import.test.js.snap b/test/client_cli/en/__snapshots__/service-import.test.js.snap index 79b5ec318..561c46971 100644 --- a/test/client_cli/en/__snapshots__/service-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-import.test.js.snap @@ -70,6 +70,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/service-list.test.js.snap b/test/client_cli/en/__snapshots__/service-list.test.js.snap index 4305db822..9856006c9 100644 --- a/test/client_cli/en/__snapshots__/service-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-list.test.js.snap @@ -55,6 +55,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/theme-delete.test.js.snap b/test/client_cli/en/__snapshots__/theme-delete.test.js.snap index 3f1c63f58..3950d104b 100644 --- a/test/client_cli/en/__snapshots__/theme-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-delete.test.js.snap @@ -60,6 +60,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/theme-export.test.js.snap b/test/client_cli/en/__snapshots__/theme-export.test.js.snap index 745562ab4..cb8f5407c 100644 --- a/test/client_cli/en/__snapshots__/theme-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-export.test.js.snap @@ -65,6 +65,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/theme-import.test.js.snap b/test/client_cli/en/__snapshots__/theme-import.test.js.snap index 8cb29c143..25d13472f 100644 --- a/test/client_cli/en/__snapshots__/theme-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-import.test.js.snap @@ -64,6 +64,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. diff --git a/test/client_cli/en/__snapshots__/theme-list.test.js.snap b/test/client_cli/en/__snapshots__/theme-list.test.js.snap index a41b857ec..adb9bf475 100644 --- a/test/client_cli/en/__snapshots__/theme-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-list.test.js.snap @@ -54,6 +54,7 @@ Evironment Variables: FRODO_PASSWORD: Password. Overrides 'password' argument. FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option. FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. From 6f76ad99f4f6d83b272d4345afe57be14e7f4703 Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 11:54:27 -0500 Subject: [PATCH 07/18] update conn tests and snapshots --- .gitignore | 4 +- .../__snapshots__/conn-list.e2e.test.js.snap | 8 ++-- .../__snapshots__/conn-save.e2e.test.js.snap | 11 +++-- test/e2e/conn-list.e2e.test.js | 45 ++++++++++++------- test/e2e/conn-save.e2e.test.js | 30 ++++++++----- test/e2e/env/Connections.json | 11 +++++ test/e2e/utils/TestUtils.js | 2 + 7 files changed, 71 insertions(+), 40 deletions(-) create mode 100644 test/e2e/env/Connections.json diff --git a/.gitignore b/.gitignore index ccf80ba7f..b8122a6bf 100644 --- a/.gitignore +++ b/.gitignore @@ -9,8 +9,8 @@ esm/ frodo frodo.exe -connections.json -journey-*.json +# connections.json +masterkey.key # Logs logs diff --git a/test/e2e/__snapshots__/conn-list.e2e.test.js.snap b/test/e2e/__snapshots__/conn-list.e2e.test.js.snap index a40a3f964..9851b17b1 100644 --- a/test/e2e/__snapshots__/conn-list.e2e.test.js.snap +++ b/test/e2e/__snapshots__/conn-list.e2e.test.js.snap @@ -1,14 +1,14 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`frodo conn list "frodo conn list --long": should list the connection hosts, service accounts, usernames, and log API keys. 1`] = ` -"Host │Service Account│Username │Log API Key -https://openam-frodo-dev.forgeblocks.com/am│frodo-test │volker.scheuber@forgerock.com│2e3e7162c6861fdc50a10b6353ada65a +"Host │Service Account│Username │Log API Key +https://openam-frodo-dev.forgeblocks.com/am│frodo-test │volker.scheuber@forgerock.com│ " `; exports[`frodo conn list "frodo conn list -l": should list the connection hosts, service accounts, usernames, and log API keys. 1`] = ` -"Host │Service Account│Username │Log API Key -https://openam-frodo-dev.forgeblocks.com/am│frodo-test │volker.scheuber@forgerock.com│2e3e7162c6861fdc50a10b6353ada65a +"Host │Service Account│Username │Log API Key +https://openam-frodo-dev.forgeblocks.com/am│frodo-test │volker.scheuber@forgerock.com│ " `; diff --git a/test/e2e/__snapshots__/conn-save.e2e.test.js.snap b/test/e2e/__snapshots__/conn-save.e2e.test.js.snap index c319b9f74..eadb0656e 100644 --- a/test/e2e/__snapshots__/conn-save.e2e.test.js.snap +++ b/test/e2e/__snapshots__/conn-save.e2e.test.js.snap @@ -1,15 +1,14 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`frodo conn save "frodo conn save --no-validate https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!": save new connection profile with existing service account and without admin account. 1`] = ` +exports[`frodo conn save "frodo conn save --no-validate --sa-id b672336b-41ef-428d-ae4a-e0c082875377 --sa-jwk-file test/fs_tmp/conn-save-jwk.json https://openam-frodo-dev.forgeblocks.com/am": save new connection profile with existing service account and without admin account. 1`] = ` "Saved connection profile https://openam-frodo-dev.forgeblocks.com/am " `; -exports[`frodo conn save "frodo conn save --sa-id b672336b-41ef-428d-ae4a-e0c082875377 --sa-jwk-file test/fs_tmp/conn-save-jwk.json https://openam-frodo-dev.forgeblocks.com/am": save new connection profile with existing service account and without admin account. 1`] = ` -"Connected to https://openam-frodo-dev.forgeblocks.com/am [alpha] as service account frodo-test [b672336b-41ef-428d-ae4a-e0c082875377] -- Validating service account b672336b-41ef-428d-ae4a-e0c082875377... -✔ Successfully validated service account b672336b-41ef-428d-ae4a-e0c082875377. -Validated and added service account with id b672336b-41ef-428d-ae4a-e0c082875377 to profile. +exports[`frodo conn save "frodo conn save https://openam-frodo-dev.forgeblocks.com/am volker.scheuber@forgerock.com Sup3rS3cr3t!": save new connection profile using an admin account. 1`] = ` +"Connected to https://openam-frodo-dev.forgeblocks.com/am [alpha] as user volker.scheuber@forgerock.com +Created and added service account Frodo-SA-1687293271764 with id 17051145-f82a-47b0-8e73-91f27e2cb622 to profile. +Created log API key 2e3e7162c6861fdc50a10b6353ada65a and secret. Saved connection profile https://openam-frodo-dev.forgeblocks.com/am " `; diff --git a/test/e2e/conn-list.e2e.test.js b/test/e2e/conn-list.e2e.test.js index a6d87b293..a8a916061 100644 --- a/test/e2e/conn-list.e2e.test.js +++ b/test/e2e/conn-list.e2e.test.js @@ -59,35 +59,46 @@ FRODO_CONNECTION_PROFILES_PATH=~/temp/frodo/Connections.json FRODO_MOCK=record F */ import cp from 'child_process'; import { promisify } from 'util'; -import { removeAnsiEscapeCodes } from './utils/TestUtils'; +import { removeAnsiEscapeCodes, testif } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; const exec = promisify(cp.exec); process.env['FRODO_MOCK'] = '1'; +process.env['FRODO_CONNECTION_PROFILES_PATH'] = + './test/e2e/env/Connections.json'; const env = { - env: process.env, + env: process.env, }; env.env.FRODO_HOST = c.host; env.env.FRODO_SA_ID = c.saId; env.env.FRODO_SA_JWK = c.saJwk; describe('frodo conn list', () => { - test('"frodo conn list": should list the connection hosts', async () => { - const CMD = `frodo conn list`; - const { stdout } = await exec(CMD, env); - expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); - }); + testif(process.env['FRODO_MASTER_KEY'])( + '"frodo conn list": should list the connection hosts', + async () => { + const CMD = `frodo conn list`; + const { stdout } = await exec(CMD, env); + expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); + } + ); - test('"frodo conn list -l": should list the connection hosts, service accounts, usernames, and log API keys.', async () => { - const CMD = `frodo conn list -l`; - const { stdout } = await exec(CMD, env); - expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); - }); + testif(process.env['FRODO_MASTER_KEY'])( + '"frodo conn list -l": should list the connection hosts, service accounts, usernames, and log API keys.', + async () => { + const CMD = `frodo conn list -l`; + const { stdout } = await exec(CMD, env); + expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); + } + ); - test('"frodo conn list --long": should list the connection hosts, service accounts, usernames, and log API keys.', async () => { - const CMD = `frodo conn list --long`; - const { stdout } = await exec(CMD, env); - expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); - }); + testif(process.env['FRODO_MASTER_KEY'])( + '"frodo conn list --long": should list the connection hosts, service accounts, usernames, and log API keys.', + async () => { + const CMD = `frodo conn list --long`; + const { stdout } = await exec(CMD, env); + expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); + } + ); }); diff --git a/test/e2e/conn-save.e2e.test.js b/test/e2e/conn-save.e2e.test.js index f72e67f4d..3364498b5 100644 --- a/test/e2e/conn-save.e2e.test.js +++ b/test/e2e/conn-save.e2e.test.js @@ -47,13 +47,15 @@ */ import cp from 'child_process'; import { promisify } from 'util'; -import { removeAnsiEscapeCodes } from './utils/TestUtils'; +import { removeAnsiEscapeCodes, testif } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; import { writeFileSync, rmSync } from 'fs'; const exec = promisify(cp.exec); process.env['FRODO_MOCK'] = '1'; +process.env['FRODO_CONNECTION_PROFILES_PATH'] = + './test/e2e/env/Connections.json'; const env = { env: process.env, }; @@ -69,15 +71,21 @@ afterAll(() => { }); describe('frodo conn save', () => { - test(`"frodo conn save --no-validate ${c.host} ${c.user} ${c.pass}": save new connection profile with existing service account and without admin account.`, async () => { - const CMD = `frodo conn save --no-validate ${c.host} ${c.user} ${c.pass}`; - const { stderr } = await exec(CMD, env); - expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot(); - }); + testif(process.env['FRODO_MASTER_KEY'])( + `"frodo conn save ${c.host} ${c.user} ${c.pass}": save new connection profile using an admin account.`, + async () => { + const CMD = `frodo conn save ${c.host} ${c.user} ${c.pass}`; + const { stderr } = await exec(CMD, env); + expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot(); + } + ); - test(`"frodo conn save --sa-id ${c.saId} --sa-jwk-file ${jwkFile} ${c.host}": save new connection profile with existing service account and without admin account.`, async () => { - const CMD = `frodo conn save --sa-id ${c.saId} --sa-jwk-file ${jwkFile} ${c.host}`; - const { stderr } = await exec(CMD, env); - expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot(); - }); + testif(process.env['FRODO_MASTER_KEY'])( + `"frodo conn save --no-validate --sa-id ${c.saId} --sa-jwk-file ${jwkFile} ${c.host}": save new connection profile with existing service account and without admin account.`, + async () => { + const CMD = `frodo conn save --no-validate --sa-id ${c.saId} --sa-jwk-file ${jwkFile} ${c.host}`; + const { stderr } = await exec(CMD, env); + expect(removeAnsiEscapeCodes(stderr)).toMatchSnapshot(); + } + ); }); diff --git a/test/e2e/env/Connections.json b/test/e2e/env/Connections.json new file mode 100644 index 000000000..1745125e6 --- /dev/null +++ b/test/e2e/env/Connections.json @@ -0,0 +1,11 @@ +{ + "https://openam-frodo-dev.forgeblocks.com/am": { + "encodedLogApiSecret": "s/jvumbnVBgyFKC1GQKdYvUNBYdKVKiZQueQUlj0iAxucif140oyKlOw0g4rIV9K4dJ+XG7XxnSP1+4YBrm0+gUiv9a871T3qqqCbdfd7n1fIgY4bxU/c9GM6JDyE3izEP33WBRmjwPTwsOSn/5L44/XlXrRSuMmWVr/6dRwu4cG0lG/jhecMuLGyCieA4h5MZNMvO0OEDcqB8+h+tqqOWug", + "encodedPassword": "Zc6qh/HVJYUCDogCNWw+D1BxkQUkRnvDCbB4je7SXb5F4G3WwCi42rF8OKPTTGkWZJcwNYL0Eg/KCGeBMPBVn+om+K5k73TeAKfLuWl7fEFtR6xnwb8OL0ItlnVihENoYTkqlEXYuEAwEMSdjW0=", + "encodedSvcacctJwk": "OORANNwRjP9IL5Y3AnQ2hMV+lfhe/a9E41jY+HZeH3nzJO3yhXzkRj3szunL/k19LfjO/8AfxCbYcvkNbAOhfALKbq8Lhs7y1P0h4L/jR8YCpEz+ET4IjptSS1d6CDe3CWYHV4rgjcPsiEJW1tr+i202L3H6NfOoOosl1ItIl/hLHsRBm8upH6nrrX/pqmhhGY0GW9RkeSxMeM/EF1Ui0tp+iSjTbbhbtja70gjKmTDFTGWFXa/gXuwjmaLnCfCquctvpcnm6mT5bahHkMNfFomwwrUB4K4YD6aOzA3j/0j1YCUcbRS9nP1qKFe1YJGzKUXYAfeO823XKFj/0ktfzCawWvp7qDm87bsR3piVr4ioOKgSU5kt/rY4Jp90516nmUaHPoSbqiD8HBudFA5DzShZ/S/wEg58P+cf3Q8xS5PA9ZRaOaU8aFobVCQnZYuIIFOlBjAxNUC8Kvftykt1dCMZA44sp98pvTWNttYkonehdbwz0R6XSRcCxI80ggNvKZDAlP8tlMMB4lnDWZlvIH8rzjXNntfKvTkHT5+WHCTv0bEEbNJ6pFIblnDu8DSvIOuVE+de3zWJ7YwtzGH8ea1nfZEySXRj0QrowSibEPsTT33xB9EmzQLiZtfeeBF/jixRZL7lEABCI1NgxXLIp79gok+nAPZ0HUKp+f52rAK85HrLbUQwe2xqKHIvRNFwxDJzubohMhQOk+u44N3dks4qMg0d0gnEu8tsipxr/0gQX2KttiNjb7gidTfhe83qzjNM2TdaxCmhWJRFlafzirO/vRs6D/3EDqMtpJ3+HuP6DdIk3mDtxnP6Srqlo7i4nE8+MYKojn85Zcaly7OJoVlC4r8hXZTTC6A8P57EhEqXDVnfYfyLH9HIfDBevGjtP3y+2KLD93IH5kevD3s6ZtcQkI5CNZVBgk0ZFbIeluDVyON/NhyoVIzSg5dwlBNexWOB9tPoDlBJXUcoixfT2E4rSjc5m3q6FVrQcbi55VGpn5iSKeh31t3Eg+OUKYpFbAIIUpp4+Rg/QhCAA0oEmXLfIMij7h/sSsQIwP3Q9PsOnLobd7yAWTUpJWrOT7R1ptI0XPrYJ3ZzjEl+kZYoRa8iNhNsJYHGAzMXc/4ju3wPJDb53XLqQcPJ0ECC6MA3NXnplZWfm0MMjZBWhIZYg+CeAXo4Vt5tI0V0d7L6DHETB2gane5f8z6HPdJGskESFgo5KlSd0T/LZAR6rXnpjXboQo/i1nTvtP1NtYDJydv/k0+XHA4fZF0UbZrJuu5xRr7BEaCNNBJl/KozALughmomAXZnauoIU8nliYh2su86FLABmJf3m3hNSuKx3k6itgnB4TujiPwMcUZr36vCKjytWSROwhaSpWL/e7fW8F4/8dwZp98gs3UCN0qly604reDFkr4s5ilYDUybTA+iC4aN8/4HkLtWd3C8uH1460sG0WJ2+aV0alCbEQHG6sJkdqHzLWgV3iJGHWiFP5+TjCK08GxnsPvB0jg+JeDQwT/B7mu80qEY7uVfuGqQ+dgVnEIRfgp/QlT7cRtYO8+cXvjPZwbhPlOZOe/lGvzaGM18qRtHjnXqsrjwCYBzV/CgMiGNBPA6/+xd0tSOTp/MHWZT5VpACBaUt8uSMTHARMy2mcA9UoAJzpvQ2J2EXga2mp+zgZNe1VgE//DXjOf8U9iuOsznquxSYvlCTwel7C7LR2GbtlFl5Up2T1QzORkzsV8JQB33zZmtWpf16ql8FXoElmKus8UcAl50eeOZmsYQTg2vlD6zMFYexTkDg3ZZ2I60neLbYjxnLZpXqUNMB1y/oTdtmCDml/wXZyvkdDQTd9GNcXScMtYEv+SrLikFigTb06vVKGFvqZ6cbD/4VBWqYLJLShLOgXwe3NLZAvjMk8xoNZg3dhTK1WDel0G72OLSCJUP0/8ia8/+5daBXfT5DZnGXJmzxhQPLK2fxwf1ZpPlAZ+kU3KCycUhiOnk5UX0L/vG83/M/TX/TIvFfhtcKNFIbf+nLa8YyHBs6loH4UhoYNdLpDlE2/k1GMVF28LdWwDF6GUlA5styBF4FAqL2I6YvMWFd6oboB9MxSfvMweAim3Jx458s0AAxV0lnSzl0PjWdhD0UYHjAfyogI/Rb60Y9mwDC4/NlamuW0b7KfOM6avHYQ9GC1rg31iH9gWsJQJRAPjzvT4Z0/bWdQFQnzpuVja8qVaGmVgsS0a/dhyheyjuR2G5pTO4PmGc6XcGycblBVK6xxhYVr4ecSC4GznzGVDaS3yIPOyn6AaNAjqZ675f595ZBvBg1qjfncWtZkpDY2rR5ovjBfE7b/9mHIXMOMawoMuC3PsjbKM8ms4rA3uMwszTUgvTSKTQojBuPvBBS9v9L2m1Q3sRlwcEcuVgwcO1/W6yeqC4l5Wx3j0qGLqesl9gQO0yRj6k0Y+aRTisVY+OK6BVpLsMOTTKNT6ezjW6QFxWtsTSR/aLaFEcfpAy4RvBhnYfhZ0uSZNmio14N+B+HH66DKZCCadzjW9RPHWqcWnh/bZddn8PRIfredVjivZ6Qd0L/VkfnNg7yW/JXdO7BN3jJgNhXh5XqaCcjGkSizuh7eRbzXC2OfHKh+0sB8HFeBcYFiRTNXLhrukeWNFMfB6yGOLeQEJGwFJ3z4kAwt4GXNw+ZAYrDerUIb0VWG9zQZBXRN/r6bfxvLD2hRn5fWGskvVCDYh6fX9hzf+h5dCBwcQrqFXLOOh+Esi38crVb+8qLXHtWOnpss60PEvEotv3u2wRSF1pOmrjz5aN/vofS9SM3ZOzki4bXHgqjFHolJHG1ezrVH6SLigQGZpTgpJfgBccXqikP8kML1GxnbnHg0ZhPSo2A8bCWW13XMy9fWgfyVcXsrY2S/oQYvanqBnQfkN3C0jWpmWLefJclk+6ALSRVCGjx7nz9QvipI144SUUX6LURqNlLweVG2wmRkagTbUzlc34sxKO40QtgvEmuKCOnjTA7sMeQJxrqcqeWg+1yKOjZ8LifK6dJEaeO0oPTOOErckujl9C1t8orrEtCKqX6zb9ihQszIjZ2R7AchJZKFTmQAGfrH/PM4vm2P/3J/1Z+O1HUahJKq9XyYlrmCDugJWKB5c9lh1ZDzasohYBRb8Fxn+/moBxw6bEzWmzkVGphrjyvX8UNAJ0ANafHX6JV9BhDsxrAfIHw6FXL9TrRY3iAqMYMCAkH2vJwj9qK3DsAXqpom/rs7pxoWOZnmqMOvGQCU+AizcOScoa36LIRPICNm+7Q0/M7i0uwE2pA2OLvAwCuYBkKXaylS1Y1kDmSWN9t4Y1urvEHUOk/9B2l6NUCkTH11FUltGw36SKN1IblYPCOYhEscAP2DQE+LAGmFZJsCgMVOVPE3lET4jCkwL7/+LiV6XsHndYeQf0Y/x2nwKui0b+tklB0QBC2NrCOIPgEzAp2wx3htr/LbhaMW68J4g22h52Ptm3qY0qbAOlll103HDRYBSzLNfIMzRrNC5qe0Jsj7OG6SzdYwlmgg8Hd/89JZHrRyHsCHembsPFvIirM789GsqvcDTnG1Jk+OnuHoLxg14nrogRXwowO8NkbD5UwAxQ1pN7mcJ3Ccyk5zjtMsXmOHvZrKxsRnLqSnV0bBYqPVeO7YQAvnIGbPP5OJKKFVueqDDLF/QVjI1SdQtpXweBEQPzWkVRGY4tXAIiFZV12yMD/z8nL2ob6JvLOpbnw82bqYGxIoHOoTK14gZs5OWa7octtVGRBgzImN0nF/Wn4x4FojnbwNhjV/v+xgZqwB4kwpOoGBka6l63tqO+n0OB/WrPHBQXRt5NUx7dPda7Yj/PUKwx9rqTo5v+7MZwbdVdumvmoq+oGdvvCbwgPoQ/r+/j6yDIC8p/uy/h5T6F+9qbBndAs1vMb7GPXNDLKhW7HYtyZ6/6d5k4Isp+7SLs9B0FCwIB4W/8QPm2wfLUg4jNYUxmQ+s0t3o4VrWVzfTS682AC0ilZNAmr0kPxUBCpigpOPGkpz8lI2OhXtBFVJ2bpZV36XTKiH4bTGxBPcaRc7+FnlGh7JdSrA5PaZ26MGGsiI+2Wzh4JgZgbh//aDnsbor3Gi5+en2pB8xIOoG88IrDroudRNacrByOo7nrph16JZlwWcXdj4JWrkkLTEhO8dHRFwDpEWzmcPM1fFKy/7nSFU7l8zU8n6dXbOzD0JRnHBt65LPXwN2o1S6XqV+DmdxNzpKx6ybaJMgbblR0RNqQWA1JZzREdsuZUnXhQguBa0hvMyae9IJxWNfrUp2zFf8FLbtowXpyHpAz4Qdoj/7+KOh6cWvH7RNR3w4giKjoyvCFezPaA5A=", + "logApiKey": "2e3e7162c6861fdc50a10b6353ada65a", + "svcacctId": "b672336b-41ef-428d-ae4a-e0c082875377", + "svcacctName": "Frodo-SA-1687293271764", + "username": "volker.scheuber@forgerock.com" + } +} \ No newline at end of file diff --git a/test/e2e/utils/TestUtils.js b/test/e2e/utils/TestUtils.js index 4e8dd5e74..9c6d30a71 100644 --- a/test/e2e/utils/TestUtils.js +++ b/test/e2e/utils/TestUtils.js @@ -54,3 +54,5 @@ export async function testExport(command, env, type, fileName, directory = "./", fs.unlinkSync(path); }); } + +export const testif = (condition) => (condition ? test : test.skip); From feea1153d899c59db26d2b8263d6b5f313f7ca58 Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 20:14:06 -0500 Subject: [PATCH 08/18] update email template tests and snapshots --- src/utils/ExportImportUtils.ts | 101 +- .../email-template-export.e2e.test.js.snap | 1430 +---------------- test/e2e/email-template-export.e2e.test.js | 80 +- test/e2e/utils/TestUtils.js | 43 +- 4 files changed, 122 insertions(+), 1532 deletions(-) diff --git a/src/utils/ExportImportUtils.ts b/src/utils/ExportImportUtils.ts index c40a9f85c..e19715ad5 100644 --- a/src/utils/ExportImportUtils.ts +++ b/src/utils/ExportImportUtils.ts @@ -1,13 +1,10 @@ -import { frodo, state } from '@rockcarver/frodo-lib'; +import { frodo } from '@rockcarver/frodo-lib'; import fs from 'fs'; import { lstat, readdir, readFile } from 'fs/promises'; import { join } from 'path'; -import slugify from 'slugify'; import { printMessage } from './Console'; -const { stringify, deleteDeepByKey } = frodo.utils.json; - /** * find all (nested) files in a directory * @@ -47,66 +44,23 @@ export async function readFiles( return filePathsNested.flat(); } -const { getMetadata } = frodo.utils; +const { + getMetadata, + getTypedFilename, + saveJsonToFile, + saveToFile, + titleCase, + getRealmString, +} = frodo.utils; -/** - * Get a typed filename. E.g. "my-script.script.json" - * - * @param name The name of the file - * @param type The type of the file, e.g. script, idp, etc. - * @param suffix The suffix of the file, e.g. json, xml, etc. Defaults to json. - * @returns The typed filename - */ -export function getTypedFilename( - name: string, - type: string, - suffix = 'json' -): string { - const slug = slugify(name.replace(/^http(s?):\/\//, '')); - return `${slug}.${type}.${suffix}`; -} - -/** - * Save JSON object to file - * - * @param data data object - * @param filename file name - */ -// eslint-disable-next-line @typescript-eslint/no-explicit-any -export function saveJsonToFile(data: any, filename: string) { - const exportData = data; - if (!exportData.meta) { - exportData.meta = getMetadata(); - } - deleteDeepByKey(exportData, '_rev'); - fs.writeFile(filename, stringify(exportData), (err) => { - if (err) { - return printMessage(`ERROR - can't save ${filename}`, 'error'); - } - return ''; - }); -} - -export function saveToFile(type, data, identifier, filename) { - const exportData = {}; - exportData['meta'] = getMetadata(); - exportData[type] = {}; - - if (Array.isArray(data)) { - data.forEach((element) => { - exportData[type][element[identifier]] = element; - }); - } else { - exportData[type][data[identifier]] = data; - } - deleteDeepByKey(exportData, '_rev'); - fs.writeFile(filename, stringify(exportData), (err) => { - if (err) { - return printMessage(`ERROR - can't save ${type} to file`, 'error'); - } - return ''; - }); -} +export { + getMetadata, + getRealmString, + getTypedFilename, + saveJsonToFile, + saveToFile, + titleCase, +}; /** * Save text data to file @@ -123,24 +77,3 @@ export function saveTextToFile(data: string, filename: string): boolean { return false; } } - -/* - * Output str in title case - * - * e.g.: 'ALL UPPERCASE AND all lowercase' = 'All Uppercase And All Lowercase' - */ -export function titleCase(input) { - const str = input.toString(); - const splitStr = str.toLowerCase().split(' '); - for (let i = 0; i < splitStr.length; i += 1) { - splitStr[i] = splitStr[i].charAt(0).toUpperCase() + splitStr[i].slice(1); - } - return splitStr.join(' '); -} - -export function getRealmString() { - const realm = state.getRealm(); - return realm - .split('/') - .reduce((result, item) => `${result}${titleCase(item)}`, ''); -} diff --git a/test/e2e/__snapshots__/email-template-export.e2e.test.js.snap b/test/e2e/__snapshots__/email-template-export.e2e.test.js.snap index 59cae38f4..61637fbb2 100644 --- a/test/e2e/__snapshots__/email-template-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/email-template-export.e2e.test.js.snap @@ -1,1335 +1,5 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`frodo email template export "frodo email template export --all": should export all email templates to a single file 1`] = `""`; - -exports[`frodo email template export "frodo email template export --all": should export all email templates to a single file 2`] = ` -{ - "emailTemplate": { - "FraudNotification": { - "_id": "emailTemplate/FraudNotification", - "defaultLocale": "en", - "displayName": "Fraud Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}} {{object.sn}},

we blocked an attempt to access your Expanse account from a suspicious device!

Your Expanse Security Team.

", - }, - "message": { - "en": "

Hello {{object.givenName}} {{object.sn}},

we blocked an attempt to access your Expanse account from a suspicious device!

Your Expanse Security Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: red; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Fraud alert from your Expanse Account!", - }, - }, - "MobileEmailOTP": { - "_id": "emailTemplate/MobileEmailOTP", - "defaultLocale": "en", - "displayName": "Mobile Email OTP", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

This is your one-time password:

{{object.frUnindexedInteger5}}

", - }, - "message": { - "en": "

This is your one-time password:

{{object.frUnindexedInteger5}}

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "One-Time Password for Login", - }, - }, - "UnknownDeviceNotification": { - "_id": "emailTemplate/UnknownDeviceNotification", - "defaultLocale": "en", - "displayName": "Unknown Device Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Expanse account was accessed from an unknown device!

Your Expanse Security Team.

", - }, - "message": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Expanse account was accessed from an unknown device!

Your Expanse Security Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: orange; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Your Expanse account was accessed from an unknown device!", - }, - }, - "Welcome": { - "_id": "emailTemplate/Welcome", - "defaultLocale": "en", - "displayName": "Welcome", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Welcome to Expanse, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Expanse Team.

", - }, - "message": { - "en": "

Welcome to Expanse, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Expanse Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 10px; - text-align: left -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #ffffff; - border-radius: 4px; - margin: 0 auto; - padding: 10px; - width: 300px -} - ", - "subject": { - "en": "Your registration with Expanse", - }, - }, - "activation": { - "_id": "emailTemplate/activation", - "defaultLocale": "en", - "displayName": "Activation", - "enabled": true, - "from": ""ForgeRock Identity Cloud Team" ", - "html": { - "en": "

Welcome {{object.givenName}}.

Your username is '{{object.userName}}'.

", - }, - "message": { - "en": "

Welcome {{object.givenName}}.

Your username is '{{object.userName}}'.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - -a { - text-decoration: none; - color: #109cf1; -} - -.content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} -", - "subject": { - "en": "Your J.P. Morgan account has been activated", - }, - "templateId": "activation", - }, - "arvestUnknownDeviceNotification": { - "_id": "emailTemplate/arvestUnknownDeviceNotification", - "defaultLocale": "en", - "description": "", - "displayName": "Arvest Unknown Device Notification", - "enabled": true, - "from": ""Arvest IT Security " ", - "html": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Arvest account was accessed from an unknown device!

Your Arvest Cyber Security Team.

", - }, - "message": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Arvest account was accessed from an unknown device!

Your Arvest Cyber Security Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: orange; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Your Arvest Bank account was accessed from an unknown device!", - }, - "templateId": "arvestUnknownDeviceNotification", - }, - "arvestWelcome": { - "_id": "emailTemplate/arvestWelcome", - "defaultLocale": "en", - "description": "", - "displayName": "ArvestWelcome", - "enabled": true, - "from": ""Arvest Admin" ", - "html": { - "en": "

Welcome to Arvest Bank, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Arvest Team

", - }, - "message": { - "en": "

Welcome to Arvest Bank, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Arvest Team

", - }, - "mimeType": "text/html", - "name": "Welcome", - "styles": "body { - background-color: #324054; - color: black; - padding: 10px; - text-align: left -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #ffffff; - border-radius: 4px; - margin: 0 auto; - padding: 10px; - width: 300px -} - ", - "subject": { - "en": "Your registration with Arvest Bank", - }, - "templateId": "arvestWelcome", - }, - "ebInvitation": { - "_id": "emailTemplate/ebInvitation", - "advancedEditor": true, - "defaultLocale": "en", - "description": "", - "displayName": "EBInvitation", - "enabled": true, - "from": ""J.P Morgan " <>", - "html": { - "en": "", - }, - "message": { - "en": " - - -
-

Dear {{object.givenName}},

-

You have been invited to join - JPMC Embedded Banking -

- - - - -
- ACCEPT INVITE -
-
Copyright © 2022 of J.P. Morgan Chase & Co.
-
- - - ", - }, - "mimeType": "text/html", - "name": "invitation", - "styles": "body { - margin: 0; - padding: 0; - color: #455469; - font-family: 'Open Sans'; -} - table { - width:100%; - border-collapse:collapse; - border:0; - border-spacing:0; - background:#ffffff; - text-align: center; -} - tbody { -} - ", - "subject": { - "en": "You're invited to join the JPMC Embedded Banking", - }, - "templateId": "ebInvitation", - }, - "forgottenUsername": { - "_id": "emailTemplate/forgottenUsername", - "defaultLocale": "en", - "enabled": true, - "from": "", - "html": { - "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", - }, - "message": { - "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", - }, - "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", - "subject": { - "en": "Account Information - username", - "fr": "Informations sur le compte - nom d'utilisateur", - }, - }, - "multiFactorEmailLink": { - "_id": "emailTemplate/multiFactorEmailLink", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "

You started a login or profile update that requires MFA.

Click to Proceed

", - }, - "mimeType": "text/html", - "subject": { - "en": "Multi-Factor Email for Identity Cloud login", - }, - }, - "oneTimePassword": { - "_id": "emailTemplate/oneTimePassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "

This is your one-time password:

{{object.description}}

", - }, - "mimeType": "text/html", - "subject": { - "en": "One-Time Password for login", - }, - }, - "profileUpdateNotification": { - "_id": "emailTemplate/profileUpdateNotification", - "defaultLocale": "en", - "displayName": "Profile Update Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}},

your user profile has been updated. If you did not make those changes yourself or requested them, please contact us immediately.

Kindest regards.

", - }, - "message": { - "en": "

Hello {{object.givenName}},

your user profile has been updated. If you did not make those changes yourself or requested them, please contact us immediately.

Kindest regards.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Your user profile has been updated", - }, - }, - "profileUpdateNotificationEmailChange": { - "_id": "emailTemplate/profileUpdateNotificationEmailChange", - "defaultLocale": "en", - "displayName": "Email Address Change Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}},

your user profile has been updated and your email address has changed. This email is sent to the old address we had on file. If you did not make those changes yourself or requested them, please contact us immediately.

Old: {{object.frUnindexedString5}}
-New: {{object.mail}}

Kindest regards.

", - }, - "message": { - "en": "

Hello {{object.givenName}},

your user profile has been updated and your email address has changed. This email is sent to the old address we had on file. If you did not make those changes yourself or requested them, please contact us immediately.

Old: {{object.frUnindexedString5}}
-New: {{object.mail}}

Kindest regards.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: left -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "You email address and profile has been updated", - }, - }, - "registration": { - "_id": "emailTemplate/registration", - "advancedEditor": true, - "defaultLocale": "en", - "displayName": "registration", - "enabled": true, - "from": ""J.P Morgan" ", - "html": { - "en": "", - "fr": "", - }, - "message": { - "en": " - - -
-

You have been invited to join - - JPMC Developer Console -

-

- ACCEPT INVITE -

-
Copyright © 2022 of J.P. Morgan Chase & Co.
-
- -", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, - "mimeType": "text/html", - "styles": "body { - color: #455469; - text-align: center; - font-family: 'Open Sans'; - width: 400px; - margin: auto; -} - td { - text-decoration: none; - color: white; - background: #155C93; - font-style: normal; - font-weight: 700; - font-size: 14px; - line-height: 22px; - border-radius: 3px; - padding: 15px; -} - .content { - background-color: #fff; - border-radius: 4px; -} - h2 { - margin: 50px; -} - h3 { - text-align: left; -} - h4 { - font-style: normal; - font-weight: 400; -} - h5 { - color: #666666; - font-family: 'Inter'; - font-style: normal; - font-weight: 400; - font-size: 16px; - line-height: 24px; -} - h6 { - color: #999999; - font-family: 'Inter'; - -font-style: normal; - font-weight: 400; - font-size: 12px; - line-height: 16px; -} - table { - margin: auto; - background-color: #dedddc; -} - tr { - background-color: #dedddc; -} - -a { - text-decoration: none; - color: white; -} ", - "subject": { - "en": "You're invited to join JPMC Embedded Banking", - "fr": "Créer un nouveau compte", - }, - "templateId": "registration", - }, - "resetPassword": { - "_id": "emailTemplate/resetPassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "

Click to reset your password

Password reset link

", - "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

", - }, - "mimeType": "text/html", - "subject": { - "en": "Reset your password", - "fr": "Réinitialisez votre mot de passe", - }, - }, - "updatePassword": { - "_id": "emailTemplate/updatePassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "html": { - "en": "

Verify email to update password

Update password link

", - }, - "message": { - "en": "

Verify email to update password

Update password link

", - }, - "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", - "subject": { - "en": "Update your password", - }, - }, - "welcome": { - "_id": "emailTemplate/welcome", - "defaultLocale": "en", - "displayName": "Welcome", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, - "message": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, - "mimeType": "text/html", - "styles": "body{ - background-color:#324054; - color:#5e6d82; - padding:60px; - text-align:center -} -a{ - text-decoration:none; - color:#109cf1 -} -.content{ - background-color:#fff; - border-radius:4px; - margin:0 auto; - padding:48px; - width:235px -} -", - "subject": { - "en": "Your account has been created", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 1`] = `""`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 2`] = ` -{ - "emailTemplate": { - "FraudNotification": { - "_id": "emailTemplate/FraudNotification", - "defaultLocale": "en", - "displayName": "Fraud Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}} {{object.sn}},

we blocked an attempt to access your Expanse account from a suspicious device!

Your Expanse Security Team.

", - }, - "message": { - "en": "

Hello {{object.givenName}} {{object.sn}},

we blocked an attempt to access your Expanse account from a suspicious device!

Your Expanse Security Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: red; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Fraud alert from your Expanse Account!", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 3`] = ` -{ - "emailTemplate": { - "MobileEmailOTP": { - "_id": "emailTemplate/MobileEmailOTP", - "defaultLocale": "en", - "displayName": "Mobile Email OTP", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

This is your one-time password:

{{object.frUnindexedInteger5}}

", - }, - "message": { - "en": "

This is your one-time password:

{{object.frUnindexedInteger5}}

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "One-Time Password for Login", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 4`] = ` -{ - "emailTemplate": { - "UnknownDeviceNotification": { - "_id": "emailTemplate/UnknownDeviceNotification", - "defaultLocale": "en", - "displayName": "Unknown Device Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Expanse account was accessed from an unknown device!

Your Expanse Security Team.

", - }, - "message": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Expanse account was accessed from an unknown device!

Your Expanse Security Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: orange; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Your Expanse account was accessed from an unknown device!", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 5`] = ` -{ - "emailTemplate": { - "Welcome": { - "_id": "emailTemplate/Welcome", - "defaultLocale": "en", - "displayName": "Welcome", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Welcome to Expanse, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Expanse Team.

", - }, - "message": { - "en": "

Welcome to Expanse, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Expanse Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 10px; - text-align: left -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #ffffff; - border-radius: 4px; - margin: 0 auto; - padding: 10px; - width: 300px -} - ", - "subject": { - "en": "Your registration with Expanse", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 6`] = ` -{ - "emailTemplate": { - "activation": { - "_id": "emailTemplate/activation", - "defaultLocale": "en", - "displayName": "Activation", - "enabled": true, - "from": ""ForgeRock Identity Cloud Team" ", - "html": { - "en": "

Welcome {{object.givenName}}.

Your username is '{{object.userName}}'.

", - }, - "message": { - "en": "

Welcome {{object.givenName}}.

Your username is '{{object.userName}}'.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - -a { - text-decoration: none; - color: #109cf1; -} - -.content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} -", - "subject": { - "en": "Your J.P. Morgan account has been activated", - }, - "templateId": "activation", - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 7`] = ` -{ - "emailTemplate": { - "arvestUnknownDeviceNotification": { - "_id": "emailTemplate/arvestUnknownDeviceNotification", - "defaultLocale": "en", - "description": "", - "displayName": "Arvest Unknown Device Notification", - "enabled": true, - "from": ""Arvest IT Security " ", - "html": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Arvest account was accessed from an unknown device!

Your Arvest Cyber Security Team.

", - }, - "message": { - "en": "

Hello {{object.givenName}} {{object.sn}},

your Arvest account was accessed from an unknown device!

Your Arvest Cyber Security Team.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: orange; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Your Arvest Bank account was accessed from an unknown device!", - }, - "templateId": "arvestUnknownDeviceNotification", - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 8`] = ` -{ - "emailTemplate": { - "arvestWelcome": { - "_id": "emailTemplate/arvestWelcome", - "defaultLocale": "en", - "description": "", - "displayName": "ArvestWelcome", - "enabled": true, - "from": ""Arvest Admin" ", - "html": { - "en": "

Welcome to Arvest Bank, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Arvest Team

", - }, - "message": { - "en": "

Welcome to Arvest Bank, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Arvest Team

", - }, - "mimeType": "text/html", - "name": "Welcome", - "styles": "body { - background-color: #324054; - color: black; - padding: 10px; - text-align: left -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #ffffff; - border-radius: 4px; - margin: 0 auto; - padding: 10px; - width: 300px -} - ", - "subject": { - "en": "Your registration with Arvest Bank", - }, - "templateId": "arvestWelcome", - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 9`] = ` -{ - "emailTemplate": { - "ebInvitation": { - "_id": "emailTemplate/ebInvitation", - "advancedEditor": true, - "defaultLocale": "en", - "description": "", - "displayName": "EBInvitation", - "enabled": true, - "from": ""J.P Morgan " <>", - "html": { - "en": "", - }, - "message": { - "en": " - - -
-

Dear {{object.givenName}},

-

You have been invited to join - JPMC Embedded Banking -

- - - - -
- ACCEPT INVITE -
-
Copyright © 2022 of J.P. Morgan Chase & Co.
-
- - - ", - }, - "mimeType": "text/html", - "name": "invitation", - "styles": "body { - margin: 0; - padding: 0; - color: #455469; - font-family: 'Open Sans'; -} - table { - width:100%; - border-collapse:collapse; - border:0; - border-spacing:0; - background:#ffffff; - text-align: center; -} - tbody { -} - ", - "subject": { - "en": "You're invited to join the JPMC Embedded Banking", - }, - "templateId": "ebInvitation", - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 10`] = ` -{ - "emailTemplate": { - "forgottenUsername": { - "_id": "emailTemplate/forgottenUsername", - "defaultLocale": "en", - "enabled": true, - "from": "", - "html": { - "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", - }, - "message": { - "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", - }, - "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", - "subject": { - "en": "Account Information - username", - "fr": "Informations sur le compte - nom d'utilisateur", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 11`] = ` -{ - "emailTemplate": { - "multiFactorEmailLink": { - "_id": "emailTemplate/multiFactorEmailLink", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "

You started a login or profile update that requires MFA.

Click to Proceed

", - }, - "mimeType": "text/html", - "subject": { - "en": "Multi-Factor Email for Identity Cloud login", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 12`] = ` -{ - "emailTemplate": { - "oneTimePassword": { - "_id": "emailTemplate/oneTimePassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "

This is your one-time password:

{{object.description}}

", - }, - "mimeType": "text/html", - "subject": { - "en": "One-Time Password for login", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 13`] = ` -{ - "emailTemplate": { - "profileUpdateNotification": { - "_id": "emailTemplate/profileUpdateNotification", - "defaultLocale": "en", - "displayName": "Profile Update Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}},

your user profile has been updated. If you did not make those changes yourself or requested them, please contact us immediately.

Kindest regards.

", - }, - "message": { - "en": "

Hello {{object.givenName}},

your user profile has been updated. If you did not make those changes yourself or requested them, please contact us immediately.

Kindest regards.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Your user profile has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 14`] = ` -{ - "emailTemplate": { - "profileUpdateNotificationEmailChange": { - "_id": "emailTemplate/profileUpdateNotificationEmailChange", - "defaultLocale": "en", - "displayName": "Email Address Change Notification", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Hello {{object.givenName}},

your user profile has been updated and your email address has changed. This email is sent to the old address we had on file. If you did not make those changes yourself or requested them, please contact us immediately.

Old: {{object.frUnindexedString5}}
-New: {{object.mail}}

Kindest regards.

", - }, - "message": { - "en": "

Hello {{object.givenName}},

your user profile has been updated and your email address has changed. This email is sent to the old address we had on file. If you did not make those changes yourself or requested them, please contact us immediately.

Old: {{object.frUnindexedString5}}
-New: {{object.mail}}

Kindest regards.

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: left -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "You email address and profile has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 15`] = ` -{ - "emailTemplate": { - "registration": { - "_id": "emailTemplate/registration", - "advancedEditor": true, - "defaultLocale": "en", - "displayName": "registration", - "enabled": true, - "from": ""J.P Morgan" ", - "html": { - "en": "", - "fr": "", - }, - "message": { - "en": " - - -
-

You have been invited to join - - JPMC Developer Console -

-

- ACCEPT INVITE -

-
Copyright © 2022 of J.P. Morgan Chase & Co.
-
- -", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, - "mimeType": "text/html", - "styles": "body { - color: #455469; - text-align: center; - font-family: 'Open Sans'; - width: 400px; - margin: auto; -} - td { - text-decoration: none; - color: white; - background: #155C93; - font-style: normal; - font-weight: 700; - font-size: 14px; - line-height: 22px; - border-radius: 3px; - padding: 15px; -} - .content { - background-color: #fff; - border-radius: 4px; -} - h2 { - margin: 50px; -} - h3 { - text-align: left; -} - h4 { - font-style: normal; - font-weight: 400; -} - h5 { - color: #666666; - font-family: 'Inter'; - font-style: normal; - font-weight: 400; - font-size: 16px; - line-height: 24px; -} - h6 { - color: #999999; - font-family: 'Inter'; - -font-style: normal; - font-weight: 400; - font-size: 12px; - line-height: 16px; -} - table { - margin: auto; - background-color: #dedddc; -} - tr { - background-color: #dedddc; -} - -a { - text-decoration: none; - color: white; -} ", - "subject": { - "en": "You're invited to join JPMC Embedded Banking", - "fr": "Créer un nouveau compte", - }, - "templateId": "registration", - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 16`] = ` -{ - "emailTemplate": { - "resetPassword": { - "_id": "emailTemplate/resetPassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "

Click to reset your password

Password reset link

", - "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

", - }, - "mimeType": "text/html", - "subject": { - "en": "Reset your password", - "fr": "Réinitialisez votre mot de passe", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 17`] = ` -{ - "emailTemplate": { - "updatePassword": { - "_id": "emailTemplate/updatePassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "html": { - "en": "

Verify email to update password

Update password link

", - }, - "message": { - "en": "

Verify email to update password

Update password link

", - }, - "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", - "subject": { - "en": "Update your password", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export --all-separate": should export all email templates to separate files 18`] = ` -{ - "emailTemplate": { - "welcome": { - "_id": "emailTemplate/welcome", - "defaultLocale": "en", - "displayName": "Welcome", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, - "message": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, - "mimeType": "text/html", - "styles": "body{ - background-color:#324054; - color:#5e6d82; - padding:60px; - text-align:center -} -a{ - text-decoration:none; - color:#109cf1 -} -.content{ - background-color:#fff; - border-radius:4px; - margin:0 auto; - padding:48px; - width:235px -} -", - "subject": { - "en": "Your account has been created", - }, - }, - }, - "meta": Any, -} -`; - exports[`frodo email template export "frodo email template export --template-id activation": should export the email template with email id "activation" 1`] = `""`; exports[`frodo email template export "frodo email template export --template-id activation": should export the email template with email id "activation" 2`] = ` @@ -1339,6 +9,7 @@ exports[`frodo email template export "frodo email template export --template-id "_id": "emailTemplate/activation", "defaultLocale": "en", "displayName": "Activation", + "emailTemplate": {}, "enabled": true, "from": ""ForgeRock Identity Cloud Team" ", "html": { @@ -1512,39 +183,39 @@ exports[`frodo email template export "frodo email template export -A": should ex exports[`frodo email template export "frodo email template export -A": should export all email templates to separate files 5`] = ` { "emailTemplate": { - "Welcome": { - "_id": "emailTemplate/Welcome", + "welcome": { + "_id": "emailTemplate/welcome", "defaultLocale": "en", "displayName": "Welcome", "enabled": true, "from": "saas@forgerock.com", "html": { - "en": "

Welcome to Expanse, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Expanse Team.

", + "en": "

Welcome. Your username is '{{object.userName}}'.

", }, "message": { - "en": "

Welcome to Expanse, {{object.givenName}}!

Access your account with your new username: {{object.userName}}

We are looking forward to servicing all your banking needs!

Your Expanse Team.

", + "en": "

Welcome. Your username is '{{object.userName}}'.

", }, "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: black; - padding: 10px; - text-align: left + "styles": "body{ + background-color:#324054; + color:#5e6d82; + padding:60px; + text-align:center } - a { - text-decoration: none; - color: #109cf1; +a{ + text-decoration:none; + color:#109cf1 } - .content { - background-color: #ffffff; - border-radius: 4px; - margin: 0 auto; - padding: 10px; - width: 300px +.content{ + background-color:#fff; + border-radius:4px; + margin:0 auto; + padding:48px; + width:235px } - ", +", "subject": { - "en": "Your registration with Expanse", + "en": "Your account has been created", }, }, }, @@ -1559,6 +230,7 @@ exports[`frodo email template export "frodo email template export -A": should ex "_id": "emailTemplate/activation", "defaultLocale": "en", "displayName": "Activation", + "emailTemplate": {}, "enabled": true, "from": ""ForgeRock Identity Cloud Team" ", "html": { @@ -1920,6 +592,7 @@ exports[`frodo email template export "frodo email template export -A": should ex "advancedEditor": true, "defaultLocale": "en", "displayName": "registration", + "emailTemplate": {}, "enabled": true, "from": ""J.P Morgan" ", "html": { @@ -2064,52 +737,9 @@ exports[`frodo email template export "frodo email template export -A": should ex } `; -exports[`frodo email template export "frodo email template export -A": should export all email templates to separate files 18`] = ` -{ - "emailTemplate": { - "welcome": { - "_id": "emailTemplate/welcome", - "defaultLocale": "en", - "displayName": "Welcome", - "enabled": true, - "from": "saas@forgerock.com", - "html": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, - "message": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, - "mimeType": "text/html", - "styles": "body{ - background-color:#324054; - color:#5e6d82; - padding:60px; - text-align:center -} -a{ - text-decoration:none; - color:#109cf1 -} -.content{ - background-color:#fff; - border-radius:4px; - margin:0 auto; - padding:48px; - width:235px -} -", - "subject": { - "en": "Your account has been created", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo email template export "frodo email template export -a --file test.json": should export all email templates to a single file named test.json 1`] = `""`; +exports[`frodo email template export "frodo email template export -a --file my-allEmailTemplates.template.email.json": should export all email templates to a single file named my-allEmailTemplates.template.email.json 1`] = `""`; -exports[`frodo email template export "frodo email template export -a --file test.json": should export all email templates to a single file named test.json 2`] = ` +exports[`frodo email template export "frodo email template export -a --file my-allEmailTemplates.template.email.json": should export all email templates to a single file named my-allEmailTemplates.template.email.json 2`] = ` { "emailTemplate": { "FraudNotification": { @@ -2256,6 +886,7 @@ exports[`frodo email template export "frodo email template export -a --file test "_id": "emailTemplate/activation", "defaultLocale": "en", "displayName": "Activation", + "emailTemplate": {}, "enabled": true, "from": ""ForgeRock Identity Cloud Team" ", "html": { @@ -2545,6 +1176,7 @@ New: {{object.mail}}

Kindest regards.

", "advancedEditor": true, "defaultLocale": "en", "displayName": "registration", + "emailTemplate": {}, "enabled": true, "from": ""J.P Morgan" ", "html": { @@ -2857,6 +1489,7 @@ exports[`frodo email template export "frodo email template export -a": should ex "_id": "emailTemplate/activation", "defaultLocale": "en", "displayName": "Activation", + "emailTemplate": {}, "enabled": true, "from": ""ForgeRock Identity Cloud Team" ", "html": { @@ -3146,6 +1779,7 @@ New: {{object.mail}}

Kindest regards.

", "advancedEditor": true, "defaultLocale": "en", "displayName": "registration", + "emailTemplate": {}, "enabled": true, "from": ""J.P Morgan" ", "html": { @@ -3309,15 +1943,16 @@ a{ } `; -exports[`frodo email template export "frodo email template export -i activation -f test.json": should export the email template with email id "activation" into file named test.json 1`] = `""`; +exports[`frodo email template export "frodo email template export -i activation -f my-activation.template.email.json": should export the email template with email id "activation" into file named my-activation.template.email.json 1`] = `""`; -exports[`frodo email template export "frodo email template export -i activation -f test.json": should export the email template with email id "activation" into file named test.json 2`] = ` +exports[`frodo email template export "frodo email template export -i activation -f my-activation.template.email.json": should export the email template with email id "activation" into file named my-activation.template.email.json 2`] = ` { "emailTemplate": { "activation": { "_id": "emailTemplate/activation", "defaultLocale": "en", "displayName": "Activation", + "emailTemplate": {}, "enabled": true, "from": ""ForgeRock Identity Cloud Team" ", "html": { @@ -3366,6 +2001,7 @@ exports[`frodo email template export "frodo email template export -i activation" "_id": "emailTemplate/activation", "defaultLocale": "en", "displayName": "Activation", + "emailTemplate": {}, "enabled": true, "from": ""ForgeRock Identity Cloud Team" ", "html": { diff --git a/test/e2e/email-template-export.e2e.test.js b/test/e2e/email-template-export.e2e.test.js index 01af48cc9..1cd05b0c3 100644 --- a/test/e2e/email-template-export.e2e.test.js +++ b/test/e2e/email-template-export.e2e.test.js @@ -56,12 +56,21 @@ FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_S FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo email template export -A FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo email template export --all-separate */ + +/* +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo email template export -i activation +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo email template export --template-id activation +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo email template export -i activation -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo email template export -a +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo email template export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo email template export -A +*/ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; process.env['FRODO_MOCK'] = '1'; const env = { - env: process.env, + env: process.env, }; env.env.FRODO_HOST = c.host; env.env.FRODO_SA_ID = c.saId; @@ -70,49 +79,38 @@ env.env.FRODO_SA_JWK = c.saJwk; const type = 'template.email'; describe('frodo email template export', () => { - test('"frodo email template export -i activation": should export the email template with email id "activation"', async () => { - const CMD = `frodo email template export -i activation`; - const exportFile = "activation.template.email.json"; - await testExport(CMD, env, type, exportFile); - }); - - test('"frodo email template export --template-id activation": should export the email template with email id "activation"', async () => { - const CMD = `frodo email template export --template-id activation`; - const exportFile = "activation.template.email.json"; - await testExport(CMD, env, type, exportFile); - }); - - test('"frodo email template export -i activation -f test.json": should export the email template with email id "activation" into file named test.json', async () => { - const CMD = `frodo email template export -i activation -f test.json`; - const exportFile = "test.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo email template export -i activation": should export the email template with email id "activation"', async () => { + const exportFile = 'activation.template.email.json'; + const CMD = `frodo email template export -i activation`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo email template export -a": should export all email templates to a single file', async () => { - const CMD = `frodo email template export -a`; - const exportFile = "allEmailTemplates.template.email.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo email template export --template-id activation": should export the email template with email id "activation"', async () => { + const exportFile = 'activation.template.email.json'; + const CMD = `frodo email template export --template-id activation`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo email template export --all": should export all email templates to a single file', async () => { - const CMD = `frodo email template export --all`; - const exportFile = "allEmailTemplates.template.email.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo email template export -i activation -f my-activation.template.email.json": should export the email template with email id "activation" into file named my-activation.template.email.json', async () => { + const exportFile = 'my-activation.template.email.json'; + const CMD = `frodo email template export -i activation -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo email template export -a --file test.json": should export all email templates to a single file named test.json', async () => { - const CMD = `frodo email template export -a --file test.json`; - const exportFile = "test.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo email template export -a": should export all email templates to a single file', async () => { + const exportFile = 'allEmailTemplates.template.email.json'; + const CMD = `frodo email template export -a`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo email template export -A": should export all email templates to separate files', async () => { - const CMD = `frodo email template export -A`; - await testExport(CMD, env, type); - }); + test('"frodo email template export -a --file my-allEmailTemplates.template.email.json": should export all email templates to a single file named my-allEmailTemplates.template.email.json', async () => { + const exportFile = 'my-allEmailTemplates.template.email.json'; + const CMD = `frodo email template export -a --file ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo email template export --all-separate": should export all email templates to separate files', async () => { - const CMD = `frodo email template export --all-separate`; - await testExport(CMD, env, type); - }); + test('"frodo email template export -A": should export all email templates to separate files', async () => { + const CMD = `frodo email template export -A`; + await testExport(CMD, env, type); + }); }); diff --git a/test/e2e/utils/TestUtils.js b/test/e2e/utils/TestUtils.js index 9c6d30a71..d42efbdc6 100644 --- a/test/e2e/utils/TestUtils.js +++ b/test/e2e/utils/TestUtils.js @@ -1,6 +1,6 @@ -import fs from "fs"; -import { promisify } from "util"; -import cp from "child_process"; +import fs from 'fs'; +import { promisify } from 'util'; +import cp from 'child_process'; const exec = promisify(cp.exec); @@ -26,19 +26,42 @@ export function removeAnsiEscapeCodes(text) { * @param {string} directory The path to the directory the export files are located in. Default is the current directory "./". * @returns {Promise} */ -export async function testExport(command, env, type, fileName, directory = "./", checkForMetadata = true) { +export async function testExport( + command, + env, + type, + fileName, + directory = './', + checkForMetadata = true +) { const { stdout } = await exec(command, env); - const regex = new RegExp(fileName ? fileName : (type ? `.*\\.${type}\\.(json|js|groovy)` : `.*\\.(json|js|groovy)`)); - const filePaths = fs.readdirSync(directory).filter(n => regex.test(n)).map(n => `${directory}${directory.endsWith("/") ? '' : '/'}${n}`); + const regex = new RegExp( + fileName + ? fileName + : type + ? `.*\\.${type}\\.(json|js|groovy)` + : `.*\\.(json|js|groovy)` + ); + const filePaths = fs + .readdirSync(directory) + .filter((n) => regex.test(n)) + .map((n) => `${directory}${directory.endsWith('/') ? '' : '/'}${n}`); if (fileName) { expect(filePaths.length).toBe(1); } else { expect(filePaths.length >= 1).toBeTruthy(); } expect(removeAnsiEscapeCodes(stdout)).toMatchSnapshot(); - filePaths.forEach(path => { - if (path.endsWith("json")) { - const exportData = JSON.parse(fs.readFileSync(path, 'utf8')); + filePaths.forEach((path) => { + let deleteExportFile = true; + if (path.endsWith('json')) { + let exportData = {}; + try { + exportData = JSON.parse(fs.readFileSync(path, 'utf8')); + } catch (error) { + deleteExportFile = false; + exportData = { path, error }; + } if (checkForMetadata) { expect(exportData).toMatchSnapshot({ meta: expect.any(Object), @@ -51,7 +74,7 @@ export async function testExport(command, env, type, fileName, directory = "./", expect(data).toMatchSnapshot(); } //Delete export file - fs.unlinkSync(path); + if (deleteExportFile) fs.unlinkSync(path); }); } From fef633e222a75c381efc91d9549d72d03bde6b15 Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 20:46:40 -0500 Subject: [PATCH 09/18] update saml tests and snapshots --- .../saml-export.e2e.test.js.snap | 1329 +---------------- .../saml-metadata-export.e2e.test.js.snap | 81 - test/e2e/saml-export.e2e.test.js | 85 +- test/e2e/saml-metadata-export.e2e.test.js | 33 +- 4 files changed, 53 insertions(+), 1475 deletions(-) diff --git a/test/e2e/__snapshots__/saml-export.e2e.test.js.snap b/test/e2e/__snapshots__/saml-export.e2e.test.js.snap index f56ebd2f7..5de95c01b 100644 --- a/test/e2e/__snapshots__/saml-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/saml-export.e2e.test.js.snap @@ -1,1314 +1,5 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`frodo saml export "frodo saml export --all": should export all saml providers to a single file 1`] = `""`; - -exports[`frodo saml export "frodo saml export --all": should export all saml providers to a single file 2`] = ` -{ - "meta": Any, - "saml": { - "hosted": { - "aVNQQXp1cmU": { - "_id": "aVNQQXp1cmU", - "_rev": "1379466460", - "entityId": "iSPAzure", - "serviceProvider": { - "advanced": { - "ecpConfiguration": { - "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", - }, - "idpProxy": {}, - "relayStateUrlList": {}, - "saeConfiguration": { - "spUrl": "https://idc.scheuber.io/am/spsaehandler/metaAlias/alpha/iSPAzure", - }, - }, - "assertionContent": { - "assertionTimeSkew": 300, - "authenticationContext": { - "authContextItems": [ - { - "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "defaultItem": true, - "level": 0, - }, - ], - "authenticationComparisonType": "Exact", - "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", - "includeRequestedAuthenticationContext": true, - }, - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - ], - }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, - }, - }, - "assertionProcessing": { - "accountMapping": { - "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", - "useNameIDAsSPUserID": true, - }, - "adapter": {}, - "attributeMapper": { - "attributeMap": [ - { - "key": "http://schemas.microsoft.com/identity/claims/displayname", - "value": "cn", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", - "value": "givenName", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", - "value": "sn", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", - "value": "mail", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", - "value": "uid", - }, - ], - "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", - }, - "autoFederation": { - "autoFedEnabled": false, - }, - "responseArtifactMessageEncoding": { - "encoding": "URI", - }, - "url": {}, - }, - "services": { - "metaAlias": "/alpha/iSPAzure", - "serviceAttributes": { - "assertionConsumerService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", - "index": 0, - "isDefault": true, - "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "index": 1, - "isDefault": false, - "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", - "index": 2, - "isDefault": false, - "location": "https://idc.scheuber.io/am/Consumer/ECP/metaAlias/alpha/iSPAzure", - }, - ], - "nameIdService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "https://idc.scheuber.io/am/SPSloSoap/metaAlias/alpha/iSPAzure", - }, - ], - }, - }, - }, - }, - }, - "metadata": { - "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC8DCCAdigAwIBAgIQZzae6CymcZhG5gxIgB7mMDANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQD", - "EylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTAzMzEyMDI0", - "MTdaFw0yNDAzMzEyMDI0MTdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg", - "U1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv62V9U2Wi8gr", - "arSBp7s4Bupke9vaXsNOgNZ8Vn/i0mo6Jn0E1HmJ6uIy+QeahQDtxFQyoEW1LeLGBeVwvUvOfSwf", - "wPBEHLw9g3F84IdgfIWtezj87BHh3ezwb0r/0Eny3xHcS02wQsIFRIhn7ltCaMFrTja18gBapuRl", - "36Ujfod7W1uL1HJTsw8auKXYEhutbeQYpdU6qcPaksJd1r16q+Jc78MHptKMWSNI1OnB9jK8hr/3", - "aug+LSeuJScaJQZDo/qKDmoIC6KT6CgfzUy33I/gjU6RjVcwNw4XFpk5ad13HXTtfCLtPtMxGYuk", - "cOxX3M80EJMLFr2sJO0vJbA8aQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB8GmsA4N5KDQ79v+/1", - "zVFq8domQYZm8wEAIHn4+T02IluDa9Ty/EqgFzvqAZUILQneFrGCh9uIub/Z3NtkIgs2gbAduxdn", - "hzdwhNRNivks4P0CO+9Q1iK/xOsmWo12xsyB4lyAv7HsF+COIPFGhRfzsCxVFKfU8x2r+bb8kWLM", - "YpA2NDlz+MTXQEWhFtCLwQRjHlD6C5+yzqoAFBO7RR28mztTF0nVbKj7N+Ri5VLEKJospkwUDtIH", - "dcp2bSVwhziAIn05yiw6AVIZnje7cN+kJdCIDgqQ+Ebb96C/Y0JmYvz6sJVP0/u5oR5PrsQqBrw4", - "OzVWNFaXuTcN3UicN01V", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC8DCCAdigAwIBAgIQfU4A0Hnj17dI0GSzvUwMZTANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQD", - "EylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTA2MDYwMTQy", - "MzBaFw0yNDA2MDYwMTQyMzBaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg", - "U1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+fFmS+eVDho", - "FhlYoY1vRkJIblLct3ZT/sT5AmIoCEGxXBeiSCwnSCveXEfrqEHmjlT5qni5spO+OmX7GrLeytHk", - "hl3O6XiXyVBlvyTSFd/bLHR2DqdxbUxUs2E7WfwQyq9Ob9i3++4fRIPFw+JcZ99ouZasHn2BJvWh", - "liT7yRtYhvwboc8BwWveL70ZJqsCJnlOKQVIccCdNbQe6HleePXgFB4pRge46zmqKVeEpLbBRqgj", - "Yf7EkhBJjx0WY2zMW7DLHDCZEY6VS2Kf9gJpGntNSLe0gXydBFtaFPgyaKIVswZ5hY1oRDPHEXEJ", - "+a5TVRGLeTlyK0v9Y+c8d3XdoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBZ5lcYpe13quossxB7", - "L2Y1E7hpy7AZgWr/OGYi/tUh1pJ4++3uZvHJLtTfXc7V+Y5EG6LRq9HZyF0hSvubhYkDXlwYbF7U", - "/osQjTe1tffPWO3bwzcrBVz7ytvb7DyvikI3C0f3LaCgEwxwYCD33IowNQS/IJA7W/kiFb/7q/Qu", - "7T/gDL1RjYdm9WmYW3RNn0Kh1VDBiCfY739xpCwdH11OUQfVc+9Z2KSSQY7EAlVgwpq+UiVdOqY9", - "m4cqul7uvjiSTgG0h5RW9xi3a6Lilk1TxsQUu4tRnGsDCAFgkgLN5rNnlQULuahzruoXWqe4g6pn", - "Ritpy6bwva8piGPKhVi/", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aVNQQXp1cmU": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - "MIIDXzCCAkegAwIBAgIEDvqo1zANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVSzEQMA4GA1UE", - "CBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMRkwFwYDVQQD", - "ExByc2Fqd3RzaWduaW5na2V5MB4XDTIyMDgxMTAxMzIyOVoXDTMyMDgwODAxMzIyOVowYDELMAkG", - "A1UEBhMCVUsxEDAOBgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZv", - "cmdlUm9jazEZMBcGA1UEAxMQcnNhand0c2lnbmluZ2tleTCCASIwDQYJKoZIhvcNAQEBBQADggEP", - "ADCCAQoCggEBAKz4i7AfLdKa2fOueSyaX3rviRZXzY3w8J01B6VZZk+ujatitD8h9uSE7RjK2NS6", - "BYSf/wMsg2/Xy/vVbqEMrAl8ptdjXd9rsyL4sz33IRDgs9PqW2X2Ml5et0ASCwwQJWv8aGJJqkOG", - "ZorLVGqCS8PvkiN8MoYXGvkMpLPeWuSBqTTC2iBubhenRqcRkvCoeZ0JbrRWfEHKoFM1gkTj/xcn", - "L8yrXb5S3e2iAPkRw8+UPf8d4i9syS/jDyUZgrfqOsypbHh0dNMkS5dYpiqnOmJDWkjy1UDdUGmA", - "SKglu7c6gKaPaxcqh9VNGnTerQFbpKMV34guBoyBFrVFD1Sq6eUCAwEAAaMhMB8wHQYDVR0OBBYE", - "FCRENQBDfGf/R6qys11dPZM1+i5zMA0GCSqGSIb3DQEBCwUAA4IBAQACttnaeWl6CLVhffIlVz28", - "CgxJbLB+pY9mL/jy7G0+5AxK7h9Njoe9ZK9k59uMcwD5BfVPl58kxFLJcnFc68R9m2Cdii1aCm/A", - "BLlHPhpxHni5INeH9J4P7MLdVwxMa/Inp9tw3gZQ60txgG/mv535kL1mtlUSqbPDf57AtG0tNWKT", - "2EBe/aSLndIWAhGf1qjS5Sc3uz+O5QEG7fnkLS4uOh5//coh14wfY3EAnMl/DpkgViliQOu7voX8", - "7geBJd5jJhs6Ne2BJUp0q4iylD6WJrcfOLc3mcrgVaey5rLzVvX8vsp+p/m88KKhPzK+C8soYHz4", - "T7PNNC7YVB2EQVSm", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDRzCCAi+gAwIBAgIEK9RtfDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVSzEQMA4GA1UE", - "CBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMQ0wCwYDVQQD", - "EwR0ZXN0MB4XDTIyMDgxMTAxMzIzMFoXDTMyMDgwODAxMzIzMFowVDELMAkGA1UEBhMCVUsxEDAO", - "BgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazENMAsG", - "A1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIjkMGOu0kbOsvdp45J6", - "FYW5wIn5TsKEPQUlNbYiFITg9o18Ja+6vWouK0fbIkzp8Ejj3U5OPHXqCtXCiDWiNX+bbFZoELW2", - "KUigC26QdqbhmA/hTBheyQaUg/I4D64fqebUare9r0zxtMYE8FnR3YRgGeEG2qSlxgmIFvTMnzd4", - "UwrUuw8C/uZTRbppDQITpkLDrOKb9608qnRvbXSR7UVP/JTm8Pq6uP2pvXz2F/QSK/wMKOnsjf+B", - "XfnqNZ9b+PP+fJvUKIcxjFwgDkmGP+Kr9YV7aFaur5Hgh7Q+q4bSDJMbNDhk5Lqu6qr3oGulyiTX", - "htoEkLMcbMA7JrVFCl0CAwEAAaMhMB8wHQYDVR0OBBYEFPoZt1jm2z/0gX/TnN/Sn+T31BU1MA0G", - "CSqGSIb3DQEBCwUAA4IBAQAY2Hy1f+lKClRzJFHNVyYZ0ahRCkbGB0FppwI8ZhIt6Aj3p9LBXOdu", - "IckDfAjg0/mckuEteA7l1LRqYcQIxpxrJU4FTxeyV1gTgudW43rw9Vd3AxdVocXqdpVxAvECtI+X", - "/jdbkk54k0mYTCI9ruNRdof1BpOWkI9Jtdj0GRe7L9nydNb3V/kJzSVMDNsx+Vc0GnmysL7edZDo", - "mK3zry+aIWav0yj1Pmh2lOgD6rEnOlGZDqrmIqWd0d2jp8Am4iawP0sr9e7etjK/YGCFW4byuCOx", - "328SOTHshVUBtIGbq11vuQleknlVL7A/aYUeUIyOvdYhWD7YoVnBV+QwcrAH", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC/TCCAeWgAwIBAgIQbgDHfi3t1JNGVqwD5/7lmjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", - "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjAxMjIxMDAwMDAwWhcNMjUxMjIx", - "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFT0/0/2qQurnYa0LbJHF9YYozhEH6r9mCxVDBYbew", - "SG4tGgrWpsewQ/96pcczGMQctMvU+h2eX38Hx/f9JAIDbuRQzQlsPhQS7DDZ6WlTXU+t8d/g2C7f", - "pSoLs4KVdJih4xyjLUWj+BK/ijsRjBt4Riw9VbJH/DdWKyoSMbECEiE+s1RtLP/eYoMmNfxyQGqW", - "irCNqVNBTlqzYQp4dgF0foYy4ktoxwmQOVoTcIMFYp1I4pFPI7CxuMLkfK0X7aTbM7YGphvMfJxJ", - "kjrQdyI7G5d1t4DNi3zkEbBT7FGAr6qPt3Kn9ralpqJKHdpEBA9N0vNwQo5XTYIhUbPQ16IRAgMB", - "AAGjITAfMB0GA1UdDgQWBBRs7tPmfkksSr67KtElHjYZbeaCTjANBgkqhkiG9w0BAQsFAAOCAQEA", - "JqwMZSjQJ36x+1sty6EeLKQLQewQwPaEC47Zut+8bXed6Q8jMZ0bfa/MM7XquEcabaMZLQuKLft4", - "4YXwXXQOfQrI2qjQr3eToJFlDT9hR0rfp9wQqttDxd6Aa6RWwDTgo5oKUQCTKLHhEy8uWzScK0eG", - "t2d7TWTaDXjRSwNq6tM7fRhZs07tKBV3xfi9EQy/mlavAMFRBVm86NSo7AsOG1IOMq03U3ooCWAX", - "h9PdvvHNfHhH19futAnC/HeOjwRF1Qc527aBMphYFQLdiThfmfmiE/AhQqCwZ2oE7uCJhBtR+Kb1", - "ZGhjI35pHfsSqGiFa7Kr+5ave822PDcke89Mvg==", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC/TCCAeWgAwIBAgIQN/GPegnT8blP2EcSdMMbBzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", - "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjEwMjE4MDAwMDAwWhcNMjYwMjE4", - "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXdLGU2Ll5RPdDUnKQ+f/HS5qiTay2cCh9U2AS6oDM", - "6SOxVhYGtoeJ1VPebcLnpgLfhPxzrwWoVzXSEF+VRQbnYID2Jb4khjgyEeoThk3VqrThwhahpSbB", - "g2vo06vIOp1TS2R1BiwHKTLoB1i1IJnaIFSC3BN6pY4flXWyLQt/5ABXElv2XZLqXM9Eefj6Ji40", - "nLIsiW4dWw3BDa/ywWW0MsiW5ojGq4vovcAgENe/4NUbju70gHP/WS5D9bW5p+OIQi7/unrlWe/h", - "3A6jtBbbRlXYXlN+Z22uTTyyCD/W8zeXaACLvHagwEMrQePDXBZqc/iX2kI+ooZr1sC/H39RAgMB", - "AAGjITAfMB0GA1UdDgQWBBSrX2dm3LwT9jb/p+bAAdYQpE+/NjANBgkqhkiG9w0BAQsFAAOCAQEA", - "eqJfYHnsA9qhGttXFfFpPW4DQLh5w6JCce7vGvWINr5fr1DnQdcOr+wwjQ/tqbckAL2v6z1AqjhS", - "78kbfegnAQDwioJZ1olYYvLOxKoa6HF+b1/p0Mlub8Zukk2n1b2lKPBBOibOasSY7gQDwlIZi7tl", - "9nMTxUfdYK+E5Axv7DVnmUCwcnnpV5/1SFdNyW2kWO4C68rrjMOvECfwrKkbfVJM8f9krEUBuoBF", - "8dTDv7D2ZM4Q2buC70NbfaNWUX0yFvKI0IuTqk8RBfGTRQ4fZAbhMPaykEpBu6dNjTi5YOa0lNqF", - "GS7Ax7leCh5x9lV8elcLkXs8ySo8AOQJk0hgIw==", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC/TCCAeWgAwIBAgIQN/GPegnT8blP2EcSdMMbBzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", - "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjEwMjE4MDAwMDAwWhcNMjYwMjE4", - "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXdLGU2Ll5RPdDUnKQ+f/HS5qiTay2cCh9U2AS6oDM", - "6SOxVhYGtoeJ1VPebcLnpgLfhPxzrwWoVzXSEF+VRQbnYID2Jb4khjgyEeoThk3VqrThwhahpSbB", - "g2vo06vIOp1TS2R1BiwHKTLoB1i1IJnaIFSC3BN6pY4flXWyLQt/5ABXElv2XZLqXM9Eefj6Ji40", - "nLIsiW4dWw3BDa/ywWW0MsiW5ojGq4vovcAgENe/4NUbju70gHP/WS5D9bW5p+OIQi7/unrlWe/h", - "3A6jtBbbRlXYXlN+Z22uTTyyCD/W8zeXaACLvHagwEMrQePDXBZqc/iX2kI+ooZr1sC/H39RAgMB", - "AAGjITAfMB0GA1UdDgQWBBSrX2dm3LwT9jb/p+bAAdYQpE+/NjANBgkqhkiG9w0BAQsFAAOCAQEA", - "eqJfYHnsA9qhGttXFfFpPW4DQLh5w6JCce7vGvWINr5fr1DnQdcOr+wwjQ/tqbckAL2v6z1AqjhS", - "78kbfegnAQDwioJZ1olYYvLOxKoa6HF+b1/p0Mlub8Zukk2n1b2lKPBBOibOasSY7gQDwlIZi7tl", - "9nMTxUfdYK+E5Axv7DVnmUCwcnnpV5/1SFdNyW2kWO4C68rrjMOvECfwrKkbfVJM8f9krEUBuoBF", - "8dTDv7D2ZM4Q2buC70NbfaNWUX0yFvKI0IuTqk8RBfGTRQ4fZAbhMPaykEpBu6dNjTi5YOa0lNqF", - "GS7Ax7leCh5x9lV8elcLkXs8ySo8AOQJk0hgIw==", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:mace:shibboleth:1.0:nameIdentifier", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, - "remote": { - "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": { - "_id": "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw", - "_rev": "-859975283", - "entityId": "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/", - "identityProvider": { - "assertionContent": { - "basicAuthentication": {}, - "nameIdFormat": {}, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, - }, - }, - "services": { - "serviceAttributes": { - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/saml2", - }, - ], - "singleSignOnService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/saml2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/saml2", - }, - ], - }, - }, - }, - }, - "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { - "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", - "_rev": "317057337", - "entityId": "urn:federation:MicrosoftOnline", - "serviceProvider": { - "advanced": { - "idpProxy": {}, - "saeConfiguration": {}, - }, - "assertionContent": { - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:mace:shibboleth:1.0:nameIdentifier", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - ], - }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": { - "assertion": true, - }, - "secretIdAndAlgorithms": {}, - }, - }, - "assertionProcessing": { - "attributeMapper": { - "attributeMap": [ - { - "binary": false, - "localAttribute": "mail", - "samlAttribute": "IDPEmail", - }, - { - "binary": false, - "localAttribute": "UOPClassID", - "samlAttribute": "UOPClassID", - }, - ], - }, - "responseArtifactMessageEncoding": { - "encoding": "URI", - }, - }, - "services": { - "serviceAttributes": { - "assertionConsumerService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "index": 0, - "isDefault": true, - "location": "https://login.microsoftonline.com/login.srf", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign", - "index": 1, - "isDefault": false, - "location": "https://login.microsoftonline.com/login.srf", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", - "index": 2, - "isDefault": false, - "location": "https://login.microsoftonline.com/login.srf", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://login.microsoftonline.com/login.srf", - }, - ], - }, - }, - }, - }, - }, - }, - "script": {}, -} -`; - -exports[`frodo saml export "frodo saml export --all-separate": should export all saml providers to separate files 1`] = `""`; - -exports[`frodo saml export "frodo saml export --all-separate": should export all saml providers to separate files 2`] = ` -{ - "meta": Any, - "saml": { - "hosted": { - "aVNQQXp1cmU": { - "_id": "aVNQQXp1cmU", - "_rev": "1379466460", - "entityId": "iSPAzure", - "serviceProvider": { - "advanced": { - "ecpConfiguration": { - "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", - }, - "idpProxy": {}, - "relayStateUrlList": {}, - "saeConfiguration": { - "spUrl": "https://idc.scheuber.io/am/spsaehandler/metaAlias/alpha/iSPAzure", - }, - }, - "assertionContent": { - "assertionTimeSkew": 300, - "authenticationContext": { - "authContextItems": [ - { - "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "defaultItem": true, - "level": 0, - }, - ], - "authenticationComparisonType": "Exact", - "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", - "includeRequestedAuthenticationContext": true, - }, - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - ], - }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, - }, - }, - "assertionProcessing": { - "accountMapping": { - "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", - "useNameIDAsSPUserID": true, - }, - "adapter": {}, - "attributeMapper": { - "attributeMap": [ - { - "key": "http://schemas.microsoft.com/identity/claims/displayname", - "value": "cn", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", - "value": "givenName", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", - "value": "sn", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", - "value": "mail", - }, - { - "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", - "value": "uid", - }, - ], - "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", - }, - "autoFederation": { - "autoFedEnabled": false, - }, - "responseArtifactMessageEncoding": { - "encoding": "URI", - }, - "url": {}, - }, - "services": { - "metaAlias": "/alpha/iSPAzure", - "serviceAttributes": { - "assertionConsumerService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", - "index": 0, - "isDefault": true, - "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "index": 1, - "isDefault": false, - "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", - "index": 2, - "isDefault": false, - "location": "https://idc.scheuber.io/am/Consumer/ECP/metaAlias/alpha/iSPAzure", - }, - ], - "nameIdService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", - "responseLocation": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "https://idc.scheuber.io/am/SPSloSoap/metaAlias/alpha/iSPAzure", - }, - ], - }, - }, - }, - }, - }, - "metadata": { - "aVNQQXp1cmU": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - "MIIDXzCCAkegAwIBAgIEDvqo1zANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVSzEQMA4GA1UE", - "CBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMRkwFwYDVQQD", - "ExByc2Fqd3RzaWduaW5na2V5MB4XDTIyMDgxMTAxMzIyOVoXDTMyMDgwODAxMzIyOVowYDELMAkG", - "A1UEBhMCVUsxEDAOBgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZv", - "cmdlUm9jazEZMBcGA1UEAxMQcnNhand0c2lnbmluZ2tleTCCASIwDQYJKoZIhvcNAQEBBQADggEP", - "ADCCAQoCggEBAKz4i7AfLdKa2fOueSyaX3rviRZXzY3w8J01B6VZZk+ujatitD8h9uSE7RjK2NS6", - "BYSf/wMsg2/Xy/vVbqEMrAl8ptdjXd9rsyL4sz33IRDgs9PqW2X2Ml5et0ASCwwQJWv8aGJJqkOG", - "ZorLVGqCS8PvkiN8MoYXGvkMpLPeWuSBqTTC2iBubhenRqcRkvCoeZ0JbrRWfEHKoFM1gkTj/xcn", - "L8yrXb5S3e2iAPkRw8+UPf8d4i9syS/jDyUZgrfqOsypbHh0dNMkS5dYpiqnOmJDWkjy1UDdUGmA", - "SKglu7c6gKaPaxcqh9VNGnTerQFbpKMV34guBoyBFrVFD1Sq6eUCAwEAAaMhMB8wHQYDVR0OBBYE", - "FCRENQBDfGf/R6qys11dPZM1+i5zMA0GCSqGSIb3DQEBCwUAA4IBAQACttnaeWl6CLVhffIlVz28", - "CgxJbLB+pY9mL/jy7G0+5AxK7h9Njoe9ZK9k59uMcwD5BfVPl58kxFLJcnFc68R9m2Cdii1aCm/A", - "BLlHPhpxHni5INeH9J4P7MLdVwxMa/Inp9tw3gZQ60txgG/mv535kL1mtlUSqbPDf57AtG0tNWKT", - "2EBe/aSLndIWAhGf1qjS5Sc3uz+O5QEG7fnkLS4uOh5//coh14wfY3EAnMl/DpkgViliQOu7voX8", - "7geBJd5jJhs6Ne2BJUp0q4iylD6WJrcfOLc3mcrgVaey5rLzVvX8vsp+p/m88KKhPzK+C8soYHz4", - "T7PNNC7YVB2EQVSm", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDRzCCAi+gAwIBAgIEK9RtfDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVSzEQMA4GA1UE", - "CBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMQ0wCwYDVQQD", - "EwR0ZXN0MB4XDTIyMDgxMTAxMzIzMFoXDTMyMDgwODAxMzIzMFowVDELMAkGA1UEBhMCVUsxEDAO", - "BgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazENMAsG", - "A1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIjkMGOu0kbOsvdp45J6", - "FYW5wIn5TsKEPQUlNbYiFITg9o18Ja+6vWouK0fbIkzp8Ejj3U5OPHXqCtXCiDWiNX+bbFZoELW2", - "KUigC26QdqbhmA/hTBheyQaUg/I4D64fqebUare9r0zxtMYE8FnR3YRgGeEG2qSlxgmIFvTMnzd4", - "UwrUuw8C/uZTRbppDQITpkLDrOKb9608qnRvbXSR7UVP/JTm8Pq6uP2pvXz2F/QSK/wMKOnsjf+B", - "XfnqNZ9b+PP+fJvUKIcxjFwgDkmGP+Kr9YV7aFaur5Hgh7Q+q4bSDJMbNDhk5Lqu6qr3oGulyiTX", - "htoEkLMcbMA7JrVFCl0CAwEAAaMhMB8wHQYDVR0OBBYEFPoZt1jm2z/0gX/TnN/Sn+T31BU1MA0G", - "CSqGSIb3DQEBCwUAA4IBAQAY2Hy1f+lKClRzJFHNVyYZ0ahRCkbGB0FppwI8ZhIt6Aj3p9LBXOdu", - "IckDfAjg0/mckuEteA7l1LRqYcQIxpxrJU4FTxeyV1gTgudW43rw9Vd3AxdVocXqdpVxAvECtI+X", - "/jdbkk54k0mYTCI9ruNRdof1BpOWkI9Jtdj0GRe7L9nydNb3V/kJzSVMDNsx+Vc0GnmysL7edZDo", - "mK3zry+aIWav0yj1Pmh2lOgD6rEnOlGZDqrmIqWd0d2jp8Am4iawP0sr9e7etjK/YGCFW4byuCOx", - "328SOTHshVUBtIGbq11vuQleknlVL7A/aYUeUIyOvdYhWD7YoVnBV+QwcrAH", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, - "remote": {}, - }, - "script": {}, -} -`; - -exports[`frodo saml export "frodo saml export --all-separate": should export all saml providers to separate files 3`] = ` -{ - "meta": Any, - "saml": { - "hosted": {}, - "metadata": { - "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC8DCCAdigAwIBAgIQZzae6CymcZhG5gxIgB7mMDANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQD", - "EylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTAzMzEyMDI0", - "MTdaFw0yNDAzMzEyMDI0MTdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg", - "U1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv62V9U2Wi8gr", - "arSBp7s4Bupke9vaXsNOgNZ8Vn/i0mo6Jn0E1HmJ6uIy+QeahQDtxFQyoEW1LeLGBeVwvUvOfSwf", - "wPBEHLw9g3F84IdgfIWtezj87BHh3ezwb0r/0Eny3xHcS02wQsIFRIhn7ltCaMFrTja18gBapuRl", - "36Ujfod7W1uL1HJTsw8auKXYEhutbeQYpdU6qcPaksJd1r16q+Jc78MHptKMWSNI1OnB9jK8hr/3", - "aug+LSeuJScaJQZDo/qKDmoIC6KT6CgfzUy33I/gjU6RjVcwNw4XFpk5ad13HXTtfCLtPtMxGYuk", - "cOxX3M80EJMLFr2sJO0vJbA8aQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB8GmsA4N5KDQ79v+/1", - "zVFq8domQYZm8wEAIHn4+T02IluDa9Ty/EqgFzvqAZUILQneFrGCh9uIub/Z3NtkIgs2gbAduxdn", - "hzdwhNRNivks4P0CO+9Q1iK/xOsmWo12xsyB4lyAv7HsF+COIPFGhRfzsCxVFKfU8x2r+bb8kWLM", - "YpA2NDlz+MTXQEWhFtCLwQRjHlD6C5+yzqoAFBO7RR28mztTF0nVbKj7N+Ri5VLEKJospkwUDtIH", - "dcp2bSVwhziAIn05yiw6AVIZnje7cN+kJdCIDgqQ+Ebb96C/Y0JmYvz6sJVP0/u5oR5PrsQqBrw4", - "OzVWNFaXuTcN3UicN01V", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC8DCCAdigAwIBAgIQfU4A0Hnj17dI0GSzvUwMZTANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQD", - "EylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTA2MDYwMTQy", - "MzBaFw0yNDA2MDYwMTQyMzBaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg", - "U1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+fFmS+eVDho", - "FhlYoY1vRkJIblLct3ZT/sT5AmIoCEGxXBeiSCwnSCveXEfrqEHmjlT5qni5spO+OmX7GrLeytHk", - "hl3O6XiXyVBlvyTSFd/bLHR2DqdxbUxUs2E7WfwQyq9Ob9i3++4fRIPFw+JcZ99ouZasHn2BJvWh", - "liT7yRtYhvwboc8BwWveL70ZJqsCJnlOKQVIccCdNbQe6HleePXgFB4pRge46zmqKVeEpLbBRqgj", - "Yf7EkhBJjx0WY2zMW7DLHDCZEY6VS2Kf9gJpGntNSLe0gXydBFtaFPgyaKIVswZ5hY1oRDPHEXEJ", - "+a5TVRGLeTlyK0v9Y+c8d3XdoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBZ5lcYpe13quossxB7", - "L2Y1E7hpy7AZgWr/OGYi/tUh1pJ4++3uZvHJLtTfXc7V+Y5EG6LRq9HZyF0hSvubhYkDXlwYbF7U", - "/osQjTe1tffPWO3bwzcrBVz7ytvb7DyvikI3C0f3LaCgEwxwYCD33IowNQS/IJA7W/kiFb/7q/Qu", - "7T/gDL1RjYdm9WmYW3RNn0Kh1VDBiCfY739xpCwdH11OUQfVc+9Z2KSSQY7EAlVgwpq+UiVdOqY9", - "m4cqul7uvjiSTgG0h5RW9xi3a6Lilk1TxsQUu4tRnGsDCAFgkgLN5rNnlQULuahzruoXWqe4g6pn", - "Ritpy6bwva8piGPKhVi/", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, - "remote": { - "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": { - "_id": "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw", - "_rev": "-859975283", - "entityId": "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/", - "identityProvider": { - "assertionContent": { - "basicAuthentication": {}, - "nameIdFormat": {}, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, - }, - }, - "services": { - "serviceAttributes": { - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/saml2", - }, - ], - "singleSignOnService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/saml2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/saml2", - }, - ], - }, - }, - }, - }, - }, - }, - "script": {}, -} -`; - -exports[`frodo saml export "frodo saml export --all-separate": should export all saml providers to separate files 4`] = ` -{ - "meta": Any, - "saml": { - "hosted": {}, - "metadata": { - "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC/TCCAeWgAwIBAgIQbgDHfi3t1JNGVqwD5/7lmjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", - "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjAxMjIxMDAwMDAwWhcNMjUxMjIx", - "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFT0/0/2qQurnYa0LbJHF9YYozhEH6r9mCxVDBYbew", - "SG4tGgrWpsewQ/96pcczGMQctMvU+h2eX38Hx/f9JAIDbuRQzQlsPhQS7DDZ6WlTXU+t8d/g2C7f", - "pSoLs4KVdJih4xyjLUWj+BK/ijsRjBt4Riw9VbJH/DdWKyoSMbECEiE+s1RtLP/eYoMmNfxyQGqW", - "irCNqVNBTlqzYQp4dgF0foYy4ktoxwmQOVoTcIMFYp1I4pFPI7CxuMLkfK0X7aTbM7YGphvMfJxJ", - "kjrQdyI7G5d1t4DNi3zkEbBT7FGAr6qPt3Kn9ralpqJKHdpEBA9N0vNwQo5XTYIhUbPQ16IRAgMB", - "AAGjITAfMB0GA1UdDgQWBBRs7tPmfkksSr67KtElHjYZbeaCTjANBgkqhkiG9w0BAQsFAAOCAQEA", - "JqwMZSjQJ36x+1sty6EeLKQLQewQwPaEC47Zut+8bXed6Q8jMZ0bfa/MM7XquEcabaMZLQuKLft4", - "4YXwXXQOfQrI2qjQr3eToJFlDT9hR0rfp9wQqttDxd6Aa6RWwDTgo5oKUQCTKLHhEy8uWzScK0eG", - "t2d7TWTaDXjRSwNq6tM7fRhZs07tKBV3xfi9EQy/mlavAMFRBVm86NSo7AsOG1IOMq03U3ooCWAX", - "h9PdvvHNfHhH19futAnC/HeOjwRF1Qc527aBMphYFQLdiThfmfmiE/AhQqCwZ2oE7uCJhBtR+Kb1", - "ZGhjI35pHfsSqGiFa7Kr+5ave822PDcke89Mvg==", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC/TCCAeWgAwIBAgIQN/GPegnT8blP2EcSdMMbBzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", - "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjEwMjE4MDAwMDAwWhcNMjYwMjE4", - "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXdLGU2Ll5RPdDUnKQ+f/HS5qiTay2cCh9U2AS6oDM", - "6SOxVhYGtoeJ1VPebcLnpgLfhPxzrwWoVzXSEF+VRQbnYID2Jb4khjgyEeoThk3VqrThwhahpSbB", - "g2vo06vIOp1TS2R1BiwHKTLoB1i1IJnaIFSC3BN6pY4flXWyLQt/5ABXElv2XZLqXM9Eefj6Ji40", - "nLIsiW4dWw3BDa/ywWW0MsiW5ojGq4vovcAgENe/4NUbju70gHP/WS5D9bW5p+OIQi7/unrlWe/h", - "3A6jtBbbRlXYXlN+Z22uTTyyCD/W8zeXaACLvHagwEMrQePDXBZqc/iX2kI+ooZr1sC/H39RAgMB", - "AAGjITAfMB0GA1UdDgQWBBSrX2dm3LwT9jb/p+bAAdYQpE+/NjANBgkqhkiG9w0BAQsFAAOCAQEA", - "eqJfYHnsA9qhGttXFfFpPW4DQLh5w6JCce7vGvWINr5fr1DnQdcOr+wwjQ/tqbckAL2v6z1AqjhS", - "78kbfegnAQDwioJZ1olYYvLOxKoa6HF+b1/p0Mlub8Zukk2n1b2lKPBBOibOasSY7gQDwlIZi7tl", - "9nMTxUfdYK+E5Axv7DVnmUCwcnnpV5/1SFdNyW2kWO4C68rrjMOvECfwrKkbfVJM8f9krEUBuoBF", - "8dTDv7D2ZM4Q2buC70NbfaNWUX0yFvKI0IuTqk8RBfGTRQ4fZAbhMPaykEpBu6dNjTi5YOa0lNqF", - "GS7Ax7leCh5x9lV8elcLkXs8ySo8AOQJk0hgIw==", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIC/TCCAeWgAwIBAgIQN/GPegnT8blP2EcSdMMbBzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", - "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjEwMjE4MDAwMDAwWhcNMjYwMjE4", - "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXdLGU2Ll5RPdDUnKQ+f/HS5qiTay2cCh9U2AS6oDM", - "6SOxVhYGtoeJ1VPebcLnpgLfhPxzrwWoVzXSEF+VRQbnYID2Jb4khjgyEeoThk3VqrThwhahpSbB", - "g2vo06vIOp1TS2R1BiwHKTLoB1i1IJnaIFSC3BN6pY4flXWyLQt/5ABXElv2XZLqXM9Eefj6Ji40", - "nLIsiW4dWw3BDa/ywWW0MsiW5ojGq4vovcAgENe/4NUbju70gHP/WS5D9bW5p+OIQi7/unrlWe/h", - "3A6jtBbbRlXYXlN+Z22uTTyyCD/W8zeXaACLvHagwEMrQePDXBZqc/iX2kI+ooZr1sC/H39RAgMB", - "AAGjITAfMB0GA1UdDgQWBBSrX2dm3LwT9jb/p+bAAdYQpE+/NjANBgkqhkiG9w0BAQsFAAOCAQEA", - "eqJfYHnsA9qhGttXFfFpPW4DQLh5w6JCce7vGvWINr5fr1DnQdcOr+wwjQ/tqbckAL2v6z1AqjhS", - "78kbfegnAQDwioJZ1olYYvLOxKoa6HF+b1/p0Mlub8Zukk2n1b2lKPBBOibOasSY7gQDwlIZi7tl", - "9nMTxUfdYK+E5Axv7DVnmUCwcnnpV5/1SFdNyW2kWO4C68rrjMOvECfwrKkbfVJM8f9krEUBuoBF", - "8dTDv7D2ZM4Q2buC70NbfaNWUX0yFvKI0IuTqk8RBfGTRQ4fZAbhMPaykEpBu6dNjTi5YOa0lNqF", - "GS7Ax7leCh5x9lV8elcLkXs8ySo8AOQJk0hgIw==", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:mace:shibboleth:1.0:nameIdentifier", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, - "remote": { - "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { - "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", - "_rev": "317057337", - "entityId": "urn:federation:MicrosoftOnline", - "serviceProvider": { - "advanced": { - "idpProxy": {}, - "saeConfiguration": {}, - }, - "assertionContent": { - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:mace:shibboleth:1.0:nameIdentifier", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - ], - }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": { - "assertion": true, - }, - "secretIdAndAlgorithms": {}, - }, - }, - "assertionProcessing": { - "attributeMapper": { - "attributeMap": [ - { - "binary": false, - "localAttribute": "mail", - "samlAttribute": "IDPEmail", - }, - { - "binary": false, - "localAttribute": "UOPClassID", - "samlAttribute": "UOPClassID", - }, - ], - }, - "responseArtifactMessageEncoding": { - "encoding": "URI", - }, - }, - "services": { - "serviceAttributes": { - "assertionConsumerService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "index": 0, - "isDefault": true, - "location": "https://login.microsoftonline.com/login.srf", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign", - "index": 1, - "isDefault": false, - "location": "https://login.microsoftonline.com/login.srf", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", - "index": 2, - "isDefault": false, - "location": "https://login.microsoftonline.com/login.srf", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "https://login.microsoftonline.com/login.srf", - }, - ], - }, - }, - }, - }, - }, - }, - "script": {}, -} -`; - exports[`frodo saml export "frodo saml export --entity-id iSPAzure": should export the saml provider with entity id "iSPAzure" 1`] = `""`; exports[`frodo saml export "frodo saml export --entity-id iSPAzure": should export the saml provider with entity id "iSPAzure" 2`] = ` @@ -1318,7 +9,6 @@ exports[`frodo saml export "frodo saml export --entity-id iSPAzure": should expo "hosted": { "aVNQQXp1cmU": { "_id": "aVNQQXp1cmU", - "_rev": "1379466460", "entityId": "iSPAzure", "serviceProvider": { "advanced": { @@ -1558,7 +248,6 @@ exports[`frodo saml export "frodo saml export -A": should export all saml provid "hosted": { "aVNQQXp1cmU": { "_id": "aVNQQXp1cmU", - "_rev": "1379466460", "entityId": "iSPAzure", "serviceProvider": { "advanced": { @@ -1867,7 +556,6 @@ exports[`frodo saml export "frodo saml export -A": should export all saml provid "remote": { "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": { "_id": "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw", - "_rev": "-859975283", "entityId": "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/", "identityProvider": { "assertionContent": { @@ -2134,7 +822,6 @@ exports[`frodo saml export "frodo saml export -A": should export all saml provid "remote": { "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", - "_rev": "317057337", "entityId": "urn:federation:MicrosoftOnline", "serviceProvider": { "advanced": { @@ -2217,16 +904,15 @@ exports[`frodo saml export "frodo saml export -A": should export all saml provid } `; -exports[`frodo saml export "frodo saml export -a --file test.json": should export all saml providers to a single file named test.json 1`] = `""`; +exports[`frodo saml export "frodo saml export -a --file my-allAlphaProviders.saml.json": should export all saml providers to a single file named my-allAlphaProviders.saml.json 1`] = `""`; -exports[`frodo saml export "frodo saml export -a --file test.json": should export all saml providers to a single file named test.json 2`] = ` +exports[`frodo saml export "frodo saml export -a --file my-allAlphaProviders.saml.json": should export all saml providers to a single file named my-allAlphaProviders.saml.json 2`] = ` { "meta": Any, "saml": { "hosted": { "aVNQQXp1cmU": { "_id": "aVNQQXp1cmU", - "_rev": "1379466460", "entityId": "iSPAzure", "serviceProvider": { "advanced": { @@ -2739,7 +1425,6 @@ exports[`frodo saml export "frodo saml export -a --file test.json": should expor "remote": { "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": { "_id": "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw", - "_rev": "-859975283", "entityId": "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/", "identityProvider": { "assertionContent": { @@ -2775,7 +1460,6 @@ exports[`frodo saml export "frodo saml export -a --file test.json": should expor }, "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", - "_rev": "317057337", "entityId": "urn:federation:MicrosoftOnline", "serviceProvider": { "advanced": { @@ -2867,7 +1551,6 @@ exports[`frodo saml export "frodo saml export -a": should export all saml provid "hosted": { "aVNQQXp1cmU": { "_id": "aVNQQXp1cmU", - "_rev": "1379466460", "entityId": "iSPAzure", "serviceProvider": { "advanced": { @@ -3380,7 +2063,6 @@ exports[`frodo saml export "frodo saml export -a": should export all saml provid "remote": { "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw": { "_id": "aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzExZmZhOWMtNTk3Mi00NzEzLWFjZTMtNjg4Yzk3MzI2MTRhLw", - "_rev": "-859975283", "entityId": "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/", "identityProvider": { "assertionContent": { @@ -3416,7 +2098,6 @@ exports[`frodo saml export "frodo saml export -a": should export all saml provid }, "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", - "_rev": "317057337", "entityId": "urn:federation:MicrosoftOnline", "serviceProvider": { "advanced": { @@ -3499,16 +2180,15 @@ exports[`frodo saml export "frodo saml export -a": should export all saml provid } `; -exports[`frodo saml export "frodo saml export -i iSPAzure -f test.json": should export the saml provider with entity id "iSPAzure" into file named test.json 1`] = `""`; +exports[`frodo saml export "frodo saml export -i iSPAzure -f my-iSPAzure.saml.json": should export the saml provider with entity id "iSPAzure" into file named my-iSPAzure.saml.json 1`] = `""`; -exports[`frodo saml export "frodo saml export -i iSPAzure -f test.json": should export the saml provider with entity id "iSPAzure" into file named test.json 2`] = ` +exports[`frodo saml export "frodo saml export -i iSPAzure -f my-iSPAzure.saml.json": should export the saml provider with entity id "iSPAzure" into file named my-iSPAzure.saml.json 2`] = ` { "meta": Any, "saml": { "hosted": { "aVNQQXp1cmU": { "_id": "aVNQQXp1cmU", - "_rev": "1379466460", "entityId": "iSPAzure", "serviceProvider": { "advanced": { @@ -3748,7 +2428,6 @@ exports[`frodo saml export "frodo saml export -i iSPAzure": should export the sa "hosted": { "aVNQQXp1cmU": { "_id": "aVNQQXp1cmU", - "_rev": "1379466460", "entityId": "iSPAzure", "serviceProvider": { "advanced": { diff --git a/test/e2e/__snapshots__/saml-metadata-export.e2e.test.js.snap b/test/e2e/__snapshots__/saml-metadata-export.e2e.test.js.snap index 448adcf11..750b0c43e 100644 --- a/test/e2e/__snapshots__/saml-metadata-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/saml-metadata-export.e2e.test.js.snap @@ -81,87 +81,6 @@ mK3zry+aIWav0yj1Pmh2lOgD6rEnOlGZDqrmIqWd0d2jp8Am4iawP0sr9e7etjK/YGCFW4byuCOx " `; -exports[`frodo saml metadata export "frodo saml metadata export -i iSPAzure -f test.xml": should export the saml metadata with entity id "iSPAzure" into file named test.xml 1`] = `""`; - -exports[`frodo saml metadata export "frodo saml metadata export -i iSPAzure -f test.xml": should export the saml metadata with entity id "iSPAzure" into file named test.xml 2`] = ` -" - - - - - - -MIIDXzCCAkegAwIBAgIEDvqo1zANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVSzEQMA4GA1UE -CBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMRkwFwYDVQQD -ExByc2Fqd3RzaWduaW5na2V5MB4XDTIyMDgxMTAxMzIyOVoXDTMyMDgwODAxMzIyOVowYDELMAkG -A1UEBhMCVUsxEDAOBgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZv -cmdlUm9jazEZMBcGA1UEAxMQcnNhand0c2lnbmluZ2tleTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAKz4i7AfLdKa2fOueSyaX3rviRZXzY3w8J01B6VZZk+ujatitD8h9uSE7RjK2NS6 -BYSf/wMsg2/Xy/vVbqEMrAl8ptdjXd9rsyL4sz33IRDgs9PqW2X2Ml5et0ASCwwQJWv8aGJJqkOG -ZorLVGqCS8PvkiN8MoYXGvkMpLPeWuSBqTTC2iBubhenRqcRkvCoeZ0JbrRWfEHKoFM1gkTj/xcn -L8yrXb5S3e2iAPkRw8+UPf8d4i9syS/jDyUZgrfqOsypbHh0dNMkS5dYpiqnOmJDWkjy1UDdUGmA -SKglu7c6gKaPaxcqh9VNGnTerQFbpKMV34guBoyBFrVFD1Sq6eUCAwEAAaMhMB8wHQYDVR0OBBYE -FCRENQBDfGf/R6qys11dPZM1+i5zMA0GCSqGSIb3DQEBCwUAA4IBAQACttnaeWl6CLVhffIlVz28 -CgxJbLB+pY9mL/jy7G0+5AxK7h9Njoe9ZK9k59uMcwD5BfVPl58kxFLJcnFc68R9m2Cdii1aCm/A -BLlHPhpxHni5INeH9J4P7MLdVwxMa/Inp9tw3gZQ60txgG/mv535kL1mtlUSqbPDf57AtG0tNWKT -2EBe/aSLndIWAhGf1qjS5Sc3uz+O5QEG7fnkLS4uOh5//coh14wfY3EAnMl/DpkgViliQOu7voX8 -7geBJd5jJhs6Ne2BJUp0q4iylD6WJrcfOLc3mcrgVaey5rLzVvX8vsp+p/m88KKhPzK+C8soYHz4 -T7PNNC7YVB2EQVSm - - - - - - - - -MIIDRzCCAi+gAwIBAgIEK9RtfDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVSzEQMA4GA1UE -CBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMQ0wCwYDVQQD -EwR0ZXN0MB4XDTIyMDgxMTAxMzIzMFoXDTMyMDgwODAxMzIzMFowVDELMAkGA1UEBhMCVUsxEDAO -BgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazENMAsG -A1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIjkMGOu0kbOsvdp45J6 -FYW5wIn5TsKEPQUlNbYiFITg9o18Ja+6vWouK0fbIkzp8Ejj3U5OPHXqCtXCiDWiNX+bbFZoELW2 -KUigC26QdqbhmA/hTBheyQaUg/I4D64fqebUare9r0zxtMYE8FnR3YRgGeEG2qSlxgmIFvTMnzd4 -UwrUuw8C/uZTRbppDQITpkLDrOKb9608qnRvbXSR7UVP/JTm8Pq6uP2pvXz2F/QSK/wMKOnsjf+B -XfnqNZ9b+PP+fJvUKIcxjFwgDkmGP+Kr9YV7aFaur5Hgh7Q+q4bSDJMbNDhk5Lqu6qr3oGulyiTX -htoEkLMcbMA7JrVFCl0CAwEAAaMhMB8wHQYDVR0OBBYEFPoZt1jm2z/0gX/TnN/Sn+T31BU1MA0G -CSqGSIb3DQEBCwUAA4IBAQAY2Hy1f+lKClRzJFHNVyYZ0ahRCkbGB0FppwI8ZhIt6Aj3p9LBXOdu -IckDfAjg0/mckuEteA7l1LRqYcQIxpxrJU4FTxeyV1gTgudW43rw9Vd3AxdVocXqdpVxAvECtI+X -/jdbkk54k0mYTCI9ruNRdof1BpOWkI9Jtdj0GRe7L9nydNb3V/kJzSVMDNsx+Vc0GnmysL7edZDo -mK3zry+aIWav0yj1Pmh2lOgD6rEnOlGZDqrmIqWd0d2jp8Am4iawP0sr9e7etjK/YGCFW4byuCOx -328SOTHshVUBtIGbq11vuQleknlVL7A/aYUeUIyOvdYhWD7YoVnBV+QwcrAH - - - - - - - - 128 - - - - - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName - urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - - - - - - -" -`; - exports[`frodo saml metadata export "frodo saml metadata export -i iSPAzure": should export the saml metadata with entity id "iSPAzure" 1`] = `""`; exports[`frodo saml metadata export "frodo saml metadata export -i iSPAzure": should export the saml metadata with entity id "iSPAzure" 2`] = ` diff --git a/test/e2e/saml-export.e2e.test.js b/test/e2e/saml-export.e2e.test.js index 38496f36f..f7c1708bb 100644 --- a/test/e2e/saml-export.e2e.test.js +++ b/test/e2e/saml-export.e2e.test.js @@ -47,21 +47,19 @@ */ /* -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export -i iSPAzure -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export --entity-id iSPAzure -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export -i iSPAzure -f test.json -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export -a -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export --all -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export -a --file test.json -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export -A -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml export --all-separate +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml export -i iSPAzure +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml export --entity-id iSPAzure +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml export -i iSPAzure -f test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml export -a +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml export -a --file test.json +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml export -A */ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; process.env['FRODO_MOCK'] = '1'; const env = { - env: process.env, + env: process.env, }; env.env.FRODO_HOST = c.host; env.env.FRODO_SA_ID = c.saId; @@ -70,49 +68,38 @@ env.env.FRODO_SA_JWK = c.saJwk; const type = 'saml'; describe('frodo saml export', () => { - test('"frodo saml export -i iSPAzure": should export the saml provider with entity id "iSPAzure"', async () => { - const CMD = `frodo saml export -i iSPAzure`; - const exportFile = "iSPAzure.saml.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml export -i iSPAzure": should export the saml provider with entity id "iSPAzure"', async () => { + const exportFile = 'iSPAzure.saml.json'; + const CMD = `frodo saml export -i iSPAzure`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo saml export --entity-id iSPAzure": should export the saml provider with entity id "iSPAzure"', async () => { - const CMD = `frodo saml export --entity-id iSPAzure`; - const exportFile = "iSPAzure.saml.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml export --entity-id iSPAzure": should export the saml provider with entity id "iSPAzure"', async () => { + const exportFile = 'iSPAzure.saml.json'; + const CMD = `frodo saml export --entity-id iSPAzure`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo saml export -i iSPAzure -f test.json": should export the saml provider with entity id "iSPAzure" into file named test.json', async () => { - const CMD = `frodo saml export -i iSPAzure -f test.json`; - const exportFile = "test.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml export -i iSPAzure -f my-iSPAzure.saml.json": should export the saml provider with entity id "iSPAzure" into file named my-iSPAzure.saml.json', async () => { + const exportFile = 'my-iSPAzure.saml.json'; + const CMD = `frodo saml export -i iSPAzure -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo saml export -a": should export all saml providers to a single file', async () => { - const CMD = `frodo saml export -a`; - const exportFile = "allAlphaProviders.saml.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml export -a": should export all saml providers to a single file', async () => { + const exportFile = 'allAlphaProviders.saml.json'; + const CMD = `frodo saml export -a`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo saml export --all": should export all saml providers to a single file', async () => { - const CMD = `frodo saml export --all`; - const exportFile = "allAlphaProviders.saml.json"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml export -a --file my-allAlphaProviders.saml.json": should export all saml providers to a single file named my-allAlphaProviders.saml.json', async () => { + const exportFile = 'my-allAlphaProviders.saml.json'; + const CMD = `frodo saml export -a --file ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo saml export -a --file test.json": should export all saml providers to a single file named test.json', async () => { - const CMD = `frodo saml export -a --file test.json`; - const exportFile = "test.json"; - await testExport(CMD, env, type, exportFile); - }); - - test('"frodo saml export -A": should export all saml providers to separate files', async () => { - const CMD = `frodo saml export -A`; - await testExport(CMD, env, type); - }); - - test('"frodo saml export --all-separate": should export all saml providers to separate files', async () => { - const CMD = `frodo saml export --all-separate`; - await testExport(CMD, env, type); - }); + test('"frodo saml export -A": should export all saml providers to separate files', async () => { + const CMD = `frodo saml export -A`; + await testExport(CMD, env, type); + }); }); diff --git a/test/e2e/saml-metadata-export.e2e.test.js b/test/e2e/saml-metadata-export.e2e.test.js index bac170bc3..07fc898e5 100644 --- a/test/e2e/saml-metadata-export.e2e.test.js +++ b/test/e2e/saml-metadata-export.e2e.test.js @@ -47,16 +47,15 @@ */ /* -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml metadata export -i iSPAzure -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml metadata export --entity-id iSPAzure -FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am FRODO_SA_ID=b672336b-41ef-428d-ae4a-e0c082875377 FRODO_SA_JWK=$(<~/Downloads/frodo-test_privateKey.jwk) frodo saml metadata export -i iSPAzure -f test.xml +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml metadata export -i iSPAzure +FRODO_MOCK=record FRODO_HOST=https://openam-frodo-dev.forgeblocks.com/am frodo saml metadata export --entity-id iSPAzure -f test.xml */ import { testExport } from './utils/TestUtils'; import { connection as c } from './utils/TestConfig'; process.env['FRODO_MOCK'] = '1'; const env = { - env: process.env, + env: process.env, }; env.env.FRODO_HOST = c.host; env.env.FRODO_SA_ID = c.saId; @@ -65,21 +64,15 @@ env.env.FRODO_SA_JWK = c.saJwk; const type = 'metadata'; describe('frodo saml metadata export', () => { - test('"frodo saml metadata export -i iSPAzure": should export the saml metadata with entity id "iSPAzure"', async () => { - const CMD = `frodo saml metadata export -i iSPAzure`; - const exportFile = "iSPAzure.metadata.xml"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml metadata export -i iSPAzure": should export the saml metadata with entity id "iSPAzure"', async () => { + const exportFile = 'iSPAzure.metadata.xml'; + const CMD = `frodo saml metadata export -i iSPAzure`; + await testExport(CMD, env, type, exportFile); + }); - test('"frodo saml metadata export --entity-id iSPAzure": should export the saml metadata with entity id "iSPAzure"', async () => { - const CMD = `frodo saml metadata export --entity-id iSPAzure`; - const exportFile = "iSPAzure.metadata.xml"; - await testExport(CMD, env, type, exportFile); - }); - - test('"frodo saml metadata export -i iSPAzure -f test.xml": should export the saml metadata with entity id "iSPAzure" into file named test.xml', async () => { - const CMD = `frodo saml metadata export -i iSPAzure -f test.xml`; - const exportFile = "test.xml"; - await testExport(CMD, env, type, exportFile); - }); + test('"frodo saml metadata export --entity-id iSPAzure": should export the saml metadata with entity id "iSPAzure"', async () => { + const exportFile = 'my-iSPAzure.metadata.xml'; + const CMD = `frodo saml metadata export --entity-id iSPAzure -f ${exportFile}`; + await testExport(CMD, env, type, exportFile); + }); }); From d17e5ce0299c8858634aa5825e21bf48125b3a5c Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 22:35:00 -0500 Subject: [PATCH 10/18] name global service exports properly when using -ga --- src/ops/ServiceOps.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ops/ServiceOps.ts b/src/ops/ServiceOps.ts index 65e9db89a..79f2fb453 100644 --- a/src/ops/ServiceOps.ts +++ b/src/ops/ServiceOps.ts @@ -57,7 +57,9 @@ export async function listServices(long = false, globalConfig = false) { export async function exportServicesToFile(file, globalConfig = false) { const exportData = await exportServices(globalConfig); let fileName = getTypedFilename( - `all${titleCase(getRealmName(state.getRealm()))}Services`, + `all${ + globalConfig ? 'Global' : titleCase(getRealmName(state.getRealm())) + }Services`, `service` ); if (file) { From 3d701fcaa1a4686a3358d1a7a0b918cf66565dde Mon Sep 17 00:00:00 2001 From: Volker Scheuber Date: Sun, 24 Sep 2023 22:35:16 -0500 Subject: [PATCH 11/18] update cli tests and snapshots --- .../__snapshots__/app-export.e2e.test.js.snap | 1493 +- .../authz-type-export.e2e.test.js.snap | 488 +- .../script-export.e2e.test.js.snap | 103723 ++++----------- .../service-export.e2e.test.js.snap | 2314 +- test/e2e/app-export.e2e.test.js | 26 - test/e2e/authz-type-export.e2e.test.js | 113 +- test/e2e/script-export.e2e.test.js | 96 +- test/e2e/service-export.e2e.test.js | 162 +- 8 files changed, 28828 insertions(+), 79587 deletions(-) diff --git a/test/e2e/__snapshots__/app-export.e2e.test.js.snap b/test/e2e/__snapshots__/app-export.e2e.test.js.snap index d253d8694..70fd32f76 100644 --- a/test/e2e/__snapshots__/app-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/app-export.e2e.test.js.snap @@ -3068,376 +3068,7 @@ logger.info ("Final userName " + checkuserName); }, }, }, - "metadata": { - "Y29tcGFueS1JRFA": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "YmVuZWZpdHMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "ZW5naW5lZXJpbmctSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "c2FsZXMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", @@ -6390,100 +6021,7 @@ exports[`frodo app export "frodo app export -A": should export all apps to separ }, }, }, - "metadata": { - "YmVuZWZpdHMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA", @@ -6748,100 +6286,7 @@ exports[`frodo app export "frodo app export -A": should export all apps to separ }, }, }, - "metadata": { - "Y29tcGFueS1JRFA": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", @@ -7106,100 +6551,7 @@ exports[`frodo app export "frodo app export -A": should export all apps to separ }, }, }, - "metadata": { - "ZW5naW5lZXJpbmctSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA", @@ -7464,100 +6816,7 @@ exports[`frodo app export "frodo app export -A": should export all apps to separ }, }, }, - "metadata": { - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "c2FsZXMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA", @@ -11446,376 +10705,7 @@ logger.info ("Final userName " + checkuserName); }, }, }, - "metadata": { - "Y29tcGFueS1JRFA": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "YmVuZWZpdHMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "ZW5naW5lZXJpbmctSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "c2FsZXMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", @@ -15401,376 +14291,7 @@ logger.info ("Final userName " + checkuserName); }, }, }, - "metadata": { - "Y29tcGFueS1JRFA": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "YmVuZWZpdHMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "ZW5naW5lZXJpbmctSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvYmVuZWZpdHMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvc2FsZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvcm9sZXMvc2FtbA": [ - "", - "", - " ", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " ", - " ", - "", - "", - "", - ], - "c2FsZXMtSURQ": [ - "", - "", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDZDCCAkygAwIBAgIJANMQ3XCiGf4SMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxGTAX", - "BgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwHhcNMjMwNzI3MTU1NzQzWhcNMzMwNzI0MTU1NzQzWjBg", - "MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UE", - "ChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MIIBIjANBgkqhkiG9w0BAQEF", - "AAOCAQ8AMIIBCgKCAQEAndA0k9o9mPOgDNkkqR+bFl1fRaespQ5CJU3nhDfvlAQy3Mkt7ngVv2Gh", - "HvZbjUlW9AoJ8GAJr4vb8EdWdSnNBBJn8cR/sb/03JZQqtIv9pK3YknikTB6JcWqgqmZZAt1Rsze", - "DNMswz5gRM7jqoPmc54wckOUCEF7Ya5Zw8IJSaNQr97J95tgPfQqC9BzxQLHv8KJoNkuvw0mP4Kh", - "kcws2GGoQ7cTRepgkCesWZA5SUaL+tPVUnS1YCEnqB/HixOtnYgTbOmYsOjzgy+x19O4CA8fbtUy", - "q4Kjjf1dAC1ZS/qdyLBfIdYYjUQnYMaIjqBWfwje0CqARycjQRB6xfnPZQIDAQABoyEwHzAdBgNV", - "HQ4EFgQUeygsQwORiT6wkL/y+/be+KJoj4cwDQYJKoZIhvcNAQELBQADggEBAAa8Vy5mbQDwGCjA", - "rVEdSUbkXSLQNPM5XoA8qIFz+bLlhV5BdjAd27SjfUHlR7K4NtR4eQyyBOQSNmjRnXsxe0bYRIv7", - "k9O9lxvQtKHJITrbJYD5mVw7F36hmPqccvpeg1BZJzEEfUghSJ0+ulKei253rF9Icyd/86v/pJeE", - "bz9iRn7jjJrq5cW7fRvEZN1QK+twpq6OLe2n8y/BrrwbyUT1iCZKzirtKYrRX58sf5DuyI2WCz+s", - "gU0j3+1KOV+IPRfih4ZpJ1f9y12uX227CMHwVlUMy9IxyLzAqW5PJj31lr0cxJ6tFzY2EDb7busM", - "14SLgWmf1qQroU6F4FjtEEc=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - "MIIDTDCCAjSgAwIBAgIJAJVQY+5TkpS1MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAlVLMRAw", - "DgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDTAL", - "BgNVBAMTBHRlc3QwHhcNMjMwNzI3MTU1NzQ1WhcNMzMwNzI0MTU1NzQ1WjBUMQswCQYDVQQGEwJV", - "SzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2Nr", - "MQ0wCwYDVQQDEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVRgdXF9S6W", - "fQq77Oy4qH3opmVGASVs3bKLXc2MRl7shwPujH8pN9bjnoRwAU+RatAWkNbXEqvKw6W70pn3KuJ2", - "T4L1oCXzFUOEe0YK2UgAbsroTYFkwzqQbH8kRNkNDw4CBNWrzF43S7zSUU3UG2ggH8TwleZPweRE", - "WGc2fFmmh0K1RvZNRvson00/XfLXmBbU02e79OEe2lf+aNeCP1CNi98w9BvunJJSZ8uhtlOF7zHa", - "3cnPfp6sGCVZNsERQkdSfDZO5iYN6Bitd9nhEhSfqcISw3mV9qWLmx/hqT/lkepwCUbEZOfpKG7W", - "3tkBK+ETd3/sVPdc+erenrsv1wIDAQABoyEwHzAdBgNVHQ4EFgQUTCAHMtRim4jQoyyxG6VWDHkZ", - "WPgwDQYJKoZIhvcNAQELBQADggEBAGfBXp6YcDt8BoQYa4x9D8ozo0Y7N5HEE7bdTH3ZISk4uX1k", - "SPHk9Fmj1jqeJEtdVbxyioFV8nNiAwWjDfHVkNtEswV4SJP0Nt4QOJpiWEfltmZbuAKgGQ92l1F5", - "eQRT8HravOnDUp7pDmGDGEKNpS8sRr4n2nClhWyBzE9mRtv/BSBoJDHS/h63dgVPm63Rvf4+DC9S", - "xlLVaC/G5lOZvwkRSOcsZiu+qbRoi4xE3ccQdl/a1pW+RR9gPQOY5KeHMNfhKoajZLf67RRoIgvK", - "VovBxi7f27CYqGwXiZwrOXPCxipISjqb7siIW/mbMs1/D74DEZTbIb+WsZC4Ek9aSDg=", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, + "metadata": {}, "remote": { "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s": { "_id": "aHR0cHM6Ly92b2xrZXItZGVtby5lbmNvcmUuZm9yZ2Vyb2NrLmNvbTo0NDMvYXBwcy93ZWIvY29tcGFueS9zYW1s", diff --git a/test/e2e/__snapshots__/authz-type-export.e2e.test.js.snap b/test/e2e/__snapshots__/authz-type-export.e2e.test.js.snap index b45596139..25aa3955a 100644 --- a/test/e2e/__snapshots__/authz-type-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/authz-type-export.e2e.test.js.snap @@ -17,7 +17,7 @@ exports[`frodo authz type export "frodo authz type export --all": should export "creationDate": 1684544147346, "description": "Frodo Test Resource Type Thirteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356542, + "lastModifiedDate": 1694717616300, "name": "FrodoTestResourceType13", "patterns": [ "pattern2://*:*/*?*", @@ -34,7 +34,7 @@ exports[`frodo authz type export "frodo authz type export --all": should export "creationDate": 1684544147437, "description": "Frodo Test Resource Type Fourteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356664, + "lastModifiedDate": 1694717616482, "name": "FrodoTestResourceType14", "patterns": [ "pattern2://*:*/*?*", @@ -51,7 +51,7 @@ exports[`frodo authz type export "frodo authz type export --all": should export "creationDate": 1684545571229, "description": "Frodo Test Resource Type Fifteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356780, + "lastModifiedDate": 1694717616660, "name": "FrodoTestResourceType15", "patterns": [ "pattern2://*:*/*?*", @@ -68,7 +68,7 @@ exports[`frodo authz type export "frodo authz type export --all": should export "creationDate": 1684544147204, "description": "Frodo Test Resource Type Twelve", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356413, + "lastModifiedDate": 1694717616120, "name": "FrodoTestResourceType12", "patterns": [ "pattern2://*:*/*?*", @@ -89,8 +89,8 @@ exports[`frodo authz type export "frodo authz type export --all": should export "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", @@ -107,7 +107,7 @@ exports[`frodo authz type export "frodo authz type export --all": should export "creationDate": 1684544147077, "description": "Frodo Test Resource Type Eleven", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356293, + "lastModifiedDate": 1694717615932, "name": "FrodoTestResourceType11", "patterns": [ "pattern2://*:*/*?*", @@ -122,178 +122,8 @@ exports[`frodo authz type export "frodo authz type export --all": should export "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030586, "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1682866321756, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 1`] = `""`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 2`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "993eba78-1c3f-4f27-b205-b4b29418f831": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147077, - "description": "Frodo Test Resource Type Eleven", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356293, - "name": "FrodoTestResourceType11", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "993eba78-1c3f-4f27-b205-b4b29418f831", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 3`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "3fc799d7-b73f-49e0-a70b-e37990e54e56": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147204, - "description": "Frodo Test Resource Type Twelve", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356413, - "name": "FrodoTestResourceType12", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "3fc799d7-b73f-49e0-a70b-e37990e54e56", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 4`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147346, - "description": "Frodo Test Resource Type Thirteen", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356542, - "name": "FrodoTestResourceType13", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 5`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "119b291c-40b3-4b1e-8d84-c2a561a2cb1f": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147437, - "description": "Frodo Test Resource Type Fourteen", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356664, - "name": "FrodoTestResourceType14", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "119b291c-40b3-4b1e-8d84-c2a561a2cb1f", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 6`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "3c5f13af-ca17-403e-b47d-d15263cce954": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684545571229, - "description": "Frodo Test Resource Type Fifteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356780, - "name": "FrodoTestResourceType15", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "3c5f13af-ca17-403e-b47d-d15263cce954", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 7`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030586, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1682866321756, + "lastModifiedDate": 1694717661536, "name": "OAuth2 Scope", "patterns": [ "*://*:*/*", @@ -307,39 +137,6 @@ exports[`frodo authz type export "frodo authz type export --all-separate": shoul } `; -exports[`frodo authz type export "frodo authz type export --all-separate": should export all resource types to separate files 8`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, - "script": {}, -} -`; - exports[`frodo authz type export "frodo authz type export --type-id 76656a38-5f8e-401b-83aa-4ccb74ce88d2": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" 1`] = `""`; exports[`frodo authz type export "frodo authz type export --type-id 76656a38-5f8e-401b-83aa-4ccb74ce88d2": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" 2`] = ` @@ -361,8 +158,8 @@ exports[`frodo authz type export "frodo authz type export --type-id 76656a38-5f8 "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", @@ -375,9 +172,9 @@ exports[`frodo authz type export "frodo authz type export --type-id 76656a38-5f8 } `; -exports[`frodo authz type export "frodo authz type export --type-name URL": should export the resource type named "URL" 1`] = `""`; +exports[`frodo authz type export "frodo authz type export --type-name URL -f test.json": should export the resource type named "URL" 1`] = `""`; -exports[`frodo authz type export "frodo authz type export --type-name URL": should export the resource type named "URL" 2`] = ` +exports[`frodo authz type export "frodo authz type export --type-name URL -f test.json": should export the resource type named "URL" 2`] = ` { "meta": Any, "policy": {}, @@ -396,8 +193,8 @@ exports[`frodo authz type export "frodo authz type export --type-name URL": shou "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", @@ -427,7 +224,7 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "creationDate": 1684544147077, "description": "Frodo Test Resource Type Eleven", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356293, + "lastModifiedDate": 1694717615932, "name": "FrodoTestResourceType11", "patterns": [ "pattern2://*:*/*?*", @@ -455,7 +252,7 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "creationDate": 1684544147204, "description": "Frodo Test Resource Type Twelve", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356413, + "lastModifiedDate": 1694717616120, "name": "FrodoTestResourceType12", "patterns": [ "pattern2://*:*/*?*", @@ -483,7 +280,7 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "creationDate": 1684544147346, "description": "Frodo Test Resource Type Thirteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356542, + "lastModifiedDate": 1694717616300, "name": "FrodoTestResourceType13", "patterns": [ "pattern2://*:*/*?*", @@ -511,7 +308,7 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "creationDate": 1684544147437, "description": "Frodo Test Resource Type Fourteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356664, + "lastModifiedDate": 1694717616482, "name": "FrodoTestResourceType14", "patterns": [ "pattern2://*:*/*?*", @@ -539,7 +336,7 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "creationDate": 1684545571229, "description": "Frodo Test Resource Type Fifteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356780, + "lastModifiedDate": 1694717616660, "name": "FrodoTestResourceType15", "patterns": [ "pattern2://*:*/*?*", @@ -565,8 +362,8 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030586, "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1682866321756, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661536, "name": "OAuth2 Scope", "patterns": [ "*://*:*/*", @@ -599,111 +396,8 @@ exports[`frodo authz type export "frodo authz type export -A": should export all "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export -a --file test.json": should export all resource types to a single file named test.json 1`] = `""`; - -exports[`frodo authz type export "frodo authz type export -a --file test.json": should export all resource types to a single file named test.json 2`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147346, - "description": "Frodo Test Resource Type Thirteen", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356542, - "name": "FrodoTestResourceType13", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76", - }, - "119b291c-40b3-4b1e-8d84-c2a561a2cb1f": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147437, - "description": "Frodo Test Resource Type Fourteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356664, - "name": "FrodoTestResourceType14", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "119b291c-40b3-4b1e-8d84-c2a561a2cb1f", - }, - "3c5f13af-ca17-403e-b47d-d15263cce954": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684545571229, - "description": "Frodo Test Resource Type Fifteen", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356780, - "name": "FrodoTestResourceType15", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "3c5f13af-ca17-403e-b47d-d15263cce954", - }, - "3fc799d7-b73f-49e0-a70b-e37990e54e56": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147204, - "description": "Frodo Test Resource Type Twelve", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356413, - "name": "FrodoTestResourceType12", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "3fc799d7-b73f-49e0-a70b-e37990e54e56", - }, - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", @@ -711,48 +405,14 @@ exports[`frodo authz type export "frodo authz type export -a --file test.json": ], "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", }, - "993eba78-1c3f-4f27-b205-b4b29418f831": { - "actions": { - "action1": true, - "action2": true, - }, - "createdBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "creationDate": 1684544147077, - "description": "Frodo Test Resource Type Eleven", - "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356293, - "name": "FrodoTestResourceType11", - "patterns": [ - "pattern2://*:*/*?*", - "pattern1://*:*/*", - ], - "uuid": "993eba78-1c3f-4f27-b205-b4b29418f831", - }, - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030586, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1682866321756, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - }, }, "script": {}, } `; -exports[`frodo authz type export "frodo authz type export -a": should export all resource types to a single file 1`] = `""`; +exports[`frodo authz type export "frodo authz type export -a --file my-allAlphaResourceTypes.resourcetype.authz.json": should export all resource types to a single file named my-allAlphaResourceTypes.resourcetype.authz.json 1`] = `""`; -exports[`frodo authz type export "frodo authz type export -a": should export all resource types to a single file 2`] = ` +exports[`frodo authz type export "frodo authz type export -a --file my-allAlphaResourceTypes.resourcetype.authz.json": should export all resource types to a single file named my-allAlphaResourceTypes.resourcetype.authz.json 2`] = ` { "meta": Any, "policy": {}, @@ -767,7 +427,7 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "creationDate": 1684544147346, "description": "Frodo Test Resource Type Thirteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356542, + "lastModifiedDate": 1694717616300, "name": "FrodoTestResourceType13", "patterns": [ "pattern2://*:*/*?*", @@ -784,7 +444,7 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "creationDate": 1684544147437, "description": "Frodo Test Resource Type Fourteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356664, + "lastModifiedDate": 1694717616482, "name": "FrodoTestResourceType14", "patterns": [ "pattern2://*:*/*?*", @@ -801,7 +461,7 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "creationDate": 1684545571229, "description": "Frodo Test Resource Type Fifteen", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356780, + "lastModifiedDate": 1694717616660, "name": "FrodoTestResourceType15", "patterns": [ "pattern2://*:*/*?*", @@ -818,7 +478,7 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "creationDate": 1684544147204, "description": "Frodo Test Resource Type Twelve", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356413, + "lastModifiedDate": 1694717616120, "name": "FrodoTestResourceType12", "patterns": [ "pattern2://*:*/*?*", @@ -839,8 +499,8 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", @@ -857,7 +517,7 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "creationDate": 1684544147077, "description": "Frodo Test Resource Type Eleven", "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", - "lastModifiedDate": 1691209356293, + "lastModifiedDate": 1694717615932, "name": "FrodoTestResourceType11", "patterns": [ "pattern2://*:*/*?*", @@ -872,8 +532,8 @@ exports[`frodo authz type export "frodo authz type export -a": should export all "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030586, "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1682866321756, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661536, "name": "OAuth2 Scope", "patterns": [ "*://*:*/*", @@ -887,9 +547,9 @@ exports[`frodo authz type export "frodo authz type export -a": should export all } `; -exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b-83aa-4ccb74ce88d2 -f test.json": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" into file named test.json 1`] = `""`; +exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b-83aa-4ccb74ce88d2 -f my-76656a38-5f8e-401b-83aa-4ccb74ce88d2.resourcetype.authz.json": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" into file named my-76656a38-5f8e-401b-83aa-4ccb74ce88d2.resourcetype.authz.json 1`] = `""`; -exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b-83aa-4ccb74ce88d2 -f test.json": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" into file named test.json 2`] = ` +exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b-83aa-4ccb74ce88d2 -f my-76656a38-5f8e-401b-83aa-4ccb74ce88d2.resourcetype.authz.json": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" into file named my-76656a38-5f8e-401b-83aa-4ccb74ce88d2.resourcetype.authz.json 2`] = ` { "meta": Any, "policy": {}, @@ -908,78 +568,8 @@ exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b- "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b-83aa-4ccb74ce88d2": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" 1`] = `""`; - -exports[`frodo authz type export "frodo authz type export -i 76656a38-5f8e-401b-83aa-4ccb74ce88d2": should export the resource type with id "76656a38-5f8e-401b-83aa-4ccb74ce88d2" 2`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, - "script": {}, -} -`; - -exports[`frodo authz type export "frodo authz type export -n URL -f test.json": should export the resource type named "URL" into file named test.json 1`] = `""`; - -exports[`frodo authz type export "frodo authz type export -n URL -f test.json": should export the resource type named "URL" into file named test.json 2`] = ` -{ - "meta": Any, - "policy": {}, - "policyset": {}, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", @@ -1013,8 +603,8 @@ exports[`frodo authz type export "frodo authz type export -n URL": should export "createdBy": "id=dsameuser,ou=user,ou=am-config", "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAMPolicies.", - "lastModifiedBy": "id=8d9723a9-a439-4cbf-beb4-30e52811789d,ou=user,ou=am-config", - "lastModifiedDate": 1684690114955, + "lastModifiedBy": "id=b672336b-41ef-428d-ae4a-e0c082875377,ou=user,ou=am-config", + "lastModifiedDate": 1694717661706, "name": "URL", "patterns": [ "*://*:*/*", diff --git a/test/e2e/__snapshots__/script-export.e2e.test.js.snap b/test/e2e/__snapshots__/script-export.e2e.test.js.snap index f57843051..f6171b6fd 100644 --- a/test/e2e/__snapshots__/script-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/script-export.e2e.test.js.snap @@ -14547,556 +14547,533 @@ exports[`frodo script export "frodo script export --all": should export all scri } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 1`] = `""`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 2`] = ` -"/* AA Custom Policy Engine - * - * Author: marcin.zimny@forgerock.com - * Adaptations: volker.scheuber@forgerock.com - * - * Custom policy engine combining the Autonomous Access risk engine output with external systems and custom policy output: - * - * - use multiple risk scoring policies (currently it's part of risk config file and used across all evaluations) - * - deliver custom logic of delivering outcome (we can sum the signals instead of returning the highest) - * - use custom signals as part of the (single) risk node (for example anonymisation detection) - * - exceptions/overrides (i.e. if we have to allow a flow with high risk for whatever reason) - * - * This script needs to be parametrized. It will NOT work properly as is! - * - * The Scripted Decision Node needs the following outcomes defined: - * - low - * - medium - * - high - * - failed - */ -(function () { - /* - * MUST CONFIGURE THIS SECTION - * Custom signals parameters - */ - - // IPQualityScore API - var USER_AGENT = "ForgeRock" - var API_KEY = systemEnv.getProperty("esv.ipqs.api.key"); - - /* - * END MANDATORY CONFIGURATION - */ - - outcome = "failed"; //default outcome - /* - Risk Policy - Signal Scores - */ - var aa_impossible_travel_score = 21; - var aa_credential_stuffing_score = 100; - var aa_automated_user_agent_score = 25; - var aa_brute_force_score = 100; - var aa_suspicious_ip_score = 35; - /* - Risk Policy - Custom Signals - */ - var aa_use_anonymizer_detection = 1; - var custom_aa_tor_detected_score = 50; - var custom_aa_vpn_detected_score = 20; - var custom_aa_proxy_detected_score = 20; - /* - Risk Policy - Thresholds And Extra Features - */ - var aa_medium_risk_threshold = 30; - var aa_high_risk_threshold = 75; - var aa_max_signal_count_high_risk_override = 99; - /* - Risk Policy - Method - 0 - highest score out of all triggered signals - 1 - summary of all triggered signals - */ - var aa_risk_method=1; - /* - Risk Policy - UEBA method - 0 - highest score out of 3 models - 1 - average score out of 3 models - */ - var aa_ueba_method=0; - /* - Risk Policy - Overrides - - Whitelist - false positive control - Blacklist - preventative block - Example - ip_whitelist or ip_blacklist = ["62.21.63.30-62.21.63.30","82.21.168.1-82.21.168.255"]; - */ - var ip_whitelist = []; - var ip_blacklist = []; - - /******************************************************** - The engine * - */ - //Define variables - var signal_count = 0; - var pos = 0; - var arr_scores = []; - var arr_scores_models = []; - var score = 0; - var predictionResultChopped; - var predictionResultChoppedVal; - //Define signal variables and assign defaults (negative) - var is_impossible_travel = 0; - var is_credential_stuffing = 0; - var is_automated_user_agent = 0; - var is_brute_force = 0; - var is_suspicious_ip = 0; - var model1_score = 0; - var model2_score = 0; - var model3_score = 0; - var isAnonymizedResult; - //Get risk data - var predictionResultRaw = sharedState.get("predictionResult"); - var predictionResultString = predictionResultRaw.toString(); - - var result; - - function inet_aton (ip) - { - return ip.split(".").reduce((int, v) => int * 256 + +v); - } - - - function isAnonymized() - { - var payload = sharedState.get("IPQualityScore") - - if (payload) - { - var jsonResult = JSON.parse(payload); - } - else - { - var ipaddress = requestHeaders.get("X-FORWARDED-FOR").get(0).split(",")[0].trim(); - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod("GET"); - request.setUri("https://ipqualityscore.com/api/json/ip/" + API_KEY + "/" + ipaddress + "?strictness=0&allow_public_access_points=false&fast=false&lighter_penalties=false&mobile=false"); - request.getHeaders().add("Accept","application/json"); - request.getHeaders().add("User-Agent", USER_AGENT); - - var response = httpClient.send(request).get(); - if (response.getStatus().getCode() === 200) { - var payload = response.getEntity().getString(); - var jsonResult = JSON.parse(payload) - if (jsonResult.success === true) { - sharedState.put("Debug-IPQualityScore", payload); - } - } - } - - if (jsonResult) { - if (jsonResult.tor === true) { - isAnonymizedResult = "tor"; - } else if (jsonResult.vpn === true) { - isAnonymizedResult= "vpn"; - } else if (jsonResult.proxy === true) { - isAnonymizedResult = "proxy"; - } else { - isAnonymizedResult = "not_detected"; - } - } - } - - - if(aa_use_anonymizer_detection==1) - { - isAnonymized(); - sharedState.put("custom_aa_isAnonymized",isAnonymizedResult); - if(isAnonymizedResult=="vpn") - { - arr_scores.push(custom_aa_vpn_detected_score); - } - else if(isAnonymizedResult=="proxy") - { - arr_scores.push(custom_aa_proxy_detected_score); - } - else if(isAnonymizedResult=="tor") - { - arr_scores.push(custom_aa_tor_detected_score); - } - else - { - arr_scores.push(0); - } - } - - if(predictionResultString.search("risk_score_data")>=0) - { - outcome = "low"; //default if there's data from risk API - } - - //Check if we're assessing impossible travel and assign result - pos = predictionResultString.search("impossibleTravellerCheck=true"); - if(pos>0) - { - pos = predictionResultString.search("is_impossible_travel=false"); - if(pos<0) - { - signal_count++; - is_impossible_travel=1; - arr_scores.push(aa_impossible_travel_score); - } - } - //Check if we're assessing credential stuffing and assign result - pos = predictionResultString.search("credentialStuffing=true"); - if(pos>0) - { - pos = predictionResultString.search("is_credential_stuffing=false"); - if(pos<0) - { - signal_count++; - is_credential_stuffing=1; - arr_scores.push(aa_credential_stuffing_score); - } - } - //Check if we're assessing automated user angent (antibot) and assign result - pos = predictionResultString.search("automatedUserAgentsFilter=true"); - if(pos>0) - { - pos = predictionResultString.search("is_automated_user_agent=false"); - if(pos<0) - { - signal_count++; - is_automated_user_agent=1; - arr_scores.push(aa_automated_user_agent_score); - } - } - //Check if we're assessing brute-force and assign result - pos = predictionResultString.search("bruteForcePreventionCheck=true"); - if(pos>0) - { - pos = predictionResultString.search("is_brute_force=false"); - if(pos<0) - { - signal_count++; - is_brute_force=1; - arr_scores.push(aa_brute_force_score); - } - } - //Check if we're assessing suspicious IP and assign result - pos = predictionResultString.search("suspiciousIPCheck=true"); - if(pos>0) - { - pos = predictionResultString.search("is_suspicious_ip=false"); - if(pos<0) - { - signal_count++; - is_suspicious_ip=1; - arr_scores.push(aa_suspicious_ip_score); - } - } - //Check if we're assessing UEBA and assign result - pos = predictionResultString.search("anomalyDetection=true"); - if(pos>0) - { - pos = predictionResultString.search("clustering_result="); - if(pos>0) - { - predictionResultChopped=predictionResultString.substring(pos); - predictionResultChopped=predictionResultChopped.substring(predictionResultChopped.search("risk_score=")); - predictionResultChoppedVal=predictionResultChopped.substring(11,predictionResultChopped.search(",")); - predictionResultChopped=predictionResultChopped.substring(11); - model1score=parseInt(predictionResultChoppedVal,10); - - predictionResultChopped=predictionResultChopped.substring(predictionResultChopped.search("risk_score=")); - predictionResultChoppedVal=predictionResultChopped.substring(11,predictionResultChopped.search(",")); - predictionResultChopped=predictionResultChopped.substring(11); - model2score=parseInt(predictionResultChoppedVal,10); - - predictionResultChopped=predictionResultChopped.substring(predictionResultChopped.search("risk_score=")); - predictionResultChoppedVal=predictionResultChopped.substring(11,predictionResultChopped.search(",")); - predictionResultChopped=predictionResultChopped.substring(11); - model3score=parseInt(predictionResultChoppedVal,10); - - arr_scores_models.push(model1score,model2score,model3score); - } - } - - //Deliver risk score - if(aa_ueba_method==0) - { - score = Math.max.apply(null, arr_scores_models); - } - else if(aa_ueba_method==1) - { - score = arr_scores_models.reduce((a, b) => a + b, 0)/arr_scores_models.length; - } - arr_scores.push(score); - - - if(aa_risk_method==0) - { - score = Math.max.apply(null, arr_scores); - } - else if (aa_risk_method===1) - { - score = arr_scores.reduce((a, b) => a + b, 0); - } - //Deliver risk outcome - if(score>aa_medium_risk_threshold) - { - outcome="medium"; - } - if(score>aa_high_risk_threshold) - { - outcome="high"; - } - if(signal_count>=aa_max_signal_count_high_risk_override && outcome=="medium") - { - outcome="high"; - sharedState.put("debug-signal-count-override","true"); - } - - //process the blacklist and whitelist - var src_ipaddress; - var src_ipaddress_dec; - var list_first_ipaddress_dec; - var list_last_ipaddress_dec; - var list_entry; - var logmessage; - src_ipaddress = requestHeaders.get("X-FORWARDED-FOR").get(0).split(",")[0].trim(); - src_ipaddress_dec = inet_aton(src_ipaddress); - - if(ip_blacklist.length>0) - { - for (var i = 0; i < ip_blacklist.length; i++) - { - list_entry = ip_blacklist[i].split("-"); - list_first_ipaddress_dec=inet_aton(list_entry[0]); - list_last_ipaddress_dec=inet_aton(list_entry[1]); - - if(src_ipaddress_dec>=list_first_ipaddress_dec && src_ipaddress_dec<=list_last_ipaddress_dec) - { - sharedState.put("debug-blacklist","condition met for: " + src_ipaddress + ", " + outcome + "->high"); - outcome="high"; - } - } - } - if(ip_whitelist.length>0) - { - for (var i = 0; i < ip_whitelist.length; i++) - { - //list_entry = ip_whitelist[i].split("-"); - list_entry = ip_whitelist[i].split("-"); - list_first_ipaddress_dec=inet_aton(list_entry[0]); - list_last_ipaddress_dec=inet_aton(list_entry[1]); - if(src_ipaddress_dec>=list_first_ipaddress_dec && src_ipaddress_dec<=list_last_ipaddress_dec) - { - sharedState.put("debug-whitelist","condition met for: " + src_ipaddress + ", " + outcome + "->low"); - outcome = "low"; - } - } - } - - - - sharedState.put('debug-score',score.toString()); - sharedState.put('debug-signal-count',signal_count.toString()); - sharedState.put('debug-outcome',outcome); -}());" -`; +exports[`frodo script export "frodo script export --script-name 'GitHub Profile Normalization'": should export the script named "GitHub Profile Normalization" 1`] = `""`; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 3`] = ` +exports[`frodo script export "frodo script export --script-name 'GitHub Profile Normalization'": should export the script named "GitHub Profile Normalization" 2`] = ` { "meta": Any, "script": { - "9e9c6c4d-5d9d-4990-9f05-d8b2b25ad52b": { - "_id": "9e9c6c4d-5d9d-4990-9f05-d8b2b25ad52b", - "context": "AUTHENTICATION_TREE_DECISION_NODE", + "a7a78773-445b-4eca-bb93-409e86bced81": { + "_id": "a7a78773-445b-4eca-bb93-409e86bced81", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", "createdBy": "null", "creationDate": 0, - "default": false, - "description": "Custom risk policy engine combining Autonomous Access signals with external signals.", - "language": "JAVASCRIPT", + "default": true, + "description": "Normalizes raw profile data from GitHub", + "language": "GROOVY", "lastModifiedBy": "null", "lastModifiedDate": 0, - "name": "AA Custom Policy Engine", - "script": "file://AA-Custom-Policy-Engine.script.js", + "name": "GitHub Profile Normalization", + "script": [ + "/*", + " * Copyright 2022 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "import static org.forgerock.json.JsonValue.field", + "import static org.forgerock.json.JsonValue.json", + "import static org.forgerock.json.JsonValue.object", + "", + "return json(object(", + " field("id", rawProfile.id),", + " field("displayName", rawProfile.name),", + " field("username", rawProfile.login)))", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 4`] = ` -"/* AAD Passthru ROPC - * - * Author: volker.scheuber@forgerock.com - * - * Azure AD pass through authentication using Resource Owner Password Credential flow - * - * This script needs to be parametrized. It will not work properly as is. - * It requires the Platform Username and Platform Password collector nodes - * before it can operate. - * - * The Scripted Decision Node needs the following outcomes defined: - * - Valid - * - Invalid - * - Expired - * - Disabled - * - Error - */ -logger.message("AAD Passthru ROPC: start"); - -if (sharedState.get("username") && transientState.get("password")) { - /* - * BEGIN SCRIPT CONFIGURATION - * - * REPLACE WITH YOUR OWN AZURE AD SETTINGS - * - * AAD_TENANT_ID is your tenant ID: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant - * AAD_CLIENT_ID is your registered app ID: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app - */ - var AAD_TENANT_ID = "711ffa9c-5972-4713-ace3-688c9732614a"; - var AAD_CLIENT_ID = "51f130ec-d29d-4419-a492-0011d09c1a16"; - /* - * END SCRIPT CONFIGURATION - */ - - // Azure AD ROPC Configuration - var AAD_SCOPE = "profile"; - var AAD_RESOURCE = "https://graph.microsoft.com/" - var AAD_OAUTH2_TOKEN_URI = "https://login.windows.net/".concat(AAD_TENANT_ID).concat("/oauth2/token"); - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod('POST'); - request.setUri(AAD_OAUTH2_TOKEN_URI); - request.getHeaders().add("Content-Type", "application/x-www-form-urlencoded"); - var params = request.getForm(); - params.add("resource", AAD_RESOURCE); - params.add("client_id", AAD_CLIENT_ID); - params.add("grant_type", "password"); - params.add("scope", AAD_SCOPE); - params.add("username", sharedState.get("username")); - params.add("password", transientState.get("password")); - request.getEntity().setString(params.toString()); - - var response = httpClient.send(request).get(); - var result = JSON.parse(response.getEntity().getString()); - //logger.message("AAD Passthru ROPC: JSON result: " + JSON.stringify(result)); - - if (response.getStatus().getCode() === 200) { - outcome = "Valid" - transientState.put("aadAccessToken", result.access_token); - } else { - /* Outcomes: - * - Valid - * - Invalid - * - Expired - * - Disabled - * - Error - * - * Expected Error Codes: - * 50126 - Error validating credentials due to invalid username or password. - * 50055 - The password is expired. - * 50057 - The user account is disabled. - * 50196 - The server terminated an operation because it encountered a client request loop. Please contact your app vendor. - */ - if (result.error_codes.includes(50126)) { - outcome = "Invalid"; - } else if (result.error_codes.includes(50055)) { - outcome = "Expired"; - } else if (result.error_codes.includes(50057)) { - outcome = "Disabled"; - } else { - outcome = "Error"; - } - logger.message("AAD Passthru ROPC: error = ".concat(result.error)); - logger.message("AAD Passthru ROPC: error_description = ".concat(result.error_description)); - logger.message("AAD Passthru ROPC: error_codes = ".concat(result.error_codes)); - } -} else { - outcome = "Error"; - logger.message("AAD Passthru ROPC: No user or password found in shared state! Use username and password collector nodes before this script to populate shared and transient states!'"); -} -logger.message("AAD Passthru ROPC: End (outcome=".concat(outcome).concat(")"));" -`; +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 1`] = `""`; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 5`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 2`] = ` { "meta": Any, "script": { - "13cd3c60-a04b-4455-b028-fbfd01ed88b1": { - "_id": "13cd3c60-a04b-4455-b028-fbfd01ed88b1", + "9e9c6c4d-5d9d-4990-9f05-d8b2b25ad52b": { + "_id": "9e9c6c4d-5d9d-4990-9f05-d8b2b25ad52b", "context": "AUTHENTICATION_TREE_DECISION_NODE", "createdBy": "null", "creationDate": 0, "default": false, - "description": "Azure AD pass through authentication using Resource Owner Password Credential flow", + "description": "Custom risk policy engine combining Autonomous Access signals with external signals.", "language": "JAVASCRIPT", "lastModifiedBy": "null", "lastModifiedDate": 0, - "name": "AAD Passthru ROPC", - "script": "file://AAD-Passthru-ROPC.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 6`] = ` -"/* - - Data made available by nodes that have already executed are available in the sharedState variable. - - The script should set outcome to either "true" or "false". - */ -outcome = "false"; -var predictionResult = sharedState.get("predictionResult"); -var predictionResultString = predictionResult.toString(); - -var is_impossible_travel = 0; -var is_credential_stuffing = 0; -var is_automated_user_agent = 0; -var is_brute_force = 0; -var is_suspicious_ip = 0; - -var signal_count = 0; -var position = 0; - -position = predictionResultString.search("is_impossible_travel=false"); -if(position<0) -{ - signal_count++; - is_impossible_travel=1; -} -position = predictionResultString.search("is_credential_stuffing=false"); -if(position<0) -{ - signal_count++; - is_credential_stuffing=1; -} -position = predictionResultString.search("is_automated_user_agent=false"); -if(position<0) -{ - signal_count++; - is_automated_user_agent=1; -} -position = predictionResultString.search("is_brute_force=false"); -if(position<0) -{ - signal_count++; - is_brute_force=1; -} -position = predictionResultString.search("is_suspicious_ip=false"); -if(position<0) -{ - signal_count++; - is_suspicious_ip=1; + "name": "AA Custom Policy Engine", + "script": [ + "/* AA Custom Policy Engine", + " *", + " * Author: marcin.zimny@forgerock.com", + " * Adaptations: volker.scheuber@forgerock.com", + " * ", + " * Custom policy engine combining the Autonomous Access risk engine output with external systems and custom policy output:", + " * ", + " * - use multiple risk scoring policies (currently it's part of risk config file and used across all evaluations)", + " * - deliver custom logic of delivering outcome (we can sum the signals instead of returning the highest)", + " * - use custom signals as part of the (single) risk node (for example anonymisation detection)", + " * - exceptions/overrides (i.e. if we have to allow a flow with high risk for whatever reason) ", + " * ", + " * This script needs to be parametrized. It will NOT work properly as is!", + " * ", + " * The Scripted Decision Node needs the following outcomes defined:", + " * - low", + " * - medium", + " * - high", + " * - failed", + " */", + "(function () {", + " /* ", + " * MUST CONFIGURE THIS SECTION", + " * Custom signals parameters", + " */", + " ", + " // IPQualityScore API", + " var USER_AGENT = "ForgeRock"", + " var API_KEY = systemEnv.getProperty("esv.ipqs.api.key");", + " ", + " /*", + " * END MANDATORY CONFIGURATION", + " */", + " ", + " outcome = "failed"; //default outcome", + " /*", + " Risk Policy - Signal Scores", + " */", + " var aa_impossible_travel_score = 21;", + " var aa_credential_stuffing_score = 100;", + " var aa_automated_user_agent_score = 25;", + " var aa_brute_force_score = 100;", + " var aa_suspicious_ip_score = 35;", + " /*", + " Risk Policy - Custom Signals", + " */", + " var aa_use_anonymizer_detection = 1;", + " var custom_aa_tor_detected_score = 50;", + " var custom_aa_vpn_detected_score = 20;", + " var custom_aa_proxy_detected_score = 20;", + " /*", + " Risk Policy - Thresholds And Extra Features", + " */", + " var aa_medium_risk_threshold = 30;", + " var aa_high_risk_threshold = 75;", + " var aa_max_signal_count_high_risk_override = 99;", + " /*", + " Risk Policy - Method", + " 0 - highest score out of all triggered signals", + " 1 - summary of all triggered signals", + " */", + " var aa_risk_method=1;", + " /*", + " Risk Policy - UEBA method", + " 0 - highest score out of 3 models", + " 1 - average score out of 3 models", + " */", + " var aa_ueba_method=0;", + " /*", + " Risk Policy - Overrides", + "", + " Whitelist - false positive control", + " Blacklist - preventative block", + " Example - ip_whitelist or ip_blacklist = ["62.21.63.30-62.21.63.30","82.21.168.1-82.21.168.255"];", + " */", + " var ip_whitelist = [];", + " var ip_blacklist = [];", + " ", + " /********************************************************", + " The engine *", + " */", + " //Define variables", + " var signal_count = 0;", + " var pos = 0;", + " var arr_scores = [];", + " var arr_scores_models = [];", + " var score = 0;", + " var predictionResultChopped;", + " var predictionResultChoppedVal;", + " //Define signal variables and assign defaults (negative)", + " var is_impossible_travel = 0;", + " var is_credential_stuffing = 0;", + " var is_automated_user_agent = 0;", + " var is_brute_force = 0;", + " var is_suspicious_ip = 0;", + " var model1_score = 0;", + " var model2_score = 0;", + " var model3_score = 0;", + " var isAnonymizedResult;", + " //Get risk data", + " var predictionResultRaw = sharedState.get("predictionResult");", + " var predictionResultString = predictionResultRaw.toString();", + "", + " var result;", + "", + " function inet_aton (ip)", + " {", + " return ip.split(".").reduce((int, v) => int * 256 + +v);", + " }", + "", + "", + " function isAnonymized()", + " {", + " var payload = sharedState.get("IPQualityScore")", + "", + " if (payload)", + " {", + " var jsonResult = JSON.parse(payload);", + " }", + " else", + " {", + " var ipaddress = requestHeaders.get("X-FORWARDED-FOR").get(0).split(",")[0].trim();", + "", + " var request = new org.forgerock.http.protocol.Request();", + " request.setMethod("GET");", + " request.setUri("https://ipqualityscore.com/api/json/ip/" + API_KEY + "/" + ipaddress + "?strictness=0&allow_public_access_points=false&fast=false&lighter_penalties=false&mobile=false");", + " request.getHeaders().add("Accept","application/json");", + " request.getHeaders().add("User-Agent", USER_AGENT);", + "", + " var response = httpClient.send(request).get();", + " if (response.getStatus().getCode() === 200) {", + " var payload = response.getEntity().getString();", + " var jsonResult = JSON.parse(payload)", + " if (jsonResult.success === true) {", + " sharedState.put("Debug-IPQualityScore", payload);", + " }", + " }", + " }", + "", + " if (jsonResult) {", + " if (jsonResult.tor === true) {", + " isAnonymizedResult = "tor";", + " } else if (jsonResult.vpn === true) {", + " isAnonymizedResult= "vpn";", + " } else if (jsonResult.proxy === true) {", + " isAnonymizedResult = "proxy";", + " } else {", + " isAnonymizedResult = "not_detected";", + " }", + " }", + " }", + "", + "", + " if(aa_use_anonymizer_detection==1)", + " {", + " isAnonymized();", + " sharedState.put("custom_aa_isAnonymized",isAnonymizedResult);", + " if(isAnonymizedResult=="vpn")", + " {", + " arr_scores.push(custom_aa_vpn_detected_score);", + " }", + " else if(isAnonymizedResult=="proxy")", + " {", + " arr_scores.push(custom_aa_proxy_detected_score);", + " }", + " else if(isAnonymizedResult=="tor")", + " {", + " arr_scores.push(custom_aa_tor_detected_score);", + " }", + " else", + " {", + " arr_scores.push(0);", + " }", + " }", + "", + " if(predictionResultString.search("risk_score_data")>=0)", + " {", + " outcome = "low"; //default if there's data from risk API", + " }", + "", + " //Check if we're assessing impossible travel and assign result", + " pos = predictionResultString.search("impossibleTravellerCheck=true");", + " if(pos>0)", + " {", + " pos = predictionResultString.search("is_impossible_travel=false");", + " if(pos<0)", + " {", + " signal_count++;", + " is_impossible_travel=1;", + " arr_scores.push(aa_impossible_travel_score);", + " }", + " }", + " //Check if we're assessing credential stuffing and assign result", + " pos = predictionResultString.search("credentialStuffing=true");", + " if(pos>0)", + " {", + " pos = predictionResultString.search("is_credential_stuffing=false");", + " if(pos<0)", + " {", + " signal_count++;", + " is_credential_stuffing=1;", + " arr_scores.push(aa_credential_stuffing_score);", + " }", + " }", + " //Check if we're assessing automated user angent (antibot) and assign result", + " pos = predictionResultString.search("automatedUserAgentsFilter=true");", + " if(pos>0)", + " {", + " pos = predictionResultString.search("is_automated_user_agent=false");", + " if(pos<0)", + " {", + " signal_count++;", + " is_automated_user_agent=1;", + " arr_scores.push(aa_automated_user_agent_score);", + " }", + " }", + " //Check if we're assessing brute-force and assign result", + " pos = predictionResultString.search("bruteForcePreventionCheck=true");", + " if(pos>0)", + " {", + " pos = predictionResultString.search("is_brute_force=false");", + " if(pos<0)", + " {", + " signal_count++;", + " is_brute_force=1;", + " arr_scores.push(aa_brute_force_score);", + " }", + " }", + " //Check if we're assessing suspicious IP and assign result", + " pos = predictionResultString.search("suspiciousIPCheck=true");", + " if(pos>0)", + " {", + " pos = predictionResultString.search("is_suspicious_ip=false");", + " if(pos<0)", + " {", + " signal_count++;", + " is_suspicious_ip=1;", + " arr_scores.push(aa_suspicious_ip_score);", + " }", + " }", + " //Check if we're assessing UEBA and assign result", + " pos = predictionResultString.search("anomalyDetection=true");", + " if(pos>0)", + " {", + " pos = predictionResultString.search("clustering_result=");", + " if(pos>0)", + " {", + " predictionResultChopped=predictionResultString.substring(pos);", + " predictionResultChopped=predictionResultChopped.substring(predictionResultChopped.search("risk_score="));", + " predictionResultChoppedVal=predictionResultChopped.substring(11,predictionResultChopped.search(","));", + " predictionResultChopped=predictionResultChopped.substring(11);", + " model1score=parseInt(predictionResultChoppedVal,10);", + "", + " predictionResultChopped=predictionResultChopped.substring(predictionResultChopped.search("risk_score="));", + " predictionResultChoppedVal=predictionResultChopped.substring(11,predictionResultChopped.search(","));", + " predictionResultChopped=predictionResultChopped.substring(11);", + " model2score=parseInt(predictionResultChoppedVal,10);", + "", + " predictionResultChopped=predictionResultChopped.substring(predictionResultChopped.search("risk_score="));", + " predictionResultChoppedVal=predictionResultChopped.substring(11,predictionResultChopped.search(","));", + " predictionResultChopped=predictionResultChopped.substring(11);", + " model3score=parseInt(predictionResultChoppedVal,10);", + "", + " arr_scores_models.push(model1score,model2score,model3score);", + " }", + " }", + "", + " //Deliver risk score", + " if(aa_ueba_method==0)", + " {", + " score = Math.max.apply(null, arr_scores_models);", + " }", + " else if(aa_ueba_method==1)", + " {", + " score = arr_scores_models.reduce((a, b) => a + b, 0)/arr_scores_models.length;", + " }", + " arr_scores.push(score);", + "", + "", + " if(aa_risk_method==0)", + " {", + " score = Math.max.apply(null, arr_scores);", + " }", + " else if (aa_risk_method===1)", + " {", + " score = arr_scores.reduce((a, b) => a + b, 0);", + " }", + " //Deliver risk outcome", + " if(score>aa_medium_risk_threshold)", + " {", + " outcome="medium";", + " }", + " if(score>aa_high_risk_threshold)", + " {", + " outcome="high";", + " }", + " if(signal_count>=aa_max_signal_count_high_risk_override && outcome=="medium")", + " {", + " outcome="high";", + " sharedState.put("debug-signal-count-override","true");", + " }", + "", + " //process the blacklist and whitelist", + " var src_ipaddress;", + " var src_ipaddress_dec;", + " var list_first_ipaddress_dec;", + " var list_last_ipaddress_dec;", + " var list_entry;", + " var logmessage;", + " src_ipaddress = requestHeaders.get("X-FORWARDED-FOR").get(0).split(",")[0].trim();", + " src_ipaddress_dec = inet_aton(src_ipaddress);", + "", + " if(ip_blacklist.length>0)", + " {", + " for (var i = 0; i < ip_blacklist.length; i++)", + " {", + " list_entry = ip_blacklist[i].split("-");", + " list_first_ipaddress_dec=inet_aton(list_entry[0]);", + " list_last_ipaddress_dec=inet_aton(list_entry[1]);", + "", + " if(src_ipaddress_dec>=list_first_ipaddress_dec && src_ipaddress_dec<=list_last_ipaddress_dec)", + " {", + " sharedState.put("debug-blacklist","condition met for: " + src_ipaddress + ", " + outcome + "->high");", + " outcome="high";", + " }", + " }", + " }", + " if(ip_whitelist.length>0)", + " {", + " for (var i = 0; i < ip_whitelist.length; i++)", + " {", + " //list_entry = ip_whitelist[i].split("-");", + " list_entry = ip_whitelist[i].split("-");", + " list_first_ipaddress_dec=inet_aton(list_entry[0]);", + " list_last_ipaddress_dec=inet_aton(list_entry[1]);", + " if(src_ipaddress_dec>=list_first_ipaddress_dec && src_ipaddress_dec<=list_last_ipaddress_dec)", + " {", + " sharedState.put("debug-whitelist","condition met for: " + src_ipaddress + ", " + outcome + "->low");", + " outcome = "low";", + " }", + " }", + " }", + "", + "", + "", + " sharedState.put('debug-score',score.toString());", + " sharedState.put('debug-signal-count',signal_count.toString());", + " sharedState.put('debug-outcome',outcome);", + "}());", + ], + }, + }, } +`; -sharedState.put("debug-signal-count",signal_count); -if(signal_count>1) +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 3`] = ` { - outcome="true"; + "meta": Any, + "script": { + "13cd3c60-a04b-4455-b028-fbfd01ed88b1": { + "_id": "13cd3c60-a04b-4455-b028-fbfd01ed88b1", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Azure AD pass through authentication using Resource Owner Password Credential flow", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "AAD Passthru ROPC", + "script": [ + "/* AAD Passthru ROPC", + " *", + " * Author: volker.scheuber@forgerock.com", + " * ", + " * Azure AD pass through authentication using Resource Owner Password Credential flow", + " * ", + " * This script needs to be parametrized. It will not work properly as is. ", + " * It requires the Platform Username and Platform Password collector nodes", + " * before it can operate.", + " * ", + " * The Scripted Decision Node needs the following outcomes defined:", + " * - Valid", + " * - Invalid", + " * - Expired", + " * - Disabled", + " * - Error", + " */", + "logger.message("AAD Passthru ROPC: start");", + "", + "if (sharedState.get("username") && transientState.get("password")) {", + " /*", + " * BEGIN SCRIPT CONFIGURATION", + " *", + " * REPLACE WITH YOUR OWN AZURE AD SETTINGS", + " *", + " * AAD_TENANT_ID is your tenant ID: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant", + " * AAD_CLIENT_ID is your registered app ID: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app", + " */", + " var AAD_TENANT_ID = "711ffa9c-5972-4713-ace3-688c9732614a";", + " var AAD_CLIENT_ID = "51f130ec-d29d-4419-a492-0011d09c1a16";", + " /*", + " * END SCRIPT CONFIGURATION", + " */", + " ", + " // Azure AD ROPC Configuration", + " var AAD_SCOPE = "profile";", + " var AAD_RESOURCE = "https://graph.microsoft.com/"", + " var AAD_OAUTH2_TOKEN_URI = "https://login.windows.net/".concat(AAD_TENANT_ID).concat("/oauth2/token");", + "", + " var request = new org.forgerock.http.protocol.Request();", + " request.setMethod('POST');", + " request.setUri(AAD_OAUTH2_TOKEN_URI);", + " request.getHeaders().add("Content-Type", "application/x-www-form-urlencoded");", + " var params = request.getForm();", + " params.add("resource", AAD_RESOURCE);", + " params.add("client_id", AAD_CLIENT_ID);", + " params.add("grant_type", "password");", + " params.add("scope", AAD_SCOPE);", + " params.add("username", sharedState.get("username"));", + " params.add("password", transientState.get("password"));", + " request.getEntity().setString(params.toString());", + "", + " var response = httpClient.send(request).get();", + " var result = JSON.parse(response.getEntity().getString());", + " //logger.message("AAD Passthru ROPC: JSON result: " + JSON.stringify(result));", + "", + " if (response.getStatus().getCode() === 200) {", + " outcome = "Valid"", + " transientState.put("aadAccessToken", result.access_token);", + " } else {", + " /* Outcomes:", + " * - Valid", + " * - Invalid", + " * - Expired", + " * - Disabled", + " * - Error", + " *", + " * Expected Error Codes:", + " * 50126 - Error validating credentials due to invalid username or password.", + " * 50055 - The password is expired.", + " * 50057 - The user account is disabled.", + " * 50196 - The server terminated an operation because it encountered a client request loop. Please contact your app vendor.", + " */", + " if (result.error_codes.includes(50126)) {", + " outcome = "Invalid";", + " } else if (result.error_codes.includes(50055)) {", + " outcome = "Expired";", + " } else if (result.error_codes.includes(50057)) {", + " outcome = "Disabled";", + " } else {", + " outcome = "Error";", + " }", + " logger.message("AAD Passthru ROPC: error = ".concat(result.error));", + " logger.message("AAD Passthru ROPC: error_description = ".concat(result.error_description));", + " logger.message("AAD Passthru ROPC: error_codes = ".concat(result.error_codes));", + " }", + "} else {", + " outcome = "Error";", + " logger.message("AAD Passthru ROPC: No user or password found in shared state! Use username and password collector nodes before this script to populate shared and transient states!'");", + "}", + "logger.message("AAD Passthru ROPC: End (outcome=".concat(outcome).concat(")"));", + ], + }, + }, } - - -" `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 7`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 4`] = ` { "meta": Any, "script": { @@ -15111,105 +15088,70 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "AAcustomLogic", - "script": "file://AAcustomLogic.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 8`] = ` -"/* - * Copyright 2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script returns the social identity profile information for the authenticating user - * in a standard form expected by the Social Provider Handler Node. - * - * Defined variables: - * rawProfile - The social identity provider profile information for the authenticating user. - * JsonValue (1). - * logger - The debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * realm - String (primitive). - * The name of the realm the user is authenticating to. - * requestHeaders - TreeMap (2). - * The object that provides methods for accessing headers in the login request: - * https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders. - * requestParameters - TreeMap (2). - * The object that contains the authentication request parameters. - * selectedIdp - String (primitive). - * The social identity provider name. For example: google. - * sharedState - LinkedHashMap (3). - * The object that holds the state of the authentication tree and allows data exchange between the stateless nodes: - * https://backstage.forgerock.com/docs/am/7/auth-nodes/core-action.html#accessing-tree-state. - * transientState - LinkedHashMap (3). - * The object for storing sensitive information that must not leave the server unencrypted, - * and that may not need to persist between authentication requests during the authentication session: - * https://backstage.forgerock.com/docs/am/7/auth-nodes/core-action.html#accessing-tree-state. - * - * Return - a JsonValue (1). - * The result of the last statement in the script is returned to the server. - * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) - * is the last (and only) statement in this script, and its return value will become the script result. - * Do not use "return variable" statement outside of a function definition. - * - * This script's last statement should result in a JsonValue (1) with the following keys: - * { - * {"displayName": "corresponding-social-identity-provider-value"}, - * {"email": "corresponding-social-identity-provider-value"}, - * {"familyName": "corresponding-social-identity-provider-value"}, - * {"givenName": "corresponding-social-identity-provider-value"}, - * {"id": "corresponding-social-identity-provider-value"}, - * {"locale": "corresponding-social-identity-provider-value"}, - * {"photoUrl": "corresponding-social-identity-provider-value"}, - * {"username": "corresponding-social-identity-provider-value"} - * } - * - * The consumer of this data defines which keys are required and which are optional. - * For example, the script associated with the Social Provider Handler Node and, - * ultimately, the managed object created/updated with this data - * will expect certain keys to be populated. - * In some common default configurations, the following keys are required to be not empty: - * username, givenName, familyName, email. - * - * From RFC4517: A value of the Directory String syntax is a string of one or more - * arbitrary characters from the Universal Character Set (UCS). - * A zero-length character string is not permitted. - * - * (1) JsonValue - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/json/JsonValue.html. - * (2) TreeMap - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/TreeMap.html. - * (3) LinkedHashMap - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - */ - -(function () { - var frJava = JavaImporter( - org.forgerock.json.JsonValue - ); - - var normalizedProfileData = frJava.JsonValue.json(frJava.JsonValue.object()); - - //logger.message('Seguin rawProfile: '+rawProfile); - - normalizedProfileData.put('id', rawProfile.get('sub').asString()); - normalizedProfileData.put('displayName', rawProfile.get('givenName').asString() + ' ' + rawProfile.get('sn').asString()); - normalizedProfileData.put('email', rawProfile.get('mail').asString()); - normalizedProfileData.put('givenName', rawProfile.get('givenName').asString()); - normalizedProfileData.put('familyName', rawProfile.get('sn').asString()); - normalizedProfileData.put('username', rawProfile.get('upn').asString()); - normalizedProfileData.put('roles', rawProfile.get('roles').asString()); - - //logger.message('Seguin normalizedProfileData: '+normalizedProfileData); - - return normalizedProfileData; -}());" + "script": [ + "/*", + " - Data made available by nodes that have already executed are available in the sharedState variable.", + " - The script should set outcome to either "true" or "false".", + " */", + "outcome = "false";", + "var predictionResult = sharedState.get("predictionResult");", + "var predictionResultString = predictionResult.toString();", + "", + "var is_impossible_travel = 0;", + "var is_credential_stuffing = 0;", + "var is_automated_user_agent = 0;", + "var is_brute_force = 0;", + "var is_suspicious_ip = 0;", + "", + "var signal_count = 0;", + "var position = 0;", + "", + "position = predictionResultString.search("is_impossible_travel=false");", + "if(position<0)", + "{", + " signal_count++;", + " is_impossible_travel=1;", + "}", + "position = predictionResultString.search("is_credential_stuffing=false");", + "if(position<0)", + "{", + " signal_count++;", + " is_credential_stuffing=1;", + "}", + "position = predictionResultString.search("is_automated_user_agent=false");", + "if(position<0)", + "{", + " signal_count++;", + " is_automated_user_agent=1;", + "}", + "position = predictionResultString.search("is_brute_force=false");", + "if(position<0)", + "{", + " signal_count++;", + " is_brute_force=1;", + "}", + "position = predictionResultString.search("is_suspicious_ip=false");", + "if(position<0)", + "{", + " signal_count++;", + " is_suspicious_ip=1;", + "}", + "", + "sharedState.put("debug-signal-count",signal_count);", + "if(signal_count>1)", + "{", + " outcome="true"; ", + "}", + "", + "", + "", + ], + }, + }, +} `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 9`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 5`] = ` { "meta": Any, "script": { @@ -15224,130 +15166,103 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "ADFS Profile Normalization (JS)", - "script": "file://ADFS-Profile-Normalization-(JS).script.js", + "script": [ + "/*", + " * Copyright 2022 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This script returns the social identity profile information for the authenticating user", + " * in a standard form expected by the Social Provider Handler Node.", + " *", + " * Defined variables:", + " * rawProfile - The social identity provider profile information for the authenticating user.", + " * JsonValue (1).", + " * logger - The debug logger instance:", + " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", + " * realm - String (primitive).", + " * The name of the realm the user is authenticating to.", + " * requestHeaders - TreeMap (2).", + " * The object that provides methods for accessing headers in the login request:", + " * https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders.", + " * requestParameters - TreeMap (2).", + " * The object that contains the authentication request parameters.", + " * selectedIdp - String (primitive).", + " * The social identity provider name. For example: google.", + " * sharedState - LinkedHashMap (3).", + " * The object that holds the state of the authentication tree and allows data exchange between the stateless nodes:", + " * https://backstage.forgerock.com/docs/am/7/auth-nodes/core-action.html#accessing-tree-state.", + " * transientState - LinkedHashMap (3).", + " * The object for storing sensitive information that must not leave the server unencrypted,", + " * and that may not need to persist between authentication requests during the authentication session:", + " * https://backstage.forgerock.com/docs/am/7/auth-nodes/core-action.html#accessing-tree-state.", + " *", + " * Return - a JsonValue (1).", + " * The result of the last statement in the script is returned to the server.", + " * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function)", + " * is the last (and only) statement in this script, and its return value will become the script result.", + " * Do not use "return variable" statement outside of a function definition.", + " *", + " * This script's last statement should result in a JsonValue (1) with the following keys:", + " * {", + " * {"displayName": "corresponding-social-identity-provider-value"},", + " * {"email": "corresponding-social-identity-provider-value"},", + " * {"familyName": "corresponding-social-identity-provider-value"},", + " * {"givenName": "corresponding-social-identity-provider-value"},", + " * {"id": "corresponding-social-identity-provider-value"},", + " * {"locale": "corresponding-social-identity-provider-value"},", + " * {"photoUrl": "corresponding-social-identity-provider-value"},", + " * {"username": "corresponding-social-identity-provider-value"}", + " * }", + " *", + " * The consumer of this data defines which keys are required and which are optional.", + " * For example, the script associated with the Social Provider Handler Node and,", + " * ultimately, the managed object created/updated with this data", + " * will expect certain keys to be populated.", + " * In some common default configurations, the following keys are required to be not empty:", + " * username, givenName, familyName, email.", + " *", + " * From RFC4517: A value of the Directory String syntax is a string of one or more", + " * arbitrary characters from the Universal Character Set (UCS).", + " * A zero-length character string is not permitted.", + " *", + " * (1) JsonValue - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/json/JsonValue.html.", + " * (2) TreeMap - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/TreeMap.html.", + " * (3) LinkedHashMap - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", + " */", + "", + "(function () {", + " var frJava = JavaImporter(", + " org.forgerock.json.JsonValue", + " );", + "", + " var normalizedProfileData = frJava.JsonValue.json(frJava.JsonValue.object());", + " ", + " //logger.message('Seguin rawProfile: '+rawProfile);", + "", + " normalizedProfileData.put('id', rawProfile.get('sub').asString());", + " normalizedProfileData.put('displayName', rawProfile.get('givenName').asString() + ' ' + rawProfile.get('sn').asString());", + " normalizedProfileData.put('email', rawProfile.get('mail').asString());", + " normalizedProfileData.put('givenName', rawProfile.get('givenName').asString());", + " normalizedProfileData.put('familyName', rawProfile.get('sn').asString());", + " normalizedProfileData.put('username', rawProfile.get('upn').asString());", + " normalizedProfileData.put('roles', rawProfile.get('roles').asString());", + " ", + " //logger.message('Seguin normalizedProfileData: '+normalizedProfileData);", + "", + " return normalizedProfileData;", + "}());", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 10`] = ` -"logger.warning("APIProtection: Get Key And Secret: start"); - -/* - * BEGIN SCRIPT CONFIGURATION - */ -var KEY_HEADER_NAME = "x-api-key"; -var SECRET_HEADER_NAME = "x-api-secret"; -var USERNAME_HEADER_NAME = "X-OpenAM-Username"; -var PASSWORD_HEADER_NAME = "X-OpenAM-Password"; -/* - * END SCRIPT CONFIGURATION - */ - -outcome = "false"; - -var key = getHeader(KEY_HEADER_NAME) || readValue(KEY_HEADER_NAME) || null; -var secret = getHeader(SECRET_HEADER_NAME) || readTransientValue(SECRET_HEADER_NAME) || null; - -var username = sharedState.get("username") || null; -var password = transientState.get("password") || null; - -if (key && secret) { - logger.warning("APIProtection: Get Key And Secret: key=".concat(key)); - - storeValue(KEY_HEADER_NAME, key); - storeValue("username", username); - sharedState.put("username", key); - - storeTransientValue(SECRET_HEADER_NAME, secret); - storeTransientValue("password", password); - transientState.put("password", secret); - - outcome = "true"; -} - -logger.warning("APIProtection: Get Key And Secret: finish [outcome=".concat(outcome).concat("]")); - -/* - * Returns the value of the requested header - */ -function getHeader(headerName) { - if (requestHeaders.get(headerName) && requestHeaders.get(headerName).get(0)) { - return requestHeaders.get(headerName).get(0).toString(); - } - return null; -} - -/* - * Store value for APIProtection script use - */ -function storeValue(name, value) { - var storage = sharedState.get("APIProtection"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("APIProtection", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -} - -/* - * Read value from storage for APIProtection script use - */ -function readValue(name) { - var storage = sharedState.get("APIProtection"); - if (storage) { - if (storage.get) { - return sharedState.get("APIProtection").get(name); - } - else { - return storage.name; - } - } - return null; -} - -/* - * Store transient value for APIProtection script use - */ -function storeTransientValue(name, value) { - var transientStorage = transientState.get("APIProtection"); - if (transientStorage && value) { - if (transientStorage.put) { - transientStorage.put(name, value); - } - else { - transientStorage[name] = value; - } - } - else if (value) { - transientState.put("APIProtection", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -} - -/* - * Read transient value from storage for APIProtection script use - */ -function readTransientValue(name) { - var transientStorage = transientState.get("APIProtection"); - if (transientStorage) { - if (transientStorage.get) { - return transientState.get("APIProtection").get(name); - } - else { - return transientStorage.name; - } - } - return null; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 11`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 6`] = ` { "meta": Any, "script": { @@ -15362,75 +15277,128 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "APIProtection: Get Key And Secret", - "script": "file://APIProtection:-Get-Key-And-Secret.script.js", + "script": [ + "logger.warning("APIProtection: Get Key And Secret: start");", + "", + "/*", + " * BEGIN SCRIPT CONFIGURATION", + " */", + "var KEY_HEADER_NAME = "x-api-key";", + "var SECRET_HEADER_NAME = "x-api-secret";", + "var USERNAME_HEADER_NAME = "X-OpenAM-Username";", + "var PASSWORD_HEADER_NAME = "X-OpenAM-Password";", + "/*", + " * END SCRIPT CONFIGURATION", + " */", + "", + "outcome = "false";", + "", + "var key = getHeader(KEY_HEADER_NAME) || readValue(KEY_HEADER_NAME) || null;", + "var secret = getHeader(SECRET_HEADER_NAME) || readTransientValue(SECRET_HEADER_NAME) || null;", + "", + "var username = sharedState.get("username") || null;", + "var password = transientState.get("password") || null;", + "", + "if (key && secret) {", + " logger.warning("APIProtection: Get Key And Secret: key=".concat(key));", + " ", + " storeValue(KEY_HEADER_NAME, key);", + " storeValue("username", username);", + " sharedState.put("username", key);", + " ", + " storeTransientValue(SECRET_HEADER_NAME, secret);", + " storeTransientValue("password", password);", + " transientState.put("password", secret);", + " ", + " outcome = "true";", + "}", + "", + "logger.warning("APIProtection: Get Key And Secret: finish [outcome=".concat(outcome).concat("]"));", + "", + "/*", + " * Returns the value of the requested header", + " */", + "function getHeader(headerName) {", + " if (requestHeaders.get(headerName) && requestHeaders.get(headerName).get(0)) {", + " return requestHeaders.get(headerName).get(0).toString();", + " }", + " return null;", + "}", + "", + "/*", + " * Store value for APIProtection script use", + " */", + "function storeValue(name, value) {", + " var storage = sharedState.get("APIProtection");", + " if (storage && value) {", + " if (storage.put) {", + " storage.put(name, value);", + " }", + " else {", + " storage[name] = value;", + " }", + " }", + " else if (value) {", + " sharedState.put("APIProtection", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}"));", + " }", + "}", + "", + "/*", + " * Read value from storage for APIProtection script use", + " */", + "function readValue(name) {", + " var storage = sharedState.get("APIProtection");", + " if (storage) {", + " if (storage.get) {", + " return sharedState.get("APIProtection").get(name);", + " }", + " else {", + " return storage.name;", + " }", + " }", + " return null;", + "}", + "", + "/*", + " * Store transient value for APIProtection script use", + " */", + "function storeTransientValue(name, value) {", + " var transientStorage = transientState.get("APIProtection");", + " if (transientStorage && value) {", + " if (transientStorage.put) {", + " transientStorage.put(name, value);", + " }", + " else {", + " transientStorage[name] = value;", + " }", + " }", + " else if (value) {", + " transientState.put("APIProtection", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}"));", + " }", + "}", + "", + "/*", + " * Read transient value from storage for APIProtection script use", + " */", + "function readTransientValue(name) {", + " var transientStorage = transientState.get("APIProtection");", + " if (transientStorage) {", + " if (transientStorage.get) {", + " return transientState.get("APIProtection").get(name);", + " }", + " else {", + " return transientStorage.name;", + " }", + " }", + " return null;", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 12`] = ` -"logger.warning("APIProtection: Reset States: start"); - -/* - * BEGIN SCRIPT CONFIGURATION - * - * Outcomes: - * - "true" - */ -var KEY_HEADER_NAME = "x-api-key"; -var SECRET_HEADER_NAME = "x-api-secret"; -/* - * END SCRIPT CONFIGURATION - */ - -outcome = "true"; - -if (sharedState.get("username") == readValue(KEY_HEADER_NAME)) { - logger.warning("APIProtection: Reset States: resetting username to:".concat(readValue("username"))); - sharedState.put("username", readValue("username")); -} - -if (transientState.get("password") == readTransientValue(SECRET_HEADER_NAME)) { - logger.warning("APIProtection: Reset States: resetting password"); - transientState.put("password", readTransientValue("password")); -} - -logger.warning("APIProtection: Reset States: finish [outcome=".concat(outcome).concat("]")); - -/* - * Read value from storage for APIProtection script use - */ -function readValue(name) { - var storage = sharedState.get("APIProtection"); - if (storage) { - if (storage.get) { - return sharedState.get("APIProtection").get(name); - } - else { - return storage.name; - } - } - return null; -} - -/* - * Read transient value from storage for APIProtection script use - */ -function readTransientValue(name) { - var transientStorage = transientState.get("APIProtection"); - if (transientStorage) { - if (transientStorage.get) { - return transientState.get("APIProtection").get(name); - } - else { - return transientStorage.name; - } - } - return null; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 13`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 7`] = ` { "meta": Any, "script": { @@ -15445,44 +15413,73 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "APIProtection: Reset States", - "script": "file://APIProtection:-Reset-States.script.js", + "script": [ + "logger.warning("APIProtection: Reset States: start");", + "", + "/*", + " * BEGIN SCRIPT CONFIGURATION", + " *", + " * Outcomes:", + " * - "true"", + " */", + "var KEY_HEADER_NAME = "x-api-key";", + "var SECRET_HEADER_NAME = "x-api-secret";", + "/*", + " * END SCRIPT CONFIGURATION", + " */", + "", + "outcome = "true";", + "", + "if (sharedState.get("username") == readValue(KEY_HEADER_NAME)) {", + " logger.warning("APIProtection: Reset States: resetting username to:".concat(readValue("username")));", + " sharedState.put("username", readValue("username"));", + "}", + "", + "if (transientState.get("password") == readTransientValue(SECRET_HEADER_NAME)) {", + " logger.warning("APIProtection: Reset States: resetting password");", + " transientState.put("password", readTransientValue("password"));", + "}", + "", + "logger.warning("APIProtection: Reset States: finish [outcome=".concat(outcome).concat("]"));", + "", + "/*", + " * Read value from storage for APIProtection script use", + " */", + "function readValue(name) {", + " var storage = sharedState.get("APIProtection");", + " if (storage) {", + " if (storage.get) {", + " return sharedState.get("APIProtection").get(name);", + " }", + " else {", + " return storage.name;", + " }", + " }", + " return null;", + "}", + "", + "/*", + " * Read transient value from storage for APIProtection script use", + " */", + "function readTransientValue(name) {", + " var transientStorage = transientState.get("APIProtection");", + " if (transientStorage) {", + " if (transientStorage.get) {", + " return transientState.get("APIProtection").get(name);", + " }", + " else {", + " return transientStorage.name;", + " }", + " }", + " return null;", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 14`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -var fr = new JavaImporter( - java.util.HashMap -); - -with (fr) { - try { - - if (sharedState.get('username').toLowerCase() == 'amadmin') { - outcome = 'True'; - } else { - outcome = 'False'; - } - - } catch (e) { - - logger.error('Failed to determine if user is amadmin: {}', e); - outcome = 'Error'; - - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 15`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 8`] = ` { "meta": Any, "script": { @@ -15497,44 +15494,42 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_AmadminCheck", - "script": "file://Admin_AmadminCheck.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "var fr = new JavaImporter(", + " java.util.HashMap", + ");", + "", + "with (fr) {", + " try {", + " ", + " if (sharedState.get('username').toLowerCase() == 'amadmin') {", + " outcome = 'True';", + " } else {", + " outcome = 'False';", + " }", + " ", + " } catch (e) {", + "", + " logger.error('Failed to determine if user is amadmin: {}', e);", + " outcome = 'Error';", + "", + " }", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 16`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* -This is the second part of a workaround began in Admin_AttributeCollectionWorkaround. -*/ - -var objAttrs = sharedState.get('objectAttributes') || new HashMap(); - -if (objAttrs.containsKey('groups')) { - var groups = objAttrs.get('groups'); - if (groups.length == 1 && groups[0] == 'fake') { - objAttrs.remove('groups'); - } -} - -if (objAttrs.containsKey('inviteDate') && objAttrs.get('inviteDate') == 'fake') { - objAttrs.remove('inviteDate'); -} - -sharedState.put('objectAttributes', objAttrs); - -outcome = 'True';" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 17`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 9`] = ` { "meta": Any, "script": { @@ -15549,68 +15544,42 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_AttributeCollectionWorkaroundCleanup", - "script": "file://Admin_AttributeCollectionWorkaroundCleanup.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + "This is the second part of a workaround began in Admin_AttributeCollectionWorkaround.", + "*/", + "", + "var objAttrs = sharedState.get('objectAttributes') || new HashMap();", + "", + "if (objAttrs.containsKey('groups')) {", + " var groups = objAttrs.get('groups');", + " if (groups.length == 1 && groups[0] == 'fake') {", + " objAttrs.remove('groups');", + " }", + "}", + "", + "if (objAttrs.containsKey('inviteDate') && objAttrs.get('inviteDate') == 'fake') {", + " objAttrs.remove('inviteDate');", + "}", + "", + "sharedState.put('objectAttributes', objAttrs);", + "", + "outcome = 'True';", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 18`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -(function() { - var fr = new JavaImporter( - org.forgerock.openam.auth.nodes, - org.forgerock.guice.core - ); - - with (fr) { - try { - - outcome = 'False'; - - var realm = sharedState.get('realm'); - var uuid = sharedState.get('username'); - var identityProvider = InjectorHolder.getInstance(IdentityProvider); - var identity = identityProvider.getIdentity(uuid, realm); - var attrs = identity.getAttributes(); - - if (!attrs.containsKey('fr-idm-inviteDate')) { - logger.message('Admin cannot be invited: no invite date'); - return; - } - - if (attrs.containsKey('fr-idm-onboardDate')) { - logger.message('Admin cannot be invited: already onboarded'); - return; - } - - var email = attrs.get('mail').iterator().next(); - var objAttrs = { - mail: email, - userName: email, - }; - sharedState.put('objectAttributes', objAttrs); - - logger.message('Admin can be invited'); - outcome = 'True'; - - } catch (e) { - - logger.error('Failed to determine if admin can be invited: {}', e); - - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 19`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 10`] = ` { "meta": Any, "script": { @@ -15625,22 +15594,66 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_CanBeInvited", - "script": "file://Admin_CanBeInvited.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "(function() {", + " var fr = new JavaImporter(", + " org.forgerock.openam.auth.nodes,", + " org.forgerock.guice.core", + " );", + "", + " with (fr) {", + " try {", + "", + " outcome = 'False';", + "", + " var realm = sharedState.get('realm');", + " var uuid = sharedState.get('username');", + " var identityProvider = InjectorHolder.getInstance(IdentityProvider);", + " var identity = identityProvider.getIdentity(uuid, realm);", + " var attrs = identity.getAttributes();", + "", + " if (!attrs.containsKey('fr-idm-inviteDate')) {", + " logger.message('Admin cannot be invited: no invite date');", + " return;", + " }", + "", + " if (attrs.containsKey('fr-idm-onboardDate')) {", + " logger.message('Admin cannot be invited: already onboarded');", + " return;", + " }", + "", + " var email = attrs.get('mail').iterator().next();", + " var objAttrs = {", + " mail: email,", + " userName: email,", + " };", + " sharedState.put('objectAttributes', objAttrs);", + "", + " logger.message('Admin can be invited');", + " outcome = 'True';", + "", + " } catch (e) {", + "", + " logger.error('Failed to determine if admin can be invited: {}', e);", + "", + " }", + " }", + "}());", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 20`] = ` -"if (sharedState.containsKey('objectAttributes')) { - sharedState.get('objectAttributes').remove('currentYear'); -} - -outcome = 'True'; -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 21`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 11`] = ` { "meta": Any, "script": { @@ -15655,53 +15668,20 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_ClearCurrentYear", - "script": "file://Admin_ClearCurrentYear.script.js", + "script": [ + "if (sharedState.containsKey('objectAttributes')) {", + " sharedState.get('objectAttributes').remove('currentYear');", + "}", + "", + "outcome = 'True';", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 22`] = ` -"var fr = JavaImporter( - org.forgerock.json.JsonValue, - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback, - java.util.HashMap -); - -with (fr) { - try { - - if (callbacks.isEmpty()) { - - action = Action.send(new NameCallback('Username or email address')).build(); - - } else { - - // If a value is provided, store it as username and an object attribute - var callback = callbacks.iterator().next(); - var name = callback.getName().trim(); - if (name) { - var objAttrs = sharedState.get('objectAttributes') || new HashMap(); - objAttrs.put('mail', name); - sharedState.put('username', name); - sharedState.put('objectAttributes', objAttrs); - - action = Action.goTo('Collected').build(); - } - - } - - } catch (e) { - - logger.error('Admin_CollectUsernameOrEmail: {}', e); - action = Action.goTo('Error').build(); - - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 23`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 12`] = ` { "meta": Any, "script": { @@ -15716,27 +15696,51 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_CollectUsernameOrEmail", - "script": "file://Admin_CollectUsernameOrEmail.script.js", + "script": [ + "var fr = JavaImporter(", + " org.forgerock.json.JsonValue,", + " org.forgerock.openam.auth.node.api.Action,", + " javax.security.auth.callback.NameCallback,", + " java.util.HashMap", + ");", + "", + "with (fr) {", + " try {", + " ", + " if (callbacks.isEmpty()) {", + " ", + " action = Action.send(new NameCallback('Username or email address')).build();", + " ", + " } else {", + "", + " // If a value is provided, store it as username and an object attribute", + " var callback = callbacks.iterator().next();", + " var name = callback.getName().trim();", + " if (name) {", + " var objAttrs = sharedState.get('objectAttributes') || new HashMap();", + " objAttrs.put('mail', name);", + " sharedState.put('username', name);", + " sharedState.put('objectAttributes', objAttrs);", + "", + " action = Action.goTo('Collected').build();", + " }", + " ", + " }", + " ", + " } catch (e) {", + " ", + " logger.error('Admin_CollectUsernameOrEmail: {}', e);", + " action = Action.goTo('Error').build();", + " ", + " }", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 24`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -nodeState.putShared('checkEmailClaim', true); - -outcome = 'True';" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 25`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 13`] = ` { "meta": Any, "script": { @@ -15751,48 +15755,25 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_EnableEmailClaimCheck", - "script": "file://Admin_EnableEmailClaimCheck.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "nodeState.putShared('checkEmailClaim', true);", + "", + "outcome = 'True';", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 26`] = ` -"var fr = new JavaImporter( - org.forgerock.openam.auth.nodes, - org.forgerock.guice.core, - java.util.HashMap -); - -// This confirms the Identify Existing User node was able to find the -// admin, otherwise we remove the mail attribute so no email can be sent -with (fr) { - try { - - var objAttrs = sharedState.get('objectAttributes') || new HashMap(); - var username = objAttrs.get('userName'); - outcome = username ? 'Valid' : 'Invalid'; - if (username) { - outcome = 'Valid'; - } else { - objAttrs.remove('mail'); - sharedState.put('objectAttributes', objAttrs); - outcome = 'Invalid'; - } - - logger.message('Admin_ForgotUsernameMailCheck: ' + outcome); - - } catch (e) { - - logger.error('Admin_ForgotUsernameMailCheck: Failed to determine mail validity'); - logger.error(e); - outcome = 'Error'; - - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 27`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 14`] = ` { "meta": Any, "script": { @@ -15807,138 +15788,46 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_ForgotUsernameMailCheck", - "script": "file://Admin_ForgotUsernameMailCheck.script.js", + "script": [ + "var fr = new JavaImporter(", + " org.forgerock.openam.auth.nodes,", + " org.forgerock.guice.core,", + " java.util.HashMap", + ");", + "", + "// This confirms the Identify Existing User node was able to find the", + "// admin, otherwise we remove the mail attribute so no email can be sent", + "with (fr) {", + " try {", + "", + " var objAttrs = sharedState.get('objectAttributes') || new HashMap();", + " var username = objAttrs.get('userName');", + " outcome = username ? 'Valid' : 'Invalid';", + " if (username) {", + " outcome = 'Valid';", + " } else {", + " objAttrs.remove('mail');", + " sharedState.put('objectAttributes', objAttrs);", + " outcome = 'Invalid';", + " }", + "", + " logger.message('Admin_ForgotUsernameMailCheck: ' + outcome);", + "", + " } catch (e) {", + "", + " logger.error('Admin_ForgotUsernameMailCheck: Failed to determine mail validity');", + " logger.error(e);", + " outcome = 'Error';", + "", + " }", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 28`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script is used to retrieve optional custom IdP configuration from IDM as an admin - * completes a login journey. This needs to happen after an IdP has been selected so that - * the \`selectedIdp\` exists in shared state. The result will be stored in a shared state - * key of \`idpCustomConfig\`. The value will be \`null\` if no config was found in IDM. - */ - -var AM_INTERNAL_URL = 'http://am.fr-platform:80/am'; -var IDM_INTERNAL_URL = 'http://idm.fr-platform:80/openidm'; -var RSFILTER_PROVISIONING_CLIENT_ID = 'idm-provisioning'; -var RSFILTER_PROVISIONING_SECRET = 'DKNK5K2m5Q98tBTt0yei'; - -var SHARED_STATE_KEY = 'idpCustomConfig'; -var TXN_ID_HEADER = 'x-forgerock-transactionid'; - -// Helper for returning the request transaction ID -function getTransId() { - var transIds = requestHeaders.get(TXN_ID_HEADER); - if (transIds) { - return java.lang.String(transIds.get(0)); - } - return null; -} - -// Retrieves an access token using a client credentials grant -function getAccessToken(txnId, clientId, clientSecret, scope) { - var fr = JavaImporter( - java.lang.String, - org.forgerock.http.protocol.Request, - org.forgerock.http.protocol.Response, - org.forgerock.util.encode.Base64 - ); - - var basicAuthCreds = fr.Base64.encode(new fr.String(clientId + ':' + clientSecret).getBytes('UTF-8')); - - var request = new fr.Request(); - request.getHeaders().add('authorization', 'Basic ' + basicAuthCreds); - request.getHeaders().add('content-type', 'application/x-www-form-urlencoded'); - if (txnId) { - request.getHeaders().add(TXN_ID_HEADER, txnId); - } - request - .setEntity('grant_type=client_credentials&scope=' + scope) - .setMethod('POST') - .setUri(AM_INTERNAL_URL + '/oauth2/access_token'); - - var response = httpClient.send(request).getOrThrow(); - if (response.getStatus() === org.forgerock.http.protocol.Status.OK) { - var result = JSON.parse(response.getEntity().getString()); - logger.message('got access token for client {}', clientId); - return result.access_token; - } - - logger.error('failed to get access token for client {}; received status {}', clientId, response.getStatus()); - throw 'failed to get access token'; -} - -// Retrieves the IdP custom configuration from IDM -function getConfigFromIDM(txnId, accessToken, idp) { - var fr = JavaImporter( - org.forgerock.http.protocol.Request, - org.forgerock.http.protocol.Response, - org.forgerock.json.JsonValue, - org.forgerock.openam.placeholder.substitution.PlaceholderSubstitution, - org.forgerock.guice.core.InjectorHolder - ); - - var request = new fr.Request(); - request.getHeaders().add('authorization', 'Bearer ' + accessToken); - if (txnId) { - request.getHeaders().add(TXN_ID_HEADER, txnId); - } - request - .setMethod('GET') - .setUri(IDM_INTERNAL_URL + '/config/fidc/federation-' + idp); - - var response = httpClient.send(request).getOrThrow(); - if (response.getStatus() === org.forgerock.http.protocol.Status.OK) { - var rawConfig = JSON.parse(response.getEntity().getString()); - var placeholder = fr.InjectorHolder.getInstance(fr.PlaceholderSubstitution); - var finalConfig = JSON.parse(placeholder.substitute(fr.JsonValue.json(rawConfig))); - return finalConfig; - } else if (response.getStatus() === org.forgerock.http.protocol.Status.NOT_FOUND) { - return null; - } - - logger.error('failed to get groups claim config for IdP {}; received status {}', idp, response.getStatus()); - throw 'failed to get groups claim config'; -} - -(function () { - try { - var idp = nodeState.get('selectedIdp'); - if (!idp.isString()) { - throw 'selectedIdp not found in shared state'; - } - - var txnId = getTransId(); - var accessToken = getAccessToken(txnId, RSFILTER_PROVISIONING_CLIENT_ID, RSFILTER_PROVISIONING_SECRET, 'fr:idm:*'); - - var config = getConfigFromIDM(txnId, accessToken, idp.asString()) - if (config) { - nodeState.putShared(SHARED_STATE_KEY, config); - logger.message('found groups claim config for IdP {}', idp.asString()); - } else { - logger.message('no groups claim config found for IdP {}', idp.asString()); - } - - outcome = 'Success'; - } catch (e) { - logger.error('failed to get federation config from IDM: {}', e); - outcome = 'Error'; - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 29`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 15`] = ` { "meta": Any, "script": { @@ -15953,54 +15842,136 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_GetIdPGroupsClaimConfig", - "script": "file://Admin_GetIdPGroupsClaimConfig.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This script is used to retrieve optional custom IdP configuration from IDM as an admin", + " * completes a login journey. This needs to happen after an IdP has been selected so that", + " * the \`selectedIdp\` exists in shared state. The result will be stored in a shared state", + " * key of \`idpCustomConfig\`. The value will be \`null\` if no config was found in IDM.", + " */", + "", + "var AM_INTERNAL_URL = 'http://am.fr-platform:80/am';", + "var IDM_INTERNAL_URL = 'http://idm.fr-platform:80/openidm';", + "var RSFILTER_PROVISIONING_CLIENT_ID = 'idm-provisioning';", + "var RSFILTER_PROVISIONING_SECRET = 'DKNK5K2m5Q98tBTt0yei';", + "", + "var SHARED_STATE_KEY = 'idpCustomConfig';", + "var TXN_ID_HEADER = 'x-forgerock-transactionid';", + "", + "// Helper for returning the request transaction ID", + "function getTransId() {", + " var transIds = requestHeaders.get(TXN_ID_HEADER);", + " if (transIds) {", + " return java.lang.String(transIds.get(0));", + " }", + " return null;", + "}", + "", + "// Retrieves an access token using a client credentials grant", + "function getAccessToken(txnId, clientId, clientSecret, scope) {", + " var fr = JavaImporter(", + " java.lang.String,", + " org.forgerock.http.protocol.Request,", + " org.forgerock.http.protocol.Response,", + " org.forgerock.util.encode.Base64", + " );", + "", + " var basicAuthCreds = fr.Base64.encode(new fr.String(clientId + ':' + clientSecret).getBytes('UTF-8'));", + "", + " var request = new fr.Request();", + " request.getHeaders().add('authorization', 'Basic ' + basicAuthCreds);", + " request.getHeaders().add('content-type', 'application/x-www-form-urlencoded');", + " if (txnId) {", + " request.getHeaders().add(TXN_ID_HEADER, txnId);", + " }", + " request", + " .setEntity('grant_type=client_credentials&scope=' + scope)", + " .setMethod('POST')", + " .setUri(AM_INTERNAL_URL + '/oauth2/access_token');", + "", + " var response = httpClient.send(request).getOrThrow();", + " if (response.getStatus() === org.forgerock.http.protocol.Status.OK) {", + " var result = JSON.parse(response.getEntity().getString());", + " logger.message('got access token for client {}', clientId);", + " return result.access_token;", + " }", + " ", + " logger.error('failed to get access token for client {}; received status {}', clientId, response.getStatus());", + " throw 'failed to get access token';", + "}", + "", + "// Retrieves the IdP custom configuration from IDM", + "function getConfigFromIDM(txnId, accessToken, idp) {", + " var fr = JavaImporter(", + " org.forgerock.http.protocol.Request,", + " org.forgerock.http.protocol.Response,", + " org.forgerock.json.JsonValue,", + " org.forgerock.openam.placeholder.substitution.PlaceholderSubstitution,", + " org.forgerock.guice.core.InjectorHolder", + " );", + "", + " var request = new fr.Request();", + " request.getHeaders().add('authorization', 'Bearer ' + accessToken);", + " if (txnId) {", + " request.getHeaders().add(TXN_ID_HEADER, txnId);", + " }", + " request", + " .setMethod('GET')", + " .setUri(IDM_INTERNAL_URL + '/config/fidc/federation-' + idp);", + "", + " var response = httpClient.send(request).getOrThrow();", + " if (response.getStatus() === org.forgerock.http.protocol.Status.OK) {", + " var rawConfig = JSON.parse(response.getEntity().getString());", + " var placeholder = fr.InjectorHolder.getInstance(fr.PlaceholderSubstitution);", + " var finalConfig = JSON.parse(placeholder.substitute(fr.JsonValue.json(rawConfig)));", + " return finalConfig;", + " } else if (response.getStatus() === org.forgerock.http.protocol.Status.NOT_FOUND) {", + " return null;", + " }", + " ", + " logger.error('failed to get groups claim config for IdP {}; received status {}', idp, response.getStatus());", + " throw 'failed to get groups claim config';", + "}", + "", + "(function () {", + " try {", + " var idp = nodeState.get('selectedIdp');", + " if (!idp.isString()) {", + " throw 'selectedIdp not found in shared state';", + " }", + "", + " var txnId = getTransId();", + " var accessToken = getAccessToken(txnId, RSFILTER_PROVISIONING_CLIENT_ID, RSFILTER_PROVISIONING_SECRET, 'fr:idm:*');", + "", + " var config = getConfigFromIDM(txnId, accessToken, idp.asString())", + " if (config) {", + " nodeState.putShared(SHARED_STATE_KEY, config);", + " logger.message('found groups claim config for IdP {}', idp.asString());", + " } else {", + " logger.message('no groups claim config found for IdP {}', idp.asString());", + " }", + " ", + " outcome = 'Success';", + " } catch (e) {", + " logger.error('failed to get federation config from IDM: {}', e);", + " outcome = 'Error';", + " }", + "}());", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 30`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -(function() { - var fr = new JavaImporter( - org.forgerock.openam.auth.nodes, - org.forgerock.guice.core - ); - - with (fr) { - try { - - outcome = 'False'; - - var realm = sharedState.get('realm'); - var uuid = sharedState.get('_id'); - var identityProvider = InjectorHolder.getInstance(IdentityProvider); - var identity = identityProvider.getIdentity(uuid, realm); - var attrs = identity.getAttributes(); - - if (attrs.containsKey('fr-idm-onboardDate')) { - logger.message('Admin has onboard date'); - outcome = 'True'; - } - - } catch (e) { - - logger.error('Failed to determine if admin has onboarded: {}', e); - outcome = 'Error'; - - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 31`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 16`] = ` { "meta": Any, "script": { @@ -16015,136 +15986,52 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_HasOnboarded", - "script": "file://Admin_HasOnboarded.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "(function() {", + " var fr = new JavaImporter(", + " org.forgerock.openam.auth.nodes,", + " org.forgerock.guice.core", + " );", + "", + " with (fr) {", + " try {", + "", + " outcome = 'False';", + "", + " var realm = sharedState.get('realm');", + " var uuid = sharedState.get('_id');", + " var identityProvider = InjectorHolder.getInstance(IdentityProvider);", + " var identity = identityProvider.getIdentity(uuid, realm);", + " var attrs = identity.getAttributes();", + "", + " if (attrs.containsKey('fr-idm-onboardDate')) {", + " logger.message('Admin has onboard date');", + " outcome = 'True';", + " }", + "", + " } catch (e) {", + "", + " logger.error('Failed to determine if admin has onboarded: {}', e);", + " outcome = 'Error';", + "", + " }", + " }", + "}());", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 32`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script maps token claim values to managed object attributes. It uses a "claim map" that defines - * several common claim names for a given attribute so that this same script can be used for all IdPs. - * For example, the attribute \`familyName\` can be populated from claims \`familyName\`, \`family_name\`, or \`sn\`. - * - * Also, if custom IdP config exists in shared state and defines IdP-to-IDC group membership mappings, - * those will be applied/enforced by this script. - */ - -var SHARED_STATE_KEY = 'idpCustomConfig'; - -// Helper to avoid strict comparison of string objects -function containsGroup(jsArray, javaString) { - for (var i = 0; i < jsArray.length; i++) { - if (jsArray[i] == javaString) { - return true; - } - } - return false; -} - -(function () { - var fr = JavaImporter( - java.lang.String, - java.util.ArrayList, - org.forgerock.json.JsonValue - ); - - var normalizedProfileData = fr.JsonValue.json(fr.JsonValue.object()); - var idpConfig = sharedState.get(SHARED_STATE_KEY); - - // If we have config that defines a groups claim map for this IdP, ensure the claim value matches one that's in the map - if (idpConfig && idpConfig.groups) { - - logger.message('enforcing groups claim config'); - - // Get the groups claim from the IdP profile - var groupsClaim = rawProfile.get(idpConfig.groups.claim); - if (groupsClaim.isNull()) { - logger.error('groups claim map was enabled for "{}", but claim "{}" was not found in the raw profile', selectedIdp, idpConfig.groups.claim); - throw 'Required groups claim is missing from raw profile'; - } - - logger.message('received group claim value {}', groupsClaim); - - // Validate the claim type and convert strings to single-value collection - var groupsClaimList; - if (groupsClaim.isCollection()) { - groupsClaimList = groupsClaim; - } else if (groupsClaim.isString()) { - groupsClaimList = new fr.ArrayList(); - groupsClaimList.add(groupsClaim); - } else { - throw 'Groups claim was not a string or collection'; - } - - // Assert the claim contains at least one group - var groupsClaimLen = groupsClaimList.size(); - if (groupsClaimLen < 1) { - throw 'An empty groups claim was found in raw profile'; - } - - // Loop through each IDC group name in the map. If the raw profile groups claim contains - // a value that matches the map for that IDC group, add that IDC group to the list for this admin. - var groups = []; - for (var idcGroupName in idpConfig.groups.mappings) { - for (var i = 0; i < groupsClaimLen; i++) { - var claimGroupId = groupsClaimList.get(i).asString(); - - logger.message('checking if mapping for IDC group "{}" contains claim value "{}"', idcGroupName, claimGroupId); - - if (containsGroup(idpConfig.groups.mappings[idcGroupName], claimGroupId)) { - groups.push(idcGroupName); - } - } - } - - // Assert at least one group was mapped to the claim - if (groups.length == 0) { - logger.error('groups claim map was enabled for "{}", but the value of claim "{}" did not match a group mapping', selectedIdp, idpConfig.groups.claim); - throw 'Raw profile groups claim value does not match a configured mapping'; - } - - normalizedProfileData.put('groups', groups); - sharedState.put('groups', groups); - } else { - logger.message('no enabled groups claim config to enforce'); - } - - // Maps normalized profile keys to the possible raw profile keys that values can come from - var claimMap = { - email: ['email', 'mail'], - familyName: ['familyName', 'family_name', 'sn'], - givenName: ['givenName', 'given_name'] - }; - - // Try to populate each normalized profile property - var keys = Object.keys(claimMap); - for (var i = 0; i < keys.length; i++) { - var normalizedProp = keys[i]; - // Try each mapped raw profile key until a value is found - for (var j = 0; j < claimMap[normalizedProp].length; j++) { - var rawProp = claimMap[normalizedProp][j]; - if (!rawProfile.get(rawProp).isNull()) { - normalizedProfileData.put(normalizedProp, rawProfile.get(rawProp)); - break; - } - } - } - - return normalizedProfileData; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 33`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 17`] = ` { "meta": Any, "script": { @@ -16159,66 +16046,137 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_IdPNormalization", - "script": "file://Admin_IdPNormalization.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 34`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -var fr = new JavaImporter( - org.forgerock.openam.auth.nodes, - org.forgerock.guice.core -); - -with (fr) { - var enforcement = 'none'; - - function isSuperAdmin() { - var uuid = sharedState.get('_id'); - var realm = sharedState.get('realm'); - var identityProvider = InjectorHolder.getInstance(IdentityProvider); - var identity = identityProvider.getIdentity(uuid, realm); - var groups = identity.getAttribute('fr-attr-group').toArray(); - for (var i = 0; i < groups.length; i++) { - if (groups[i] == 'super-admins') { - return true; - } - } - return false; - } - - try { - switch (enforcement) { - case 'none': - outcome = 'False'; - break; - case 'all': - outcome = 'True'; - break; - default: - outcome = isSuperAdmin() ? 'False' : 'True'; - break; - } - } catch (e) { - logger.error('Failed to determine if federation is enforced for user: {}', e); - outcome = 'Error'; - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 35`] = ` -{ - "meta": Any, - "script": { + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This script maps token claim values to managed object attributes. It uses a "claim map" that defines", + " * several common claim names for a given attribute so that this same script can be used for all IdPs.", + " * For example, the attribute \`familyName\` can be populated from claims \`familyName\`, \`family_name\`, or \`sn\`.", + " * ", + " * Also, if custom IdP config exists in shared state and defines IdP-to-IDC group membership mappings,", + " * those will be applied/enforced by this script. ", + " */", + "", + "var SHARED_STATE_KEY = 'idpCustomConfig';", + "", + "// Helper to avoid strict comparison of string objects", + "function containsGroup(jsArray, javaString) {", + " for (var i = 0; i < jsArray.length; i++) {", + " if (jsArray[i] == javaString) {", + " return true;", + " }", + " }", + " return false;", + "}", + "", + "(function () {", + " var fr = JavaImporter(", + " java.lang.String,", + " java.util.ArrayList,", + " org.forgerock.json.JsonValue", + " );", + " ", + " var normalizedProfileData = fr.JsonValue.json(fr.JsonValue.object());", + " var idpConfig = sharedState.get(SHARED_STATE_KEY);", + "", + " // If we have config that defines a groups claim map for this IdP, ensure the claim value matches one that's in the map", + " if (idpConfig && idpConfig.groups) {", + "", + " logger.message('enforcing groups claim config');", + "", + " // Get the groups claim from the IdP profile", + " var groupsClaim = rawProfile.get(idpConfig.groups.claim);", + " if (groupsClaim.isNull()) {", + " logger.error('groups claim map was enabled for "{}", but claim "{}" was not found in the raw profile', selectedIdp, idpConfig.groups.claim);", + " throw 'Required groups claim is missing from raw profile';", + " }", + "", + " logger.message('received group claim value {}', groupsClaim);", + "", + " // Validate the claim type and convert strings to single-value collection", + " var groupsClaimList;", + " if (groupsClaim.isCollection()) {", + " groupsClaimList = groupsClaim;", + " } else if (groupsClaim.isString()) {", + " groupsClaimList = new fr.ArrayList();", + " groupsClaimList.add(groupsClaim);", + " } else {", + " throw 'Groups claim was not a string or collection';", + " }", + " ", + " // Assert the claim contains at least one group", + " var groupsClaimLen = groupsClaimList.size();", + " if (groupsClaimLen < 1) {", + " throw 'An empty groups claim was found in raw profile';", + " }", + "", + " // Loop through each IDC group name in the map. If the raw profile groups claim contains", + " // a value that matches the map for that IDC group, add that IDC group to the list for this admin.", + " var groups = [];", + " for (var idcGroupName in idpConfig.groups.mappings) {", + " for (var i = 0; i < groupsClaimLen; i++) {", + " var claimGroupId = groupsClaimList.get(i).asString();", + "", + " logger.message('checking if mapping for IDC group "{}" contains claim value "{}"', idcGroupName, claimGroupId);", + "", + " if (containsGroup(idpConfig.groups.mappings[idcGroupName], claimGroupId)) {", + " groups.push(idcGroupName);", + " }", + " }", + " }", + "", + " // Assert at least one group was mapped to the claim", + " if (groups.length == 0) {", + " logger.error('groups claim map was enabled for "{}", but the value of claim "{}" did not match a group mapping', selectedIdp, idpConfig.groups.claim);", + " throw 'Raw profile groups claim value does not match a configured mapping';", + " }", + "", + " normalizedProfileData.put('groups', groups);", + " sharedState.put('groups', groups);", + " } else {", + " logger.message('no enabled groups claim config to enforce');", + " }", + "", + " // Maps normalized profile keys to the possible raw profile keys that values can come from", + " var claimMap = {", + " email: ['email', 'mail'],", + " familyName: ['familyName', 'family_name', 'sn'],", + " givenName: ['givenName', 'given_name']", + " };", + "", + " // Try to populate each normalized profile property", + " var keys = Object.keys(claimMap);", + " for (var i = 0; i < keys.length; i++) {", + " var normalizedProp = keys[i];", + " // Try each mapped raw profile key until a value is found", + " for (var j = 0; j < claimMap[normalizedProp].length; j++) {", + " var rawProp = claimMap[normalizedProp][j];", + " if (!rawProfile.get(rawProp).isNull()) {", + " normalizedProfileData.put(normalizedProp, rawProfile.get(rawProp));", + " break;", + " }", + " }", + " }", + "", + " return normalizedProfileData;", + "}());", + ], + }, + }, +} +`; + +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 18`] = ` +{ + "meta": Any, + "script": { "1e8175a2-6114-415f-9b72-9fe15bdf3661": { "_id": "1e8175a2-6114-415f-9b72-9fe15bdf3661", "context": "AUTHENTICATION_TREE_DECISION_NODE", @@ -16230,29 +16188,61 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_IsFederationEnforcedForUser", - "script": "file://Admin_IsFederationEnforcedForUser.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "var fr = new JavaImporter(", + " org.forgerock.openam.auth.nodes,", + " org.forgerock.guice.core", + ");", + "", + "with (fr) {", + " var enforcement = 'none';", + "", + " function isSuperAdmin() {", + " var uuid = sharedState.get('_id');", + " var realm = sharedState.get('realm');", + " var identityProvider = InjectorHolder.getInstance(IdentityProvider);", + " var identity = identityProvider.getIdentity(uuid, realm);", + " var groups = identity.getAttribute('fr-attr-group').toArray();", + " for (var i = 0; i < groups.length; i++) {", + " if (groups[i] == 'super-admins') {", + " return true;", + " }", + " }", + " return false;", + " }", + "", + " try {", + " switch (enforcement) {", + " case 'none':", + " outcome = 'False';", + " break;", + " case 'all':", + " outcome = 'True';", + " break;", + " default:", + " outcome = isSuperAdmin() ? 'False' : 'True';", + " break;", + " }", + " } catch (e) {", + " logger.error('Failed to determine if federation is enforced for user: {}', e);", + " outcome = 'Error';", + " }", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 36`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -if (sharedState.get('invited') == true) { - outcome = 'True'; -} else { - outcome = 'False'; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 37`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 19`] = ` { "meta": Any, "script": { @@ -16267,76 +16257,27 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_IsInvited", - "script": "file://Admin_IsInvited.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "if (sharedState.get('invited') == true) {", + " outcome = 'True';", + "} else {", + " outcome = 'False';", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 38`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This is a utility script to simplify access to admin identity properties. It - * requires that \`sharedState._id\` be populated, which can be loaded using an - * Identify Existing User node. - */ - -function val(attrs, name) { - if (attrs.containsKey(name)) { - return attrs.get(name).iterator().next(); - } - return ''; -} - -(function() { - var fr = new JavaImporter( - org.forgerock.openam.auth.nodes, - org.forgerock.guice.core - ); - - with (fr) { - try { - - outcome = 'False'; - - if (!sharedState.containsKey('_id')) { - throw 'Required sharedState property _id is missing'; - } - - var realm = sharedState.get('realm'); - var uuid = sharedState.get('_id'); - - var identityProvider = InjectorHolder.getInstance(IdentityProvider); - var identity = identityProvider.getIdentity(uuid, realm); - var attrs = identity.getAttributes(); - - sharedState.put('adminObject', { - givenName: val(attrs, 'givenName'), - sn: val(attrs, 'sn'), - mail: val(attrs, 'mail'), - inviteDate: val(attrs, 'fr-idm-inviteDate'), - onboardDate: val(attrs, 'fr-idm-onboardDate') - }); - - logger.message('Loaded admin object for id: {}', uuid); - - outcome = 'True'; - - } catch (e) { - logger.error('Failed to load admin object: {}', e); - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 39`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 20`] = ` { "meta": Any, "script": { @@ -16351,43 +16292,74 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_LoadObjectByID", - "script": "file://Admin_LoadObjectByID.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This is a utility script to simplify access to admin identity properties. It", + " * requires that \`sharedState._id\` be populated, which can be loaded using an", + " * Identify Existing User node.", + " */", + "", + "function val(attrs, name) {", + " if (attrs.containsKey(name)) {", + " return attrs.get(name).iterator().next();", + " }", + " return '';", + "}", + "", + "(function() {", + " var fr = new JavaImporter(", + " org.forgerock.openam.auth.nodes,", + " org.forgerock.guice.core", + " );", + "", + " with (fr) {", + " try {", + "", + " outcome = 'False';", + "", + " if (!sharedState.containsKey('_id')) {", + " throw 'Required sharedState property _id is missing';", + " } ", + " ", + " var realm = sharedState.get('realm');", + " var uuid = sharedState.get('_id');", + " ", + " var identityProvider = InjectorHolder.getInstance(IdentityProvider);", + " var identity = identityProvider.getIdentity(uuid, realm);", + " var attrs = identity.getAttributes();", + " ", + " sharedState.put('adminObject', {", + " givenName: val(attrs, 'givenName'), ", + " sn: val(attrs, 'sn'),", + " mail: val(attrs, 'mail'),", + " inviteDate: val(attrs, 'fr-idm-inviteDate'),", + " onboardDate: val(attrs, 'fr-idm-onboardDate') ", + " });", + "", + " logger.message('Loaded admin object for id: {}', uuid);", + "", + " outcome = 'True';", + "", + " } catch (e) {", + " logger.error('Failed to load admin object: {}', e);", + " }", + " }", + "}());", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 40`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* -When an admin managed object is created at the time of invitation, the email address -is used to populate the required first/last names. This script clears those attributes -(if set to the email address) so the UI doesn't display the email address in the first/last -name input fields. - -It also populates other required attributes with fake values to ensure password policy -validation works correctly when AM calls IDM. -*/ - -var objAttrs = sharedState.get('objectAttributes') || new java.util.HashMap(); -objAttrs.put('givenName', ''); -objAttrs.put('sn', ''); -objAttrs.put('groups', ['fake']); -objAttrs.put('inviteDate', 'fake'); -sharedState.put('objectAttributes', objAttrs); - -outcome = 'True'; -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 41`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 21`] = ` { "meta": Any, "script": { @@ -16402,111 +16374,41 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_LocalRegistrationPrep", - "script": "file://Admin_LocalRegistrationPrep.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + "When an admin managed object is created at the time of invitation, the email address", + "is used to populate the required first/last names. This script clears those attributes", + "(if set to the email address) so the UI doesn't display the email address in the first/last", + "name input fields.", + "", + "It also populates other required attributes with fake values to ensure password policy", + "validation works correctly when AM calls IDM.", + "*/", + "", + "var objAttrs = sharedState.get('objectAttributes') || new java.util.HashMap();", + "objAttrs.put('givenName', '');", + "objAttrs.put('sn', '');", + "objAttrs.put('groups', ['fake']);", + "objAttrs.put('inviteDate', 'fake');", + "sharedState.put('objectAttributes', objAttrs);", + "", + "outcome = 'True';", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 42`] = ` -"/* -This creates the following callbacks: -- TextOutputCallback: Display the step title and description -- ConfirmationCallback: Display the "Next" button -- HiddenValueCallback: Captures the "Get app" option, if selected -- ScriptTextOutputCallback: Creates a "Download the app" link button and positions it below the "Next" button -*/ - -var token = generateNumericToken('xxx'); -var loadingMessage = 'Loading...'; -var linkButton = ""); -var message = "

Set up the ForgeRock Authenticator

To get started, you need to register your device using the ForgeRock Authenticator app.
"; -var choices = ['Next']; -var defaultChoice = 0; -var getAppValue = 'Get app'; -var getAppInputId = 'getapp-input-'.concat(token); - -var setupPageScript = - 'var setupPage = function() {'.concat( - ' var getAppInputElem = document.getElementById("').concat(getAppInputId).concat('");').concat( - ' var messageElem;').concat( - ' document.getElementsByClassName("callback-component").forEach(').concat( - ' function (e) {').concat( - ' var m = e.firstElementChild;').concat( - ' if (m.firstChild && m.firstChild.nodeName == "#text" && m.firstChild.nodeValue.trim() == "').concat(loadingMessage).concat('") {').concat( - ' messageElem = m;').concat( - ' }').concat( - ' }').concat( - ' );').concat( - ' if (!getAppInputElem || !messageElem) {').concat( - ' return setTimeout(setupPage, 50);').concat( - ' }').concat( - ' var skipContainer = document.createElement("div");').concat( - ' skipContainer.style = "width:100%";').concat( - ' skipContainer.innerHTML = "').concat(linkButton).concat('";').concat( - ' getAppInputElem.parentNode.append(skipContainer);').concat( - ' messageElem.align = "center";').concat( - ' messageElem.innerHTML = "').concat(message).concat('";').concat( - ' var bindGetAppLink = function() {').concat( - ' document.getElementById("getapp-link-').concat(token).concat('").onclick = function() {').concat( - ' getAppInputElem.value = "').concat(getAppValue).concat('";').concat( - ' document.getElementById("loginButton_0").click();').concat( - ' return false;').concat( - ' };').concat( - ' };').concat( - ' setTimeout(bindGetAppLink, 100);').concat( - '};').concat( - 'setupPage();'); - -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.ConfirmationCallback, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.HiddenValueCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback -) - -with (fr) { - if (callbacks.isEmpty()) { - action = Action.send( - new TextOutputCallback( - TextOutputCallback.INFORMATION, - loadingMessage - ), - new ConfirmationCallback( - ConfirmationCallback.INFORMATION, - choices, - defaultChoice - ), - new HiddenValueCallback(getAppInputId, 'false'), - new ScriptTextOutputCallback(setupPageScript) - ).build() - } else { - if (callbacks.get(2).getValue() == getAppValue) { - action = Action.goTo(getAppValue).build(); - } else { - action = Action.goTo(choices[callbacks.get(1).getSelectedIndex()]).build(); - } - } -} - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ -function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 43`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 22`] = ` { "meta": Any, "script": { @@ -16521,112 +16423,109 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_MfaGetApp", - "script": "file://Admin_MfaGetApp.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 44`] = ` -"/* -This creates the following callbacks: -- TextOutputCallback: Display the step title and description -- ConfirmationCallback: Display a list of buttons for choices -- HiddenValueCallback: Captures the "skip" option, if selected -- ScriptTextOutputCallback: Creates a "Skip for now" link button and positions it below the buttons -*/ - -var token = generateNumericToken('xxx'); -var loadingMessage = 'Loading...'; -var linkButton = ""); -var message = "

Set up 2-step verification

Protect your account by adding a second step after entering your password to verify it's you signing in.
"; -var choices = ['Set up']; -var defaultChoice = 0; -var skipValue = 'Skip'; - -// This will run recursively in the browser until references can be obtained to key DOM elements, at which point. -// it will customize the DOM. This is to avoid race conditions with the UI rendering callbacks. -var setupPageScript = - 'var setupPage = function() {'.concat( - ' var skipInputElem = document.getElementById("skip-input-').concat(token).concat('");').concat( - ' var messageElem;').concat( - ' document.getElementsByClassName("callback-component").forEach(').concat( - ' function (e) {').concat( - ' var m = e.firstElementChild;').concat( - ' if (m.firstChild && m.firstChild.nodeName == "#text" && m.firstChild.nodeValue.trim() == "').concat(loadingMessage).concat('") {').concat( - ' messageElem = m;').concat( - ' }').concat( - ' }').concat( - ' );').concat( - ' if (!skipInputElem || !messageElem) {').concat( - ' return setTimeout(setupPage, 50);').concat( - ' }').concat( - ' var skipContainer = document.createElement("div");').concat( - ' skipContainer.style = "width:100%";').concat( - ' skipContainer.innerHTML = "').concat(linkButton).concat('";').concat( - ' skipInputElem.parentNode.append(skipContainer);').concat( - ' messageElem.align = "center";').concat( - ' messageElem.innerHTML = "').concat(message).concat('";').concat( - ' var bindSkipLink = function() {').concat( - ' document.getElementById("skip-link-').concat(token).concat('").onclick = function() {').concat( - ' skipInputElem.value = "').concat(skipValue).concat('";').concat( - ' document.getElementById("loginButton_0").click();').concat( - ' return false;').concat( - ' };').concat( - ' };').concat( - ' setTimeout(bindSkipLink, 100);').concat( - '};').concat( - 'setupPage();'); - -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.ConfirmationCallback, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.HiddenValueCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback -) - -with (fr) { - if (callbacks.isEmpty()) { - action = Action.send( - new TextOutputCallback( - TextOutputCallback.INFORMATION, - loadingMessage - ), - new ConfirmationCallback( - ConfirmationCallback.INFORMATION, - choices, - defaultChoice - ), - new HiddenValueCallback('skip-input-'.concat(token), 'false'), - new ScriptTextOutputCallback(setupPageScript) - ).build() - } else { - if (callbacks.get(2).getValue() == skipValue) { - action = Action.goTo(skipValue).build(); - } else { - action = Action.goTo(choices[callbacks.get(1).getSelectedIndex()]).build(); - } - } + "script": [ + "/*", + "This creates the following callbacks:", + "- TextOutputCallback: Display the step title and description", + "- ConfirmationCallback: Display the "Next" button", + "- HiddenValueCallback: Captures the "Get app" option, if selected", + "- ScriptTextOutputCallback: Creates a "Download the app" link button and positions it below the "Next" button", + "*/", + "", + "var token = generateNumericToken('xxx');", + "var loadingMessage = 'Loading...';", + "var linkButton = "");", + "var message = "

Set up the ForgeRock Authenticator

To get started, you need to register your device using the ForgeRock Authenticator app.
";", + "var choices = ['Next'];", + "var defaultChoice = 0;", + "var getAppValue = 'Get app';", + "var getAppInputId = 'getapp-input-'.concat(token);", + "", + "var setupPageScript =", + " 'var setupPage = function() {'.concat(", + " ' var getAppInputElem = document.getElementById("').concat(getAppInputId).concat('");').concat(", + " ' var messageElem;').concat(", + " ' document.getElementsByClassName("callback-component").forEach(').concat(", + " ' function (e) {').concat(", + " ' var m = e.firstElementChild;').concat(", + " ' if (m.firstChild && m.firstChild.nodeName == "#text" && m.firstChild.nodeValue.trim() == "').concat(loadingMessage).concat('") {').concat(", + " ' messageElem = m;').concat(", + " ' }').concat(", + " ' }').concat(", + " ' );').concat(", + " ' if (!getAppInputElem || !messageElem) {').concat(", + " ' return setTimeout(setupPage, 50);').concat(", + " ' }').concat(", + " ' var skipContainer = document.createElement("div");').concat(", + " ' skipContainer.style = "width:100%";').concat(", + " ' skipContainer.innerHTML = "').concat(linkButton).concat('";').concat(", + " ' getAppInputElem.parentNode.append(skipContainer);').concat(", + " ' messageElem.align = "center";').concat(", + " ' messageElem.innerHTML = "').concat(message).concat('";').concat(", + " ' var bindGetAppLink = function() {').concat(", + " ' document.getElementById("getapp-link-').concat(token).concat('").onclick = function() {').concat(", + " ' getAppInputElem.value = "').concat(getAppValue).concat('";').concat(", + " ' document.getElementById("loginButton_0").click();').concat(", + " ' return false;').concat(", + " ' };').concat(", + " ' };').concat(", + " ' setTimeout(bindGetAppLink, 100);').concat(", + " '};').concat(", + " 'setupPage();');", + "", + "var fr = JavaImporter(", + " org.forgerock.openam.auth.node.api.Action,", + " javax.security.auth.callback.ConfirmationCallback,", + " javax.security.auth.callback.TextOutputCallback,", + " com.sun.identity.authentication.callbacks.HiddenValueCallback,", + " com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + ")", + "", + "with (fr) {", + " if (callbacks.isEmpty()) {", + " action = Action.send(", + " new TextOutputCallback(", + " TextOutputCallback.INFORMATION,", + " loadingMessage", + " ),", + " new ConfirmationCallback(", + " ConfirmationCallback.INFORMATION,", + " choices,", + " defaultChoice", + " ),", + " new HiddenValueCallback(getAppInputId, 'false'),", + " new ScriptTextOutputCallback(setupPageScript)", + " ).build()", + " } else {", + " if (callbacks.get(2).getValue() == getAppValue) {", + " action = Action.goTo(getAppValue).build();", + " } else {", + " action = Action.goTo(choices[callbacks.get(1).getSelectedIndex()]).build();", + " }", + " }", + "}", + "", + " /*", + " * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9.", + " * ", + " * Example:", + " * 'xxxxx' produces '28535'", + " * 'xxx-xxx' produces '432-521'", + " */", + "function generateNumericToken(format) {", + " return format.replace(/[x]/g, function(c) {", + " var r = Math.random()*10|0;", + " var v = r;", + " return v.toString(10);", + " });", + "}", + ], + }, + }, } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ -function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); -}" `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 45`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 23`] = ` { "meta": Any, "script": { @@ -16641,21 +16540,110 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_MfaOptIn", - "script": "file://Admin_MfaOptIn.script.js", + "script": [ + "/*", + "This creates the following callbacks:", + "- TextOutputCallback: Display the step title and description", + "- ConfirmationCallback: Display a list of buttons for choices", + "- HiddenValueCallback: Captures the "skip" option, if selected", + "- ScriptTextOutputCallback: Creates a "Skip for now" link button and positions it below the buttons ", + "*/", + "", + "var token = generateNumericToken('xxx');", + "var loadingMessage = 'Loading...';", + "var linkButton = "");", + "var message = "

Set up 2-step verification

Protect your account by adding a second step after entering your password to verify it's you signing in.
";", + "var choices = ['Set up'];", + "var defaultChoice = 0;", + "var skipValue = 'Skip';", + "", + "// This will run recursively in the browser until references can be obtained to key DOM elements, at which point.", + "// it will customize the DOM. This is to avoid race conditions with the UI rendering callbacks.", + "var setupPageScript =", + " 'var setupPage = function() {'.concat(", + " ' var skipInputElem = document.getElementById("skip-input-').concat(token).concat('");').concat(", + " ' var messageElem;').concat(", + " ' document.getElementsByClassName("callback-component").forEach(').concat(", + " ' function (e) {').concat(", + " ' var m = e.firstElementChild;').concat(", + " ' if (m.firstChild && m.firstChild.nodeName == "#text" && m.firstChild.nodeValue.trim() == "').concat(loadingMessage).concat('") {').concat(", + " ' messageElem = m;').concat(", + " ' }').concat(", + " ' }').concat(", + " ' );').concat(", + " ' if (!skipInputElem || !messageElem) {').concat(", + " ' return setTimeout(setupPage, 50);').concat(", + " ' }').concat(", + " ' var skipContainer = document.createElement("div");').concat(", + " ' skipContainer.style = "width:100%";').concat(", + " ' skipContainer.innerHTML = "').concat(linkButton).concat('";').concat(", + " ' skipInputElem.parentNode.append(skipContainer);').concat(", + " ' messageElem.align = "center";').concat(", + " ' messageElem.innerHTML = "').concat(message).concat('";').concat(", + " ' var bindSkipLink = function() {').concat(", + " ' document.getElementById("skip-link-').concat(token).concat('").onclick = function() {').concat(", + " ' skipInputElem.value = "').concat(skipValue).concat('";').concat(", + " ' document.getElementById("loginButton_0").click();').concat(", + " ' return false;').concat(", + " ' };').concat(", + " ' };').concat(", + " ' setTimeout(bindSkipLink, 100);').concat(", + " '};').concat(", + " 'setupPage();');", + "", + "var fr = JavaImporter(", + " org.forgerock.openam.auth.node.api.Action,", + " javax.security.auth.callback.ConfirmationCallback,", + " javax.security.auth.callback.TextOutputCallback,", + " com.sun.identity.authentication.callbacks.HiddenValueCallback,", + " com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + ")", + "", + "with (fr) {", + " if (callbacks.isEmpty()) {", + " action = Action.send(", + " new TextOutputCallback(", + " TextOutputCallback.INFORMATION,", + " loadingMessage", + " ),", + " new ConfirmationCallback(", + " ConfirmationCallback.INFORMATION,", + " choices,", + " defaultChoice", + " ),", + " new HiddenValueCallback('skip-input-'.concat(token), 'false'),", + " new ScriptTextOutputCallback(setupPageScript)", + " ).build()", + " } else {", + " if (callbacks.get(2).getValue() == skipValue) {", + " action = Action.goTo(skipValue).build();", + " } else {", + " action = Action.goTo(choices[callbacks.get(1).getSelectedIndex()]).build();", + " }", + " }", + "}", + "", + " /*", + " * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9.", + " * ", + " * Example:", + " * 'xxxxx' produces '28535'", + " * 'xxx-xxx' produces '432-521'", + " */", + "function generateNumericToken(format) {", + " return format.replace(/[x]/g, function(c) {", + " var r = Math.random()*10|0;", + " var v = r;", + " return v.toString(10);", + " });", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 46`] = ` -"if ("false" == "true") { - outcome = "Required"; -} else { - outcome = "Optional"; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 47`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 24`] = ` { "meta": Any, "script": { @@ -16670,45 +16658,19 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_MfaRequiredCheck", - "script": "file://Admin_MfaRequiredCheck.script.js", + "script": [ + "if ("false" == "true") {", + " outcome = "Required";", + "} else {", + " outcome = "Optional";", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 48`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* -This restores sharedState.objectAttributes temporarily overwritten to fix an issue with password policy. -*/ - -//var password = ''; -//var objAttrs = sharedState.get('objectAttributes'); -//if (objAttrs && objAttrs.containsKey('password')) { -// password = objAttrs.get('password'); -//} - -// Restore original object attributes -var origObjAttrs = sharedState.get('originalObjectAttributes'); -if (origObjAttrs) { -// if (password) { -// origObjAttrs.put('password', password); -// } - sharedState.put('objectAttributes', origObjAttrs); -} - -outcome = 'True'; -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 49`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 25`] = ` { "meta": Any, "script": { @@ -16723,62 +16685,43 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_PasswordFixEnd", - "script": "file://Admin_PasswordFixEnd.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + "This restores sharedState.objectAttributes temporarily overwritten to fix an issue with password policy.", + "*/", + "", + "//var password = '';", + "//var objAttrs = sharedState.get('objectAttributes');", + "//if (objAttrs && objAttrs.containsKey('password')) {", + "// password = objAttrs.get('password');", + "//}", + "", + "// Restore original object attributes", + "var origObjAttrs = sharedState.get('originalObjectAttributes');", + "if (origObjAttrs) {", + "// if (password) {", + "// origObjAttrs.put('password', password);", + "// }", + " sharedState.put('objectAttributes', origObjAttrs);", + "}", + "", + "outcome = 'True';", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 50`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* -This is a workaround that fixes an issue with password policy. - -The Platform Password node attempts to validate a password by calling IDM's validateProperty action, and it uses -sharedState.objectAttributes as the \`object\` property of that request payload. If the request is missing required properties -or contains properties not in the object's schema, DS will error and IDM will swallow that error, returning an empty -list of failed policies instead. - -This workaround provides fake values for required properties. It also ensures first/last name is in objectAttributes so the -"can't contain" policy can be evaluated. This workaround is cleaned up by Admin_PasswordFixEnd.js. -*/ - -// Capture existing object attributes so we can restore them later -if (sharedState.containsKey('objectAttributes')) { - sharedState.put('originalObjectAttributes', sharedState.get('objectAttributes')); -} - -// Define the object to use for policy evaluation -var policyObject = { - givenName: '', - sn: '', - groups: ['fake'], - inviteDate: 'fake' -}; - -// If we've loaded the admin object, add first/last name to support -// evaluation of the full policy -if (sharedState.containsKey('adminObject')) { - var adminObject = sharedState.get('adminObject'); - policyObject.givenName = adminObject.get('givenName'); - policyObject.sn = adminObject.get('sn'); -} - -// Replace objectAttributes with our policy object -sharedState.put('objectAttributes', policyObject); - -outcome = 'True'; -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 51`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 26`] = ` { "meta": Any, "script": { @@ -16793,196 +16736,60 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_PasswordFixStart", - "script": "file://Admin_PasswordFixStart.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + "This is a workaround that fixes an issue with password policy.", + "", + "The Platform Password node attempts to validate a password by calling IDM's validateProperty action, and it uses", + "sharedState.objectAttributes as the \`object\` property of that request payload. If the request is missing required properties", + "or contains properties not in the object's schema, DS will error and IDM will swallow that error, returning an empty ", + "list of failed policies instead.", + "", + "This workaround provides fake values for required properties. It also ensures first/last name is in objectAttributes so the", + ""can't contain" policy can be evaluated. This workaround is cleaned up by Admin_PasswordFixEnd.js.", + "*/", + "", + "// Capture existing object attributes so we can restore them later", + "if (sharedState.containsKey('objectAttributes')) {", + " sharedState.put('originalObjectAttributes', sharedState.get('objectAttributes'));", + "}", + "", + "// Define the object to use for policy evaluation", + "var policyObject = {", + " givenName: '',", + " sn: '',", + " groups: ['fake'],", + " inviteDate: 'fake'", + "};", + "", + "// If we've loaded the admin object, add first/last name to support", + "// evaluation of the full policy", + "if (sharedState.containsKey('adminObject')) {", + " var adminObject = sharedState.get('adminObject');", + " policyObject.givenName = adminObject.get('givenName');", + " policyObject.sn = adminObject.get('sn');", + "}", + "", + "// Replace objectAttributes with our policy object", + "sharedState.put('objectAttributes', policyObject);", + "", + "outcome = 'True';", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 52`] = ` -"var jurisdictions = [ - { - name: 'Australia', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578' - }, - { - name: 'Brazil', - url: 'https://www.forgerock.com/privacy-policy' - }, - { - name: 'California', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a67552843' - }, - { - name: 'Canada', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578' - }, - { - name: 'European Union', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a28580828' - }, - { - name: 'Hong Kong', - url: 'https://www.forgerock.com/resources/view/109827462/overview/identity-cloud-privacy.pdf' - }, - { - name: 'Indonesia', - url: 'https://www.forgerock.com/resources/view/109827462/overview/identity-cloud-privacy.pdf' - }, - { - name: 'New Zealand', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578' - }, - { - name: 'Singapore', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578' - }, - { - name: 'United Kingdom', - url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a28580828' - }, - { - name: 'United States', - url: 'https://www.forgerock.com/privacy-policy' - }, - { - name: 'Rest of the World', - url: 'https://www.forgerock.com/privacy-policy' - } -]; - -var token = generateNumericToken('xxx'); -var inputId = 'jurisdiction-input-'.concat(token); -var selectId = 'jurisdiction-select-'.concat(token); - -// Build the header and instructions -var message = "

Accept Privacy Policy

Select your region of residence to review the applicable privacy policy.
"; - -// Build the jurisdiction dropdown -var dropdown = ""); - -// Build the confirmation checkbox with policy link -var confirm = ""); - -var html = message + dropdown + confirm; - -var script = - 'document._onJurisdictionChange = function() {'.concat( - ' var jurisdiction = getJurisdiction();').concat( - ' console.log(jurisdiction);').concat( - ' if (jurisdiction) {').concat( - ' setPolicyLink(jurisdiction.url);').concat( - ' setJurisdiction(jurisdiction.name);').concat( - ' setConfirmVisibility(true);').concat( - ' } else {').concat( - ' setJurisdiction("");').concat( - ' setConfirmVisibility(false);').concat( - ' }').concat( - ' document._setNextButton();').concat( - '};').concat( - - 'document._setNextButton = function() {').concat( - ' var jurisdiction = getJurisdiction();').concat( - ' var cb = getCheckbox();').concat( - ' loginHelpers.disableNextButton(!jurisdiction || !cb.checked);').concat( - '};').concat( - - 'var getJurisdiction = function() {').concat( - ' var sel = document.getElementById("').concat(selectId).concat('");').concat( - ' var opt = sel.options[sel.selectedIndex];').concat( - ' return opt.value ? { name: opt.value, url: opt.getAttribute("data-url") } : null;').concat( - '};').concat( - - 'var getCheckbox = function() {').concat( - ' return document.getElementById("confirm-check");').concat( - '};').concat( - - 'var setConfirmVisibility = function(show) {').concat( - ' var el = document.getElementById("confirm-wrapper");').concat( - ' el.style.visibility = show ? "visible" : "hidden";').concat( - '};').concat( - - 'var setPolicyLink = function(url) {').concat( - ' document.getElementById("policy-link").setAttribute("href", url);').concat( - '};').concat( - - 'var setJurisdiction = function(name) {').concat( - ' loginHelpers.setHiddenCallback("').concat(inputId).concat('", name);').concat( - '};').concat( - - 'var isPageReady = function() {').concat( - ' return document.getElementById("callback_0") != null;').concat( - '};').concat( - - 'var setupPage = function() {').concat( - ' if (!isPageReady()) {').concat( - ' return setTimeout(setupPage, 100);').concat( - ' }').concat( - ' loginHelpers.disableNextButton(true);').concat( - ' var container = document.getElementById("callback_0");').concat( - ' container.insertAdjacentHTML("beforeend", "').concat(html).concat('");').concat( - '};').concat( - - 'setupPage();'); - -function isValidJurisdiction(name) { - for (var i = 0; i < jurisdictions.length; i++) { - if (jurisdictions[i].name == name) { - return true; - } - } - return false; -} - -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - com.sun.identity.authentication.callbacks.HiddenValueCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback, - java.util.HashMap -) - -with (fr) { - if (callbacks.isEmpty() || !isValidJurisdiction(callbacks.get(0).getValue())) { - action = Action.send( - new HiddenValueCallback(inputId, ''), - new ScriptTextOutputCallback(script) - ).build(); - } else { - var OBJ_ATTRS = 'objectAttributes'; - var attrs = sharedState.containsKey(OBJ_ATTRS) ? sharedState.get(OBJ_ATTRS) : new HashMap(); - attrs.put('jurisdiction', callbacks.get(0).getValue()); - sharedState.put(OBJ_ATTRS, attrs); - action = Action.goTo('True').build(); - } -} - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ -function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 53`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 27`] = ` { "meta": Any, "script": { @@ -16997,77 +16804,194 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_PrivacyPolicy", - "script": "file://Admin_PrivacyPolicy.script.js", + "script": [ + "var jurisdictions = [", + " {", + " name: 'Australia',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578'", + " },", + " {", + " name: 'Brazil',", + " url: 'https://www.forgerock.com/privacy-policy'", + " },", + " {", + " name: 'California',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a67552843'", + " },", + " {", + " name: 'Canada',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578'", + " },", + " {", + " name: 'European Union',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a28580828'", + " },", + " {", + " name: 'Hong Kong',", + " url: 'https://www.forgerock.com/resources/view/109827462/overview/identity-cloud-privacy.pdf'", + " },", + " {", + " name: 'Indonesia',", + " url: 'https://www.forgerock.com/resources/view/109827462/overview/identity-cloud-privacy.pdf'", + " },", + " {", + " name: 'New Zealand',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578'", + " },", + " {", + " name: 'Singapore',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a92472578'", + " },", + " {", + " name: 'United Kingdom',", + " url: 'https://backstage.forgerock.com/knowledge/identity-cloud/article/a28580828'", + " },", + " {", + " name: 'United States',", + " url: 'https://www.forgerock.com/privacy-policy'", + " },", + " {", + " name: 'Rest of the World',", + " url: 'https://www.forgerock.com/privacy-policy'", + " }", + "];", + "", + "var token = generateNumericToken('xxx');", + "var inputId = 'jurisdiction-input-'.concat(token);", + "var selectId = 'jurisdiction-select-'.concat(token);", + "", + "// Build the header and instructions", + "var message = "

Accept Privacy Policy

Select your region of residence to review the applicable privacy policy.
";", + "", + "// Build the jurisdiction dropdown", + "var dropdown = "");", + "", + "// Build the confirmation checkbox with policy link", + "var confirm = "");", + "", + "var html = message + dropdown + confirm;", + "", + "var script =", + " 'document._onJurisdictionChange = function() {'.concat(", + " ' var jurisdiction = getJurisdiction();').concat(", + " ' console.log(jurisdiction);').concat(", + " ' if (jurisdiction) {').concat(", + " ' setPolicyLink(jurisdiction.url);').concat(", + " ' setJurisdiction(jurisdiction.name);').concat(", + " ' setConfirmVisibility(true);').concat(", + " ' } else {').concat(", + " ' setJurisdiction("");').concat(", + " ' setConfirmVisibility(false);').concat(", + " ' }').concat(", + " ' document._setNextButton();').concat(", + " '};').concat(", + " ", + " 'document._setNextButton = function() {').concat(", + " ' var jurisdiction = getJurisdiction();').concat(", + " ' var cb = getCheckbox();').concat(", + " ' loginHelpers.disableNextButton(!jurisdiction || !cb.checked);').concat(", + " '};').concat(", + " ", + " 'var getJurisdiction = function() {').concat(", + " ' var sel = document.getElementById("').concat(selectId).concat('");').concat(", + " ' var opt = sel.options[sel.selectedIndex];').concat(", + " ' return opt.value ? { name: opt.value, url: opt.getAttribute("data-url") } : null;').concat(", + " '};').concat(", + " ", + " 'var getCheckbox = function() {').concat(", + " ' return document.getElementById("confirm-check");').concat(", + " '};').concat(", + " ", + " 'var setConfirmVisibility = function(show) {').concat(", + " ' var el = document.getElementById("confirm-wrapper");').concat(", + " ' el.style.visibility = show ? "visible" : "hidden";').concat(", + " '};').concat(", + " ", + " 'var setPolicyLink = function(url) {').concat(", + " ' document.getElementById("policy-link").setAttribute("href", url);').concat(", + " '};').concat(", + "", + " 'var setJurisdiction = function(name) {').concat(", + " ' loginHelpers.setHiddenCallback("').concat(inputId).concat('", name);').concat(", + " '};').concat(", + " ", + " 'var isPageReady = function() {').concat(", + " ' return document.getElementById("callback_0") != null;').concat(", + " '};').concat(", + " ", + " 'var setupPage = function() {').concat(", + " ' if (!isPageReady()) {').concat(", + " ' return setTimeout(setupPage, 100);').concat(", + " ' }').concat(", + " ' loginHelpers.disableNextButton(true);').concat(", + " ' var container = document.getElementById("callback_0");').concat(", + " ' container.insertAdjacentHTML("beforeend", "').concat(html).concat('");').concat(", + " '};').concat(", + " ", + " 'setupPage();');", + "", + "function isValidJurisdiction(name) {", + " for (var i = 0; i < jurisdictions.length; i++) {", + " if (jurisdictions[i].name == name) {", + " return true;", + " }", + " }", + " return false;", + "}", + "", + "var fr = JavaImporter(", + " org.forgerock.openam.auth.node.api.Action,", + " com.sun.identity.authentication.callbacks.HiddenValueCallback,", + " com.sun.identity.authentication.callbacks.ScriptTextOutputCallback,", + " java.util.HashMap", + ")", + "", + "with (fr) {", + " if (callbacks.isEmpty() || !isValidJurisdiction(callbacks.get(0).getValue())) {", + " action = Action.send(", + " new HiddenValueCallback(inputId, ''),", + " new ScriptTextOutputCallback(script)", + " ).build();", + " } else {", + " var OBJ_ATTRS = 'objectAttributes';", + " var attrs = sharedState.containsKey(OBJ_ATTRS) ? sharedState.get(OBJ_ATTRS) : new HashMap();", + " attrs.put('jurisdiction', callbacks.get(0).getValue());", + " sharedState.put(OBJ_ATTRS, attrs);", + " action = Action.goTo('True').build();", + " }", + "}", + "", + " /*", + " * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9.", + " * ", + " * Example:", + " * 'xxxxx' produces '28535'", + " * 'xxx-xxx' produces '432-521'", + " */", + "function generateNumericToken(format) {", + " return format.replace(/[x]/g, function(c) {", + " var r = Math.random()*10|0;", + " var v = r;", + " return v.toString(10);", + " });", + "}", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 54`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -function setIfValidString(managedData, managedKey, profileKey) { - var normalizedValue = normalizedProfile.get(profileKey); - if (normalizedValue && !normalizedValue.isNull() && normalizedValue.asString() != '') { - managedData.put(managedKey, normalizedValue); - } -} - -(function () { - var frJava = JavaImporter( - org.forgerock.json.JsonValue, - java.util.HashMap - ); - - var OBJ_ATTR = 'objectAttributes'; - - // We should have objectAttributes during onboarding because the user is established earlier in - // the journey. We won't have objectAttributes during login, though. - var objAttrs = sharedState.containsKey(OBJ_ATTR) ? sharedState.get(OBJ_ATTR) : new frJava.HashMap(); - - // If this flow requires email matching, confirm the IdP user email address matches the FR email address - if (sharedState.checkEmailClaim == true) { - var idpEmail = normalizedProfile.get('email').asString(); - var frEmail = objAttrs.get('mail'); - if (idpEmail != frEmail) { - throw 'Email claim from IDP does not match identity mail attribute'; - } - } - - // Update user with first/last name from IDP, if available - var managedUserData = frJava.JsonValue.json(frJava.JsonValue.object()); - setIfValidString(managedUserData, 'givenName', 'givenName'); - setIfValidString(managedUserData, 'sn', 'familyName'); - - // For login: Ensure the mail attribute is set in case we have to look up the admin using - // their email. This will occur when an existing admin is federating for the first time. - if (!objAttrs.containsKey('mail')) { - managedUserData.put('mail', normalizedProfile.get('email').asString()); - } - - if (!normalizedProfile.get('groups').isNull()) { - managedUserData.put('groups', normalizedProfile.get('groups').asList()); - } - - // Merge anything we've put into \`managedUserData\` into sharedState.objectAttributes because - // \`managedUserData\` goes into transient state, which isn't used by our downstream nodes - var keys = managedUserData.keys().toArray(); - for (var i = 0; i < keys.length; i++) { - objAttrs.put(keys[i], managedUserData.get(keys[i])); - } - sharedState.put(OBJ_ATTR, objAttrs); - - return managedUserData; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 55`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 28`] = ` { "meta": Any, "script": { @@ -17082,24 +17006,75 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_ProfileToManagedObject", - "script": "file://Admin_ProfileToManagedObject.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "function setIfValidString(managedData, managedKey, profileKey) {", + " var normalizedValue = normalizedProfile.get(profileKey);", + " if (normalizedValue && !normalizedValue.isNull() && normalizedValue.asString() != '') {", + " managedData.put(managedKey, normalizedValue);", + " }", + "}", + "", + "(function () {", + " var frJava = JavaImporter(", + " org.forgerock.json.JsonValue,", + " java.util.HashMap", + " );", + "", + " var OBJ_ATTR = 'objectAttributes';", + "", + " // We should have objectAttributes during onboarding because the user is established earlier in", + " // the journey. We won't have objectAttributes during login, though.", + " var objAttrs = sharedState.containsKey(OBJ_ATTR) ? sharedState.get(OBJ_ATTR) : new frJava.HashMap();", + "", + " // If this flow requires email matching, confirm the IdP user email address matches the FR email address", + " if (sharedState.checkEmailClaim == true) {", + " var idpEmail = normalizedProfile.get('email').asString();", + " var frEmail = objAttrs.get('mail');", + " if (idpEmail != frEmail) {", + " throw 'Email claim from IDP does not match identity mail attribute';", + " }", + " }", + "", + " // Update user with first/last name from IDP, if available", + " var managedUserData = frJava.JsonValue.json(frJava.JsonValue.object());", + " setIfValidString(managedUserData, 'givenName', 'givenName');", + " setIfValidString(managedUserData, 'sn', 'familyName');", + " ", + " // For login: Ensure the mail attribute is set in case we have to look up the admin using", + " // their email. This will occur when an existing admin is federating for the first time.", + " if (!objAttrs.containsKey('mail')) {", + " managedUserData.put('mail', normalizedProfile.get('email').asString());", + " }", + "", + " if (!normalizedProfile.get('groups').isNull()) {", + " managedUserData.put('groups', normalizedProfile.get('groups').asList());", + " }", + " ", + " // Merge anything we've put into \`managedUserData\` into sharedState.objectAttributes because", + " // \`managedUserData\` goes into transient state, which isn't used by our downstream nodes", + " var keys = managedUserData.keys().toArray();", + " for (var i = 0; i < keys.length; i++) {", + " objAttrs.put(keys[i], managedUserData.get(keys[i]));", + " }", + " sharedState.put(OBJ_ATTR, objAttrs);", + "", + " return managedUserData;", + "}());", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 56`] = ` -"var currentYear = new Date().getFullYear().toString(); - -var objAttrs = sharedState.get('objectAttributes') || new java.util.HashMap(); -objAttrs.put('currentYear', currentYear); -sharedState.put('objectAttributes', objAttrs); - -outcome = 'True'; -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 57`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 29`] = ` { "meta": Any, "script": { @@ -17114,30 +17089,22 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_SetCurrentYear", - "script": "file://Admin_SetCurrentYear.script.js", + "script": [ + "var currentYear = new Date().getFullYear().toString();", + "", + "var objAttrs = sharedState.get('objectAttributes') || new java.util.HashMap();", + "objAttrs.put('currentYear', currentYear);", + "sharedState.put('objectAttributes', objAttrs);", + "", + "outcome = 'True';", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 58`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -var objAttrs = sharedState.get('objectAttributes') || new HashMap(); -objAttrs.put('currentYear', new Date().getFullYear().toString()); -sharedState.put('objectAttributes', objAttrs); - -outcome = 'True'; -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 59`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 30`] = ` { "meta": Any, "script": { @@ -17152,59 +17119,28 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_SetInviteMailVars", - "script": "file://Admin_SetInviteMailVars.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "var objAttrs = sharedState.get('objectAttributes') || new HashMap();", + "objAttrs.put('currentYear', new Date().getFullYear().toString());", + "sharedState.put('objectAttributes', objAttrs);", + "", + "outcome = 'True';", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 60`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -function utcNow() { - return new Date().toISOString(); -} - -try { - - var OBJECT_ATTRS = 'objectAttributes'; - - // Start by getting object attributes from shared state - var sharedObjAttrs = sharedState.get(OBJECT_ATTRS); - sharedObjAttrs.put('accountStatus', 'Active'); - sharedObjAttrs.put('onboardDate', utcNow()); - - // Copy attributes from transient state - var transientObjAttrs = nodeState.get(OBJECT_ATTRS); - var attrs = ['aliasList', 'givenName', 'password', 'sn']; - for (var i = 0; i < attrs.length; i++) { - var val = transientObjAttrs.get(attrs[i]); - if (val.isNotNull()) { - sharedObjAttrs.put(attrs[i], val); - } - } - - // Ensure object attributes match in both shared and transient state - nodeState.putTransient(OBJECT_ATTRS, sharedObjAttrs); - sharedState.put(OBJECT_ATTRS, sharedObjAttrs); - outcome = 'Success'; - -} catch (e) { - - logger.error('Failed to set attributes to complete onboarding: {}', e); - outcome = 'Error'; - -} -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 61`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 31`] = ` { "meta": Any, "script": { @@ -17219,151 +17155,57 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Admin_SetOnboardingAttributes", - "script": "file://Admin_SetOnboardingAttributes.script.js", + "script": [ + "/*", + " * Copyright 2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "function utcNow() {", + " return new Date().toISOString();", + "}", + "", + "try {", + " ", + " var OBJECT_ATTRS = 'objectAttributes';", + "", + " // Start by getting object attributes from shared state", + " var sharedObjAttrs = sharedState.get(OBJECT_ATTRS);", + " sharedObjAttrs.put('accountStatus', 'Active');", + " sharedObjAttrs.put('onboardDate', utcNow());", + " ", + " // Copy attributes from transient state", + " var transientObjAttrs = nodeState.get(OBJECT_ATTRS);", + " var attrs = ['aliasList', 'givenName', 'password', 'sn'];", + " for (var i = 0; i < attrs.length; i++) {", + " var val = transientObjAttrs.get(attrs[i]);", + " if (val.isNotNull()) {", + " sharedObjAttrs.put(attrs[i], val);", + " }", + " }", + " ", + " // Ensure object attributes match in both shared and transient state", + " nodeState.putTransient(OBJECT_ATTRS, sharedObjAttrs);", + " sharedState.put(OBJECT_ATTRS, sharedObjAttrs);", + " outcome = 'Success';", + "", + "} catch (e) {", + "", + " logger.error('Failed to set attributes to complete onboarding: {}', e);", + " outcome = 'Error';", + "", + "}", + "", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 62`] = ` -"/* - * Copyright 2019-2021 ForgeRock AS. All Rights Reserved. - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script lets you modify information associated with an OAuth2 access token - * with methods provided by the AccessToken (1) interface. - * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens, - * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized. - * When adding/updating fields make sure that the token size remains within client/user-agent limits. - * - * Defined variables: - * accessToken - AccessToken (1). - * The access token to be updated. - * Mutable object, all changes to the access token will be reflected. - * scopes - Set (6). - * Always present, the requested scopes. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * - * Return - no value is expected, changes shall be made to the accessToken parameter directly. - * - * Class reference: - * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. - */ - -/* EXAMPLE -(function () { - var frJava = JavaImporter( - org.forgerock.http.protocol.Request, - org.forgerock.http.protocol.Response - ); - - // Always includes this field in the token. - accessToken.setField('key1', 'value1'); - - // Receives and adds to the access token additional values by performing a REST call to an external service. - // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example. - var uri = 'https://jsonplaceholder.typicode.com/posts'; - - try { - var request = new frJava.Request(); - - // You can chain methods that return the request object. - request.setUri(uri) - .setMethod('POST') - .setEntity(JSON.stringify({ - updatedFields: { - key2: 'value2', - key3: 'value3' - } - })); - - // You can call a method when chaining is not possible. - request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8'); - - // Sends the request and receives the response. - var response = httpClient.send(request).getOrThrow(); - - // Checks if the response status is as expected. - if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) { - var result = JSON.parse(response.getEntity().getString()); - - // Set multiple token fields at once. - accessToken.setFields(result.updatedFields); - } else { - logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString()); - } - } catch (e) { - logger.error('The request processing was interrupted. ' + e); - - // The access token request fails with the HTTP 500 error in this case. - throw ('Unable to obtain response from: ' + uri); - } - - // Adds new fields containing identity attribute values to the access token. - accessToken.setField('mail', identity.getAttribute('mail')); - accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]); - - // Adds new fields containing the session property values. - // NOTE: session may not be available for non-interactive authorization grants. - if (session) { - try { - accessToken.setField('ipAddress', session.getProperty('Host')); - } catch (e) { - logger.error('Unable to retrieve session property value. ' + e); - } - } - - // Removes a native field from the token entry, that was set by AM. - // WARNING: removing native fields from the token may result in loss of functionality. - // accessToken.removeTokenName() - - // No return value is expected. Let it be undefined. -}()); -*/" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 63`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 32`] = ` { "meta": Any, "script": { @@ -17378,636 +17220,149 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Alpha OAuth2 Access Token Modification Script", - "script": "file://Alpha-OAuth2-Access-Token-Modification-Script.script.js", + "script": [ + "/*", + " * Copyright 2019-2021 ForgeRock AS. All Rights Reserved.", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This script lets you modify information associated with an OAuth2 access token", + " * with methods provided by the AccessToken (1) interface.", + " * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens,", + " * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized.", + " * When adding/updating fields make sure that the token size remains within client/user-agent limits.", + " *", + " * Defined variables:", + " * accessToken - AccessToken (1).", + " * The access token to be updated.", + " * Mutable object, all changes to the access token will be reflected.", + " * scopes - Set (6).", + " * Always present, the requested scopes.", + " * requestProperties - Unmodifiable Map (5).", + " * Always present, contains a map of request properties:", + " * requestUri - The request URI.", + " * realm - The realm that the request relates to.", + " * requestParams - A map of the request params and/or posted data.", + " * Each value is a list of one or more properties.", + " * Please note that these should be handled in accordance with OWASP best practices:", + " * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection.", + " * clientProperties - Unmodifiable Map (5).", + " * Present if the client specified in the request was identified, contains a map of client properties:", + " * clientId - The client's URI for the request locale.", + " * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client.", + " * allowedResponseTypes - List of the allowed response types for the client.", + " * allowedScopes - List of the allowed scopes for the client.", + " * customProperties - A map of the custom properties of the client.", + " * Lists or maps will be included as sub-maps; for example:", + " * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1.", + " * To add custom properties to a client, update the Custom Properties field", + " * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced.", + " * identity - AMIdentity (3).", + " * Always present, the identity of the resource owner.", + " * session - SSOToken (4).", + " * Present if the request contains the session cookie, the user's session object.", + " * scriptName - String (primitive).", + " * Always present, the display name of the script.", + " * logger - Always present, the "OAuth2Provider" debug logger instance:", + " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger.", + " * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION.", + " * httpClient - HTTP Client (8).", + " * Always present, the HTTP Client instance:", + " * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client.", + " *", + " * Return - no value is expected, changes shall be made to the accessToken parameter directly.", + " *", + " * Class reference:", + " * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html.", + " * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html.", + " * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html.", + " * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html,", + " * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html.", + " * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html.", + " * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html.", + " */", + "", + "/* EXAMPLE", + "(function () {", + " var frJava = JavaImporter(", + " org.forgerock.http.protocol.Request,", + " org.forgerock.http.protocol.Response", + " );", + "", + " // Always includes this field in the token.", + " accessToken.setField('key1', 'value1');", + "", + " // Receives and adds to the access token additional values by performing a REST call to an external service.", + " // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example.", + " var uri = 'https://jsonplaceholder.typicode.com/posts';", + "", + " try {", + " var request = new frJava.Request();", + "", + " // You can chain methods that return the request object.", + " request.setUri(uri)", + " .setMethod('POST')", + " .setEntity(JSON.stringify({", + " updatedFields: {", + " key2: 'value2',", + " key3: 'value3'", + " }", + " }));", + "", + " // You can call a method when chaining is not possible.", + " request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8');", + "", + " // Sends the request and receives the response.", + " var response = httpClient.send(request).getOrThrow();", + "", + " // Checks if the response status is as expected.", + " if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) {", + " var result = JSON.parse(response.getEntity().getString());", + "", + " // Set multiple token fields at once.", + " accessToken.setFields(result.updatedFields);", + " } else {", + " logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString());", + " }", + " } catch (e) {", + " logger.error('The request processing was interrupted. ' + e);", + "", + " // The access token request fails with the HTTP 500 error in this case.", + " throw ('Unable to obtain response from: ' + uri);", + " }", + "", + " // Adds new fields containing identity attribute values to the access token.", + " accessToken.setField('mail', identity.getAttribute('mail'));", + " accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]);", + "", + " // Adds new fields containing the session property values.", + " // NOTE: session may not be available for non-interactive authorization grants.", + " if (session) {", + " try {", + " accessToken.setField('ipAddress', session.getProperty('Host'));", + " } catch (e) {", + " logger.error('Unable to retrieve session property value. ' + e);", + " }", + " }", + "", + " // Removes a native field from the token entry, that was set by AM.", + " // WARNING: removing native fields from the token may result in loss of functionality.", + " // accessToken.removeTokenName()", + "", + " // No return value is expected. Let it be undefined.", + "}());", + "*/", + ], }, }, } `; -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 64`] = ` -"/* - * Copyright 2014-2021 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. - * The claim values are computed for: - * the claims derived from the requested scopes, - * the claims provided by the authorization server, - * and the claims requested by the client via the claims parameter. - * - * In the CONFIGURATION AND CUSTOMIZATION section, you can - * define the scope-to-claims mapping, and - * assign to each claim a resolver function that will compute the claim value. - * - * Defined variables (class references are provided below): - * scopes - Set (6). - * Always present, the requested scopes. - * claims - Map (5). - * Always present, default server provided claims. - * claimObjects - List (7, 2). - * Always present, the default server provided claims. - * requestedClaims - Map> (5). - * Always present, not empty if the request contains the claims parameter and the server has enabled - * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; - * requested claims with no requested values will have a key but no value in the map. A key with - * a single value in its Set (6) indicates that this is the only value that should be returned. - * requestedTypedClaims - List (7, 2). - * Always present, the requested claims. - * Requested claims with no requested values will have a claim with no values. - * A claim with a single value indicates this is the only value that should be returned. - * claimsLocales - List (7). - * The values from the 'claims_locales' parameter. - * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * In order to use the client, you may need to add - * org.forgerock.http.Client, - * org.forgerock.http.protocol.*, - * and org.forgerock.util.promise.PromiseImpl - * to the allowed Java classes in the scripting engine configuration, as described in: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html - * - * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. - * The result of the last statement in the script is returned to the server. - * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) - * is the last (and only) statement in this script, and its return value will become the script result. - * Do not use "return variable" statement outside of a function definition. - * See RESULTS section for additional details. - * - * Class reference: - * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. - * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). - * An instance of org.forgerock.openidconnect.Claim has methods to access - * the claim name, requested values, locale, and whether the claim is essential. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. -*/ - -(function () { - // SETUP - - /** - * Claim processing utilities. - * An object that contains reusable functions for processing claims. - * @see CLAIM PROCESSING UTILITIES section for details. - */ - var utils = getUtils(); - - // CONFIGURATION AND CUSTOMIZATION - - /** - * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a scope value to an array of claim names - * to specify which claims need to be processed and returned for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} - * for the scope values that could be used to request claims as defined in the OIDC specification. - * - * Below, find a default configuration that is expected to work in the current environment. - * - * CUSTOMIZATION - * You can choose the claim names returned for a scope. - */ - utils.setScopeClaimsMap({ - profile: [ - 'name', - 'family_name', - 'given_name', - 'zoneinfo', - 'locale' - ], - email: ['email'], - address: ['address'], - phone: ['phone_number'] - }); - - /** - * In this script, each claim - * derived from the requested scopes, - * provided by the authorization server, and - * requested by the client via the claims parameter - * will be processed by a function associated with the claim name. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a claim name to a resolver function, - * which will be automatically executed for each claim processed by the script. - * - * The claim resolver function will receive the requested claim information - * in an instance of org.forgerock.openidconnect.Claim as the first argument. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} - * for details on the Claim class. - * - * If the claim resolver function returns a value, - * other than undefined or null, - * the claim will be included in the script's results. - * - * The Claim instance provides methods to check - * what the name of the claim is, - * which values the claim request contains, - * whether the claim is essential, and - * which locale the claim is associated with. - * The resolver function can consider this information when computing and returning the claim value. - * - * Below, find a default configuration that is expected to work in the current environment. - * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), - * is called to return a claim resolver function based on a user profile attribute. - * @see CLAIM RESOLVERS section for the implementation details and examples. - * For the address claim, an example of a claim resolver that uses another claim resolver is provided. - * - * CUSTOMIZATION - * You can reuse the predefined utils methods with your custom arguments. - * You can also specify a custom resolver function for a claim name, - * that will compute and return the claim value—as shown in the commented out example below. - */ - utils.setClaimResolvers({ - /* - // An example of a simple claim resolver function that is defined for a claim - // directly in the configuration object: - custom-claim-name: function (requestedClaim) { - // In this case, initially, the claim value comes straight from a user profile attribute value: - var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] - - // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. - // You can use: - // requestedClaim.getName() - // requestedClaim.getValues() - // requestedClaim.getLocale() - // requestedClaim.isEssential() - - return claimValue - }, - */ - /** - * The use of utils.getUserProfileClaimResolver shows how - * an argument passed to a function that returns a claim resolver - * becomes available to the resolver function (via its lexical context). - */ - name: utils.getUserProfileClaimResolver('cn'), - family_name: utils.getUserProfileClaimResolver('sn'), - given_name: utils.getUserProfileClaimResolver('givenname'), - zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), - locale: utils.getUserProfileClaimResolver('preferredlocale'), - email: utils.getUserProfileClaimResolver('mail'), - address: utils.getAddressClaimResolver( - /** - * The passed in user profile claim resolver function - * can be used by the address claim resolver function - * to obtain the claim value to be formatted as per the OIDC specification: - * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. - */ - utils.getUserProfileClaimResolver('postaladdress') - ), - phone_number: utils.getUserProfileClaimResolver('telephonenumber') - }); - - // CLAIM PROCESSING UTILITIES - - /** - * @returns {object} An object that contains reusable claim processing utilities. - * @see PUBLIC METHODS section and the return statement for the list of exported functions. - */ - function getUtils () { - // IMPORT JAVA - - /** - * Provides Java scripting functionality. - * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. - */ - var frJava = JavaImporter( - org.forgerock.oauth2.core.exceptions.InvalidRequestException, - org.forgerock.oauth2.core.UserInfoClaims, - org.forgerock.openidconnect.Claim, - - java.util.LinkedHashMap, - java.util.ArrayList - ); - - // SET UP CONFIGURATION - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported scope values (scopes) - * and the corresponding claim names for each scope value. - */ - var scopeClaimsMap; - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported claim names - * and the resolver functions returning the claim value. - */ - var claimResolvers; - - /** - * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps each supported scope value to an array of claim names, - * in order to specify which claims need to be processed for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. - * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. - * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. - * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. - * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. - * @returns {undefined} - */ - function setScopeClaimsMap(params) { - scopeClaimsMap = params; - } - - /** - * A (public) method that accepts an object that maps the supported claim names - * and the resolver functions returning the claim value, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps - * each supported claim name to a function that computes and returns the claim value. - */ - function setClaimResolvers(params) { - claimResolvers = params; - } - - // CLAIM RESOLVERS - - /** - * Claim resolvers are functions that return a claim value. - * @param {*} - * @returns {*} - */ - - /** - * Defines a claim resolver based on a user profile attribute. - * @param {string} attributeName - Name of the user profile attribute. - * @returns {function} A function that will determine the claim value - * based on the user profile attribute and the (requested) claim properties. - */ - function getUserProfileClaimResolver (attributeName) { - /** - * Resolves a claim with a user profile attribute value. - * Returns undefined if the identity attribute is not populated, - * OR if the claim has requested values that do not contain the identity attribute value. - * ATTENTION: the aforementioned comparison is case-sensitive. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {string|HashSet|undefined} - */ - function resolveClaim(claim) { - var userProfileValue; - - if (identity) { - userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); - - if (userProfileValue && !userProfileValue.isEmpty()) { - if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { - return userProfileValue; - } - } - } - } - - return resolveClaim; - } - - /** - * Returns an address claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional formatting to the value before returning it. - */ - function getAddressClaimResolver (resolveClaim) { - /** - * Creates an address claim object from a value returned by a claim resolver, - * and returns the address claim object as the claim value. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. - * The claim value is obtained with a claim resolving function available from the closure. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. - */ - function resolveAddressClaim(claim) { - var claimValue = resolveClaim(claim); - var addressObject; - - if (isClaimValueValid(claimValue)) { - addressObject = new frJava.LinkedHashMap(); - - addressObject.put('formatted', claimValue); - - return addressObject; - } - } - - return resolveAddressClaim; - } - - /** - * Returns an essential claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional logic for essential claims. - */ - function getEssentialClaimResolver (resolveClaim) { - /** - * Returns a claim value or throws an error. - * The claim value is obtained with a claim resolving function available from the closure. - * Throws an exception if the claim is essential and no value is returned for the claim. - * - * Use of this resolver is optional. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: - * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, - * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, - * unless otherwise specified in the description of the specific claim." - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - */ - function resolveEssentialClaim(claim) { - var claimValue = resolveClaim(claim); - - if (claim.isEssential() && !isClaimValueValid(claimValue)) { - throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); - } - - return claimValue; - } - - return resolveEssentialClaim; - } - - /** - * Provides default resolution for a claim. - * Use it if a claim-specific resolver is not defined in the configuration. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} A single value associated with this claim. - */ - function resolveAnyClaim (claim) { - if (claim.getValues().size() === 1) { - return claim.getValues().toArray()[0]; - } - } - - // UTILITIES - - /** - * Returns claim value from a set. - * If the set contains a single value, returns the value. - * If the set contains multiple values, returns the set. - * Otherwise, returns undefined. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @param {java.util.HashSet} set The set—for example, a user profile attribute value. - * @returns {string|java.util.HashSet|undefined} - */ - function getClaimValueFromSet (claim, set) { - if (set && set.size()) { - if (set.size() === 1) { - return set.toArray()[0]; - } else { - return set; - } - } else if (logger.warningEnabled()) { - logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); - } - } - - function isClaimValueValid (claimValue) { - if (typeof claimValue === 'undefined' || claimValue === null) { - return false; - } - - return true; - } - - // CLAIM PROCESSING - - /** - * Constructs and returns an object populated with the computed claim values - * and the requested scopes mapped to the claim names. - * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * @see RESULTS section for the use of this function. - */ - function getUserInfoClaims () { - return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); - } - - /** - * Creates a map of (requested) claim names populated with the computed claim values. - * @returns {java.util.LinkedHashMap} - * A map of the requested claim names and the corresponding claim values. - */ - function getComputedClaims () { - /** - * Creates a complete list of claim objects from: - * the claims derived from the scopes, - * the claims provided by the authorization server, - * and the claims requested by the client. - * @returns {java.util.ArrayList} - * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function getClaims() { - /** - * Returns a list of claim objects for the requested scopes. - * Uses the scopeClaimsMap configuration option to derive the claim names; - * no other properties of a claim derived from a scope are populated. - * @returns {java.util.ArrayList} - * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function convertScopeToClaims() { - var claims = new frJava.ArrayList(); - - scopes.toArray().forEach(function (scope) { - if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - claims.add(new frJava.Claim(claimName)); - }); - } - }); - - return claims; - } - - var claims = new frJava.ArrayList(); - - claims.addAll(convertScopeToClaims()); - claims.addAll(claimObjects); - claims.addAll(requestedTypedClaims); - - return claims; - } - - /** - * Computes and returns a claim value. - * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. - * @see claimResolvers - * If no resolver function is found, uses the default claim resolver function. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} Claim value. - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - * Rethrows this exception if a claim resolver throws it. - * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver - * if you want to terminate the claim processing. - */ - function computeClaim(claim) { - var resolveClaim; - var message; - - try { - resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; - - return resolveClaim(claim); - } catch (e) { - message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; - - if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { - throw e; - } - - if (logger.warningEnabled()) { - logger.warning(message); - } - } - } - - var computedClaims = new frJava.LinkedHashMap(); - - getClaims().toArray().forEach(function (claim) { - var claimValue = computeClaim(claim); - - if (isClaimValueValid(claimValue)) { - computedClaims.put(claim.getName(), claimValue); - } else { - /** - * If a claim has been processed, but appears in the list again, - * and its value cannot be computed under the new conditions, - * the claim is removed from the final result. - * - * For example, a claim could be mapped to a scope and found in the user profile, - * but also requested by the client with required values that don't match the computed one. - * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. - * for the relevant OIDC specification details. - */ - computedClaims.remove(claim.getName()); - } - }); - - return computedClaims; - } - - /** - * Creates a map of requested scopes and the corresponding claim names. - * @returns {java.util.LinkedHashMap} - */ - function getCompositeScopes () { - var compositeScopes = new frJava.LinkedHashMap(); - - scopes.toArray().forEach(function (scope) { - var scopeClaims = new frJava.ArrayList(); - - if (scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - scopeClaims.add(claimName); - }); - } - - if (scopeClaims.size()) { - compositeScopes.put(scope, scopeClaims); - } - }); - - return compositeScopes; - } - - // PUBLIC METHODS - - return { - setScopeClaimsMap: setScopeClaimsMap, - setClaimResolvers: setClaimResolvers, - getUserProfileClaimResolver: getUserProfileClaimResolver, - getAddressClaimResolver: getAddressClaimResolver, - getEssentialClaimResolver: getEssentialClaimResolver, - getUserInfoClaims: getUserInfoClaims - }; - } - - // RESULTS - - /** - * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class - * populated with the computed claim values and - * the requested scopes mapped to the claim names. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * - * Assigning it to a variable gives you an opportunity - * to log the content of the returned value during development. - */ - var userInfoClaims = utils.getUserInfoClaims(); - - /* - logger.error(scriptName + ' results:') - logger.error('Values: ' + userInfoClaims.getValues()) - logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) - */ - - return userInfoClaims; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 65`] = ` +exports[`frodo script export "frodo script export -A": should export all scripts to separate files 33`] = ` { "meta": Any, "script": { @@ -18022,62287 +17377,9 @@ exports[`frodo script export "frodo script export --all-separate --extract": sho "lastModifiedBy": "null", "lastModifiedDate": 0, "name": "Alpha OIDC Claims Script", - "script": "file://Alpha-OIDC-Claims-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 66`] = ` -"(function () { - if (scopes.contains('fr:autoaccess:*') || scopes.contains('fr:iga:*')) { - var fr = JavaImporter( - com.sun.identity.idm.IdType - ); - var groups = []; - identity.getMemberships(fr.IdType.GROUP).toArray().forEach(function (group) { - groups.push(group.getAttribute('cn').toArray()[0]); - }); - accessToken.setField('groups', groups); - } -}()); -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 67`] = ` -{ - "meta": Any, - "script": { - "e232cff3-2460-47cd-80b2-36c86c0d0f06": { - "_id": "e232cff3-2460-47cd-80b2-36c86c0d0f06", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Used by endUserUIClient", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Alpha endUserUIClient OAuth2 Access Token Modification Script", - "script": "file://Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 68`] = ` -"/* - * Copyright 2014-2021 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. - * The claim values are computed for: - * the claims derived from the requested scopes, - * the claims provided by the authorization server, - * and the claims requested by the client via the claims parameter. - * - * In the CONFIGURATION AND CUSTOMIZATION section, you can - * define the scope-to-claims mapping, and - * assign to each claim a resolver function that will compute the claim value. - * - * Defined variables (class references are provided below): - * scopes - Set (6). - * Always present, the requested scopes. - * claims - Map (5). - * Always present, default server provided claims. - * claimObjects - List (7, 2). - * Always present, the default server provided claims. - * requestedClaims - Map> (5). - * Always present, not empty if the request contains the claims parameter and the server has enabled - * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; - * requested claims with no requested values will have a key but no value in the map. A key with - * a single value in its Set (6) indicates that this is the only value that should be returned. - * requestedTypedClaims - List (7, 2). - * Always present, the requested claims. - * Requested claims with no requested values will have a claim with no values. - * A claim with a single value indicates this is the only value that should be returned. - * claimsLocales - List (7). - * The values from the 'claims_locales' parameter. - * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * In order to use the client, you may need to add - * org.forgerock.http.Client, - * org.forgerock.http.protocol.*, - * and org.forgerock.util.promise.PromiseImpl - * to the allowed Java classes in the scripting engine configuration, as described in: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html - * - * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. - * The result of the last statement in the script is returned to the server. - * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) - * is the last (and only) statement in this script, and its return value will become the script result. - * Do not use "return variable" statement outside of a function definition. - * See RESULTS section for additional details. - * - * Class reference: - * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. - * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). - * An instance of org.forgerock.openidconnect.Claim has methods to access - * the claim name, requested values, locale, and whether the claim is essential. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. -*/ - -(function () { - // SETUP - - /** - * Claim processing utilities. - * An object that contains reusable functions for processing claims. - * @see CLAIM PROCESSING UTILITIES section for details. - */ - var utils = getUtils(); - - // CONFIGURATION AND CUSTOMIZATION - - /** - * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a scope value to an array of claim names - * to specify which claims need to be processed and returned for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} - * for the scope values that could be used to request claims as defined in the OIDC specification. - * - * Below, find a default configuration that is expected to work in the current environment. - * - * CUSTOMIZATION - * You can choose the claim names returned for a scope. - */ - utils.setScopeClaimsMap({ - profile: [ - 'name', - 'family_name', - 'given_name', - 'zoneinfo', - 'locale' - ], - email: ['email'], - address: ['address'], - phone: ['phone_number'] - }); - - /** - * In this script, each claim - * derived from the requested scopes, - * provided by the authorization server, and - * requested by the client via the claims parameter - * will be processed by a function associated with the claim name. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a claim name to a resolver function, - * which will be automatically executed for each claim processed by the script. - * - * The claim resolver function will receive the requested claim information - * in an instance of org.forgerock.openidconnect.Claim as the first argument. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} - * for details on the Claim class. - * - * If the claim resolver function returns a value, - * other than undefined or null, - * the claim will be included in the script's results. - * - * The Claim instance provides methods to check - * what the name of the claim is, - * which values the claim request contains, - * whether the claim is essential, and - * which locale the claim is associated with. - * The resolver function can consider this information when computing and returning the claim value. - * - * Below, find a default configuration that is expected to work in the current environment. - * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), - * is called to return a claim resolver function based on a user profile attribute. - * @see CLAIM RESOLVERS section for the implementation details and examples. - * For the address claim, an example of a claim resolver that uses another claim resolver is provided. - * - * CUSTOMIZATION - * You can reuse the predefined utils methods with your custom arguments. - * You can also specify a custom resolver function for a claim name, - * that will compute and return the claim value—as shown in the commented out example below. - */ - utils.setClaimResolvers({ - /* - // An example of a simple claim resolver function that is defined for a claim - // directly in the configuration object: - custom-claim-name: function (requestedClaim) { - // In this case, initially, the claim value comes straight from a user profile attribute value: - var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] - - // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. - // You can use: - // requestedClaim.getName() - // requestedClaim.getValues() - // requestedClaim.getLocale() - // requestedClaim.isEssential() - - return claimValue - }, - */ - /** - * The use of utils.getUserProfileClaimResolver shows how - * an argument passed to a function that returns a claim resolver - * becomes available to the resolver function (via its lexical context). - */ - name: utils.getUserProfileClaimResolver('cn'), - family_name: utils.getUserProfileClaimResolver('sn'), - given_name: utils.getUserProfileClaimResolver('givenname'), - zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), - locale: utils.getUserProfileClaimResolver('preferredlocale'), - email: utils.getUserProfileClaimResolver('mail'), - address: utils.getAddressClaimResolver( - /** - * The passed in user profile claim resolver function - * can be used by the address claim resolver function - * to obtain the claim value to be formatted as per the OIDC specification: - * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. - */ - utils.getUserProfileClaimResolver('postaladdress') - ), - phone_number: utils.getUserProfileClaimResolver('telephonenumber') - }); - - // CLAIM PROCESSING UTILITIES - - /** - * @returns {object} An object that contains reusable claim processing utilities. - * @see PUBLIC METHODS section and the return statement for the list of exported functions. - */ - function getUtils () { - // IMPORT JAVA - - /** - * Provides Java scripting functionality. - * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. - */ - var frJava = JavaImporter( - org.forgerock.oauth2.core.exceptions.InvalidRequestException, - org.forgerock.oauth2.core.UserInfoClaims, - org.forgerock.openidconnect.Claim, - - java.util.LinkedHashMap, - java.util.ArrayList - ); - - // SET UP CONFIGURATION - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported scope values (scopes) - * and the corresponding claim names for each scope value. - */ - var scopeClaimsMap; - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported claim names - * and the resolver functions returning the claim value. - */ - var claimResolvers; - - /** - * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps each supported scope value to an array of claim names, - * in order to specify which claims need to be processed for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. - * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. - * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. - * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. - * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. - * @returns {undefined} - */ - function setScopeClaimsMap(params) { - scopeClaimsMap = params; - } - - /** - * A (public) method that accepts an object that maps the supported claim names - * and the resolver functions returning the claim value, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps - * each supported claim name to a function that computes and returns the claim value. - */ - function setClaimResolvers(params) { - claimResolvers = params; - } - - // CLAIM RESOLVERS - - /** - * Claim resolvers are functions that return a claim value. - * @param {*} - * @returns {*} - */ - - /** - * Defines a claim resolver based on a user profile attribute. - * @param {string} attributeName - Name of the user profile attribute. - * @returns {function} A function that will determine the claim value - * based on the user profile attribute and the (requested) claim properties. - */ - function getUserProfileClaimResolver (attributeName) { - /** - * Resolves a claim with a user profile attribute value. - * Returns undefined if the identity attribute is not populated, - * OR if the claim has requested values that do not contain the identity attribute value. - * ATTENTION: the aforementioned comparison is case-sensitive. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {string|HashSet|undefined} - */ - function resolveClaim(claim) { - var userProfileValue; - - if (identity) { - userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); - - if (userProfileValue && !userProfileValue.isEmpty()) { - if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { - return userProfileValue; - } - } - } - } - - return resolveClaim; - } - - /** - * Returns an address claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional formatting to the value before returning it. - */ - function getAddressClaimResolver (resolveClaim) { - /** - * Creates an address claim object from a value returned by a claim resolver, - * and returns the address claim object as the claim value. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. - * The claim value is obtained with a claim resolving function available from the closure. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. - */ - function resolveAddressClaim(claim) { - var claimValue = resolveClaim(claim); - var addressObject; - - if (isClaimValueValid(claimValue)) { - addressObject = new frJava.LinkedHashMap(); - - addressObject.put('formatted', claimValue); - - return addressObject; - } - } - - return resolveAddressClaim; - } - - /** - * Returns an essential claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional logic for essential claims. - */ - function getEssentialClaimResolver (resolveClaim) { - /** - * Returns a claim value or throws an error. - * The claim value is obtained with a claim resolving function available from the closure. - * Throws an exception if the claim is essential and no value is returned for the claim. - * - * Use of this resolver is optional. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: - * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, - * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, - * unless otherwise specified in the description of the specific claim." - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - */ - function resolveEssentialClaim(claim) { - var claimValue = resolveClaim(claim); - - if (claim.isEssential() && !isClaimValueValid(claimValue)) { - throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); - } - - return claimValue; - } - - return resolveEssentialClaim; - } - - /** - * Provides default resolution for a claim. - * Use it if a claim-specific resolver is not defined in the configuration. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} A single value associated with this claim. - */ - function resolveAnyClaim (claim) { - if (claim.getValues().size() === 1) { - return claim.getValues().toArray()[0]; - } - } - - // UTILITIES - - /** - * Returns claim value from a set. - * If the set contains a single value, returns the value. - * If the set contains multiple values, returns the set. - * Otherwise, returns undefined. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @param {java.util.HashSet} set The set—for example, a user profile attribute value. - * @returns {string|java.util.HashSet|undefined} - */ - function getClaimValueFromSet (claim, set) { - if (set && set.size()) { - if (set.size() === 1) { - return set.toArray()[0]; - } else { - return set; - } - } else if (logger.warningEnabled()) { - logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); - } - } - - function isClaimValueValid (claimValue) { - if (typeof claimValue === 'undefined' || claimValue === null) { - return false; - } - - return true; - } - - // CLAIM PROCESSING - - /** - * Constructs and returns an object populated with the computed claim values - * and the requested scopes mapped to the claim names. - * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * @see RESULTS section for the use of this function. - */ - function getUserInfoClaims () { - return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); - } - - /** - * Creates a map of (requested) claim names populated with the computed claim values. - * @returns {java.util.LinkedHashMap} - * A map of the requested claim names and the corresponding claim values. - */ - function getComputedClaims () { - /** - * Creates a complete list of claim objects from: - * the claims derived from the scopes, - * the claims provided by the authorization server, - * and the claims requested by the client. - * @returns {java.util.ArrayList} - * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function getClaims() { - /** - * Returns a list of claim objects for the requested scopes. - * Uses the scopeClaimsMap configuration option to derive the claim names; - * no other properties of a claim derived from a scope are populated. - * @returns {java.util.ArrayList} - * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function convertScopeToClaims() { - var claims = new frJava.ArrayList(); - - scopes.toArray().forEach(function (scope) { - if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - claims.add(new frJava.Claim(claimName)); - }); - } - }); - - return claims; - } - - var claims = new frJava.ArrayList(); - - claims.addAll(convertScopeToClaims()); - claims.addAll(claimObjects); - claims.addAll(requestedTypedClaims); - - return claims; - } - - /** - * Computes and returns a claim value. - * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. - * @see claimResolvers - * If no resolver function is found, uses the default claim resolver function. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} Claim value. - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - * Rethrows this exception if a claim resolver throws it. - * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver - * if you want to terminate the claim processing. - */ - function computeClaim(claim) { - var resolveClaim; - var message; - - try { - resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; - - return resolveClaim(claim); - } catch (e) { - message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; - - if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { - throw e; - } - - if (logger.warningEnabled()) { - logger.warning(message); - } - } - } - - var computedClaims = new frJava.LinkedHashMap(); - - getClaims().toArray().forEach(function (claim) { - var claimValue = computeClaim(claim); - - if (isClaimValueValid(claimValue)) { - computedClaims.put(claim.getName(), claimValue); - } else { - /** - * If a claim has been processed, but appears in the list again, - * and its value cannot be computed under the new conditions, - * the claim is removed from the final result. - * - * For example, a claim could be mapped to a scope and found in the user profile, - * but also requested by the client with required values that don't match the computed one. - * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. - * for the relevant OIDC specification details. - */ - computedClaims.remove(claim.getName()); - } - }); - - return computedClaims; - } - - /** - * Creates a map of requested scopes and the corresponding claim names. - * @returns {java.util.LinkedHashMap} - */ - function getCompositeScopes () { - var compositeScopes = new frJava.LinkedHashMap(); - - scopes.toArray().forEach(function (scope) { - var scopeClaims = new frJava.ArrayList(); - - if (scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - scopeClaims.add(claimName); - }); - } - - if (scopeClaims.size()) { - compositeScopes.put(scope, scopeClaims); - } - }); - - return compositeScopes; - } - - // PUBLIC METHODS - - return { - setScopeClaimsMap: setScopeClaimsMap, - setClaimResolvers: setClaimResolvers, - getUserProfileClaimResolver: getUserProfileClaimResolver, - getAddressClaimResolver: getAddressClaimResolver, - getEssentialClaimResolver: getEssentialClaimResolver, - getUserInfoClaims: getUserInfoClaims - }; - } - - // RESULTS - - /** - * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class - * populated with the computed claim values and - * the requested scopes mapped to the claim names. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * - * Assigning it to a variable gives you an opportunity - * to log the content of the returned value during development. - */ - var userInfoClaims = utils.getUserInfoClaims(); - - /* - logger.error(scriptName + ' results:') - logger.error('Values: ' + userInfoClaims.getValues()) - logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) - */ - - return userInfoClaims; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 69`] = ` -{ - "meta": Any, - "script": { - "e1db8a0a-0329-4962-a5bf-ecffaca376ae": { - "_id": "e1db8a0a-0329-4962-a5bf-ecffaca376ae", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Used by endUserUIClient", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Alpha endUserUIClient OIDC Claims Script", - "script": "file://Alpha-endUserUIClient-OIDC-Claims-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 70`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.user_id), - field("displayName", rawProfile.name), - field("email", rawProfile.email), - field("username", rawProfile.email)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 71`] = ` -{ - "meta": Any, - "script": { - "6b3cfd48-62d3-48ff-a96f-fe8f3a22ab30": { - "_id": "6b3cfd48-62d3-48ff-a96f-fe8f3a22ab30", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Amazon", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Amazon Profile Normalization", - "script": "file://Amazon-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 72`] = ` -"/* - * Copyright 2021-2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - * - * In some common default configurations, the following keys are required to be not empty: - * username, givenName, familyName, email. - * - * From RFC4517: A value of the Directory String syntax is a string of one or more - * arbitrary characters from the Universal Character Set (UCS). - * A zero-length character string is not permitted. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -String email = "change@me.com" -String subjectId = rawProfile.sub -String firstName = " " -String lastName = " " -String username = subjectId -String name - -if (rawProfile.isDefined("email") && rawProfile.email.isNotNull()){ // User can elect to not share their email - email = rawProfile.email.asString() - username = email -} -if (rawProfile.isDefined("name") && rawProfile.name.isNotNull()) { - if (rawProfile.name.isDefined("firstName") && rawProfile.name.firstName.isNotNull()) { - firstName = rawProfile.name.firstName.asString() - } - if (rawProfile.name.isDefined("lastName") && rawProfile.name.lastName.isNotNull()) { - lastName = rawProfile.name.lastName.asString() - } -} - -name = (firstName?.trim() ? firstName : "") + (lastName?.trim() ? ((firstName?.trim() ? " " : "") + lastName) : "") -name = (!name?.trim()) ? " " : name - -return json(object( - field("id", subjectId), - field("displayName", name), - field("email", email), - field("givenName", firstName), - field("familyName", lastName), - field("username", username)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 73`] = ` -{ - "meta": Any, - "script": { - "484e6246-dbc6-4288-97e6-54e55431402e": { - "_id": "484e6246-dbc6-4288-97e6-54e55431402e", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Apple", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Apple Profile Normalization", - "script": "file://Apple-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 74`] = ` -"/* - - Data made available by nodes that have already executed are available in the sharedState variable. - - The script should set outcome to either "true" or "false". - */ - -outcome = "true";" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 75`] = ` -{ - "meta": Any, - "script": { - "01e1a3c0-038b-4c16-956a-6c9d89328cff": { - "_id": "01e1a3c0-038b-4c16-956a-6c9d89328cff", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for a scripted decision node", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Authentication Tree Decision Node Script", - "script": "file://Authentication-Tree-Decision-Node-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 76`] = ` -"/* Browser Language Decision - * - * Detect the browser language in the request and branch out to its named exit (e.g.: "de" or "en" or "fr") - * if it is part of the supportedLanguages array, otherwise take the "other" exit. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - other - * - - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - /******************************/ - /* Begin Script Configuration */ - - // add all the language codes you want to support - var supportedLanguages = ["de","en","fr"]; - - /* End Script Configuration */ - /******************************/ - - outcome = getBrowserLanguage(); - - /* - * Returns the supported browser language or "other" - */ - function getBrowserLanguage() { - var languageHeader = getHeader("accept-language"); - var language = languageHeader.split(';')[0].split(',')[0].split('-')[0]; - if (supportedLanguages.indexOf(language) < 0) { - return "other"; - } - return language; - } - - /* - * Returns the value of the requested header - */ - function getHeader(headerName) { - return requestHeaders.get(headerName).get(0)+""; - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 77`] = ` -{ - "meta": Any, - "script": { - "8508a00e-ad45-4310-b3c7-c6871b6a41a9": { - "_id": "8508a00e-ad45-4310-b3c7-c6871b6a41a9", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Browser Language Decision", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Browser Language Decision", - "script": "file://Browser-Language-Decision.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 78`] = ` -"/* - * Copyright 2021 ForgeRock AS. All Rights Reserved - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/** - * The following script is a simplified template for understanding how to build - * up a config Map object with custom values. The Config Provider Node will then - * provide this config Map to the desired node type. It is important that the Map - * you build here is named 'config'. - * - * Defined variables: - * - * nodeState - Node State (1) - * Always present, this represents the current values stored in the node state. - * - * idRepository - Profile Data (2) - * Always present, a repository to retrieve user information. - * - * secrets - Credentials and Secrets (3) - * Always present, an interface to access the Secrets API from a scripting context. - * - * requestHeaders (4) - Map (5) - * Always present, an object that provides methods for accessing headers in the login request. - * - * logger - Debug Logging (6) - * Always present, the debug logger instance. - * - * httpClient - HTTP Client (7) - * Always present, the HTTP client that can be used to make external HTTP requests. - * - * realm - String (primitive). - * Always present, the name of the realm the user is authenticating to. - * - * existingSession - Map (5) - * Present if the request contains the session cookie, the user's session object. The returned map from - * SSOToken.getProperties() (8) - * - * requestParameters - Map (5) - * Always present, the object that contains the authentication request parameters. - * - * - * Outputs: - * - * config - Map (5) - * Define and fill a Map object named 'config' with custom values, this will define the configuration for the - * associated node selected in the ConfigProviderNode. - * - * Reference: - * (1) Node State - https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/scripting-api-node.html#scripting-api-node-nodeState - * (2) Profile Data - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-node-id-repo - * (3) Credentials and Secrets - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-authn-secrets - * (4) Request Headers - https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Map.html - * (6) Debug Logging - https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * (7) HTTP Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. - * (8) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - */ - -config = { - tree: 'inner1' -};" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 79`] = ` -{ - "meta": Any, - "script": { - "638c865e-d393-4503-a517-535b9c74e010": { - "_id": "638c865e-d393-4503-a517-535b9c74e010", - "context": "CONFIG_PROVIDER_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "CP-InnerTreeEvaluator-static-inner1", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "CP-ITE-static-inner1", - "script": "file://CP-ITE-static-inner1.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 80`] = ` -"/* - * Copyright 2021 ForgeRock AS. All Rights Reserved - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/** - * The following script is a simplified template for understanding how to build - * up a config Map object with custom values. The Config Provider Node will then - * provide this config Map to the desired node type. It is important that the Map - * you build here is named 'config'. - * - * Defined variables: - * - * nodeState - Node State (1) - * Always present, this represents the current values stored in the node state. - * - * idRepository - Profile Data (2) - * Always present, a repository to retrieve user information. - * - * secrets - Credentials and Secrets (3) - * Always present, an interface to access the Secrets API from a scripting context. - * - * requestHeaders (4) - Map (5) - * Always present, an object that provides methods for accessing headers in the login request. - * - * logger - Debug Logging (6) - * Always present, the debug logger instance. - * - * httpClient - HTTP Client (7) - * Always present, the HTTP client that can be used to make external HTTP requests. - * - * realm - String (primitive). - * Always present, the name of the realm the user is authenticating to. - * - * existingSession - Map (5) - * Present if the request contains the session cookie, the user's session object. The returned map from - * SSOToken.getProperties() (8) - * - * requestParameters - Map (5) - * Always present, the object that contains the authentication request parameters. - * - * - * Outputs: - * - * config - Map (5) - * Define and fill a Map object named 'config' with custom values, this will define the configuration for the - * associated node selected in the ConfigProviderNode. - * - * Reference: - * (1) Node State - https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/scripting-api-node.html#scripting-api-node-nodeState - * (2) Profile Data - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-node-id-repo - * (3) Credentials and Secrets - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-authn-secrets - * (4) Request Headers - https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Map.html - * (6) Debug Logging - https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * (7) HTTP Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. - * (8) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - */ - -config = { - tree: 'inner2' -};" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 81`] = ` -{ - "meta": Any, - "script": { - "740cf6fa-a173-4e9d-b17c-44758e9b19ec": { - "_id": "740cf6fa-a173-4e9d-b17c-44758e9b19ec", - "context": "CONFIG_PROVIDER_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "CP-InnerTreeEvaluator-static-inner2", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "CP-ITE-static-inner2", - "script": "file://CP-ITE-static-inner2.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 82`] = ` -"if (typeof existingSession !== 'undefined') -{ - outcome = "hasSession"; - sharedState.put("username", existingSession.get("UserId")); - sharedState.put("_id", existingSession.get("UserId")); - if (sharedState.get("objectAttributes")) { - sharedState.get("objectAttributes").put("userName", existingSession.get("UserId")); - } - else { - sharedState.put("objectAttributes", {userName: existingSession.get("UserId")}); - } -} -else -{ - outcome = "noSession"; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 83`] = ` -{ - "meta": Any, - "script": { - "0ab1dd57-eafd-4063-8e60-65bfac8108b7": { - "_id": "0ab1dd57-eafd-4063-8e60-65bfac8108b7", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check existing session and set username", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Check Existing Session", - "script": "file://Check-Existing-Session.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 84`] = ` -"/* Check Username - * - * Author: volker.scheuber@forgerock.com - * - * Check if username has already been collected. - * Return "known" if yes, "unknown" otherwise. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - known - * - unknown - */ -(function () { - if (null != sharedState.get("username")) { - outcome = "known"; - } - else { - outcome = "unknown"; - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 85`] = ` -{ - "meta": Any, - "script": { - "739bdc48-fd24-4c52-b353-88706d75558a": { - "_id": "739bdc48-fd24-4c52-b353-88706d75558a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check if username has already been collected.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Check Username", - "script": "file://Check-Username.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 86`] = ` -"/* Choice inner1, inner2 - * - * Author: volker.scheuber@forgerock.com - * - * Render a dropdown selector - * - * This script must be parametrized. It will not work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = "true"; - var choices = ["inner1", "inner2"]; - - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.ChoiceCallback - ) - - if (callbacks.isEmpty()) { - action = fr.Action.send([ - new fr.ChoiceCallback("Select a journey", choices, 0, false) - ]).build(); - } else { - var choice = parseInt(callbacks.get(0).getSelectedIndexes()[0]); - nodeState.putShared("nodeConfig", {tree: choices[choice]}); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 87`] = ` -{ - "meta": Any, - "script": { - "14f14ad3-f35f-455b-a7ba-d7cd939c6921": { - "_id": "14f14ad3-f35f-455b-a7ba-d7cd939c6921", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Dropdown selector", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Choice inner1, inner2", - "script": "file://Choice-inner1-inner2.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 88`] = ` -"/* Collect Extra Fields - * - * Collect extra fields not part of the user profile. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = 'true'; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.NameCallback('modality'), - new fr.NameCallback('jwtToken') - ).build(); - } - else { - var modality = callbacks.get(0).getName(); - var jwtToken = callbacks.get(1).getName(); - nodeState.putShared('modality', modality); - nodeState.putShared('jwtToken', jwtToken); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 89`] = ` -{ - "meta": Any, - "script": { - "92edf2c7-0bab-412c-a0da-82ad4f04505b": { - "_id": "92edf2c7-0bab-412c-a0da-82ad4f04505b", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect Extra Fields", - "script": "file://Collect-Extra-Fields.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 90`] = ` -"/* Collect Inner Tree Evaluator Config - * - * Collect all the configuration items required for the Inner Tree Evaluator to function properly. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - var config = { - "tree": "Login", - }; - var script = ""; - script += "Array.prototype.slice.call("; - script += " document.getElementsByTagName('input')"; - script += ").forEach("; - script += " function (input,i) {"; - script += " console.log('input '+i);" - script += " var config = JSON.parse('"+JSON.stringify(config)+"');"; - script += " var keys = Object.keys(config);"; - script += " if (input.type === 'text') {"; - script += " input.setAttribute('value', config[keys[i]]);"; - script += " input.dispatchEvent(new KeyboardEvent( 'input' , {'key':'Enter'} ));"; - script += " }"; - script += " }"; - script += ");"; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.NameCallback("tree", config.tree), - new fr.ScriptTextOutputCallback(script) - ).build(); - } - else { - config[callbacks.get(0).getPrompt()] = callbacks.get(0).getName(); - nodeState.putShared("nodeConfig", config); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 91`] = ` -{ - "meta": Any, - "script": { - "d70df7a8-6390-409d-b821-166272a9a9c8": { - "_id": "d70df7a8-6390-409d-b821-166272a9a9c8", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Collect all the configuration items required for the Inner Tree Evaluator to function properly.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect Inner Tree Evaluator Config", - "script": "file://Collect-Inner-Tree-Evaluator-Config.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 92`] = ` -"/* Collect Message Node Config - * - * Collect all the configuration items required for the Message Node to function properly. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - var config = { - "message": {"en": "I believe I can fly!"}, - "messageYes": {"en": "Glorious!"}, - "messageNo": {"en": "Inconceivable!"} - }; - var script = ""; - script += "Array.prototype.slice.call("; - script += " document.getElementsByTagName('input')"; - script += ").forEach("; - script += " function (input,i) {"; - script += " console.log('input '+i);" - script += " var config = JSON.parse('"+JSON.stringify(config)+"');"; - script += " var keys = Object.keys(config);"; - script += " if (input.type === 'text') {"; - script += " input.setAttribute('value', config[keys[i]].en);"; - script += " input.dispatchEvent(new KeyboardEvent( 'input' , {'key':'Enter'} ));"; - script += " }"; - script += " }"; - script += ");"; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.NameCallback("message", config.message.en), - new fr.NameCallback("messageYes", config.messageYes.en), - new fr.NameCallback("messageNo", config.messageNo.en), - new fr.ScriptTextOutputCallback(script) - ).build(); - } - else { - config[callbacks.get(0).getPrompt()].en = callbacks.get(0).getName(); - config[callbacks.get(1).getPrompt()].en = callbacks.get(1).getName(); - config[callbacks.get(2).getPrompt()].en = callbacks.get(2).getName(); - nodeState.putShared("nodeConfig", config); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 93`] = ` -{ - "meta": Any, - "script": { - "169150da-0bd1-4866-8095-eae0bbc269e4": { - "_id": "169150da-0bd1-4866-8095-eae0bbc269e4", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Collect all the configuration items required for the Message Node to function properly.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect Message Node Config", - "script": "file://Collect-Message-Node-Config.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 94`] = ` -"/* Collect PIN - * - * Collect PIN using password callback and store in user profile. - * - * This script must be parametrized. It may not work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - - /*** BEGIN PARAMETRIZATION ***/ - var pinAttrName = 'frUnindexedString3'; - var pinPrompt = 'New PIN'; - /**** END PARAMETRIZATION ****/ - - outcome = 'true'; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.PasswordCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.PasswordCallback(pinPrompt, false) - ).build(); - } - else { - var pin = new java.lang.String(callbacks.get(0).getPassword()); - setTransientObjectAttribute(pinAttrName, pin); - action = fr.Action.goTo(outcome).build(); - } - - /* - * Store attributes in transient state for use with the Create/Patch Object nodes. - */ - function setTransientObjectAttribute(name, value) { - var transientStorage = transientState.get("objectAttributes"); - if (transientStorage && value) { - if (transientStorage.put) { - transientStorage.put(name, value); - } - else { - transientStorage[name] = value; - } - } - else if (value) { - transientState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 95`] = ` -{ - "meta": Any, - "script": { - "e4417108-4dc9-4ffc-9995-3cd490adf2ed": { - "_id": "e4417108-4dc9-4ffc-9995-3cd490adf2ed", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Collect PIN", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect PIN", - "script": "file://Collect-PIN.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 96`] = ` -"/* Collect And Encrypt Custom Password - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * See copyright notices, conditions, and disclaimers at the bottom of this script. - * - * volker.scheuber@forgerock.com - */ -(function () { - "use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(message){this.toString=function(){return"CORRUPT: "+this.message};this.message=message},invalid:function(message){this.toString=function(){return"INVALID: "+this.message};this.message=message},bug:function(message){this.toString=function(){return"BUG: "+this.message};this.message=message},notReady:function(message){this.toString=function(){return"NOT READY: "+this.message};this.message=message}}};sjcl.cipher.aes=function(key){if(!this._tables[0][0][0]){this._precompute()}var i,j,tmp,encKey,decKey,sbox=this._tables[0][4],decTable=this._tables[1],keyLen=key.length,rcon=1;if(keyLen!==4&&keyLen!==6&&keyLen!==8){throw new sjcl.exception.invalid("invalid aes key size")}this._key=[encKey=key.slice(0),decKey=[]];for(i=keyLen;i<4*keyLen+28;i++){tmp=encKey[i-1];if(i%keyLen===0||keyLen===8&&i%keyLen===4){tmp=sbox[tmp>>>24]<<24^sbox[tmp>>16&255]<<16^sbox[tmp>>8&255]<<8^sbox[tmp&255];if(i%keyLen===0){tmp=tmp<<8^tmp>>>24^rcon<<24;rcon=rcon<<1^(rcon>>7)*283}}encKey[i]=encKey[i-keyLen]^tmp}for(j=0;i;j++,i--){tmp=encKey[j&3?i:i-4];if(i<=4||j<4){decKey[j]=tmp}else{decKey[j]=decTable[0][sbox[tmp>>>24]]^decTable[1][sbox[tmp>>16&255]]^decTable[2][sbox[tmp>>8&255]]^decTable[3][sbox[tmp&255]]}}};sjcl.cipher.aes.prototype={encrypt:function(data){return this._crypt(data,0)},decrypt:function(data){return this._crypt(data,1)},_tables:[[[],[],[],[],[]],[[],[],[],[],[]]],_precompute:function(){var encTable=this._tables[0],decTable=this._tables[1],sbox=encTable[4],sboxInv=decTable[4],i,x,xInv,d=[],th=[],x2,x4,x8,s,tEnc,tDec;for(i=0;i<256;i++){th[(d[i]=i<<1^(i>>7)*283)^i]=i}for(x=xInv=0;!sbox[x];x^=x2||1,xInv=th[xInv]||1){s=xInv^xInv<<1^xInv<<2^xInv<<3^xInv<<4;s=s>>8^s&255^99;sbox[x]=s;sboxInv[s]=x;x8=d[x4=d[x2=d[x]]];tDec=x8*16843009^x4*65537^x2*257^x*16843008;tEnc=d[s]*257^s*16843008;for(i=0;i<4;i++){encTable[i][x]=tEnc=tEnc<<24^tEnc>>>8;decTable[i][s]=tDec=tDec<<24^tDec>>>8}}for(i=0;i<5;i++){encTable[i]=encTable[i].slice(0);decTable[i]=decTable[i].slice(0)}},_crypt:function(input,dir){if(input.length!==4){throw new sjcl.exception.invalid("invalid aes block size")}var key=this._key[dir],a=input[0]^key[0],b=input[dir?3:1]^key[1],c=input[2]^key[2],d=input[dir?1:3]^key[3],a2,b2,c2,nInnerRounds=key.length/4-2,i,kIndex=4,out=[0,0,0,0],table=this._tables[dir],t0=table[0],t1=table[1],t2=table[2],t3=table[3],sbox=table[4];for(i=0;i>>24]^t1[b>>16&255]^t2[c>>8&255]^t3[d&255]^key[kIndex];b2=t0[b>>>24]^t1[c>>16&255]^t2[d>>8&255]^t3[a&255]^key[kIndex+1];c2=t0[c>>>24]^t1[d>>16&255]^t2[a>>8&255]^t3[b&255]^key[kIndex+2];d=t0[d>>>24]^t1[a>>16&255]^t2[b>>8&255]^t3[c&255]^key[kIndex+3];kIndex+=4;a=a2;b=b2;c=c2}for(i=0;i<4;i++){out[dir?3&-i:i]=sbox[a>>>24]<<24^sbox[b>>16&255]<<16^sbox[c>>8&255]<<8^sbox[d&255]^key[kIndex++];a2=a;a=b;b=c;c=d;d=a2}return out}};sjcl.bitArray={bitSlice:function(a,bstart,bend){a=sjcl.bitArray._shiftRight(a.slice(bstart/32),32-(bstart&31)).slice(1);return bend===undefined?a:sjcl.bitArray.clamp(a,bend-bstart)},extract:function(a,bstart,blength){var x,sh=Math.floor(-bstart-blength&31);if((bstart+blength-1^bstart)&-32){x=a[bstart/32|0]<<32-sh^a[bstart/32+1|0]>>>sh}else{x=a[bstart/32|0]>>>sh}return x&(1<0&&len){a[l-1]=sjcl.bitArray.partial(len,a[l-1]&2147483648>>len-1,1)}return a},partial:function(len,x,_end){if(len===32){return x}return(_end?x|0:x<<32-len)+len*1099511627776},getPartial:function(x){return Math.round(x/1099511627776)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b)){return false}var x=0,i;for(i=0;i=32;shift-=32){out.push(carry);carry=0}if(shift===0){return out.concat(a)}for(i=0;i>>shift);carry=a[i]<<32-shift}last2=a.length?a[a.length-1]:0;shift2=sjcl.bitArray.getPartial(last2);out.push(sjcl.bitArray.partial(shift+shift2&31,shift+shift2>32?carry:out.pop(),1));return out},_xor4:function(x,y){return[x[0]^y[0],x[1]^y[1],x[2]^y[2],x[3]^y[3]]},byteswapM:function(a){var i,v,m=65280;for(i=0;i>>24|v>>>8&m|(v&m)<<8|v<<24}return a}};sjcl.codec.utf8String={fromBits:function(arr){var out="",bl=sjcl.bitArray.bitLength(arr),i,tmp;for(i=0;i>>8>>>8>>>8);tmp<<=8}return decodeURIComponent(escape(out))},toBits:function(str){str=unescape(encodeURIComponent(str));var out=[],i,tmp=0;for(i=0;i>>bits)>>>26);if(bits<6){ta=arr[i]<<6-bits;bits+=26;i++}else{ta<<=6;bits-=6}}while(out.length&3&&!_noEquals){out+="="}return out},toBits:function(str,_url){str=str.replace(/\\s|=/g,"");var out=[],i,bits=0,c=sjcl.codec.base64._chars,ta=0,x;if(_url){c=c.substr(0,62)+"-_"}for(i=0;i26){bits-=26;out.push(ta^x>>>bits);ta=x<<32-bits}else{bits+=6;ta^=x<<32-bits}}if(bits&56){out.push(sjcl.bitArray.partial(bits&56,ta,1))}return out}};sjcl.codec.base64url={fromBits:function(arr){return sjcl.codec.base64.fromBits(arr,1,1)},toBits:function(str){return sjcl.codec.base64.toBits(str,1)}};sjcl.hash.sha256=function(hash){if(!this._key[0]){this._precompute()}if(hash){this._h=hash._h.slice(0);this._buffer=hash._buffer.slice(0);this._length=hash._length}else{this.reset()}};sjcl.hash.sha256.hash=function(data){return(new sjcl.hash.sha256).update(data).finalize()};sjcl.hash.sha256.prototype={blockSize:512,reset:function(){this._h=this._init.slice(0);this._buffer=[];this._length=0;return this},update:function(data){if(typeof data==="string"){data=sjcl.codec.utf8String.toBits(data)}var i,b=this._buffer=sjcl.bitArray.concat(this._buffer,data),ol=this._length,nl=this._length=ol+sjcl.bitArray.bitLength(data);if(nl>9007199254740991){throw new sjcl.exception.invalid("Cannot hash more than 2^53 - 1 bits")}if(typeof Uint32Array!=="undefined"){var c=new Uint32Array(b);var j=0;for(i=512+ol-(512+ol&511);i<=nl;i+=512){this._block(c.subarray(16*j,16*(j+1)));j+=1}b.splice(0,16*j)}else{for(i=512+ol-(512+ol&511);i<=nl;i+=512){this._block(b.splice(0,16))}}return this},finalize:function(){var i,b=this._buffer,h=this._h;b=sjcl.bitArray.concat(b,[sjcl.bitArray.partial(1,1)]);for(i=b.length+2;i&15;i++){b.push(0)}b.push(Math.floor(this._length/4294967296));b.push(this._length|0);while(b.length){this._block(b.splice(0,16))}this.reset();return h},_init:[],_key:[],_precompute:function(){var i=0,prime=2,factor,isPrime;function frac(x){return(x-Math.floor(x))*4294967296|0}for(;i<64;prime++){isPrime=true;for(factor=2;factor*factor<=prime;factor++){if(prime%factor===0){isPrime=false;break}}if(isPrime){if(i<8){this._init[i]=frac(Math.pow(prime,1/2))}this._key[i]=frac(Math.pow(prime,1/3));i++}}},_block:function(w){var i,tmp,a,b,h=this._h,k=this._key,h0=h[0],h1=h[1],h2=h[2],h3=h[3],h4=h[4],h5=h[5],h6=h[6],h7=h[7];for(i=0;i<64;i++){if(i<16){tmp=w[i]}else{a=w[i+1&15];b=w[i+14&15];tmp=w[i&15]=(a>>>7^a>>>18^a>>>3^a<<25^a<<14)+(b>>>17^b>>>19^b>>>10^b<<15^b<<13)+w[i&15]+w[i+9&15]|0}tmp=tmp+h7+(h4>>>6^h4>>>11^h4>>>25^h4<<26^h4<<21^h4<<7)+(h6^h4&(h5^h6))+k[i];h7=h6;h6=h5;h5=h4;h4=h3+tmp|0;h3=h2;h2=h1;h1=h0;h0=tmp+(h1&h2^h3&(h1^h2))+(h1>>>2^h1>>>13^h1>>>22^h1<<30^h1<<19^h1<<10)|0}h[0]=h[0]+h0|0;h[1]=h[1]+h1|0;h[2]=h[2]+h2|0;h[3]=h[3]+h3|0;h[4]=h[4]+h4|0;h[5]=h[5]+h5|0;h[6]=h[6]+h6|0;h[7]=h[7]+h7|0}};sjcl.mode.ccm={name:"ccm",_progressListeners:[],listenProgress:function(cb){sjcl.mode.ccm._progressListeners.push(cb)},unListenProgress:function(cb){var index=sjcl.mode.ccm._progressListeners.indexOf(cb);if(index>-1){sjcl.mode.ccm._progressListeners.splice(index,1)}},_callProgressListener:function(val){var p=sjcl.mode.ccm._progressListeners.slice(),i;for(i=0;i>>8*L;L++){}if(L<15-ivl){L=15-ivl}iv=w.clamp(iv,8*(15-L));tag=sjcl.mode.ccm._computeTag(prf,plaintext,iv,adata,tlen,L);out=sjcl.mode.ccm._ctrMode(prf,out,iv,tag,tlen,L);return w.concat(out.data,out.tag)},decrypt:function(prf,ciphertext,iv,adata,tlen){tlen=tlen||64;adata=adata||[];var L,w=sjcl.bitArray,ivl=w.bitLength(iv)/8,ol=w.bitLength(ciphertext),out=w.clamp(ciphertext,ol-tlen),tag=w.bitSlice(ciphertext,ol-tlen),tag2;ol=(ol-tlen)/8;if(ivl<7){throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes")}for(L=2;L<4&&ol>>>8*L;L++){}if(L<15-ivl){L=15-ivl}iv=w.clamp(iv,8*(15-L));out=sjcl.mode.ccm._ctrMode(prf,out,iv,tag,tlen,L);tag2=sjcl.mode.ccm._computeTag(prf,out.data,iv,adata,tlen,L);if(!w.equal(out.tag,tag2)){throw new sjcl.exception.corrupt("ccm: tag doesn't match")}return out.data},_macAdditionalData:function(prf,adata,iv,tlen,ol,L){var mac,tmp,i,macData=[],w=sjcl.bitArray,xor=w._xor4;mac=[w.partial(8,(adata.length?1<<6:0)|tlen-2<<2|L-1)];mac=w.concat(mac,iv);mac[3]|=ol;mac=prf.encrypt(mac);if(adata.length){tmp=w.bitLength(adata)/8;if(tmp<=65279){macData=[w.partial(16,tmp)]}else if(tmp<=4294967295){macData=w.concat([w.partial(16,65534)],[tmp])}macData=w.concat(macData,adata);for(i=0;i16){throw new sjcl.exception.invalid("ccm: invalid tag length")}if(adata.length>4294967295||plaintext.length>4294967295){throw new sjcl.exception.bug("ccm: can't deal with 4GiB or more data")}mac=sjcl.mode.ccm._macAdditionalData(prf,adata,iv,tlen,w.bitLength(plaintext)/8,L);for(i=0;in){sjcl.mode.ccm._callProgressListener(i/l);n+=p}ctr[3]++;enc=prf.encrypt(ctr);data[i]^=enc[0];data[i+1]^=enc[1];data[i+2]^=enc[2];data[i+3]^=enc[3]}return{tag:tag,data:w.clamp(data,bl)}}};sjcl.misc.hmac=function(key,Hash){this._hash=Hash=Hash||sjcl.hash.sha256;var exKey=[[],[]],i,bs=Hash.prototype.blockSize/32;this._baseHash=[new Hash,new Hash];if(key.length>bs){key=Hash.hash(key)}for(i=0;i0){estimatedEntropy++;tmp=tmp>>>1}}}this._pools[robin].update([id,this._eventId++,2,estimatedEntropy,t,data.length].concat(data))}break;case"string":if(estimatedEntropy===undefined){estimatedEntropy=data.length}this._pools[robin].update([id,this._eventId++,3,estimatedEntropy,t,data.length]);this._pools[robin].update(data);break;default:err=1}if(err){throw new sjcl.exception.bug("random: addEntropy only supports number, array of numbers or string")}this._poolEntropy[robin]+=estimatedEntropy;this._poolStrength+=estimatedEntropy;if(oldReady===this._NOT_READY){if(this.isReady()!==this._NOT_READY){this._fireEvent("seeded",Math.max(this._strength,this._poolStrength))}this._fireEvent("progress",this.getProgress())}},isReady:function(paranoia){var entropyRequired=this._PARANOIA_LEVELS[paranoia!==undefined?paranoia:this._defaultParanoia];if(this._strength&&this._strength>=entropyRequired){return this._poolEntropy[0]>this._BITS_PER_RESEED&&(new Date).valueOf()>this._nextReseed?this._REQUIRES_RESEED|this._READY:this._READY}else{return this._poolStrength>=entropyRequired?this._REQUIRES_RESEED|this._NOT_READY:this._NOT_READY}},getProgress:function(paranoia){var entropyRequired=this._PARANOIA_LEVELS[paranoia?paranoia:this._defaultParanoia];if(this._strength>=entropyRequired){return 1}else{return this._poolStrength>entropyRequired?1:this._poolStrength/entropyRequired}},startCollectors:function(){if(this._collectorsStarted){return}this._eventListener={loadTimeCollector:this._bind(this._loadTimeCollector),mouseCollector:this._bind(this._mouseCollector),keyboardCollector:this._bind(this._keyboardCollector),accelerometerCollector:this._bind(this._accelerometerCollector),touchCollector:this._bind(this._touchCollector)};if(window.addEventListener){window.addEventListener("load",this._eventListener.loadTimeCollector,false);window.addEventListener("mousemove",this._eventListener.mouseCollector,false);window.addEventListener("keypress",this._eventListener.keyboardCollector,false);window.addEventListener("devicemotion",this._eventListener.accelerometerCollector,false);window.addEventListener("touchmove",this._eventListener.touchCollector,false)}else if(document.attachEvent){document.attachEvent("onload",this._eventListener.loadTimeCollector);document.attachEvent("onmousemove",this._eventListener.mouseCollector);document.attachEvent("keypress",this._eventListener.keyboardCollector)}else{throw new sjcl.exception.bug("can't attach event")}this._collectorsStarted=true},stopCollectors:function(){if(!this._collectorsStarted){return}if(window.removeEventListener){window.removeEventListener("load",this._eventListener.loadTimeCollector,false);window.removeEventListener("mousemove",this._eventListener.mouseCollector,false);window.removeEventListener("keypress",this._eventListener.keyboardCollector,false);window.removeEventListener("devicemotion",this._eventListener.accelerometerCollector,false);window.removeEventListener("touchmove",this._eventListener.touchCollector,false)}else if(document.detachEvent){document.detachEvent("onload",this._eventListener.loadTimeCollector);document.detachEvent("onmousemove",this._eventListener.mouseCollector);document.detachEvent("keypress",this._eventListener.keyboardCollector)}this._collectorsStarted=false},addEventListener:function(name,callback){this._callbacks[name][this._callbackI++]=callback},removeEventListener:function(name,cb){var i,j,cbs=this._callbacks[name],jsTemp=[];for(j in cbs){if(cbs.hasOwnProperty(j)&&cbs[j]===cb){jsTemp.push(j)}}for(i=0;i=1<this._strength){this._strength=strength}this._reseedCount++;this._reseed(reseedData)},_keyboardCollector:function(){this._addCurrentTimeToEntropy(1)},_mouseCollector:function(ev){var x,y;try{x=ev.x||ev.clientX||ev.offsetX||0;y=ev.y||ev.clientY||ev.offsetY||0}catch(err){x=0;y=0}if(x!=0&&y!=0){this.addEntropy([x,y],2,"mouse")}this._addCurrentTimeToEntropy(0)},_touchCollector:function(ev){var touch=ev.touches[0]||ev.changedTouches[0];var x=touch.pageX||touch.clientX,y=touch.pageY||touch.clientY;this.addEntropy([x,y],1,"touch");this._addCurrentTimeToEntropy(0)},_loadTimeCollector:function(){this._addCurrentTimeToEntropy(2)},_addCurrentTimeToEntropy:function(estimatedEntropy){if(typeof window!=="undefined"&&window.performance&&typeof window.performance.now==="function"){this.addEntropy(window.performance.now(),estimatedEntropy,"loadtime")}else{this.addEntropy((new Date).valueOf(),estimatedEntropy,"loadtime")}},_accelerometerCollector:function(ev){var ac=ev.accelerationIncludingGravity.x||ev.accelerationIncludingGravity.y||ev.accelerationIncludingGravity.z;if(window.orientation){var or=window.orientation;if(typeof or==="number"){this.addEntropy(or,1,"accelerometer")}}if(ac){this.addEntropy(ac,2,"accelerometer")}this._addCurrentTimeToEntropy(0)},_fireEvent:function(name,arg){var j,cbs=sjcl.random._callbacks[name],cbsTemp=[];for(j in cbs){if(cbs.hasOwnProperty(j)){cbsTemp.push(cbs[j])}}for(j=0;j4)){throw new sjcl.exception.invalid("json encrypt: invalid parameters")}if(typeof password==="string"){tmp=sjcl.misc.cachedPbkdf2(password,p);password=tmp.key.slice(0,p.ks/32);p.salt=tmp.salt}else if(sjcl.ecc&&password instanceof sjcl.ecc.elGamal.publicKey){tmp=password.kem();p.kemtag=tmp.tag;password=tmp.key.slice(0,p.ks/32)}if(typeof plaintext==="string"){plaintext=sjcl.codec.utf8String.toBits(plaintext)}if(typeof adata==="string"){p.adata=adata=sjcl.codec.utf8String.toBits(adata)}prp=new sjcl.cipher[p.cipher](password);j._add(rp,p);rp.key=password;if(p.mode==="ccm"&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&plaintext instanceof ArrayBuffer){p.ct=sjcl.arrayBuffer.ccm.encrypt(prp,plaintext,p.iv,adata,p.ts)}else{p.ct=sjcl.mode[p.mode].encrypt(prp,plaintext,p.iv,adata,p.ts)}return p},encrypt:function(password,plaintext,params,rp){var j=sjcl.json,p=j._encrypt.apply(j,arguments);return j.encode(p)},_decrypt:function(password,ciphertext,params,rp){params=params||{};rp=rp||{};var j=sjcl.json,p=j._add(j._add(j._add({},j.defaults),ciphertext),params,true),ct,tmp,prp,adata=p.adata;if(typeof p.salt==="string"){p.salt=sjcl.codec.base64.toBits(p.salt)}if(typeof p.iv==="string"){p.iv=sjcl.codec.base64.toBits(p.iv)}if(!sjcl.mode[p.mode]||!sjcl.cipher[p.cipher]||typeof password==="string"&&p.iter<=100||p.ts!==64&&p.ts!==96&&p.ts!==128||p.ks!==128&&p.ks!==192&&p.ks!==256||!p.iv||(p.iv.length<2||p.iv.length>4)){throw new sjcl.exception.invalid("json decrypt: invalid parameters")}if(typeof password==="string"){tmp=sjcl.misc.cachedPbkdf2(password,p);password=tmp.key.slice(0,p.ks/32);p.salt=tmp.salt}else if(sjcl.ecc&&password instanceof sjcl.ecc.elGamal.secretKey){password=password.unkem(sjcl.codec.base64.toBits(p.kemtag)).slice(0,p.ks/32)}if(typeof adata==="string"){adata=sjcl.codec.utf8String.toBits(adata)}prp=new sjcl.cipher[p.cipher](password);if(p.mode==="ccm"&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&p.ct instanceof ArrayBuffer){ct=sjcl.arrayBuffer.ccm.decrypt(prp,p.ct,p.iv,p.tag,adata,p.ts)}else{ct=sjcl.mode[p.mode].decrypt(prp,p.ct,p.iv,adata,p.ts)}j._add(rp,p);rp.key=password;if(params.raw===1){return ct}else{return sjcl.codec.utf8String.fromBits(ct)}},decrypt:function(password,ciphertext,params,rp){var j=sjcl.json;return j._decrypt(password,j.decode(ciphertext),params,rp)},encode:function(obj){var i,out="{",comma="";for(i in obj){if(obj.hasOwnProperty(i)){if(!i.match(/^[a-z0-9]+$/i)){throw new sjcl.exception.invalid("json encode: invalid property name")}out+=comma+'"'+i+'":';comma=",";switch(typeof obj[i]){case"number":case"boolean":out+=obj[i];break;case"string":out+='"'+escape(obj[i])+'"';break;case"object":out+='"'+sjcl.codec.base64.fromBits(obj[i],0)+'"';break;default:throw new sjcl.exception.bug("json encode: unsupported type")}}}return out+"}"},decode:function(str){str=str.replace(/\\s/g,"");if(!str.match(/^\\{.*}$/)){throw new sjcl.exception.invalid("json decode: this isn't json!")}var a=str.replace(/^\\{|}$/g,"").split(/,/),out={},i,m;for(i=0;i>2;enc2=(chr1&3)<<4|chr2>>4;enc3=(chr2&15)<<2|chr3>>6;enc4=chr3&63;if(isNaN(chr2)){enc3=enc4=64}else if(isNaN(chr3)){enc4=64}output=output+this._keyStr.charAt(enc1)+this._keyStr.charAt(enc2)+this._keyStr.charAt(enc3)+this._keyStr.charAt(enc4)}return output},decode:function(input){var output="";var chr1,chr2,chr3;var enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\\+\\/\\=]/g,"");while(i>4;chr2=(enc2&15)<<4|enc3>>2;chr3=(enc3&3)<<6|enc4;output=output+String.fromCharCode(chr1);if(enc3!=64){output=output+String.fromCharCode(chr2)}if(enc4!=64){output=output+String.fromCharCode(chr3)}}output=Base64._utf8_decode(output);return output},_utf8_encode:function(string){string=string.replace(/\\r\\n/g,"\\n");var utftext="";for(var n=0;n127&&c<2048){utftext+=String.fromCharCode(c>>6|192);utftext+=String.fromCharCode(c&63|128)}else{utftext+=String.fromCharCode(c>>12|224);utftext+=String.fromCharCode(c>>6&63|128);utftext+=String.fromCharCode(c&63|128)}}return utftext},_utf8_decode:function(utftext){var string="";var i=0;var c=c1=c2=0;while(i191&&c<224){c2=utftext.charCodeAt(i+1);string+=String.fromCharCode((c&31)<<6|c2&63);i+=2}else{c2=utftext.charCodeAt(i+1);c3=utftext.charCodeAt(i+2);string+=String.fromCharCode((c&15)<<12|(c2&63)<<6|c3&63);i+=3}}return string}}; - - logger.message("Collect And Encrypt Custom Password: start"); - outcome = "true"; - - /* Begin Configuration */ - - // Attribute name - var idmAttrName = "frUnindexedString2"; // AM: "fr-attr-str2" - - // Pick a shared secret to use for encryption and decryption - var sharedSecret = "RainbowPoniesHaveNoStripes"; - - // Fine-tune encryption settings. Default iterations are 10k, to speed up the process, it's reduced to 1k here. - var encryptionParameters = { "iter" : 1000 }; - - // Build out the password prompt - var prompt = "Replay Password"; - - /* End Configuration */ - - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.PasswordCallback, - java.lang.String - ) - - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.PasswordCallback(prompt, false) - ).build(); - } - else { - // PasswordCallback returns the password as a char[], which is not the same as a JS char array. It must be converted to a proper string using the java.lang.Sting.valueOf(char[]) method. - var password = new String(fr.String.valueOf(callbacks.get(0).getPassword())); - logger.message("Collect And Encrypt Custom Password: callbacks received"); - - /* - var cipherPasswordJson = sjcl.encrypt(sharedSecret, password, encryptionParameters); - //setSharedObjectAttribute(idmAttrName, Base64.encode(JSON.stringify(cipherPasswordJson))); - setSharedObjectAttribute(idmAttrName, JSON.stringify(cipherPasswordJson)); - logger.message("Collect And Encrypt Custom Password: cipherPasswordJson="+JSON.stringify(cipherPasswordJson)); - */ - - logger.message("Collect And Encrypt Custom Password: password="+Base64.encode(password)); - setSharedObjectAttribute(idmAttrName, Base64.encode(password)); - - logger.message("Collect And Encrypt Custom Password: finish [outcome=".concat(outcome).concat("]")); - action = fr.Action.goTo(outcome).build(); - } - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - var object = { - name: value - }; - sharedState.put("objectAttributes", object); - //sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } - } -}()); -/* SJCL is open. You can use, modify and redistribute it under a BSD -license or under the GNU GPL, version 2.0. - ---------------------------------------------------------------------- - -http://opensource.org/licenses/BSD-2-Clause - -Copyright (c) 2009-2015, Emily Stark, Mike Hamburg and Dan Boneh at -Stanford University. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - ---------------------------------------------------------------------- - -http://opensource.org/licenses/GPL-2.0 - -The Stanford Javascript Crypto Library (hosted here on GitHub) is a -project by the Stanford Computer Security Lab to build a secure, -powerful, fast, small, easy-to-use, cross-browser library for -cryptography in Javascript. - -Copyright (c) 2009-2015, Emily Stark, Mike Hamburg and Dan Boneh at -Stanford University. - -This program is free software; you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the -Free Software Foundation; either version 2 of the License, or (at your -option) any later version. - -This program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -Public License for more details. - -You should have received a copy of the GNU General Public License along -with this program; if not, write to the Free Software Foundation, Inc., -59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ - -/* - * Base64 encode / decode - * http://www.webtoolkit.info/ - * - * Example: - * Base64.encode('some string') - * Base64.decode('some encoded string') - */" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 97`] = ` -{ - "meta": Any, - "script": { - "d82a4ad6-cd8a-437b-af55-7373e50d685b": { - "_id": "d82a4ad6-cd8a-437b-af55-7373e50d685b", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Collect Replay Password (frUnindexedString2).", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect Replay Password (frUnindexedString2)", - "script": "file://Collect-Replay-Password-(frUnindexedString2).script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 98`] = ` -"/* Collect SAML2 Node Config - * - * Collect all the configuration items required for the SAML2 Node to function properly. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - var config = { - "metaAlias": "/iSPAzure", - "allowCreate": false, - "sloEnabled": false, - "authnContextClassRef": [], - "authnContextDeclRef": [], - "authComparison": "EXACT", - "nameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "requestBinding": "HTTP_REDIRECT", - "binding": "HTTP_POST", - "forceAuthn": false, - "idpEntityId": "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/", - "isPassive": false, - "sloRelayState": "" - }; - var script = ""; - script += "Array.prototype.slice.call("; - script += " document.getElementsByTagName('input')"; - script += ").forEach("; - script += " function (input,i) {"; - script += " console.log('input '+i);" - script += " var config = JSON.parse('"+JSON.stringify(config)+"');"; - script += " var keys = Object.keys(config);"; - script += " if (input.type === 'text') {"; - script += " input.setAttribute('value', config[keys[i]]);"; - script += " input.dispatchEvent(new KeyboardEvent( 'input' , {'key':'Enter'} ));"; - script += " }"; - script += " }"; - script += ");"; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.NameCallback("metaAlias"), - new fr.NameCallback("allowCreate"), - new fr.NameCallback("sloEnabled"), - new fr.NameCallback("authnContextClassRef"), - new fr.NameCallback("authnContextDeclRef"), - new fr.NameCallback("authComparison"), - new fr.NameCallback("nameIdFormat"), - new fr.NameCallback("requestBinding"), - new fr.NameCallback("binding"), - new fr.NameCallback("forceAuthn"), - new fr.NameCallback("idpEntityId"), - new fr.NameCallback("isPassive"), - new fr.NameCallback("sloRelayState"), - new fr.ScriptTextOutputCallback(script) - ).build(); - } - else { - config[callbacks.get(0).getPrompt()] = callbacks.get(0).getName(); - config[callbacks.get(1).getPrompt()] = (callbacks.get(1).getName() === 'true'); - config[callbacks.get(2).getPrompt()] = (callbacks.get(2).getName() === 'true'); - config[callbacks.get(3).getPrompt()] = [callbacks.get(3).getName()]; - config[callbacks.get(4).getPrompt()] = [callbacks.get(4).getName()]; - config[callbacks.get(5).getPrompt()] = callbacks.get(5).getName(); - config[callbacks.get(6).getPrompt()] = callbacks.get(6).getName(); - config[callbacks.get(7).getPrompt()] = callbacks.get(7).getName(); - config[callbacks.get(8).getPrompt()] = callbacks.get(8).getName(); - config[callbacks.get(9).getPrompt()] = (callbacks.get(9).getName() === 'true'); - config[callbacks.get(10).getPrompt()] = callbacks.get(10).getName(); - config[callbacks.get(11).getPrompt()] = (callbacks.get(11).getName() === 'true'); - config[callbacks.get(12).getPrompt()] = callbacks.get(12).getName(); - nodeState.putShared("nodeConfig", config); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 99`] = ` -{ - "meta": Any, - "script": { - "48f17202-039f-4d40-b7fc-4ce380f1b929": { - "_id": "48f17202-039f-4d40-b7fc-4ce380f1b929", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Collect all the configuration items required for the SAML2 Node to function properly.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect SAML2 Node Config", - "script": "file://Collect-SAML2-Node-Config.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 100`] = ` -"/* Collect Set Custom Cookie Node Config - * - * Collect all the configuration items required for the Set Custom Cookie node to function properly. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - var config = { - "name": "oreo", - "value": "original", - "domain": ".scheuber.io", - "path": "/", - "maxAge": 3600, - "useHttpOnlyCookie": true, - "useSecureCookie": true, - "sameSite": "NONE" - }; - - var script = ""; - script += "Array.prototype.slice.call("; - script += " document.getElementsByTagName('input')"; - script += ").forEach("; - script += " function (input,i) {"; - script += " console.log('input '+i);" - script += " var config = JSON.parse('"+JSON.stringify(config)+"');"; - script += " var keys = Object.keys(config);"; - script += " if (input.type === 'text') {"; - script += " input.setAttribute('value', config[keys[i]]);"; - script += " input.dispatchEvent(new KeyboardEvent( 'input' , {'key':'Enter'} ));"; - script += " }"; - script += " }"; - script += ");"; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.NameCallback("name"), - new fr.NameCallback("value"), - new fr.NameCallback("domain"), - new fr.NameCallback("path"), - new fr.NameCallback("maxAge"), - new fr.NameCallback("useHttpOnlyCookie"), - new fr.NameCallback("useSecureCookie"), - new fr.NameCallback("sameSite"), - new fr.ScriptTextOutputCallback(script) - ).build(); - } - else { - config[callbacks.get(0).getPrompt()] = callbacks.get(0).getName(); - config[callbacks.get(1).getPrompt()] = callbacks.get(1).getName(); - config[callbacks.get(2).getPrompt()] = callbacks.get(2).getName(); - config[callbacks.get(3).getPrompt()] = callbacks.get(3).getName(); - config[callbacks.get(4).getPrompt()] = parseInt(callbacks.get(4).getName(), 10).toFixed(); - config[callbacks.get(5).getPrompt()] = (""+callbacks.get(5).getName() === 'true'); - config[callbacks.get(6).getPrompt()] = (""+callbacks.get(6).getName() === 'true'); - config[callbacks.get(7).getPrompt()] = callbacks.get(7).getName(); - nodeState.putShared("nodeConfig", config); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 101`] = ` -{ - "meta": Any, - "script": { - "a31a1796-8410-46b8-82ca-eb0c6e901775": { - "_id": "a31a1796-8410-46b8-82ca-eb0c6e901775", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Collect all the configuration items required for the Set Custom Cookie node to function properly.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Collect Set Custom Cookie Node Config", - "script": "file://Collect-Set-Custom-Cookie-Node-Config.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 102`] = ` -"/* - * Copyright 2021 ForgeRock AS. All Rights Reserved - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/** - * The following script is a simplified template for understanding how to build - * up a config Map object with custom values. The Config Provider Node will then - * provide this config Map to the desired node type. It is important that the Map - * you build here is named 'config'. - * - * Defined variables: - * - * nodeState - Node State (1) - * Always present, this represents the current values stored in the node state. - * - * idRepository - Profile Data (2) - * Always present, a repository to retrieve user information. - * - * secrets - Credentials and Secrets (3) - * Always present, an interface to access the Secrets API from a scripting context. - * - * requestHeaders (4) - Map (5) - * Always present, an object that provides methods for accessing headers in the login request. - * - * logger - Debug Logging (6) - * Always present, the debug logger instance. - * - * httpClient - HTTP Client (7) - * Always present, the HTTP client that can be used to make external HTTP requests. - * - * realm - String (primitive). - * Always present, the name of the realm the user is authenticating to. - * - * existingSession - Map (5) - * Present if the request contains the session cookie, the user's session object. The returned map from - * SSOToken.getProperties() (8) - * - * requestParameters - Map (5) - * Always present, the object that contains the authentication request parameters. - * - * - * Outputs: - * - * config - Map (5) - * Define and fill a Map object named 'config' with custom values, this will define the configuration for the - * associated node selected in the ConfigProviderNode. - * - * Reference: - * (1) Node State - https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/scripting-api-node.html#scripting-api-node-nodeState - * (2) Profile Data - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-node-id-repo - * (3) Credentials and Secrets - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-authn-secrets - * (4) Request Headers - https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Map.html - * (6) Debug Logging - https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * (7) HTTP Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. - * (8) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - */ - -config = nodeState.get('nodeConfig').asMap();" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 103`] = ` -{ - "meta": Any, - "script": { - "5e854779-6ec1-4c39-aeba-0477e0986646": { - "_id": "5e854779-6ec1-4c39-aeba-0477e0986646", - "context": "CONFIG_PROVIDER_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Default global script for Config Provider", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Config Provider", - "script": "file://Config-Provider.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 104`] = ` -"/* Configure Email Template Node - * - * Create a configuration object for the Email Template Node. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - error - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - try { - outcome = 'true'; - var config = { - emailAttribute: 'mail', - emailTemplateName: 'welcome', - identityAttribute: 'userName' - }; - nodeState.putShared('nodeConfig', config); - } catch (error) { - outcome = 'error'; - nodeState.putShared('error', error.message); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 105`] = ` -{ - "meta": Any, - "script": { - "22ab12ac-d1d9-414b-ab51-cfae30de8c0a": { - "_id": "22ab12ac-d1d9-414b-ab51-cfae30de8c0a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Create a configuration object for the Email Template Node.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Configure Email Template Node", - "script": "file://Configure-Email-Template-Node.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 106`] = ` -"outcome = "true"; -if (sharedState.get("objectAttributes")) { - transientState.put("objectAttributes", sharedState.get("objectAttributes")) -} -if (sharedState.get("username")) { - transientState.put("username", sharedState.get("username")) -} -if (sharedState.get("_id")) { - transientState.put("_id", sharedState.get("_id")) -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 107`] = ` -{ - "meta": Any, - "script": { - "452d73ee-c6f3-4f4e-9dae-e75bb3886cbd": { - "_id": "452d73ee-c6f3-4f4e-9dae-e75bb3886cbd", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Copy sharedState to transientState", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Copy to transientState", - "script": "file://Copy-to-transientState.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 108`] = ` -"/* - - Data made available by nodes that have already executed are available in the sharedState variable. - - The script should set outcome to either "true" or "false". - */ - -sharedState.get("objectAttributes").put("_id", sharedState.get("_id")); - -outcome = "true";" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 109`] = ` -{ - "meta": Any, - "script": { - "c253a7ac-ebc9-4268-9e62-89f38f98e4ab": { - "_id": "c253a7ac-ebc9-4268-9e62-89f38f98e4ab", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "CopyIDToObjectAttributes", - "script": "file://CopyIDToObjectAttributes.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 110`] = ` -"/* CopyOTPToObjectAttributes - * - * Author: volker.scheuber@forgerock.com - * - * Copy an OTP generated by the "HOTP Generator" node to the IDM profile - * shared state so it can be patched to the user profile. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -if (sharedState.get("objectAttributes")) { - sharedState.get("objectAttributes").put("description", sharedState.get("oneTimePassword")) -} -else { - sharedState.put("objectAttributes", {description: sharedState.get("oneTimePassword")}); -} -outcome = "true";" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 111`] = ` -{ - "meta": Any, - "script": { - "5561a45f-bf00-4ec5-bab4-f069bac9a38b": { - "_id": "5561a45f-bf00-4ec5-bab4-f069bac9a38b", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Copy an OTP generated by the "HOTP Generator" node to the IDM profile shared state so it can be patched to the user profile.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "CopyOTPToObjectAttributes", - "script": "file://CopyOTPToObjectAttributes.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 112`] = ` -"/* CopySAMLDataToObjectAttributes - * - * Author: volker.scheuber@forgerock.com - * - * Copy SAML Data To ObjectAttributes. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -outcome = "true"; -if (sharedState.get("userInfo")) { - if (sharedState.get("objectAttributes")) { - sharedState.remove("objectAttributes"); - } - var userName=null,givenName=null,sn=null,mail=null,telephoneNumber=null,roles=null; - - try { userName=sharedState.get("userInfo").get("userNames").get("uid").get(0).toString(); } catch (e) {} - try { givenName=sharedState.get("userInfo").get("attributes").get("givenName").get(0).toString(); } catch (e) {} - try { sn=sharedState.get("userInfo").get("attributes").get("sn").get(0).toString(); } catch (e) {} - try { mail=sharedState.get("userInfo").get("attributes").get("mail").get(0).toString(); } catch (e) {} - try { telephoneNumber=sharedState.get("userInfo").get("attributes").get("telephoneNumber").get(0).toString(); } catch (e) {} - //try { roles=sharedState.get("userInfo").get("attributes").get("roles").get(0).toString(); } catch (e) {} - try { roles=sharedState.get("userInfo").get("attributes").get("roles").toArray().join("|"); } catch (e) {} - - sharedState.put("objectAttributes", {"userName":userName,"givenName":givenName,"sn":sn,"mail":mail,"telephoneNumber":telephoneNumber,"roles":roles}); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 113`] = ` -{ - "meta": Any, - "script": { - "8e03eb43-ed5d-4c12-9e15-2051cc9be578": { - "_id": "8e03eb43-ed5d-4c12-9e15-2051cc9be578", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Copy SAML Data To ObjectAttributes", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "CopySAMLDataToObjectAttributes", - "script": "file://CopySAMLDataToObjectAttributes.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 114`] = ` -"var fontDetector = (function () { - /** - * JavaScript code to detect available availability of a - * particular font in a browser using JavaScript and CSS. - * - * Author : Lalit Patel - * Website: http://www.lalit.org/lab/javascript-css-font-detect/ - * License: Apache Software License 2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * Version: 0.15 (21 Sep 2009) - * Changed comparision font to default from sans-default-default, - * as in FF3.0 font of child element didn't fallback - * to parent element if the font is missing. - * Version: 0.2 (04 Mar 2012) - * Comparing font against all the 3 generic font families ie, - * 'monospace', 'sans-serif' and 'sans'. If it doesn't match all 3 - * then that font is 100% not available in the system - * Version: 0.3 (24 Mar 2012) - * Replaced sans with serif in the list of baseFonts - */ - /* - * Portions Copyrighted 2013 ForgeRock AS. - */ - var detector = {}, baseFonts, testString, testSize, h, s, defaultWidth = {}, defaultHeight = {}, index; - - // a font will be compared against all the three default fonts. - // and if it doesn't match all 3 then that font is not available. - baseFonts = ['monospace', 'sans-serif', 'serif']; - - //we use m or w because these two characters take up the maximum width. - // And we use a LLi so that the same matching fonts can get separated - testString = "mmmmmmmmmmlli"; - - //we test using 72px font size, we may use any size. I guess larger the better. - testSize = '72px'; - - h = document.getElementsByTagName("body")[0]; - - // create a SPAN in the document to get the width of the text we use to test - s = document.createElement("span"); - s.style.fontSize = testSize; - s.innerHTML = testString; - for (index in baseFonts) { - //get the default width for the three base fonts - s.style.fontFamily = baseFonts[index]; - h.appendChild(s); - defaultWidth[baseFonts[index]] = s.offsetWidth; //width for the default font - defaultHeight[baseFonts[index]] = s.offsetHeight; //height for the defualt font - h.removeChild(s); - } - - detector.detect = function(font) { - var detected = false, index, matched; - for (index in baseFonts) { - s.style.fontFamily = font + ',' + baseFonts[index]; // name of the font along with the base font for fallback. - h.appendChild(s); - matched = (s.offsetWidth !== defaultWidth[baseFonts[index]] || s.offsetHeight !== defaultHeight[baseFonts[index]]); - h.removeChild(s); - detected = detected || matched; - } - return detected; - }; - - return detector; -}()); -/* - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. - * - * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved - * - * The contents of this file are subject to the terms - * of the Common Development and Distribution License - * (the License). You may not use this file except in - * compliance with the License. - * - * You can obtain a copy of the License at - * https://opensso.dev.java.net/public/CDDLv1.0.html or - * opensso/legal/CDDLv1.0.txt - * See the License for the specific language governing - * permission and limitations under the License. - * - * When distributing Covered Code, include this CDDL - * Header Notice in each file and include the License file - * at opensso/legal/CDDLv1.0.txt. - * If applicable, add the following below the CDDL Header, - * with the fields enclosed by brackets [] replaced by - * your own identifying information: - * "Portions Copyrighted [year] [name of copyright owner]" - * - */ -/* - * Portions Copyrighted 2013 Syntegrity. - * Portions Copyrighted 2013-2014 ForgeRock AS. - */ - -var collectScreenInfo = function () { - var screenInfo = {}; - if (screen) { - if (screen.width) { - screenInfo.screenWidth = screen.width; - } - - if (screen.height) { - screenInfo.screenHeight = screen.height; - } - - if (screen.pixelDepth) { - screenInfo.screenColourDepth = screen.pixelDepth; - } - } else { - console.warn("Cannot collect screen information. screen is not defined."); - } - return screenInfo; - }, - collectTimezoneInfo = function () { - var timezoneInfo = {}, offset = new Date().getTimezoneOffset(); - - if (offset) { - timezoneInfo.timezone = offset; - } else { - console.warn("Cannot collect timezone information. timezone is not defined."); - } - - return timezoneInfo; - }, - collectBrowserPluginsInfo = function () { - - if (navigator && navigator.plugins) { - var pluginsInfo = {}, i, plugins = navigator.plugins; - pluginsInfo.installedPlugins = ""; - - for (i = 0; i < plugins.length; i++) { - pluginsInfo.installedPlugins = pluginsInfo.installedPlugins + plugins[i].filename + ";"; - } - - return pluginsInfo; - } else { - console.warn("Cannot collect browser plugin information. navigator.plugins is not defined."); - return {}; - } - - }, -// Getting geolocation takes some time and is done asynchronously, hence need a callback which is called once geolocation is retrieved. - collectGeolocationInfo = function (callback) { - var geolocationInfo = {}, - successCallback = function(position) { - geolocationInfo.longitude = position.coords.longitude; - geolocationInfo.latitude = position.coords.latitude; - callback(geolocationInfo); - }, errorCallback = function(error) { - console.warn("Cannot collect geolocation information. " + error.code + ": " + error.message); - callback(geolocationInfo); - }; - if (navigator && navigator.geolocation) { - // NB: If user chooses 'Not now' on Firefox neither callback gets called - // https://bugzilla.mozilla.org/show_bug.cgi?id=675533 - navigator.geolocation.getCurrentPosition(successCallback, errorCallback); - } else { - console.warn("Cannot collect geolocation information. navigator.geolocation is not defined."); - callback(geolocationInfo); - } - }, - collectBrowserFontsInfo = function () { - var fontsInfo = {}, i, fontsList = ["cursive","monospace","serif","sans-serif","fantasy","default","Arial","Arial Black", - "Arial Narrow","Arial Rounded MT Bold","Bookman Old Style","Bradley Hand ITC","Century","Century Gothic", - "Comic Sans MS","Courier","Courier New","Georgia","Gentium","Impact","King","Lucida Console","Lalit", - "Modena","Monotype Corsiva","Papyrus","Tahoma","TeX","Times","Times New Roman","Trebuchet MS","Verdana", - "Verona"]; - fontsInfo.installedFonts = ""; - - for (i = 0; i < fontsList.length; i++) { - if (fontDetector.detect(fontsList[i])) { - fontsInfo.installedFonts = fontsInfo.installedFonts + fontsList[i] + ";"; - } - } - return fontsInfo; - }, - devicePrint = {}; - -devicePrint.screen = collectScreenInfo(); -devicePrint.timezone = collectTimezoneInfo(); -devicePrint.plugins = collectBrowserPluginsInfo(); -devicePrint.fonts = collectBrowserFontsInfo(); - -if (navigator.userAgent) { - devicePrint.userAgent = navigator.userAgent; -} -if (navigator.appName) { - devicePrint.appName = navigator.appName; -} -if (navigator.appCodeName) { - devicePrint.appCodeName = navigator.appCodeName; -} -if (navigator.appVersion) { - devicePrint.appVersion = navigator.appVersion; -} -if (navigator.appMinorVersion) { - devicePrint.appMinorVersion = navigator.appMinorVersion; -} -if (navigator.buildID) { - devicePrint.buildID = navigator.buildID; -} -if (navigator.platform) { - devicePrint.platform = navigator.platform; -} -if (navigator.cpuClass) { - devicePrint.cpuClass = navigator.cpuClass; -} -if (navigator.oscpu) { - devicePrint.oscpu = navigator.oscpu; -} -if (navigator.product) { - devicePrint.product = navigator.product; -} -if (navigator.productSub) { - devicePrint.productSub = navigator.productSub; -} -if (navigator.vendor) { - devicePrint.vendor = navigator.vendor; -} -if (navigator.vendorSub) { - devicePrint.vendorSub = navigator.vendorSub; -} -if (navigator.language) { - devicePrint.language = navigator.language; -} -if (navigator.userLanguage) { - devicePrint.userLanguage = navigator.userLanguage; -} -if (navigator.browserLanguage) { - devicePrint.browserLanguage = navigator.browserLanguage; -} -if (navigator.systemLanguage) { - devicePrint.systemLanguage = navigator.systemLanguage; -} - -// Attempt to collect geo-location information and return this with the data collected so far. -// Otherwise, if geo-location fails or takes longer than 30 seconds, auto-submit the data collected so far. -autoSubmitDelay = 30000; -output.value = JSON.stringify(devicePrint); -collectGeolocationInfo(function(geolocationInfo) { - devicePrint.geolocation = geolocationInfo; - output.value = JSON.stringify(devicePrint); - submit(); -});" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 115`] = ` -{ - "meta": Any, - "script": { - "157298c0-7d31-4059-a95b-eeb08473b7e5": { - "_id": "157298c0-7d31-4059-a95b-eeb08473b7e5", - "context": "AUTHENTICATION_CLIENT_SIDE", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for client side Device Id (Match) Authentication Module", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Device Id (Match) - Client Side", - "script": "file://Device-Id-(Match)-Client-Side.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 116`] = ` -"/* - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. - * - * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved - * - * The contents of this file are subject to the terms - * of the Common Development and Distribution License - * (the License). You may not use this file except in - * compliance with the License. - * - * You can obtain a copy of the License at - * https://opensso.dev.java.net/public/CDDLv1.0.html or - * opensso/legal/CDDLv1.0.txt - * See the License for the specific language governing - * permission and limitations under the License. - * - * When distributing Covered Code, include this CDDL - * Header Notice in each file and include the License file - * at opensso/legal/CDDLv1.0.txt. - * If applicable, add the following below the CDDL Header, - * with the fields enclosed by brackets [] replaced by - * your own identifying information: - * "Portions Copyrighted [year] [name of copyright owner]" - * - */ -/* - * Portions Copyrighted 2013 Syntegrity. - * Portions Copyrighted 2013-2018 ForgeRock AS. - */ - -var ScalarComparator = {}, ScreenComparator = {}, MultiValueComparator = {}, UserAgentComparator = {}, GeolocationComparator = {}; - -var config = { - profileExpiration: 30, //in days - maxProfilesAllowed: 5, - maxPenaltyPoints: 0, - attributes: { - screen: { - required: true, - comparator: ScreenComparator, - args: { - penaltyPoints: 50 - } - }, - plugins: { - installedPlugins: { - required: false, - comparator: MultiValueComparator, - args: { - maxPercentageDifference: 10, - maxDifferences: 5, - penaltyPoints: 100 - } - } - }, - fonts: { - installedFonts: { - required: false, - comparator: MultiValueComparator, - args: { - maxPercentageDifference: 10, - maxDifferences: 5, - penaltyPoints: 100 - } - } - }, - timezone: { - timezone: { - required: false, - comparator: ScalarComparator, - args: { - penaltyPoints: 100 - } - } - }, - userAgent: { - required: true, - comparator: UserAgentComparator, - args: { - ignoreVersion: true, - penaltyPoints: 100 - } - }, - geolocation: { - required: false, - comparator: GeolocationComparator, - args: { - allowedRange: 100, //in miles - penaltyPoints: 100 - } - } - } -}; - -//---------------------------------------------------------------------------// -// Comparator functions // -//---------------------------------------------------------------------------// - -var all, any, calculateDistance, calculateIntersection, calculatePercentage, nullOrUndefined, splitAndTrim, - undefinedLocation; - -// ComparisonResult - -/** - * Constructs an instance of a ComparisonResult with the given penalty points. - * - * @param penaltyPoints (Number) The penalty points for the comparison (defaults to 0). - * @param additionalInfoInCurrentValue (boolean) Whether the current value contains more information - * than the stored value (defaults to false). - */ -function ComparisonResult() { - - var penaltyPoints = 0, - additionalInfoInCurrentValue = false; - - if (arguments[0] !== undefined && arguments[1] !== undefined) { - penaltyPoints = arguments[0]; - additionalInfoInCurrentValue = arguments[1]; - } - - if (arguments[0] !== undefined && arguments[1] === undefined) { - if (typeof(arguments[0]) === "boolean") { - additionalInfoInCurrentValue = arguments[0]; - } else { - penaltyPoints = arguments[0]; - } - } - - this.penaltyPoints = penaltyPoints; - this.additionalInfoInCurrentValue = additionalInfoInCurrentValue; - -} - -ComparisonResult.ZERO_PENALTY_POINTS = new ComparisonResult(0); - -/** - * Static method for functional programming. - * - * @return boolean true if comparisonResult.isSuccessful(). - */ -ComparisonResult.isSuccessful = function(comparisonResult) { - return comparisonResult.isSuccessful(); -}; - - -/** - * Static method for functional programming. - * - * @return boolean true if comparisonResult.additionalInfoInCurrentValue. - */ -ComparisonResult.additionalInfoInCurrentValue = function(comparisonResult) { - return comparisonResult.additionalInfoInCurrentValue; -}; - -/** - * Comparison function that can be provided as an argument to array.sort - */ -ComparisonResult.compare = function(first, second) { - if (nullOrUndefined(first) && nullOrUndefined(second)) { - return 0; - } else if (nullOrUndefined(first)) { - return -1; - } else if (nullOrUndefined(second)) { - return 1; - } else { - if (first.penaltyPoints !== second.penaltyPoints) { - return first.penaltyPoints - second.penaltyPoints; - } else { - return (first.additionalInfoInCurrentValue ? 1 : 0) - (second.additionalInfoInCurrentValue ? 1 : 0); - } - } -}; - -/** - * Amalgamates the given ComparisonResult into this ComparisonResult. - * - * @param comparisonResult The ComparisonResult to include. - */ -ComparisonResult.prototype.addComparisonResult = function(comparisonResult) { - this.penaltyPoints += comparisonResult.penaltyPoints; - if (comparisonResult.additionalInfoInCurrentValue) { - this.additionalInfoInCurrentValue = comparisonResult.additionalInfoInCurrentValue; - } -}; - -/** - * Returns true if no penalty points have been assigned for the comparison. - * - * @return boolean true if the comparison was successful. - */ -ComparisonResult.prototype.isSuccessful = function() { - return nullOrUndefined(this.penaltyPoints) || this.penaltyPoints === 0; -}; - -/** - * Compares two simple objects (String|Number) and if they are equal then returns a ComparisonResult with zero - * penalty points assigned, otherwise returns a ComparisonResult with the given number of penalty points assigned. - * - * @param currentValue (String|Number) The current value. - * @param storedValue (String|Number) The stored value. - * @param config: { - * "penaltyPoints": (Number) The number of penalty points. - * } - * @return ComparisonResult. - */ -ScalarComparator.compare = function (currentValue, storedValue, config) { - if (logger.messageEnabled()) { - logger.message("StringComparator.compare:currentValue: " + JSON.stringify(currentValue)); - logger.message("StringComparator.compare:storedValue: " + JSON.stringify(storedValue)); - logger.message("StringComparator.compare:config: " + JSON.stringify(config)); - } - if (config.penaltyPoints === 0) { - return ComparisonResult.ZERO_PENALTY_POINTS; - } - - if (!nullOrUndefined(storedValue)) { - if (nullOrUndefined(currentValue) || currentValue !== storedValue) { - return new ComparisonResult(config.penaltyPoints); - } - } else if (!nullOrUndefined(currentValue)) { - return new ComparisonResult(true); - } - - return ComparisonResult.ZERO_PENALTY_POINTS; -}; - -/** - * Compares two screens and if they are equal then returns a ComparisonResult with zero penalty points assigned, - * otherwise returns a ComparisonResult with the given number of penalty points assigned. - * - * @param currentValue: { - * "screenWidth": (Number) The current client screen width. - * "screenHeight": (Number) The current client screen height. - * "screenColourDepth": (Number) The current client screen colour depth. - * } - * @param storedValue: { - * "screenWidth": (Number) The stored client screen width. - * "screenHeight": (Number) The stored client screen height. - * "screenColourDepth": (Number) The stored client screen colour depth. - * } - * @param config: { - * "penaltyPoints": (Number) The number of penalty points. - * } - * @return ComparisonResult - */ -ScreenComparator.compare = function (currentValue, storedValue, config) { - if (logger.messageEnabled()) { - logger.message("ScreenComparator.compare:currentValue: " + JSON.stringify(currentValue)); - logger.message("ScreenComparator.compare:storedValue: " + JSON.stringify(storedValue)); - logger.message("ScreenComparator.compare:config: " + JSON.stringify(config)); - } - - if (nullOrUndefined(currentValue)) { - currentValue = {screenWidth: null, screenHeight: null, screenColourDepth: null}; - } - if (nullOrUndefined(storedValue)) { - storedValue = {screenWidth: null, screenHeight: null, screenColourDepth: null}; - } - - var comparisonResults = [ - ScalarComparator.compare(currentValue.screenWidth, storedValue.screenWidth, config), - ScalarComparator.compare(currentValue.screenHeight, storedValue.screenHeight, config), - ScalarComparator.compare(currentValue.screenColourDepth, storedValue.screenColourDepth, config)]; - - if (all(comparisonResults, ComparisonResult.isSuccessful)) { - return new ComparisonResult(any(comparisonResults, ComparisonResult.additionalInfoInCurrentValue)); - } else { - return new ComparisonResult(config.penaltyPoints); - } -}; - -/** - * Splits both values using delimiter, trims every value and compares collections of values. - * Returns zero-result for same multi-value attributes. - * - * If collections are not same checks if number of differences is less or equal maxDifferences or - * percentage of difference is less or equal maxPercentageDifference. - * - * If yes then returns zero-result with additional info, else returns penaltyPoints-result. - * - * @param currentValue: (String) The current value. - * @param storedValue: (String) The stored value. - * @param config: { - * "maxPercentageDifference": (Number) The max difference percentage in the values, - * before the penalty is assigned. - * "maxDifferences": (Number) The max number of differences in the values, - * before the penalty points are assigned. - * "penaltyPoints": (Number) The number of penalty points. - * } - * @return ComparisonResult - */ -MultiValueComparator.compare = function (currentValue, storedValue, config) { - if (logger.messageEnabled()) { - logger.message("MultiValueComparator.compare:currentValue: " + JSON.stringify(currentValue)); - logger.message("MultiValueComparator.compare:storedValue: " + JSON.stringify(storedValue)); - logger.message("MultiValueComparator.compare:config: " + JSON.stringify(config)); - } - - var delimiter = ";", - currentValues = splitAndTrim(currentValue, delimiter), - storedValues = splitAndTrim(storedValue, delimiter), - maxNumberOfElements = Math.max(currentValues.length, storedValues.length), - numberOfTheSameElements = calculateIntersection(currentValues, storedValues).length, - numberOfDifferences = maxNumberOfElements - numberOfTheSameElements, - percentageOfDifferences = calculatePercentage(numberOfDifferences, maxNumberOfElements); - - if (nullOrUndefined(storedValue) && !nullOrUndefined(currentValue)) { - return new ComparisonResult(true); - } - - if (logger.messageEnabled()) { - logger.message(numberOfTheSameElements + " of " + maxNumberOfElements + " are same"); - } - - if (maxNumberOfElements === 0) { - logger.message("Ignored because no attributes found in both profiles"); - return ComparisonResult.ZERO_PENALTY_POINTS; - } - - if (numberOfTheSameElements === maxNumberOfElements) { - logger.message("Ignored because all attributes are same"); - return ComparisonResult.ZERO_PENALTY_POINTS; - } - - if (numberOfDifferences > config.maxDifferences) { - if (logger.messageEnabled()) { - logger.message("Would be ignored if not more than " + config.maxDifferences + " differences"); - } - return new ComparisonResult(config.penaltyPoints); - } - - if (percentageOfDifferences > config.maxPercentageDifference) { - if (logger.messageEnabled()) { - logger.message(percentageOfDifferences + " percents are different"); - logger.message("Would be ignored if not more than " + config.maxPercentageDifference + " percent"); - } - return new ComparisonResult(config.penaltyPoints); - } - - if (logger.messageEnabled()) { - logger.message("Ignored because number of differences(" + numberOfDifferences + ") not more than " - + config.maxDifferences); - logger.message(percentageOfDifferences + " percents are different"); - logger.message("Ignored because not more than " + config.maxPercentageDifference + " percent"); - } - return new ComparisonResult(true); -}; - -/** - * Compares two User Agent Strings and if they are equal then returns a ComparisonResult with zero penalty - * points assigned, otherwise returns a ComparisonResult with the given number of penalty points assigned. - * - * @param currentValue (String) The current value. - * @param storedValue (String) The stored value. - * @param config: { - * "ignoreVersion": (boolean) If the version numbers in the User Agent Strings should be ignore - * in the comparison. - * "penaltyPoints": (Number) The number of penalty points. - * } - * @return A ComparisonResult. - */ -UserAgentComparator.compare = function (currentValue, storedValue, config) { - if (logger.messageEnabled()) { - logger.message("UserAgentComparator.compare:currentValue: " + JSON.stringify(currentValue)); - logger.message("UserAgentComparator.compare:storedValue: " + JSON.stringify(storedValue)); - logger.message("UserAgentComparator.compare:config: " + JSON.stringify(config)); - } - - if (config.ignoreVersion) { - // remove version number - currentValue = nullOrUndefined(currentValue) ? null : currentValue.replace(/[\\d\\.]+/g, "").trim(); - storedValue = nullOrUndefined(storedValue) ? null : storedValue.replace(/[\\d\\.]+/g, "").trim(); - } - - return ScalarComparator.compare(currentValue, storedValue, config); -}; - -/** - * Compares two locations, taking into account a degree of difference. - * - * @param currentValue: { - * "latitude": (Number) The current latitude. - * "longitude": (Number) The current longitude. - * } - * @param storedValue: { - * "latitude": (Number) The stored latitude. - * "longitude": (Number) The stored longitude. - * } - * @param config: { - * "allowedRange": (Number) The max difference allowed in the two locations, before the penalty is assigned. - * "penaltyPoints": (Number) The number of penalty points. -* } - * @return ComparisonResult - */ -GeolocationComparator.compare = function (currentValue, storedValue, config) { - if (logger.messageEnabled()) { - logger.message("GeolocationComparator.compare:currentValue: " + JSON.stringify(currentValue)); - logger.message("GeolocationComparator.compare:storedValue: " + JSON.stringify(storedValue)); - logger.message("GeolocationComparator.compare:config: " + JSON.stringify(config)); - } - - // Check for undefined stored or current locations - - if (undefinedLocation(currentValue) && undefinedLocation(storedValue)) { - return ComparisonResult.ZERO_PENALTY_POINTS; - } - if (undefinedLocation(currentValue) && !undefinedLocation(storedValue)) { - return new ComparisonResult(config.penaltyPoints); - } - if (!undefinedLocation(currentValue) && undefinedLocation(storedValue)) { - return new ComparisonResult(true); - } - - // Both locations defined, therefore perform comparison - - var distance = calculateDistance(currentValue, storedValue); - - if (logger.messageEnabled()) { - logger.message("Distance between (" + currentValue.latitude + "," + currentValue.longitude + ") and (" + - storedValue.latitude + "," + storedValue.longitude + ") is " + distance + " miles"); - } - - if (parseFloat(distance.toPrecision(5)) === 0) { - logger.message("Location is the same"); - return ComparisonResult.ZERO_PENALTY_POINTS; - } - - if (distance <= config.allowedRange) { - if (logger.messageEnabled()) { - logger.message("Tolerated because distance not more then " + config.allowedRange); - } - return new ComparisonResult(true); - } else { - if (logger.messageEnabled()) { - logger.message("Would be ignored if distance not more then " + config.allowedRange); - } - return new ComparisonResult(config.penaltyPoints); - } -}; - - -//---------------------------------------------------------------------------// -// Device Print Logic - DO NOT MODIFY // -//---------------------------------------------------------------------------// - -// Utility functions - -/** - * Returns true if evaluating function f on each element of the Array a returns true. - * - * @param a: (Array) The array of elements to evaluate - * @param f: (Function) A single argument function for mapping elements of the array to boolean. - * @return boolean. - */ -all = function(a, f) { - var i; - for (i = 0; i < a.length; i++) { - if (f(a[i]) === false) { - return false; - } - } - return true; -}; - -/** - * Returns true if evaluating function f on any element of the Array a returns true. - * - * @param a: (Array) The array of elements to evaluate - * @param f: (Function) A single argument function for mapping elements of the array to boolean. - * @return boolean. - */ -any = function(a, f) { - var i; - for (i = 0; i < a.length; i++) { - if (f(a[i]) === true) { - return true; - } - } - return false; -}; - -/** - * Returns true if the provided location is null or has undefined longitude or latitude values. - * - * @param location: { - * "latitude": (Number) The latitude. - * "longitude": (Number) The longitude. - * } - * @return boolean - */ -undefinedLocation = function(location) { - return nullOrUndefined(location) || nullOrUndefined(location.latitude) || nullOrUndefined(location.longitude); -}; - -/** - * Returns true if the provided value is null or undefined. - * - * @param value: a value of any type - * @return boolean - */ -nullOrUndefined = function(value) { - return value === null || value === undefined; -}; - -/** - * Calculates the distances between the two locations. - * - * @param first: { - * "latitude": (Number) The first latitude. - * "longitude": (Number) The first longitude. - * } - * @param second: { - * "latitude": (Number) The second latitude. - * "longitude": (Number) The second longitude. - * } - * @return Number The distance between the two locations. - */ -calculateDistance = function(first, second) { - var factor = (Math.PI / 180), - theta, - dist; - function degreesToRadians(degrees) { - return degrees * factor; - } - function radiansToDegrees(radians) { - return radians / factor; - } - theta = first.longitude - second.longitude; - dist = Math.sin(degreesToRadians(first.latitude)) * Math.sin(degreesToRadians(second.latitude)) - + Math.cos(degreesToRadians(first.latitude)) * Math.cos(degreesToRadians(second.latitude)) - * Math.cos(degreesToRadians(theta)); - dist = Math.acos(dist); - dist = radiansToDegrees(dist); - dist = dist * 60 * 1.1515; - return dist; -}; - -/** - * Converts a String holding a delimited sequence of values into an array. - * - * @param text (String) The String representation of a delimited sequence of values. - * @param delimiter (String) The character delimiting values within the text String. - * @return (Array) The comma separated values. - */ -splitAndTrim = function(text, delimiter) { - - var results = [], - i, - values, - value; - if (text === null) { - return results; - } - - values = text.split(delimiter); - for (i = 0; i < values.length; i++) { - value = values[i].trim(); - if (value !== "") { - results.push(value); - } - } - - return results; -}; - -/** - * Converts value to a percentage of range. - * - * @param value (Number) The actual number to be converted to a percentage. - * @param range (Number) The total number of values (i.e. represents 100%). - * @return (Number) The percentage. - */ -calculatePercentage = function(value, range) { - if (range === 0) { - return 0; - } - return parseFloat((value / range).toPrecision(2)) * 100; -}; - -/** - * Creates a new array containing only those elements found in both arrays received as arguments. - * - * @param first (Array) The first array. - * @param second (Array) The second array. - * @return (Array) The elements that found in first and second. - */ -calculateIntersection = function(first, second) { - return first.filter(function(element) { - return second.indexOf(element) !== -1; - }); -}; - -function getValue(obj, attributePath) { - var value = obj, - i; - for (i = 0; i < attributePath.length; i++) { - if (value === undefined) { - return null; - } - value = value[attributePath[i]]; - } - return value; -} - - -function isLeafNode(attributeConfig) { - return attributeConfig.comparator !== undefined; -} - -function getAttributePaths(attributeConfig, attributePath) { - - var attributePaths = [], - attributeName, - attrPaths, - attrPath, - i; - - for (attributeName in attributeConfig) { - if (attributeConfig.hasOwnProperty(attributeName)) { - - if (isLeafNode(attributeConfig[attributeName])) { - attrPath = attributePath.slice(); - attrPath.push(attributeName); - attributePaths.push(attrPath); - } else { - attrPath = attributePath.slice(); - attrPath.push(attributeName); - attrPaths = getAttributePaths(attributeConfig[attributeName], attrPath); - for (i = 0; i < attrPaths.length; i++) { - attributePaths.push(attrPaths[i]); - } - } - } - } - - return attributePaths; -} - -function getDevicePrintAttributePaths(attributeConfig) { - return getAttributePaths(attributeConfig, []); -} - -function hasRequiredAttributes(devicePrint, attributeConfig) { - - var attributePaths = getDevicePrintAttributePaths(attributeConfig), - i, - attrValue, - attrConfig; - - for (i = 0; i < attributePaths.length; i++) { - - attrValue = getValue(devicePrint, attributePaths[i]); - attrConfig = getValue(attributeConfig, attributePaths[i]); - - if (attrConfig.required && attrValue === undefined) { - logger.warning("Device Print profile missing required attribute, " + attributePaths[i]); - return false; - } - } - - logger.message("device print has required attributes"); - return true; -} - -function compareDevicePrintProfiles(attributeConfig, devicePrint, devicePrintProfiles, maxPenaltyPoints) { - - var attributePaths = getDevicePrintAttributePaths(attributeConfig), - dao = sharedState.get('_DeviceIdDao'), - results, - j, - aggregatedComparisonResult, - i, - currentValue, - storedValue, - attrConfig, - comparisonResult, - selectedComparisonResult, - selectedProfile, - curDevicePrintProfile, - vals; - - results = []; - for (j = 0; j < devicePrintProfiles.length; j++) { - curDevicePrintProfile = JSON.parse(org.forgerock.json.JsonValue.json(devicePrintProfiles[j])); - aggregatedComparisonResult = new ComparisonResult(); - for (i = 0; i < attributePaths.length; i++) { - - currentValue = getValue(devicePrint, attributePaths[i]); - storedValue = getValue(curDevicePrintProfile.devicePrint, attributePaths[i]); - attrConfig = getValue(attributeConfig, attributePaths[i]); - - if (storedValue === null) { - comparisonResult = new ComparisonResult(attrConfig.penaltyPoints); - } else { - comparisonResult = attrConfig.comparator.compare(currentValue, storedValue, attrConfig.args); - } - - if (logger.messageEnabled()) { - logger.message("Comparing attribute path: " + attributePaths[i] - + ", Comparison result: successful=" + comparisonResult.isSuccessful() + ", penaltyPoints=" - + comparisonResult.penaltyPoints + ", additionalInfoInCurrentValue=" - + comparisonResult.additionalInfoInCurrentValue); - } - aggregatedComparisonResult.addComparisonResult(comparisonResult); - } - if (logger.messageEnabled()) { - logger.message("Aggregated comparison result: successful=" - + aggregatedComparisonResult.isSuccessful() + ", penaltyPoints=" - + aggregatedComparisonResult.penaltyPoints + ", additionalInfoInCurrentValue=" - + aggregatedComparisonResult.additionalInfoInCurrentValue); - } - - results.push({ - key: aggregatedComparisonResult, - value: devicePrintProfiles[j] - }); - } - - if (results.length === 0) { - return null; - } - - results.sort(function(a, b) { - return ComparisonResult.compare(a.key, b.key); - }); - selectedComparisonResult = results[0].key; - if (logger.messageEnabled()) { - logger.message("Selected comparison result: successful=" + selectedComparisonResult.isSuccessful() - + ", penaltyPoints=" + selectedComparisonResult.penaltyPoints + ", additionalInfoInCurrentValue=" - + selectedComparisonResult.additionalInfoInCurrentValue); - } - - selectedProfile = null; - if (selectedComparisonResult.penaltyPoints <= maxPenaltyPoints) { - selectedProfile = results[0].value; - if (logger.messageEnabled()) { - logger.message("Selected profile: " + selectedProfile + - " with " + selectedComparisonResult.penaltyPoints + " penalty points"); - } - } - - if (selectedProfile === null) { - return false; - } - - /* update profile */ - selectedProfile.put("selectionCounter", - java.lang.Integer.valueOf(parseInt(selectedProfile.get("selectionCounter"), 10) + 1)); - selectedProfile.put("lastSelectedDate", java.lang.Long.valueOf(new Date().getTime())); - selectedProfile.put("devicePrint", devicePrint); - - vals = []; - for (i = 0; i < devicePrintProfiles.length; i++) { - vals.push(org.forgerock.json.JsonValue.json(devicePrintProfiles[i])); - } - - dao.saveDeviceProfiles(username, realm, vals); - - return true; -} - -function matchDevicePrint() { - - if (!username) { - logger.error("Username not set. Cannot compare user's device print profiles."); - authState = FAILED; - } else { - - if (logger.messageEnabled()) { - logger.message("client devicePrint: " + clientScriptOutputData); - } - - var getProfiles = function () { - - function isExpiredProfile(devicePrintProfile) { - var expirationDate = new Date(), - lastSelectedDate; - expirationDate.setDate(expirationDate.getDate() - config.profileExpiration); - - lastSelectedDate = new Date(devicePrintProfile.lastSelectedDate); - - return lastSelectedDate < expirationDate; - } - - function getNotExpiredProfiles() { - var profile, - dao = sharedState.get('_DeviceIdDao'), - results = [], - profiles, - iter; - - profiles = dao.getDeviceProfiles(username, realm); - - if (profiles) { - iter = profiles.iterator(); - - while (iter.hasNext()) { - profile = iter.next().getObject(); - if (!isExpiredProfile(profile)) { - results.push(profile); - } - } - } - if (logger.messageEnabled()) { - logger.message("stored non-expired profiles: " + results); - } - return results; - } - - return getNotExpiredProfiles(); - }, - devicePrint = JSON.parse(clientScriptOutputData), - devicePrintProfiles = getProfiles(); - - if (!hasRequiredAttributes(devicePrint, config.attributes)) { - logger.message("devicePrint.hasRequiredAttributes: false"); - // Will fail this module but fall-through to next module. Which should be OTP. - authState = FAILED; - } else if (compareDevicePrintProfiles(config.attributes, devicePrint, devicePrintProfiles, config.maxPenaltyPoints)) { - logger.message("devicePrint.hasValidProfile: true"); - authState = SUCCESS; - } else { - logger.message("devicePrint.hasValidProfile: false"); - sharedState.put('devicePrintProfile', JSON.stringify(devicePrint)); - // Will fail this module but fall-through to next module. Which should be OTP. - authState = FAILED; - } - } -} - -matchDevicePrint();" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 117`] = ` -{ - "meta": Any, - "script": { - "703dab1a-1921-4981-98dd-b8e5349d8548": { - "_id": "703dab1a-1921-4981-98dd-b8e5349d8548", - "context": "AUTHENTICATION_SERVER_SIDE", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for server side Device Id (Match) Authentication Module", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Device Id (Match) - Server Side", - "script": "file://Device-Id-(Match)-Server-Side.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 118`] = ` -"/* Display Password - * - * Author: volker.scheuber@forgerock.com - * - * Display Password collected via Platform Password node. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -var password = "unable to retrieve!"; -if (nodeState.get("password")) { - password = nodeState.get("password").asString(); -} -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback -) -if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - password - ) - ).build() -} -else { - action = fr.Action.goTo("true").build(); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 119`] = ` -{ - "meta": Any, - "script": { - "ec8b314c-8e11-4364-93b9-a3e82d2a074a": { - "_id": "ec8b314c-8e11-4364-93b9-a3e82d2a074a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display Password from nodeState", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Display Password", - "script": "file://Display-Password.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 120`] = ` -"/* Display Session Info - * - * Display Session Info. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - - var anchor = "anchor-".concat(generateNumericToken('xxx')); - var halign = "left"; - - var choices = []; - var defaultChoice = 0; - - var include = ["org","idp","saas","profileType","givenName","sn","mail","roles","userName","UserId","Locale","authInstant","AuthLevel","Host","Service"]; - var message = ""; - if (typeof existingSession !== "undefined") { - message = "

Session Info

"; - include.forEach(function (key) { - message += "" + key + ": " + existingSession.get(key) + "
"; - }); - message += "

" - var entries = existingSession.keySet().toArray(); - entries.forEach(function (key) { - if (include.indexOf(""+key)===-1) { - message += "" + key + ": " + existingSession.get(key) + "
"; - } - }); - message += "

" - choices.push("Goto SAML App"); - choices.push("Goto OIDC App"); - if (""+existingSession.get("profileType") === "persistent") { - choices.push("Goto Profile Page"); - } - choices.push("Logout"); - } else { - message = "

No Session!

" - choices.push("Login"); - } - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"\\";\\n").concat( - " message.style = \\"text-align: left; inline-size: 430px; overflow-wrap: break-word;\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback, - javax.security.auth.callback.ConfirmationCallback - ) - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script), - new fr.ConfirmationCallback( - fr.ConfirmationCallback.INFORMATION, - choices, - defaultChoice - ) - ).build() - } - else { - outcome = choices[callbacks.get(2).getSelectedIndex()]; - action = fr.Action.goTo(outcome).build(); - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); - } -}()); - -/* -Locale: en_US -authInstant: 2021-09-25T17:28:38Z -Organization: o=alpha,ou=services,ou=am-config -mail: volker@scheuber.name -Principals: volker@scheuber.name -UserProfile: Ignore -CharSet: UTF-8 -FullLoginURL: /am/UI/Login?code=4%2F0AX4XfWjiEfbrfIstsFUKoaibPCQmTbuPonLfuhpYhjfj-N5QEe9u2P5Os9wNadGaPsQVBA&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&realm=%2Falpha&state=fykprtfmeclrgwszmomvqxnlirrehcs&hd=scheuber.name&prompt=none&authuser=2 -clientType: genericHTML -goto: /am/XUI/?realm=/alpha&authIndexType=service&authIndexValue=SessionInfo&ForceAuth=true#/ -AMCtxId: d3188938-d07e-4134-95db-f1cc97fc6c40-503275 -loginURL: /am/UI/Login -sn: Scheuber -amlbcookie: 01 -HostName: 99.72.28.182 -UserToken: volker@scheuber.name -givenName: Volker -successURL: /am/XUI/?realm=/alpha&authIndexType=service&authIndexValue=SessionInfo&ForceAuth=true#/ -Service: Router -Host: 99.72.28.182 -AuthLevel: 0 -idp: google -UserId: volker@scheuber.name -sun.am.UniversalIdentifier: id=volker@scheuber.name,ou=user,o=alpha,ou=services,ou=am-config -OidcSid: ACuTQIObj0tajPYhLOjMlWc2urM -Principal: id=volker@scheuber.name,ou=user,o=alpha,ou=services,ou=am-config - */" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 121`] = ` -{ - "meta": Any, - "script": { - "37bf200a-158f-4a45-8ee5-81516e4593f8": { - "_id": "37bf200a-158f-4a45-8ee5-81516e4593f8", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display session info.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Display Session Info", - "script": "file://Display-Session-Info.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 122`] = ` -"/* Display States - * - * Display sharedState and transientState. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - - var anchor = "anchor-".concat(generateNumericToken('xxx')); - var halign = "left"; - var message = "

Current State Values

".concat( - "

Shared State:
").concat( - sharedState.toString()).concat("

").concat( - "

Transient State:
").concat( - transientState.toString()).concat("

").concat( - "

Request Headers:
").concat( - requestHeaders.toString()).concat("

") - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"\\";\\n").concat( - " message.style = \\"text-align: left; inline-size: 430px; overflow-wrap: break-word;\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } - else { - action = fr.Action.goTo(outcome).build(); - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 123`] = ` -{ - "meta": Any, - "script": { - "e49225eb-e7ad-4699-bf2a-d57689f9cd6e": { - "_id": "e49225eb-e7ad-4699-bf2a-d57689f9cd6e", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display sharedState and transientState.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Display States - imported (1)", - "script": "file://Display-States-imported-(1).script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 124`] = ` -"/* Display States - * - * Display sharedState and transientState. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - - var anchor = "anchor-".concat(generateNumericToken('xxx')); - var halign = "left"; - var message = "

Current State Values

".concat( - "

Shared State:
").concat( - sharedState.toString()).concat("

").concat( - "

Transient State:
").concat( - transientState.toString()).concat("

") - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"\\";\\n").concat( - " message.style = \\"text-align: left; inline-size: 430px; overflow-wrap: break-word;\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } - else { - action = fr.Action.goTo(outcome).build(); - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 125`] = ` -{ - "meta": Any, - "script": { - "6d6c2202-725b-4196-9436-92ec11a0b385": { - "_id": "6d6c2202-725b-4196-9436-92ec11a0b385", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display sharedState and transientState.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Display States - imported (2)", - "script": "file://Display-States-imported-(2).script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 126`] = ` -"/* Display States - * - * Display sharedState and transientState. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "true"; - - var anchor = "anchor-".concat(generateNumericToken('xxx')); - var halign = "left"; - var message = "

Current State Values

".concat( - "

Shared State:
").concat( - sharedState.toString()).concat("

").concat( - "

Transient State:
").concat( - transientState.toString()).concat("

").concat( - "

Request Headers:
").concat( - requestHeaders.toString()).concat("

") - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"\\";\\n").concat( - " message.style = \\"text-align: left; inline-size: 430px; overflow-wrap: break-word;\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } - else { - action = fr.Action.goTo(outcome).build(); - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 127`] = ` -{ - "meta": Any, - "script": { - "b703581a-e112-42b9-bc24-6db8bced5a13": { - "_id": "b703581a-e112-42b9-bc24-6db8bced5a13", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display sharedState and transientState.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Display States", - "script": "file://Display-States.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 128`] = ` -"/* Display Username - * - * Author: volker.scheuber@forgerock.com - * - * Display the username. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - try { - var outcome = 'true'; - var username = nodeState.get('username').asString(); - - // Specify the message you want to display. You may use HTML for formatting. Avoid line breaks! Use
instead. - var message = '
'+username+'
'; - - var anchor = 'anchor-'+generateNumericToken('xxx'); - var script = "Array.prototype.slice.call(\\n \\ - document.getElementsByClassName('callback-component')).forEach(\\n \\ - function (e) {\\n \\ - var message = e.firstElementChild;\\n \\ - if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '"+anchor+"') {\\n \\ - message.innerHTML = '"+message+"';\\n \\ - }\\n \\ - })"; - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } - else { - action = fr.Action.goTo(outcome).build(); - } - } catch (error) { - logger.error('Error: ' + error); - nodeState.putShared('error', error.message); - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 129`] = ` -{ - "meta": Any, - "script": { - "fe5e303b-9ed7-4853-84fe-0ae43e2254d5": { - "_id": "fe5e303b-9ed7-4853-84fe-0ae43e2254d5", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display the username in an HTML dialog.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Display Username", - "script": "file://Display-Username.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 130`] = ` -"/* Dropdown - * - * Author: volker.scheuber@forgerock.com - * - * Render a dropdown selector - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = "true"; - var choices = [" ", "Red pill", "Blue pill", "Steak", "Rabbit hole"]; - - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.ChoiceCallback - ) - - if (callbacks.isEmpty()) { - action = fr.Action.send([ - new fr.ChoiceCallback("Make your choice", choices, 0, false) - ]).build(); - } else { - var choice = parseInt(callbacks.get(0).getSelectedIndexes()[0]); - nodeState.putShared("choice", choices[choice]); - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 131`] = ` -{ - "meta": Any, - "script": { - "71b3c70b-920c-464b-a918-4c86eaaddccd": { - "_id": "71b3c70b-920c-464b-a918-4c86eaaddccd", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Render a dropdown", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Dropdown", - "script": "file://Dropdown.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 132`] = ` -"outcome = "true"; - -setSharedObjectAttribute("userName", "FRAAS-7955"); -setSharedObjectAttribute("givenName", "First-shared"); -setSharedObjectAttribute("sn", "Last-shared"); -setSharedObjectAttribute("mail", "first.last-shared@company.com"); - -setTransientObjectAttribute("userName", "FRAAS-7955"); -setTransientObjectAttribute("givenName", "First-transient"); -setTransientObjectAttribute("sn", "Last-transient"); -setTransientObjectAttribute("mail", "first.last-transient@company.com"); - -/* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ -function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -} - -/* - * Store attributes in transient state for use with the Create/Patch Object nodes. - */ -function setTransientObjectAttribute(name, value) { - var transientStorage = transientState.get("objectAttributes"); - if (transientStorage && value) { - if (transientStorage.put) { - transientStorage.put(name, value); - } - else { - transientStorage[name] = value; - } - } - else if (value) { - transientState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 133`] = ` -{ - "meta": Any, - "script": { - "38f698de-fe11-43d2-8480-44e1312d121d": { - "_id": "38f698de-fe11-43d2-8480-44e1312d121d", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "FRAAS-7955 Both States", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "FRAAS-7955 Both States", - "script": "file://FRAAS-7955-Both-States.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 134`] = ` -"/* debug - * - * Author: volker.scheuber@forgerock.com - * - * Display sharedState and transientState. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -var output = true; - -var anchor = "anchor-".concat(generateNumericToken('xxx')); -var halign = "left"; -var message = "

Current State Values

".concat( - "

Shared State:
").concat( - sharedState.toString()).concat("

").concat( - "

Transient State:
").concat( - transientState.toString()).concat("

") -var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"\\";\\n").concat( - " message.style = \\"text-align: left; inline-size: 430px; overflow-wrap: break-word;\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback -) -if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script) - ).build() -} -else { - action = fr.Action.goTo("true").build(); -} - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ -function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 135`] = ` -{ - "meta": Any, - "script": { - "164fe425-01e7-4b0b-9f60-fb41f6bf362b": { - "_id": "164fe425-01e7-4b0b-9f60-fb41f6bf362b", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "FRAAS-7955 Display sharedState and transientState.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "FRAAS-7955 Display States", - "script": "file://FRAAS-7955-Display-States.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 136`] = ` -"outcome = "true"; - -setSharedObjectAttribute("userName", "FRAAS-7955"); -setSharedObjectAttribute("givenName", "First-shared"); -setSharedObjectAttribute("sn", "Last-shared"); -setSharedObjectAttribute("mail", "first.last-shared@company.com"); - -/* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ -function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 137`] = ` -{ - "meta": Any, - "script": { - "dedbc9f6-7fc9-4332-a330-55f7aeb95e78": { - "_id": "dedbc9f6-7fc9-4332-a330-55f7aeb95e78", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "FRAAS-7955 Shared State Only", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "FRAAS-7955 Shared State Only", - "script": "file://FRAAS-7955-Shared-State-Only.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 138`] = ` -"var outcome = true; - -// Requires Identify Existing User auth node to retrieve real user ID from IDM -var userid = sharedState.get("_id"); - -// Retrieve user profile attributes -var userName = idRepository.getAttribute(userid, "uid").iterator().next().toString(); -var firstName = idRepository.getAttribute(userid, "givenName").iterator().next().toString(); -var lastName = idRepository.getAttribute(userid, "sn").iterator().next().toString(); -var email = idRepository.getAttribute(userid, "mail").iterator().next().toString(); - -var anchor = "anchor-".concat(generateNumericToken('xxx')); -var halign = "left"; -var message = "

Object Values

".concat( - "

Username: ").concat(userName).concat("

").concat( - "

First Name: ").concat(firstName).concat("

").concat( - "

Last Name: ").concat(lastName).concat("

").concat( - "

Email: ").concat(email).concat("

") -var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"text-left\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback -) -if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - anchor - ), - new fr.ScriptTextOutputCallback(script) - ).build() -} -else { - action = fr.Action.goTo(outcome).build(); -} - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ -function generateNumericToken(format) { - return format.replace(/[x]/g, function(c) { - var r = Math.random()*10|0; - var v = r; - return v.toString(10); - }); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 139`] = ` -{ - "meta": Any, - "script": { - "fbc563cb-eced-4e1b-9cd4-022680347668": { - "_id": "fbc563cb-eced-4e1b-9cd4-022680347668", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "FRAAS-7955 Show Object Values", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "FRAAS-7955 Show Object Values", - "script": "file://FRAAS-7955-Show-Object-Values.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 140`] = ` -"outcome = "true"; - -setTransientObjectAttribute("userName", "FRAAS-7955"); -setTransientObjectAttribute("givenName", "First-transient"); -setTransientObjectAttribute("sn", "Last-transient"); -setTransientObjectAttribute("mail", "first.last-transient@company.com"); - -/* - * Store attributes in transient state for use with the Create/Patch Object nodes. - */ -function setTransientObjectAttribute(name, value) { - var transientStorage = transientState.get("objectAttributes"); - if (transientStorage && value) { - if (transientStorage.put) { - transientStorage.put(name, value); - } - else { - transientStorage[name] = value; - } - } - else if (value) { - transientState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 141`] = ` -{ - "meta": Any, - "script": { - "073a64d4-37c9-486d-8c59-6583494644b9": { - "_id": "073a64d4-37c9-486d-8c59-6583494644b9", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "FRAAS-7955 Transient State Only", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "FRAAS-7955 Transient State Only", - "script": "file://FRAAS-7955-Transient-State-Only.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 142`] = ` -"outcome = "true"; -var attrs = sharedState.get("objectAttributes"); -if (attrs) { - setTransientObjectAttribute("givenName", attrs.get("givenName").concat("-workaround")); - setTransientObjectAttribute("sn", attrs.get("sn").concat("-workaround")); - setTransientObjectAttribute("mail", attrs.get("mail").concat("-workaround")); -} - -/* - * Store attributes in transient state for use with the Create/Patch Object nodes. - */ -function setTransientObjectAttribute(name, value) { - var transientStorage = transientState.get("objectAttributes"); - if (transientStorage && value) { - if (transientStorage.put) { - transientStorage.put(name, value); - } - else { - transientStorage[name] = value; - } - } - else if (value) { - transientState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 143`] = ` -{ - "meta": Any, - "script": { - "e0ba741b-c952-4062-9899-0b1c19237ee4": { - "_id": "e0ba741b-c952-4062-9899-0b1c19237ee4", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "FRAAS-7955 Workaround: Copy sharedState to transientState", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "FRAAS-7955 Workaround", - "script": "file://FRAAS-7955-Workaround.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 144`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.id), - field("displayName", rawProfile.name), - field("givenName", rawProfile.first_name), - field("familyName", rawProfile.last_name), - field("photoUrl", rawProfile.picture.data.url), - field("email", rawProfile.email), - field("username", rawProfile.email)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 145`] = ` -{ - "meta": Any, - "script": { - "bae1d54a-e97d-4997-aa5d-c027f21af82c": { - "_id": "bae1d54a-e97d-4997-aa5d-c027f21af82c", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Facebook", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Facebook Profile Normalization", - "script": "file://Facebook-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 146`] = ` -"/* - * Copyright 2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ -// Script is intentionally empty -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 147`] = ` -{ - "meta": Any, - "script": { - "c234ba0b-58a1-4cfd-9567-09edde980745": { - "_id": "c234ba0b-58a1-4cfd-9567-09edde980745", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 1433147666269, - "default": true, - "description": "Internal token modification script", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "ForgeRock Internal: OAuth2 Access Token Modification Script", - "script": "file://ForgeRock-Internal:-OAuth2-Access-Token-Modification-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 148`] = ` -"/* - * Copyright 2014-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. - * The claim values are computed for: - * the claims derived from the requested scopes, - * the claims provided by the authorization server, - * and the claims requested by the client via the claims parameter. - * - * In the CONFIGURATION AND CUSTOMIZATION section, you can - * define the scope-to-claims mapping, and - * assign to each claim a resolver function that will compute the claim value. - * - * Defined variables (class references are provided below): - * scopes - Set (6). - * Always present, the requested scopes. - * claims - Map (5). - * Always present, default server provided claims. - * claimObjects - List (7, 2). - * Always present, the default server provided claims. - * requestedClaims - Map> (5). - * Always present, not empty if the request contains the claims parameter and the server has enabled - * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; - * requested claims with no requested values will have a key but no value in the map. A key with - * a single value in its Set (6) indicates that this is the only value that should be returned. - * requestedTypedClaims - List (7, 2). - * Always present, the requested claims. - * Requested claims with no requested values will have a claim with no values. - * A claim with a single value indicates this is the only value that should be returned. - * claimsLocales - List (7). - * The values from the 'claims_locales' parameter. - * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * In order to use the client, you may need to add - * org.forgerock.http.Client, - * org.forgerock.http.protocol.*, - * and org.forgerock.util.promise.PromiseImpl - * to the allowed Java classes in the scripting engine configuration, as described in: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html - * - * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. - * The result of the last statement in the script is returned to the server. - * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) - * is the last (and only) statement in this script, and its return value will become the script result. - * Do not use "return variable" statement outside of a function definition. - * See RESULTS section for additional details. - * - * Class reference: - * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. - * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). - * An instance of org.forgerock.openidconnect.Claim has methods to access - * the claim name, requested values, locale, and whether the claim is essential. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. -*/ - -(function () { - // SETUP - - /** - * Claim processing utilities. - * An object that contains reusable functions for processing claims. - * @see CLAIM PROCESSING UTILITIES section for details. - */ - var utils = getUtils(); - - // CONFIGURATION AND CUSTOMIZATION - - /** - * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a scope value to an array of claim names - * to specify which claims need to be processed and returned for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} - * for the scope values that could be used to request claims as defined in the OIDC specification. - * - * Below, find a default configuration that is expected to work in the current environment. - * - * CUSTOMIZATION - * You can choose the claim names returned for a scope. - */ - utils.setScopeClaimsMap({ - profile: [ - 'name', - 'family_name', - 'given_name', - 'zoneinfo', - 'locale' - ], - email: ['email'], - address: ['address'], - phone: ['phone_number'] - }); - - /** - * In this script, each claim - * derived from the requested scopes, - * provided by the authorization server, and - * requested by the client via the claims parameter - * will be processed by a function associated with the claim name. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a claim name to a resolver function, - * which will be automatically executed for each claim processed by the script. - * - * The claim resolver function will receive the requested claim information - * in an instance of org.forgerock.openidconnect.Claim as the first argument. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} - * for details on the Claim class. - * - * If the claim resolver function returns a value, - * other than undefined or null, - * the claim will be included in the script's results. - * - * The Claim instance provides methods to check - * what the name of the claim is, - * which values the claim request contains, - * whether the claim is essential, and - * which locale the claim is associated with. - * The resolver function can consider this information when computing and returning the claim value. - * - * Below, find a default configuration that is expected to work in the current environment. - * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), - * is called to return a claim resolver function based on a user profile attribute. - * @see CLAIM RESOLVERS section for the implementation details and examples. - * For the address claim, an example of a claim resolver that uses another claim resolver is provided. - * - * CUSTOMIZATION - * You can reuse the predefined utils methods with your custom arguments. - * You can also specify a custom resolver function for a claim name, - * that will compute and return the claim value—as shown in the commented out example below. - */ - utils.setClaimResolvers({ - /* - // An example of a simple claim resolver function that is defined for a claim - // directly in the configuration object: - custom-claim-name: function (requestedClaim) { - // In this case, initially, the claim value comes straight from a user profile attribute value: - var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] - - // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. - // You can use: - // requestedClaim.getName() - // requestedClaim.getValues() - // requestedClaim.getLocale() - // requestedClaim.isEssential() - - return claimValue - }, - */ - /** - * The use of utils.getUserProfileClaimResolver shows how - * an argument passed to a function that returns a claim resolver - * becomes available to the resolver function (via its lexical context). - */ - name: utils.getUserProfileClaimResolver('cn'), - family_name: utils.getUserProfileClaimResolver('sn'), - given_name: utils.getUserProfileClaimResolver('givenname'), - zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), - locale: utils.getUserProfileClaimResolver('preferredlocale'), - email: utils.getUserProfileClaimResolver('mail'), - address: utils.getAddressClaimResolver( - /** - * The passed in user profile claim resolver function - * can be used by the address claim resolver function - * to obtain the claim value to be formatted as per the OIDC specification: - * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. - */ - utils.getUserProfileClaimResolver('postaladdress') - ), - phone_number: utils.getUserProfileClaimResolver('telephonenumber') - }); - - // CLAIM PROCESSING UTILITIES - - /** - * @returns {object} An object that contains reusable claim processing utilities. - * @see PUBLIC METHODS section and the return statement for the list of exported functions. - */ - function getUtils () { - // IMPORT JAVA - - /** - * Provides Java scripting functionality. - * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. - */ - var frJava = JavaImporter( - org.forgerock.oauth2.core.exceptions.InvalidRequestException, - org.forgerock.oauth2.core.UserInfoClaims, - org.forgerock.openidconnect.Claim, - - java.util.LinkedHashMap, - java.util.ArrayList - ); - - // SET UP CONFIGURATION - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported scope values (scopes) - * and the corresponding claim names for each scope value. - */ - var scopeClaimsMap; - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported claim names - * and the resolver functions returning the claim value. - */ - var claimResolvers; - - /** - * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps each supported scope value to an array of claim names, - * in order to specify which claims need to be processed for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. - * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. - * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. - * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. - * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. - * @returns {undefined} - */ - function setScopeClaimsMap(params) { - scopeClaimsMap = params; - } - - /** - * A (public) method that accepts an object that maps the supported claim names - * and the resolver functions returning the claim value, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps - * each supported claim name to a function that computes and returns the claim value. - */ - function setClaimResolvers(params) { - claimResolvers = params; - } - - // CLAIM RESOLVERS - - /** - * Claim resolvers are functions that return a claim value. - * @param {*} - * @returns {*} - */ - - /** - * Defines a claim resolver based on a user profile attribute. - * @param {string} attributeName - Name of the user profile attribute. - * @returns {function} A function that will determine the claim value - * based on the user profile attribute and the (requested) claim properties. - */ - function getUserProfileClaimResolver (attributeName) { - /** - * Resolves a claim with a user profile attribute value. - * Returns undefined if the identity attribute is not populated, - * OR if the claim has requested values that do not contain the identity attribute value. - * ATTENTION: the aforementioned comparison is case-sensitive. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {string|HashSet|undefined} - */ - function resolveClaim(claim) { - var userProfileValue; - - if (identity) { - userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); - - if (userProfileValue && !userProfileValue.isEmpty()) { - if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { - return userProfileValue; - } - } - } - } - - return resolveClaim; - } - - /** - * Returns an address claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional formatting to the value before returning it. - */ - function getAddressClaimResolver (resolveClaim) { - /** - * Creates an address claim object from a value returned by a claim resolver, - * and returns the address claim object as the claim value. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. - * The claim value is obtained with a claim resolving function available from the closure. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. - */ - function resolveAddressClaim(claim) { - var claimValue = resolveClaim(claim); - var addressObject; - - if (isClaimValueValid(claimValue)) { - addressObject = new frJava.LinkedHashMap(); - - addressObject.put('formatted', claimValue); - - return addressObject; - } - } - - return resolveAddressClaim; - } - - /** - * Returns an essential claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional logic for essential claims. - */ - function getEssentialClaimResolver (resolveClaim) { - /** - * Returns a claim value or throws an error. - * The claim value is obtained with a claim resolving function available from the closure. - * Throws an exception if the claim is essential and no value is returned for the claim. - * - * Use of this resolver is optional. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: - * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, - * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, - * unless otherwise specified in the description of the specific claim." - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - */ - function resolveEssentialClaim(claim) { - var claimValue = resolveClaim(claim); - - if (claim.isEssential() && !isClaimValueValid(claimValue)) { - throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); - } - - return claimValue; - } - - return resolveEssentialClaim; - } - - /** - * Provides default resolution for a claim. - * Use it if a claim-specific resolver is not defined in the configuration. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} A single value associated with this claim. - */ - function resolveAnyClaim (claim) { - if (claim.getValues().size() === 1) { - return claim.getValues().toArray()[0]; - } - } - - // UTILITIES - - /** - * Returns claim value from a set. - * If the set contains a single value, returns the value. - * If the set contains multiple values, returns the set. - * Otherwise, returns undefined. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @param {java.util.HashSet} set The set—for example, a user profile attribute value. - * @returns {string|java.util.HashSet|undefined} - */ - function getClaimValueFromSet (claim, set) { - if (set && set.size()) { - if (set.size() === 1) { - return set.toArray()[0]; - } else { - return set; - } - } else if (logger.warningEnabled()) { - logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); - } - } - - function isClaimValueValid (claimValue) { - if (typeof claimValue === 'undefined' || claimValue === null) { - return false; - } - - return true; - } - - // CLAIM PROCESSING - - /** - * Constructs and returns an object populated with the computed claim values - * and the requested scopes mapped to the claim names. - * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * @see RESULTS section for the use of this function. - */ - function getUserInfoClaims () { - return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); - } - - /** - * Creates a map of (requested) claim names populated with the computed claim values. - * @returns {java.util.LinkedHashMap} - * A map of the requested claim names and the corresponding claim values. - */ - function getComputedClaims () { - /** - * Creates a complete list of claim objects from: - * the claims derived from the scopes, - * the claims provided by the authorization server, - * and the claims requested by the client. - * @returns {java.util.ArrayList} - * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function getClaims() { - /** - * Returns a list of claim objects for the requested scopes. - * Uses the scopeClaimsMap configuration option to derive the claim names; - * no other properties of a claim derived from a scope are populated. - * @returns {java.util.ArrayList} - * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function convertScopeToClaims() { - var claims = new frJava.ArrayList(); - - scopes.toArray().forEach(function (scope) { - if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - claims.add(new frJava.Claim(claimName)); - }); - } - }); - - return claims; - } - - var claims = new frJava.ArrayList(); - - claims.addAll(convertScopeToClaims()); - claims.addAll(claimObjects); - claims.addAll(requestedTypedClaims); - - return claims; - } - - /** - * Computes and returns a claim value. - * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. - * @see claimResolvers - * If no resolver function is found, uses the default claim resolver function. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} Claim value. - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - * Rethrows this exception if a claim resolver throws it. - * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver - * if you want to terminate the claim processing. - */ - function computeClaim(claim) { - var resolveClaim; - var message; - - try { - resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; - - return resolveClaim(claim); - } catch (e) { - message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; - - if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { - throw e; - } - - if (logger.warningEnabled()) { - logger.warning(message); - } - } - } - - var computedClaims = new frJava.LinkedHashMap(); - - getClaims().toArray().forEach(function (claim) { - var claimValue = computeClaim(claim); - - if (isClaimValueValid(claimValue)) { - computedClaims.put(claim.getName(), claimValue); - } else { - /** - * If a claim has been processed, but appears in the list again, - * and its value cannot be computed under the new conditions, - * the claim is removed from the final result. - * - * For example, a claim could be mapped to a scope and found in the user profile, - * but also requested by the client with required values that don't match the computed one. - * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. - * for the relevant OIDC specification details. - */ - computedClaims.remove(claim.getName()); - } - }); - - return computedClaims; - } - - /** - * Creates a map of requested scopes and the corresponding claim names. - * @returns {java.util.LinkedHashMap} - */ - function getCompositeScopes () { - var compositeScopes = new frJava.LinkedHashMap(); - - scopes.toArray().forEach(function (scope) { - var scopeClaims = new frJava.ArrayList(); - - if (scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - scopeClaims.add(claimName); - }); - } - - if (scopeClaims.size()) { - compositeScopes.put(scope, scopeClaims); - } - }); - - return compositeScopes; - } - - // PUBLIC METHODS - - return { - setScopeClaimsMap: setScopeClaimsMap, - setClaimResolvers: setClaimResolvers, - getUserProfileClaimResolver: getUserProfileClaimResolver, - getAddressClaimResolver: getAddressClaimResolver, - getEssentialClaimResolver: getEssentialClaimResolver, - getUserInfoClaims: getUserInfoClaims - }; - } - - // RESULTS - - /** - * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class - * populated with the computed claim values and - * the requested scopes mapped to the claim names. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * - * Assigning it to a variable gives you an opportunity - * to log the content of the returned value during development. - */ - var userInfoClaims = utils.getUserInfoClaims(); - - /* - logger.error(scriptName + ' results:') - logger.error('Values: ' + userInfoClaims.getValues()) - logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) - */ - - return userInfoClaims; -}()); -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 149`] = ` -{ - "meta": Any, - "script": { - "1f389a3d-21cf-417c-a6d3-42ea620071f0": { - "_id": "1f389a3d-21cf-417c-a6d3-42ea620071f0", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Internal OIDC Claims script", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "ForgeRock Internal: OIDC Claims Script", - "script": "file://ForgeRock-Internal:-OIDC-Claims-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 150`] = ` -"/* - - Data made available by nodes that have already executed are available in the sharedState variable. - - The script should set outcome to either "true" or "false". - */ - -var validIpAddresses = [ - "37.71.148.92", // FR Grenoble - "84.214.156.50", // FR Oslo - "180.255.64.26", // FR Singapore - "128.106.105.136", // FR Singapore Sales - "188.39.235.130", // FR Bristol - "78.33.22.162", // FR Bristol Marsh Street - "65.113.98.10", // FR San Francisco - "24.155.146.18" // FR Austin -]; - -try { - outcome = function() { - logger.message(requestHeaders); - var vpnBypassSecret = systemEnv.getProperty('esv.amadmin.vpn.bypass.secret', '') + ''; - var bypassHeader = requestHeaders.get(new java.lang.String('x-forgerock-tests-bearer')); - logger.message("checking for VPN bypass - header {} to match secret {}", bypassHeader, vpnBypassSecret); - if (vpnBypassSecret && bypassHeader && bypassHeader.size() === 1) { - logger.message("bypass header is present"); - if (bypassHeader.get(0) + '' === vpnBypassSecret + '') { - logger.warning("bypassing VPN check - request from tests authorized"); - return 'True'; - } - } - var clientIpAddresses = requestHeaders.get(new java.lang.String('x-forwarded-for')); - logger.message(clientIpAddresses); - if (!clientIpAddresses) { - logger.message("No forwarded header - internal cluster request"); - return 'True'; - } - for (var i = 0; i < clientIpAddresses.size(); i++) { - var clientIpHeader = clientIpAddresses.get(i); - var ipAddresses = clientIpHeader.split(','); - for (var j = 0; j < ipAddresses.length; j++) { - var clientIp = ipAddresses[j].trim(); - logger.message('Checking client IP ' + clientIp); - for (var k = 0; k < validIpAddresses.length; k++) { - if (clientIp + '' === validIpAddresses[k]) { - logger.warning("request from ForgeRock VPN authorized"); - return 'True'; - } - } - } - } - logger.warning("request from outside the cluster and not from ForgeRock VPN rejected"); - return 'False'; - }(); - -} catch (e) { - - logger.error('ForgeRockVpnOnly failed to check IP'); - logger.error(e); - outcome = 'Error'; - -} -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 151`] = ` -{ - "meta": Any, - "script": { - "779bb956-676d-4e44-b828-b9efa3c866d4": { - "_id": "779bb956-676d-4e44-b828-b9efa3c866d4", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "ForgeRockVpnOnly", - "script": "file://ForgeRockVpnOnly.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 152`] = ` -"logger.error("Get Email: start"); -outcome = "true"; -if (getProfileAttribute("mail")) { - setSharedObjectAttribute("mail", getProfileAttribute("mail")); -} -logger.error("Get Email: end"); - -/* - * Get profile attribute - */ -function getProfileAttribute(name) { - return idRepository.getAttribute(sharedState.get("_id"), name).iterator().next(); -} - -/* - * Properly set attributes in shared state for use with the Create/Patch Object nodes. - */ -function setSharedObjectAttribute(name, value) { - if (sharedState.get("objectAttributes")) { - sharedState.get("objectAttributes").put(name, value); - } - else { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":"+value+"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 153`] = ` -{ - "meta": Any, - "script": { - "d6469639-249f-4df1-9e03-335cd3e37b3d": { - "_id": "d6469639-249f-4df1-9e03-335cd3e37b3d", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Get Email", - "script": "file://Get-Email.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 154`] = ` -"outcome = "true"; - -var username = sharedState.get("_id") -var lockoutDataAttr = "sunAMAuthInvalidAttemptsData" -var accountStatusAttr = "inetUserStatus" - -var lockoutData = idRepository.getAttribute(username, lockoutDataAttr) -var accountStatus = idRepository.getAttribute(username, accountStatusAttr) - -transientState.put("lockoutData", lockoutData) -transientState.put("accountStatus", accountStatus) - -logger.error(lockoutData.toString())" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 155`] = ` -{ - "meta": Any, - "script": { - "cdea92a1-d2bf-4364-a525-fde8b7a95792": { - "_id": "cdea92a1-d2bf-4364-a525-fde8b7a95792", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Get Lockout Status", - "script": "file://Get-Lockout-Status.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 156`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -logger.warning("GitHub rawProfile: "+rawProfile) - -return json(object( - field("id", rawProfile.id), - field("displayName", rawProfile.name), - field("givenName", rawProfile.first_name), - field("familyName", rawProfile.last_name), - field("photoUrl", rawProfile.picture.data.url), - field("email", rawProfile.email), - field("username", rawProfile.email)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 157`] = ` -{ - "meta": Any, - "script": { - "23143919-6b78-40c3-b25e-beca19b229e0": { - "_id": "23143919-6b78-40c3-b25e-beca19b229e0", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Normalizes raw profile data from GitHub", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "GitHub Profile Normalization (VS)", - "script": "file://GitHub-Profile-Normalization-(VS).script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 158`] = ` -"/* - * Copyright 2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.id), - field("displayName", rawProfile.name), - field("username", rawProfile.login)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 159`] = ` -{ - "meta": Any, - "script": { - "a7a78773-445b-4eca-bb93-409e86bced81": { - "_id": "a7a78773-445b-4eca-bb93-409e86bced81", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from GitHub", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "GitHub Profile Normalization", - "script": "file://GitHub-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 160`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.sub), - field("displayName", rawProfile.name), - field("givenName", rawProfile.given_name), - field("familyName", rawProfile.family_name), - field("photoUrl", rawProfile.picture), - field("email", rawProfile.email), - field("username", rawProfile.email), - field("locale", rawProfile.locale)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 161`] = ` -{ - "meta": Any, - "script": { - "58d29080-4563-480b-89bb-1e7719776a21": { - "_id": "58d29080-4563-480b-89bb-1e7719776a21", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Google", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Google Profile Normalization", - "script": "file://Google-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 162`] = ` -"/* Goto Specified Decision - * - * Return true if a goto param has been specified, false otherwise. - * - * This script does not require configuration. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - logger.message("Goto Specified Decision: start"); - outcome = "false"; - var referer = parseUrl(requestHeaders.get("referer").get(0)); - if (referer.searchParam.goto) { - outcome = "true"; - } - logger.message("Goto Specified Decision: end [outcome={}]", outcome); - - /* - * Parse a URL into its components and make them easily accessible by name - * - * Use in a Scripte Decision Node Script as follows: - * var referer = parseUrl(requestHeaders.get("referer").get(0)); - * var origin = referer.origin; - * - * e.g.: https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - * { - * hash: '#/', - * host: 'openam-volker-dev.forgeblocks.com', - * hostname: 'openam-volker-dev.forgeblocks.com', - * href: 'https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/', - * origin: 'https://openam-volker-dev.forgeblocks.com', - * pathname: '/am/XUI/', - * port: '', - * protocol: 'https', - * search: '?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim', - * username: '', - * password: '', - * searchParam: { - * realm: '/bravo', - * authIndexType: 'service', - * authIndexValue: 'InitiateOwnerClaim' - * } - * } - */ - function parseUrl(href) { - var m = href.match(/^(([^:\\/?#]+):?(?:\\/\\/((?:([^\\/?#:]*):([^\\/?#:]*)@)?([^\\/?#:]*)(?::([^\\/?#:]*))?)))?([^?#]*)(\\?[^#]*)?(#.*)?$/), - r = { - hash: m[10] || "", // #/ - host: m[3] || "", // openam-volker-dev.forgeblocks.com - hostname: m[6] || "", // openam-volker-dev.forgeblocks.com - href: m[0] || "", // https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - origin: m[1] || "", // https://openam-volker-dev.forgeblocks.com - pathname: m[8] || (m[1] ? "/" : ""), // /am/XUI/ - port: m[7] || "", // - protocol: m[2] || "", // https - search: m[9] || "", // ?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim - username: m[4] || "", // - password: m[5] || "", // - searchParam: {} // { realm: '/bravo', - // authIndexType: 'service', - // authIndexValue: 'InitiateOwnerClaim' } - }; - if (r.protocol.length == 2) { - r.protocol = "file:///" + r.protocol.toUpperCase(); - r.origin = r.protocol + "//" + r.host; - } - if (r.search.length > 2) { - var query = (r.search.indexOf('?') === 0) ? r.search.substr(1) : r.search; - var vars = query.split('&'); - for (var i = 0; i < vars.length; i++) { - var pair = vars[i].split('='); - r.searchParam[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]); - } - } - r.href = r.origin + r.pathname + r.search + r.hash; - return r; - }; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 163`] = ` -{ - "meta": Any, - "script": { - "2a076e9e-75a9-46b5-b971-10ffafbdf652": { - "_id": "2a076e9e-75a9-46b5-b971-10ffafbdf652", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Return true if a goto param has been specified, false otherwise.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Goto Specified Decision", - "script": "file://Goto-Specified-Decision.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 164`] = ` -"/* HIBP Password Breach Analysis - * - * Authors: jon.knight@forgerock.com, volker.scheuber@forgerock.com - * - * Use Have I Been Pwned Password to check if password has been breached. - * Calls HIBP API to retrieve the count of matching passwords in breached - * password database - * - * This script needs to be parametrized. It will not work properly as is. - * It requires the Password or Platform Password collector nodes before - * it can operate. - * - * The Scripted Decision Node needs the following outcomes defined: - * - clear - * The number of breaches for password was either zero or less than the - * value of THRESHOLD - * - breached - * The number of incidents of the password in the breached password - * database exceeds THRESHOLD - * - failed - * The API call was rejected. - */ -(function () { - var USER_AGENT="ForgeRock"; - var HIBP_API_KEY=systemEnv.getProperty("esv.hibp.api.key"); - var THRESHOLD=0; - - function toHexString(byteArray) { - var s = ''; - byteArray.forEach(function(byte) { - s += ('0' + (byte & 0xFF).toString(16)).slice(-2); - }); - return s; - } - - outcome = "failed"; - - var md = java.security.MessageDigest.getInstance('SHA-1'); - var password = nodeState.get("password").asString(); -// var password = new java.lang.String(""); -// if (nodeState.get("password")) { -// password = nodeState.get("password").asString(); -// } - var byteArray = password.getBytes("UTF-8"); - md.update(byteArray); - var digest = md.digest(); - var hex = String(toHexString(digest)).toUpperCase(); - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod('GET'); - request.setUri('https://api.pwnedpasswords.com/range/' + hex.substring(0,5)); - request.getHeaders().add("Accept","*/*"); - request.getHeaders().add("Content-Type","application/json"); - request.getHeaders().add("User-Agent", USER_AGENT); - request.getHeaders().add("hibp-api-key", HIBP_API_KEY); - - var response = httpClient.send(request).get(); - - if (response.getStatus().getCode() === 200) { - var max = 0; - outcome = "clear"; - var result = response.getEntity().getString(); - var lines = result.split('\\n'); - for (i=0; i max) max = count; - } - } - if (max > THRESHOLD) outcome = "breached"; - sharedState.put("hibp_password_count", max); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 165`] = ` -{ - "meta": Any, - "script": { - "790045fa-a325-4e3e-96f8-d4a91b32e9de": { - "_id": "790045fa-a325-4e3e-96f8-d4a91b32e9de", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Use Have I Been Pwned Password to check if password has been breached.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "HIBP Password Breach Analysis", - "script": "file://HIBP-Password-Breach-Analysis.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 166`] = ` -"logger.error("Has Profile Changed: start"); -outcome = "unchanged"; -if (getObjectAttribute("old_givenName") || - getObjectAttribute("old_sn") || - getObjectAttribute("frUnindexedString5") || - getObjectAttribute("old_telephoneNumber")) { - outcome = "changed"; -} -logger.error("Has Profile Changed: end [outcome=".concat(outcome).concat("]")); - -/* - * Get objectAttribute value - */ -function getObjectAttribute(name) { - if (sharedState.get("objectAttributes") && sharedState.get("objectAttributes").get(name)) { - return sharedState.get("objectAttributes").get(name).toString(); - } - else { - return null; - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 167`] = ` -{ - "meta": Any, - "script": { - "2ada53cd-5d37-4592-9c7f-5711271229c2": { - "_id": "2ada53cd-5d37-4592-9c7f-5711271229c2", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Has Profile Changed", - "script": "file://Has-Profile-Changed.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 168`] = ` -"/* IDP Integrity Check - * - * Protection from malicious IDPs. Only allow white-listed email domains (usernames are email addresses). - * - * This script does not require cofiguration. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - outcome = "false"; - var routedIDP = sharedState.get("routedIDPs").get(0); - var validDomains = []; - if (routedIDP) { - validDomains = routedIDP.get("idpDomains"); - } - - var username = sharedState.get("username"); - var domain = username.substr(username.lastIndexOf("@")+1); - if (validDomains.indexOf(domain) > -1) { - outcome = "true"; - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 169`] = ` -{ - "meta": Any, - "script": { - "988c10fa-98da-4bf7-8ac9-a558d2fef1fd": { - "_id": "988c10fa-98da-4bf7-8ac9-a558d2fef1fd", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Protection from malicious IDPs. Only allow white-listed email domains (usernames are email addresses).", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "IDP Integrity Check", - "script": "file://IDP-Integrity-Check.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 170`] = ` -"/* IDP Lookup - * - * Perform IDP lookup based on email domain. Set users' external IDP in shared state or continue to local authentication. - * - * This script requires parametrization. Make sure you carefully review the configuration parameters. - * - * The Scripted Decision Node needs the following outcomes defined: - * - one - * - multiple - * - none - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - logger.message("IDP Lookup: start"); - outcome = "none"; - var username = sharedState.get("username"); - var domain = username.substr(username.lastIndexOf("@")+1); - var referer = parseUrl(requestHeaders.get("referer").get(0)); - - /* Begin Configuration */ - - // long-lived token - var IDM_API_TOKEN = systemEnv.getProperty("esv.admin.token"); - - // IDM API Configuration - var IDM_API_URI = referer.origin + "/openidm/managed/alpha_organization?_queryFilter=idpDomains+co+'" + domain + "'&_fields=name,description,idpName,idpType,idpDomains,idpJourney,idpTheme,idpPersist,samlConfig"; - - /* End Configuration */ - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod('GET'); - request.setUri(IDM_API_URI); - request.getHeaders().add("Content-Type", "application/json; charset=UTF-8"); - request.getHeaders().add("Authorization", "Bearer " + IDM_API_TOKEN); - - var response = httpClient.send(request).get(); - var result = JSON.parse(response.getEntity().getString()); - logger.message("IDP Lookup: JSON result: " + JSON.stringify(result)); - - var routedIDPs = result.result.length ? result.result : [{}]; - // stringify the samlConfig property - routedIDPs.forEach(function (routedIDP, index) { - routedIDPs[index].samlConfig = JSON.stringify(routedIDP.samlConfig); - }); - sharedState.put("routedIDPs", routedIDPs); - if (result.resultCount === 1) { - logger.message("IDP Lookup: Found exactly 1 IDP"); - outcome = "one"; - } - else if (result.resultCount > 1) { - logger.message("IDP Lookup: Found {} IDPs", result.resultCount); - outcome = "multiple"; - } - else { - logger.message("IDP Lookup: Found no IDPs"); - } - logger.message("IDP Lookup: end [outcome={}]", outcome); - - /* - * Parse a URL into its components and make them easily accessible by name - * - * Use in a Scripte Decision Node Script as follows: - * var referer = parseUrl(requestHeaders.get("referer").get(0)); - * var origin = referer.origin; - * - * e.g.: https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - * { - * hash: '#/', - * host: 'openam-volker-dev.forgeblocks.com', - * hostname: 'openam-volker-dev.forgeblocks.com', - * href: 'https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/', - * origin: 'https://openam-volker-dev.forgeblocks.com', - * pathname: '/am/XUI/', - * port: '', - * protocol: 'https', - * search: '?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim', - * username: '', - * password: '', - * searchParam: { - * realm: '/bravo', - * authIndexType: 'service', - * authIndexValue: 'InitiateOwnerClaim' - * } - * } - */ - function parseUrl(href) { - var m = href.match(/^(([^:\\/?#]+):?(?:\\/\\/((?:([^\\/?#:]*):([^\\/?#:]*)@)?([^\\/?#:]*)(?::([^\\/?#:]*))?)))?([^?#]*)(\\?[^#]*)?(#.*)?$/), - r = { - hash: m[10] || "", // #/ - host: m[3] || "", // openam-volker-dev.forgeblocks.com - hostname: m[6] || "", // openam-volker-dev.forgeblocks.com - href: m[0] || "", // https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - origin: m[1] || "", // https://openam-volker-dev.forgeblocks.com - pathname: m[8] || (m[1] ? "/" : ""), // /am/XUI/ - port: m[7] || "", // - protocol: m[2] || "", // https - search: m[9] || "", // ?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim - username: m[4] || "", // - password: m[5] || "", // - searchParam: {} // { realm: '/bravo', - // authIndexType: 'service', - // authIndexValue: 'InitiateOwnerClaim' } - }; - if (r.protocol.length == 2) { - r.protocol = "file:///" + r.protocol.toUpperCase(); - r.origin = r.protocol + "//" + r.host; - } - if (r.search.length > 2) { - var query = (r.search.indexOf('?') === 0) ? r.search.substr(1) : r.search; - var vars = query.split('&'); - for (var i = 0; i < vars.length; i++) { - var pair = vars[i].split('='); - r.searchParam[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]); - } - } - r.href = r.origin + r.pathname + r.search + r.hash; - return r; - }; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 171`] = ` -{ - "meta": Any, - "script": { - "68d5a8e7-fcc9-4215-9e63-a01afe8fa849": { - "_id": "68d5a8e7-fcc9-4215-9e63-a01afe8fa849", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Perform IDP lookup based on email domain. Set users' external IDP in shared state or continue to local authentication.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "IDP Lookup", - "script": "file://IDP-Lookup.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 172`] = ` -"/* IDP Re-Lookup - * - * Perform IDP re-lookup based on the Organization ID from the initial lookup. - * Set users' external IDP in shared state for further processing. - * - * This script requires parametrization. Make sure you carefully review the configuration parameters. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - logger.message("IDP Re-Lookup: start"); - outcome = "false"; - var referer = parseUrl(requestHeaders.get("referer").get(0)); - var orgId = referer.searchParam.o; - sharedState.put("username", referer.searchParam.u); - - /* Begin Configuration */ - - // long-lived token, expires: Friday, January 16, 2032 9:45:14 PM GMT-06:00 - var IDM_API_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJlMWE1YzU5OC04MGUyLTRhZGMtYjM0NS0zMWQwMmUyOThjNGIiLCJjdHMiOiJPQVVUSDJfR1JBTlRfU0VUIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNGYzMDkxYTktZjU0Ni00MDdiLTkzNjMtM2RiZGJiZjYzMDc0LTM1NzcwOSIsInN1Ym5hbWUiOiJlMWE1YzU5OC04MGUyLTRhZGMtYjM0NS0zMWQwMmUyOThjNGIiLCJpc3MiOiJodHRwczovL29wZW5hbS12b2xrZXItZGV2LmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL2FscGhhIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiLUIxQlRUM3FqNi04Zkd3a2d6bzgzNzlSRjVJLjA4NkNJdTFyOUNCNlROcEIwV3Q5OFEyNTJYcyIsImF1ZCI6IjY5ZDA1YzExLWU4ZmUtNGFlNS1hN2M5LTIyNTJhNGQ4NWRmNCIsIm5iZiI6MTY0MjU2MzkxNCwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwic2NvcGUiOlsiZnI6aWRtOioiXSwiYXV0aF90aW1lIjoxNjQyNTYzOTE0LCJyZWFsbSI6Ii9hbHBoYSIsImV4cCI6MTk1NzkyMzkxNCwiaWF0IjoxNjQyNTYzOTE0LCJleHBpcmVzX2luIjozMTUzNjAwMDAsImp0aSI6Ii1CMUJUVDNxajYtOGZHd2tnem84Mzc5UkY1SS5CSHFZNVp3c0lGNVpMbEtvcGNvUlVGVHNLUjAiLCJtYXlfYWN0Ijp7ImNsaWVudF9pZCI6WyI2OWQwNWMxMS1lOGZlLTRhZTUtYTdjOS0yMjUyYTRkODVkZjQiXX19.f2NmwHVtekH93jO7-jM6mkFRcuvEN3WzcKsH-RAPnlc"; - - // IDM API Configuration - var IDM_API_URI = referer.origin + "/openidm/managed/alpha_organization/"+ orgId + "?_fields=name,description,idpName,idpType,idpDomains,idpJourney,idpTheme,idpPersist"; - - /* End Configuration */ - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod('GET'); - request.setUri(IDM_API_URI); - request.getHeaders().add("Content-Type", "application/json; charset=UTF-8"); - request.getHeaders().add("Authorization", "Bearer " + IDM_API_TOKEN); - - var response = httpClient.send(request).get(); - var result = JSON.parse(response.getEntity().getString()); - logger.message("IDP Re-Lookup: JSON result: " + JSON.stringify(result)); - - if (result) { - outcome = "true"; - var routedIDPs = [result]; - sharedState.put("routedIDPs", routedIDPs); - logger.message("IDP Re-Lookup: Found IDP"); - } - logger.message("IDP Re-Lookup: end [outcome={}]", outcome); - - /* - * Parse a URL into its components and make them easily accessible by name - * - * Use in a Scripte Decision Node Script as follows: - * var referer = parseUrl(requestHeaders.get("referer").get(0)); - * var origin = referer.origin; - * - * e.g.: https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - * { - * hash: '#/', - * host: 'openam-volker-dev.forgeblocks.com', - * hostname: 'openam-volker-dev.forgeblocks.com', - * href: 'https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/', - * origin: 'https://openam-volker-dev.forgeblocks.com', - * pathname: '/am/XUI/', - * port: '', - * protocol: 'https', - * search: '?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim', - * username: '', - * password: '', - * searchParam: { - * realm: '/bravo', - * authIndexType: 'service', - * authIndexValue: 'InitiateOwnerClaim' - * } - * } - */ - function parseUrl(href) { - var m = href.match(/^(([^:\\/?#]+):?(?:\\/\\/((?:([^\\/?#:]*):([^\\/?#:]*)@)?([^\\/?#:]*)(?::([^\\/?#:]*))?)))?([^?#]*)(\\?[^#]*)?(#.*)?$/), - r = { - hash: m[10] || "", // #/ - host: m[3] || "", // openam-volker-dev.forgeblocks.com - hostname: m[6] || "", // openam-volker-dev.forgeblocks.com - href: m[0] || "", // https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - origin: m[1] || "", // https://openam-volker-dev.forgeblocks.com - pathname: m[8] || (m[1] ? "/" : ""), // /am/XUI/ - port: m[7] || "", // - protocol: m[2] || "", // https - search: m[9] || "", // ?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim - username: m[4] || "", // - password: m[5] || "", // - searchParam: {} // { realm: '/bravo', - // authIndexType: 'service', - // authIndexValue: 'InitiateOwnerClaim' } - }; - if (r.protocol.length == 2) { - r.protocol = "file:///" + r.protocol.toUpperCase(); - r.origin = r.protocol + "//" + r.host; - } - if (r.search.length > 2) { - var query = (r.search.indexOf('?') === 0) ? r.search.substr(1) : r.search; - var vars = query.split('&'); - for (var i = 0; i < vars.length; i++) { - var pair = vars[i].split('='); - r.searchParam[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]); - } - } - r.href = r.origin + r.pathname + r.search + r.hash; - return r; - }; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 173`] = ` -{ - "meta": Any, - "script": { - "ab917dad-6fdb-46c2-8c8c-42f094ebeea1": { - "_id": "ab917dad-6fdb-46c2-8c8c-42f094ebeea1", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Perform IDP re-lookup based on the Organization ID from the initial lookup. Set users' external IDP in shared state for further processing.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "IDP Re-Lookup", - "script": "file://IDP-Re-Lookup.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 174`] = ` -"/* IDP Router - * - * Route users to their organization's IDP of type saml, oidc, local, - * or custom and apply the organization's theme, if specified. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - saml - * - oidc - * - local - * - custom - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - logger.message("IDP Router: Start"); - outcome = "local"; - var referer = parseUrl(requestHeaders.get("referer").get(0)); - var routedIDP = sharedState.get("routedIDPs").get(0); - if (routedIDP) { - outcome = routedIDP.get("idpType"); - logger.message("IDP Router: Routed IDP: " + routedIDP); - sharedState.put("selectedIdp", routedIDP.get("idpName")); - var nodeConfig = {}; - // load samlConfig - if (routedIDP.get("samlConfig")) { - nodeConfig = JSON.parse(routedIDP.get("samlConfig")); - } - // route to a custom journey - if (routedIDP.get("idpJourney")) { - logger.message("IDP Router: Route to custom IDP {}, journey: {}", routedIDP.get("idpName"), routedIDP.get("idpJourney")); - nodeConfig.tree = routedIDP.get("idpJourney"); - outcome = "custom"; - } - sharedState.put("nodeConfig", nodeConfig); - // only send callback if the org/idp requires a custom theme - if (routedIDP.get("idpTheme") && callbacks.isEmpty()) { - var stage = "themeId="+routedIDP.get("idpTheme"); - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - org.forgerock.openam.authentication.callbacks.PollingWaitCallback - ) - action = fr.Action.send( - new fr.PollingWaitCallback("0", "Please wait ...") - ).withStage(stage).build(); - } - } - logger.message("IDP Router: Done [outcome={}]", outcome); - - /* - * Parse a URL into its components and make them easily accessible by name - * - * Use in a Scripte Decision Node Script as follows: - * var referer = parseUrl(requestHeaders.get("referer").get(0)); - * var origin = referer.origin; - * - * e.g.: https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - * { - * hash: '#/', - * host: 'openam-volker-dev.forgeblocks.com', - * hostname: 'openam-volker-dev.forgeblocks.com', - * href: 'https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/', - * origin: 'https://openam-volker-dev.forgeblocks.com', - * pathname: '/am/XUI/', - * port: '', - * protocol: 'https', - * search: '?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim', - * username: '', - * password: '', - * searchParam: { - * realm: '/bravo', - * authIndexType: 'service', - * authIndexValue: 'InitiateOwnerClaim' - * } - * } - */ - function parseUrl(href) { - var m = href.match(/^(([^:\\/?#]+):?(?:\\/\\/((?:([^\\/?#:]*):([^\\/?#:]*)@)?([^\\/?#:]*)(?::([^\\/?#:]*))?)))?([^?#]*)(\\?[^#]*)?(#.*)?$/), - r = { - hash: m[10] || "", // #/ - host: m[3] || "", // openam-volker-dev.forgeblocks.com - hostname: m[6] || "", // openam-volker-dev.forgeblocks.com - href: m[0] || "", // https://openam-volker-dev.forgeblocks.com/am/XUI/?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim#/ - origin: m[1] || "", // https://openam-volker-dev.forgeblocks.com - pathname: m[8] || (m[1] ? "/" : ""), // /am/XUI/ - port: m[7] || "", // - protocol: m[2] || "", // https - search: m[9] || "", // ?realm=/bravo&authIndexType=service&authIndexValue=InitiateOwnerClaim - username: m[4] || "", // - password: m[5] || "", // - searchParam: {} // { realm: '/bravo', - // authIndexType: 'service', - // authIndexValue: 'InitiateOwnerClaim' } - }; - if (r.protocol.length == 2) { - r.protocol = "file:///" + r.protocol.toUpperCase(); - r.origin = r.protocol + "//" + r.host; - } - if (r.search.length > 2) { - var query = (r.search.indexOf('?') === 0) ? r.search.substr(1) : r.search; - var vars = query.split('&'); - for (var i = 0; i < vars.length; i++) { - var pair = vars[i].split('='); - r.searchParam[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]); - } - } - r.href = r.origin + r.pathname + r.search + r.hash; - return r; - }; -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 175`] = ` -{ - "meta": Any, - "script": { - "aef262d0-7a42-4a34-9826-e7dbc2ea6eb9": { - "_id": "aef262d0-7a42-4a34-9826-e7dbc2ea6eb9", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Route users to their organization's IDP of type saml, oidc, local, or custom and apply the organization's theme, if specified", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "IDP Router", - "script": "file://IDP-Router.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 176`] = ` -"/* IPv4 CIDR Rules Engine - * - * Author: volker.scheuber@forgerock.com, justin.chin@forgerock.com - * - * Evaluate IPv4 CIDR access rules from "esv-ipv4-cidr-access-rules". - * Access rules must have the following format: - * { - * "allow": [ - * "140.118.0.0/16", - * "110.35.0.0/16", - * "131.26.0.0/16", - * "92.61.21.153/32" - * ] - * } - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - allow - * - deny - */ -(function () { - outcome = "deny"; - - var rules = JSON.parse(systemEnv.getProperty("esv.ipv4.cidr.access.rules")); - var allow = rules['allow']; - - /* - * Returns the value of the requested header - */ - function getHeader(headerName) { - return requestHeaders.get(headerName).get(0); - } - - /* - * Returns the client's IP address - */ - function getClientIPAddress() { - return getHeader("x-forwarded-for").split(',')[0]; - } - - function IPnumber(IPaddress) { - var ip = IPaddress.match(/^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$/); - if (ip) { - return (+ip[1] << 24) + (+ip[2] << 16) + (+ip[3] << 8) + +ip[4]; - } - // else ... ? - return null; - } - - function IPmask(maskSize) { - return -1 << (32 - maskSize); - } - - function isAllowed(ip) { - var allowed = false; - allow.forEach((cidr) => { - if ( - (IPnumber(ip) & IPmask(cidr.split('/')[1])) == - IPnumber(cidr.split('/')[0]) - ) { - allowed = true; - } - }); - return allowed; - } - - if (isAllowed(getClientIPAddress())) { - outcome = "allow"; - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 177`] = ` -{ - "meta": Any, - "script": { - "7fb962a5-9f20-41d3-a077-b424a29c1198": { - "_id": "7fb962a5-9f20-41d3-a077-b424a29c1198", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Evaluate IPv4 CIDR access rules from "esv-ipv4-cidr-access-rules".", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "IPv4 CIDR Rules Engine", - "script": "file://IPv4-CIDR-Rules-Engine.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 178`] = ` -"/* Impersonate: Extract Actors And Become Impersonator - * - * Extract impersonatee and impersonator from headers and become impersonatee. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - */ - -(function () { - logger.warning("Impersonate: Extract Actors: start"); - outcome = "false"; - - /* - * BEGIN SCRIPT CONFIGURATION - */ - var IMPERSONATEE_HEADER_NAME = "X-Impersonatee"; - var IMPERSONATOR_HEADER_NAME = "X-Impersonator"; - /* - * END SCRIPT CONFIGURATION - */ - - var impersonatee = getHeader(IMPERSONATEE_HEADER_NAME); - var impersonator = getHeader(IMPERSONATOR_HEADER_NAME); - if (impersonatee && impersonator) { - outcome = "true"; - sharedState.put("impersonatee", impersonatee); - sharedState.put("impersonator", impersonator); - sharedState.put("username", impersonator); - setSharedObjectAttribute("userName", impersonator); - } - - logger.warning("Impersonate: Extract Actors: finish [outcome=".concat(outcome).concat("]")); - - /* - * Returns the value of the requested header - */ - function getHeader(headerName) { - if (requestHeaders.get(headerName) && requestHeaders.get(headerName).get(0)) { - return requestHeaders.get(headerName).get(0).toString(); - } - return null; - } - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 179`] = ` -{ - "meta": Any, - "script": { - "d6f3befb-c73a-437e-b02a-66d9b4c93f8b": { - "_id": "d6f3befb-c73a-437e-b02a-66d9b4c93f8b", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Extract impersonatee and impersonator from headers and become impersonator.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Impersonate: Extract Actors And Become Impersonator", - "script": "file://Impersonate:-Extract-Actors-And-Become-Impersonator.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 180`] = ` -"/* Impersonate: Switch Actors And Become Impersonatee - * - * Switch Actors And Become Impersonatee. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - */ - -(function () { - logger.warning("Impersonate: Switch Actors: start"); - outcome = "false"; - - var impersonatee = sharedState.get("impersonatee"); - var impersonator = sharedState.get("impersonator"); - if (impersonatee && impersonator) { - outcome = "true"; - sharedState.put("username", impersonatee); - setSharedObjectAttribute("userName", impersonatee); - } - - logger.warning("Impersonate: Switch Actors: finish [outcome=".concat(outcome).concat("]")); - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 181`] = ` -{ - "meta": Any, - "script": { - "878816b3-2bb4-4b43-8001-10f926ddefff": { - "_id": "878816b3-2bb4-4b43-8001-10f926ddefff", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Switch Actors And Become Impersonatee.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Impersonate: Switch Actors And Become Impersonatee", - "script": "file://Impersonate:-Switch-Actors-And-Become-Impersonatee.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 182`] = ` -"/* Impersonate: Update Session Properties - * - * Store the impersontor and impersonatee profile information in session properties. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: jake.feasel@forgerock.com, volker.scheuber@forgerock.com - */ -(function () { - logger.message("Impersonate: Update Session Properties: start"); - outcome = "true"; - - var goTo = org.forgerock.openam.auth.node.api.Action.goTo; - myGoto = goTo(outcome); - myGoto.putSessionProperty("userName", sharedState.get("username")); - myGoto.putSessionProperty("impersonator", sharedState.get("impersonator")); - - logger.message("Impersonate: Update Session Properties: done [outcome={}]", outcome); - action = myGoto.build(); -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 183`] = ` -{ - "meta": Any, - "script": { - "7dd80834-e7b2-4737-85a7-40434bb19dde": { - "_id": "7dd80834-e7b2-4737-85a7-40434bb19dde", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Store the impersontor and impersonatee profile information in session properties.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Impersonate: Update Session Properties", - "script": "file://Impersonate:-Update-Session-Properties.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 184`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.id), - field("username", rawProfile.username)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 185`] = ` -{ - "meta": Any, - "script": { - "1244e639-4a31-401d-ab61-d75133d8dc9e": { - "_id": "1244e639-4a31-401d-ab61-d75133d8dc9e", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Instagram", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Instagram Profile Normalization", - "script": "file://Instagram-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 186`] = ` -"/* - * Copyright 2020-2021 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -import org.forgerock.json.JsonValue - -JsonValue managedUser = json(object( - field("id", rawProfile.sub), - field("displayName", rawProfile.name), - field("givenName", rawProfile.given_name), - field("familyName", rawProfile.family_name), - field("username", rawProfile.email), - field("email", rawProfile.email))) -return managedUser" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 187`] = ` -{ - "meta": Any, - "script": { - "3d97c436-42c0-4dd0-a571-ea6f34f752b3": { - "_id": "3d97c436-42c0-4dd0-a571-ea6f34f752b3", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Itsme", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Itsme Profile Normalization", - "script": "file://Itsme-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 188`] = ` -"/* KerberosLogin: Extract Username - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - */ - -logger.warning("KerberosLogin: Extract Username: start"); -outcome = "false"; - -/* - * BEGIN SCRIPT CONFIGURATION - */ -var USERNAME_HEADER_NAME = "X-OpenAM-Username"; -/* - * END SCRIPT CONFIGURATION - */ - -var username = getHeader(USERNAME_HEADER_NAME); -if (username) { - - outcome = "true"; - sharedState.put("username", username); - setSharedObjectAttribute("userName", username); -} - -logger.warning("KerberosLogin: Extract Username: finish [outcome=".concat(outcome).concat("]")); - -/* - * Returns the value of the requested header - */ -function getHeader(headerName) { - if (requestHeaders.get(headerName) && requestHeaders.get(headerName).get(0)) { - return requestHeaders.get(headerName).get(0).toString(); - } - return null; -} - -/* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ -function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 189`] = ` -{ - "meta": Any, - "script": { - "355a8b7c-9e3c-40c1-a873-68127e483adf": { - "_id": "355a8b7c-9e3c-40c1-a873-68127e483adf", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Extract Username from request.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "KerberosLogin: Extract Username", - "script": "file://KerberosLogin:-Extract-Username.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 190`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.id), - field("givenName", rawProfile.firstName.localized.get(0)), - field("familyName", rawProfile.lastName.localized.get(0)), - field("photoUrl", rawProfile.profilePicture.displayImage), - field("email", rawProfile.elements.get(0).get("handle~").emailAddress), - field("username", rawProfile.elements.get(0).get("handle~").emailAddress)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 191`] = ` -{ - "meta": Any, - "script": { - "8862ca8f-7770-4af5-a888-ac0df0947f36": { - "_id": "8862ca8f-7770-4af5-a888-ac0df0947f36", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from LinkedIn", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "LinkedIn Profile Normalization", - "script": "file://LinkedIn-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 192`] = ` -"/* MFA Status - * - * Author: volker.scheuber@forgerock.com - * - * Check if MFA has already been performed for this journey. - * This allows journeys and inner journeys not to perform MFA multiple times. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - */ -outcome = "false"; -if (sharedState.get("mfaPerformed")=="true") { - outcome = "true"; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 193`] = ` -{ - "meta": Any, - "script": { - "ac9fc25e-3ad9-4f80-a796-2d9093795439": { - "_id": "ac9fc25e-3ad9-4f80-a796-2d9093795439", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check if MFA has already been performed for this journey. This allows journeys and inner journeys not to perform MFA multiple times.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "MFA Status", - "script": "file://MFA-Status.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 194`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* -{ - "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity", - "@odata.id": "https://graph.microsoft.com/v2/711ffa9c-5972-4713-ace3-688c9732614a/directoryObjects/7d7759e2-36d8-4e64-b173-3f890d7d46d6/Microsoft.DirectoryServices.User", - "businessPhones": [ - "18014735451" - ], - "displayName": "Volker Scheuber", - "givenName": "Volker", - "jobTitle": null, - "mail": "vscheuber@vscheuber.onmicrosoft.com", - "mobilePhone": null, - "officeLocation": null, - "preferredLanguage": null, - "surname": "Scheuber", - "userPrincipalName": "vscheuber@vscheuber.onmicrosoft.com", - "id": "7d7759e2-36d8-4e64-b173-3f890d7d46d6" -} - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -logger.message("Kauai Microsoft Profile Normalization: rawProfile={}", rawProfile) - -return json(object( - field("id", rawProfile.id), - field("displayName", rawProfile.displayName), - field("givenName", rawProfile.givenName), - field("familyName", rawProfile.surname), - field("email", rawProfile.userPrincipalName), - field("username", rawProfile.userPrincipalName), - field("groups", rawProfile.groups)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 195`] = ` -{ - "meta": Any, - "script": { - "73cecbfc-dad0-4395-be6a-6858ee3a80e5": { - "_id": "73cecbfc-dad0-4395-be6a-6858ee3a80e5", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Microsoft", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Microsoft Profile Normalization", - "script": "file://Microsoft-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 196`] = ` -"logger.warning("MobileOTP: Extract Username, Password, OTP: start"); - -/* - * BEGIN SCRIPT CONFIGURATION - */ -var USERNAME_HEADER_NAME = "X-OpenAM-Username"; -var PASSWORD_HEADER_NAME = "X-OpenAM-Password"; -var OTP_HEADER_NAME = "X-OpenAM-MobileOTP"; -/* - * END SCRIPT CONFIGURATION - */ - -outcome = "false"; - -var username = getHeader(USERNAME_HEADER_NAME) || null; -var password = getHeader(PASSWORD_HEADER_NAME) || null; -var mobileOTP = getHeader(OTP_HEADER_NAME) || null; - -if (username && password && mobileOTP) { - sharedState.put("username", username); - transientState.put("password", password); - transientState.put("mobileOTP", mobileOTP); - outcome = "true"; -} - -logger.warning("MobileOTP: Extract Username, Password, OTP: finish [outcome=".concat(outcome).concat("]")); - -/* - * Returns the value of the requested header - */ -function getHeader(headerName) { - if (requestHeaders.get(headerName) && requestHeaders.get(headerName).get(0)) { - return requestHeaders.get(headerName).get(0).toString(); - } - return null; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 197`] = ` -{ - "meta": Any, - "script": { - "57807349-630f-496a-bccb-ea1011b8e945": { - "_id": "57807349-630f-496a-bccb-ea1011b8e945", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Extract username, password, and OTP from request headers and put them in shared state for validation.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "MobileOTP: Extract Username, Password, OTP", - "script": "file://MobileOTP:-Extract-Username-Password-OTP.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 198`] = ` -"/* - * Reset OTP profile attribute in ObjectAttributes so it can be patched to the user profile. - */ -outcome = "true"; - -setSharedObjectAttribute("fr-attr-int5", "0"); - -/* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ -function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 199`] = ` -{ - "meta": Any, - "script": { - "d25a1315-8beb-4a0c-84bf-534214fed087": { - "_id": "d25a1315-8beb-4a0c-84bf-534214fed087", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Prepare Reset Of OTP Profile Attribute", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "MobileOTP: Prepare Reset Of OTP Profile Attribute", - "script": "file://MobileOTP:-Prepare-Reset-Of-OTP-Profile-Attribute.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 200`] = ` -"/* - * Validate OTP in user profile attribute against OTP in shared state - */ -outcome = "false"; -var OTP_LENGTH = 8; - -if (sharedState.get("mobileOTP")) { - var profileOTP = idRepository.getAttribute(username, "fr-attr-int5"); -} - -function checkPassword(profileOTP, password) { - var oneTimePassword = profileOTP.substring(0,7); - var passwordTimestamp = Number(profileOTP.substring(8)); - - var passwordMatches = oneTimePassword - && (oneTimePassword == password) - && passwordTimestamp != null - && isWithinExpiryTime(passwordTimestamp); - return passwordMatches; -} - -function isWithinExpiryTime(passwordTimestamp) { - Instant previous = Instant.ofEpochSecond(passwordTimestamp); - Duration passwordExpiry = Duration.ofMinutes(config.passwordExpiryTime()); - Instant now = Time.getClock().instant(); - logger.debug("previous {} \\n passwordExpiry {} \\n now {}", previous, passwordExpiry, now); - boolean withinExpiryTime = Duration.between(previous.plus(passwordExpiry), now).isNegative(); - logger.debug("withinExpiryTime {}", withinExpiryTime); - return withinExpiryTime; -} - -/* - private Action checkPassword(TreeContext context, String password) { - JsonValue oneTimePassword = context.getState(ONE_TIME_PASSWORD); - JsonValue passwordTimestamp = context.getState(ONE_TIME_PASSWORD_TIMESTAMP); - - boolean passwordMatches = oneTimePassword != null && oneTimePassword.isString() - && oneTimePassword.asString().equals(password) - && passwordTimestamp != null && passwordTimestamp.isNumber() - && isWithinExpiryTime(passwordTimestamp.asLong()); - logger.debug("passwordMatches {}", passwordMatches); - return goTo(passwordMatches).build(); - } - - private boolean isWithinExpiryTime(long passwordTimestamp) { - Instant previous = Instant.ofEpochSecond(passwordTimestamp); - Duration passwordExpiry = Duration.ofMinutes(config.passwordExpiryTime()); - Instant now = Time.getClock().instant(); - logger.debug("previous {} \\n passwordExpiry {} \\n now {}", previous, passwordExpiry, now); - boolean withinExpiryTime = Duration.between(previous.plus(passwordExpiry), now).isNegative(); - logger.debug("withinExpiryTime {}", withinExpiryTime); - return withinExpiryTime; - } - */" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 201`] = ` -{ - "meta": Any, - "script": { - "ce6fbbcf-5d9a-471b-bcc1-448758a6374a": { - "_id": "ce6fbbcf-5d9a-471b-bcc1-448758a6374a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Validate OTP in profile attribute", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "MobileOTP: Validate OTP In Profile Attribute", - "script": "file://MobileOTP:-Validate-OTP-In-Profile-Attribute.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 202`] = ` -"/* - * Copyright 2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -import org.forgerock.json.JsonValue - -JsonValue managedUser = json(object( - field("givenName", normalizedProfile.givenName), - field("sn", normalizedProfile.familyName), - field("mail", normalizedProfile.email), - field("userName", normalizedProfile.username))) - -if (normalizedProfile.postalAddress.isNotNull()) managedUser.put("postalAddress", normalizedProfile.postalAddress) -if (normalizedProfile.addressLocality.isNotNull()) managedUser.put("city", normalizedProfile.addressLocality) -if (normalizedProfile.addressRegion.isNotNull()) managedUser.put("stateProvince", normalizedProfile.addressRegion) -if (normalizedProfile.postalCode.isNotNull()) managedUser.put("postalCode", normalizedProfile.postalCode) -if (normalizedProfile.country.isNotNull()) managedUser.put("country", normalizedProfile.country) -if (normalizedProfile.phone.isNotNull()) managedUser.put("telephoneNumber", normalizedProfile.phone) -managedUser.put("accountStatus", (normalizedProfile.roles.asString() == "fidc-volker-dev-admins") ? 'Active' : 'Inactive') - -// if the givenName and familyName is null or empty -// then add a boolean flag to the shared state to indicate names are not present -// this could be used elsewhere -// for eg. this could be used in a scripted decision node to by-pass patching -// the user object with blank values when givenName and familyName is not present -boolean noGivenName = normalizedProfile.givenName.isNull() || (!normalizedProfile.givenName.asString()?.trim()) -boolean noFamilyName = normalizedProfile.familyName.isNull() || (!normalizedProfile.familyName.asString()?.trim()) -sharedState.put("nameEmptyOrNull", noGivenName && noFamilyName) - -return managedUser -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 203`] = ` -{ - "meta": Any, - "script": { - "3156d7e9-1589-4ffb-a659-37a1647ee03d": { - "_id": "3156d7e9-1589-4ffb-a659-37a1647ee03d", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Converts a normalized social profile coming from ADFS into a managed user", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Normalized ADFS Profile to Managed User", - "script": "file://Normalized-ADFS-Profile-to-Managed-User.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 204`] = ` -"/* - * Copyright 2021 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -import org.forgerock.json.JsonValue - -JsonValue identity = json(object( - field("givenName", normalizedProfile.givenName), - field("sn", normalizedProfile.familyName), - field("mail", normalizedProfile.email), - field("cn", normalizedProfile.displayName), - field("userName", normalizedProfile.username), - field("iplanet-am-user-alias-list", selectedIdp + '-' + normalizedProfile.id.asString()))) - -return identity" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 205`] = ` -{ - "meta": Any, - "script": { - "ed685f9f-5909-4726-86e8-22bd38b47663": { - "_id": "ed685f9f-5909-4726-86e8-22bd38b47663", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Converts a normalized social profile into an Identity", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Normalized Profile to Identity", - "script": "file://Normalized-Profile-to-Identity.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 206`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -import org.forgerock.json.JsonValue - -JsonValue managedUser = json(object( - field("givenName", normalizedProfile.givenName), - field("sn", normalizedProfile.familyName), - field("mail", normalizedProfile.email), - field("userName", normalizedProfile.username))) - -if (normalizedProfile.postalAddress.isNotNull()) managedUser.put("postalAddress", normalizedProfile.postalAddress) -if (normalizedProfile.addressLocality.isNotNull()) managedUser.put("city", normalizedProfile.addressLocality) -if (normalizedProfile.addressRegion.isNotNull()) managedUser.put("stateProvince", normalizedProfile.addressRegion) -if (normalizedProfile.postalCode.isNotNull()) managedUser.put("postalCode", normalizedProfile.postalCode) -if (normalizedProfile.country.isNotNull()) managedUser.put("country", normalizedProfile.country) -if (normalizedProfile.phone.isNotNull()) managedUser.put("telephoneNumber", normalizedProfile.phone) - -// if the givenName and familyName is null or empty -// then add a boolean flag to the shared state to indicate names are not present -// this could be used elsewhere -// for eg. this could be used in a scripted decision node to by-pass patching -// the user object with blank values when givenName and familyName is not present -boolean noGivenName = normalizedProfile.givenName.isNull() || (!normalizedProfile.givenName.asString()?.trim()) -boolean noFamilyName = normalizedProfile.familyName.isNull() || (!normalizedProfile.familyName.asString()?.trim()) -sharedState.put("nameEmptyOrNull", noGivenName && noFamilyName) - -return managedUser -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 207`] = ` -{ - "meta": Any, - "script": { - "58c824ae-84ed-4724-82cd-db128fc3f6c": { - "_id": "58c824ae-84ed-4724-82cd-db128fc3f6c", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Converts a normalized social profile into a managed user", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Normalized Profile to Managed User", - "script": "file://Normalized-Profile-to-Managed-User.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 208`] = ` -"/* Normalized idddataweb Profile to Managed User - * Copyright 2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. Not for production use. - * Modified by Stephen Payne, 2021-Mar-30 - */ -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object -import org.forgerock.json.JsonValue -logger.error("Normalized_Profile_IDDataWeb: Start " + normalizedProfile); - -JsonValue managedUser = json(object( - field("givenName", normalizedProfile.givenName), - field("sn", normalizedProfile.familyName), - field("userName", normalizedProfile.username))) -if (normalizedProfile.postalAddress.isNotNull()) managedUser.put("postalAddress", normalizedProfile.postalAddress) -if (normalizedProfile.addressLocality.isNotNull()) managedUser.put("city", normalizedProfile.addressLocality) -if (normalizedProfile.addressRegion.isNotNull()) managedUser.put("stateProvince", normalizedProfile.addressRegion) -if (normalizedProfile.postalCode.isNotNull()) managedUser.put("postalCode", normalizedProfile.postalCode) -if (normalizedProfile.country.isNotNull()) managedUser.put("country", normalizedProfile.country) -if (normalizedProfile.phone.isNotNull()) managedUser.put("telephoneNumber", normalizedProfile.phone) -if (normalizedProfile.DOB.isNotNull()) managedUser.put("frIndexedString2", normalizedProfile.DOB) - -return managedUser -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 209`] = ` -{ - "meta": Any, - "script": { - "809330cf-874c-4d57-a8f1-5882c6dd855b": { - "_id": "809330cf-874c-4d57-a8f1-5882c6dd855b", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Converts a normalized social profile for iddataweb into a Managed user", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Normalized idddataweb Profile to Managed User", - "script": "file://Normalized-idddataweb-Profile-to-Managed-User.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 210`] = ` -"/* - * Copyright 2019-2021 ForgeRock AS. All Rights Reserved. - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script lets you modify information associated with an OAuth2 access token - * with methods provided by the AccessToken (1) interface. - * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens, - * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized. - * When adding/updating fields make sure that the token size remains within client/user-agent limits. - * - * Defined variables: - * accessToken - AccessToken (1). - * The access token to be updated. - * Mutable object, all changes to the access token will be reflected. - * scopes - Set (6). - * Always present, the requested scopes. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * - * Return - no value is expected, changes shall be made to the accessToken parameter directly. - * - * Class reference: - * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. - */ - -(function () { - // Adds new fields containing the session property values. - // NOTE: session may not be available for non-interactive authorization grants. - if (session) { - try { - accessToken.setField('ip_address', session.getProperty('Host')); - } catch (e) { - logger.error('Unable to retrieve session property value. ' + e); - } - } -}()); - -/* EXAMPLE -(function () { - var frJava = JavaImporter( - org.forgerock.http.protocol.Request, - org.forgerock.http.protocol.Response - ); - - // Always includes this field in the token. - accessToken.setField('key1', 'value1'); - - // Receives and adds to the access token additional values by performing a REST call to an external service. - // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example. - var uri = 'https://jsonplaceholder.typicode.com/posts'; - - try { - var request = new frJava.Request(); - - // You can chain methods that return the request object. - request.setUri(uri) - .setMethod('POST') - .setEntity(JSON.stringify({ - updatedFields: { - key2: 'value2', - key3: 'value3' - } - })); - - // You can call a method when chaining is not possible. - request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8'); - - // Sends the request and receives the response. - var response = httpClient.send(request).getOrThrow(); - - // Checks if the response status is as expected. - if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) { - var result = JSON.parse(response.getEntity().getString()); - - // Set multiple token fields at once. - accessToken.setFields(result.updatedFields); - } else { - logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString()); - } - } catch (e) { - logger.error('The request processing was interrupted. ' + e); - - // The access token request fails with the HTTP 500 error in this case. - throw ('Unable to obtain response from: ' + uri); - } - - // Adds new fields containing identity attribute values to the access token. - accessToken.setField('mail', identity.getAttribute('mail')); - accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]); - - // Adds new fields containing the session property values. - // NOTE: session may not be available for non-interactive authorization grants. - if (session) { - try { - accessToken.setField('ipAddress', session.getProperty('Host')); - } catch (e) { - logger.error('Unable to retrieve session property value. ' + e); - } - } - - // Removes a native field from the token entry, that was set by AM. - // WARNING: removing native fields from the token may result in loss of functionality. - // accessToken.removeTokenName() - - // No return value is expected. Let it be undefined. -}()); -*/" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 211`] = ` -{ - "meta": Any, - "script": { - "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { - "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OAuth2 Access Token Modification", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OAuth2 Access Token Modification Script", - "script": "file://OAuth2-Access-Token-Modification-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 212`] = ` -"/* - * Copyright 2014-2021 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. - * The claim values are computed for: - * the claims derived from the requested scopes, - * the claims provided by the authorization server, - * and the claims requested by the client via the claims parameter. - * - * In the CONFIGURATION AND CUSTOMIZATION section, you can - * define the scope-to-claims mapping, and - * assign to each claim a resolver function that will compute the claim value. - * - * Defined variables (class references are provided below): - * scopes - Set (6). - * Always present, the requested scopes. - * claims - Map (5). - * Always present, default server provided claims. - * claimObjects - List (7, 2). - * Always present, the default server provided claims. - * requestedClaims - Map> (5). - * Always present, not empty if the request contains the claims parameter and the server has enabled - * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; - * requested claims with no requested values will have a key but no value in the map. A key with - * a single value in its Set (6) indicates that this is the only value that should be returned. - * requestedTypedClaims - List (7, 2). - * Always present, the requested claims. - * Requested claims with no requested values will have a claim with no values. - * A claim with a single value indicates this is the only value that should be returned. - * claimsLocales - List (7). - * The values from the 'claims_locales' parameter. - * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * In order to use the client, you may need to add - * org.forgerock.http.Client, - * org.forgerock.http.protocol.*, - * and org.forgerock.util.promise.PromiseImpl - * to the allowed Java classes in the scripting engine configuration, as described in: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html - * - * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. - * The result of the last statement in the script is returned to the server. - * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) - * is the last (and only) statement in this script, and its return value will become the script result. - * Do not use "return variable" statement outside of a function definition. - * See RESULTS section for additional details. - * - * Class reference: - * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. - * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). - * An instance of org.forgerock.openidconnect.Claim has methods to access - * the claim name, requested values, locale, and whether the claim is essential. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. -*/ - -(function () { - // SETUP - - /** - * Claim processing utilities. - * An object that contains reusable functions for processing claims. - * @see CLAIM PROCESSING UTILITIES section for details. - */ - var utils = getUtils(); - - // CONFIGURATION AND CUSTOMIZATION - - /** - * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a scope value to an array of claim names - * to specify which claims need to be processed and returned for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} - * for the scope values that could be used to request claims as defined in the OIDC specification. - * - * Below, find a default configuration that is expected to work in the current environment. - * - * CUSTOMIZATION - * You can choose the claim names returned for a scope. - */ - utils.setScopeClaimsMap({ - profile: [ - 'name', - 'family_name', - 'given_name', - 'zoneinfo', - 'locale' - ], - email: ['email'], - address: ['address'], - phone: ['phone_number'] - }); - - /** - * In this script, each claim - * derived from the requested scopes, - * provided by the authorization server, and - * requested by the client via the claims parameter - * will be processed by a function associated with the claim name. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a claim name to a resolver function, - * which will be automatically executed for each claim processed by the script. - * - * The claim resolver function will receive the requested claim information - * in an instance of org.forgerock.openidconnect.Claim as the first argument. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} - * for details on the Claim class. - * - * If the claim resolver function returns a value, - * other than undefined or null, - * the claim will be included in the script's results. - * - * The Claim instance provides methods to check - * what the name of the claim is, - * which values the claim request contains, - * whether the claim is essential, and - * which locale the claim is associated with. - * The resolver function can consider this information when computing and returning the claim value. - * - * Below, find a default configuration that is expected to work in the current environment. - * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), - * is called to return a claim resolver function based on a user profile attribute. - * @see CLAIM RESOLVERS section for the implementation details and examples. - * For the address claim, an example of a claim resolver that uses another claim resolver is provided. - * - * CUSTOMIZATION - * You can reuse the predefined utils methods with your custom arguments. - * You can also specify a custom resolver function for a claim name, - * that will compute and return the claim value—as shown in the commented out example below. - */ - utils.setClaimResolvers({ - /* - // An example of a simple claim resolver function that is defined for a claim - // directly in the configuration object: - custom-claim-name: function (requestedClaim) { - // In this case, initially, the claim value comes straight from a user profile attribute value: - var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] - - // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. - // You can use: - // requestedClaim.getName() - // requestedClaim.getValues() - // requestedClaim.getLocale() - // requestedClaim.isEssential() - - return claimValue - }, - */ - /** - * The use of utils.getUserProfileClaimResolver shows how - * an argument passed to a function that returns a claim resolver - * becomes available to the resolver function (via its lexical context). - */ - name: utils.getUserProfileClaimResolver('cn'), - family_name: utils.getUserProfileClaimResolver('sn'), - given_name: utils.getUserProfileClaimResolver('givenname'), - zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), - locale: utils.getUserProfileClaimResolver('preferredlocale'), - email: utils.getUserProfileClaimResolver('mail'), - address: utils.getAddressClaimResolver( - /** - * The passed in user profile claim resolver function - * can be used by the address claim resolver function - * to obtain the claim value to be formatted as per the OIDC specification: - * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. - */ - utils.getUserProfileClaimResolver('postaladdress') - ), - phone_number: utils.getUserProfileClaimResolver('telephonenumber') - }); - - // CLAIM PROCESSING UTILITIES - - /** - * @returns {object} An object that contains reusable claim processing utilities. - * @see PUBLIC METHODS section and the return statement for the list of exported functions. - */ - function getUtils () { - // IMPORT JAVA - - /** - * Provides Java scripting functionality. - * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. - */ - var frJava = JavaImporter( - org.forgerock.oauth2.core.exceptions.InvalidRequestException, - org.forgerock.oauth2.core.UserInfoClaims, - org.forgerock.openidconnect.Claim, - - java.util.LinkedHashMap, - java.util.ArrayList - ); - - // SET UP CONFIGURATION - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported scope values (scopes) - * and the corresponding claim names for each scope value. - */ - var scopeClaimsMap; - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported claim names - * and the resolver functions returning the claim value. - */ - var claimResolvers; - - /** - * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps each supported scope value to an array of claim names, - * in order to specify which claims need to be processed for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. - * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. - * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. - * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. - * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. - * @returns {undefined} - */ - function setScopeClaimsMap(params) { - scopeClaimsMap = params; - } - - /** - * A (public) method that accepts an object that maps the supported claim names - * and the resolver functions returning the claim value, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps - * each supported claim name to a function that computes and returns the claim value. - */ - function setClaimResolvers(params) { - claimResolvers = params; - } - - // CLAIM RESOLVERS - - /** - * Claim resolvers are functions that return a claim value. - * @param {*} - * @returns {*} - */ - - /** - * Defines a claim resolver based on a user profile attribute. - * @param {string} attributeName - Name of the user profile attribute. - * @returns {function} A function that will determine the claim value - * based on the user profile attribute and the (requested) claim properties. - */ - function getUserProfileClaimResolver (attributeName) { - /** - * Resolves a claim with a user profile attribute value. - * Returns undefined if the identity attribute is not populated, - * OR if the claim has requested values that do not contain the identity attribute value. - * ATTENTION: the aforementioned comparison is case-sensitive. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {string|HashSet|undefined} - */ - function resolveClaim(claim) { - var userProfileValue; - - if (identity) { - userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); - - if (userProfileValue && !userProfileValue.isEmpty()) { - if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { - return userProfileValue; - } - } - } - } - - return resolveClaim; - } - - /** - * Returns an address claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional formatting to the value before returning it. - */ - function getAddressClaimResolver (resolveClaim) { - /** - * Creates an address claim object from a value returned by a claim resolver, - * and returns the address claim object as the claim value. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. - * The claim value is obtained with a claim resolving function available from the closure. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. - */ - function resolveAddressClaim(claim) { - var claimValue = resolveClaim(claim); - var addressObject; - - if (isClaimValueValid(claimValue)) { - addressObject = new frJava.LinkedHashMap(); - - addressObject.put('formatted', claimValue); - - return addressObject; - } - } - - return resolveAddressClaim; - } - - /** - * Returns an essential claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional logic for essential claims. - */ - function getEssentialClaimResolver (resolveClaim) { - /** - * Returns a claim value or throws an error. - * The claim value is obtained with a claim resolving function available from the closure. - * Throws an exception if the claim is essential and no value is returned for the claim. - * - * Use of this resolver is optional. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: - * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, - * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, - * unless otherwise specified in the description of the specific claim." - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - */ - function resolveEssentialClaim(claim) { - var claimValue = resolveClaim(claim); - - if (claim.isEssential() && !isClaimValueValid(claimValue)) { - throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); - } - - return claimValue; - } - - return resolveEssentialClaim; - } - - /** - * Provides default resolution for a claim. - * Use it if a claim-specific resolver is not defined in the configuration. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} A single value associated with this claim. - */ - function resolveAnyClaim (claim) { - if (claim.getValues().size() === 1) { - return claim.getValues().toArray()[0]; - } - } - - // UTILITIES - - /** - * Returns claim value from a set. - * If the set contains a single value, returns the value. - * If the set contains multiple values, returns the set. - * Otherwise, returns undefined. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @param {java.util.HashSet} set The set—for example, a user profile attribute value. - * @returns {string|java.util.HashSet|undefined} - */ - function getClaimValueFromSet (claim, set) { - if (set && set.size()) { - if (set.size() === 1) { - return set.toArray()[0]; - } else { - return set; - } - } else if (logger.warningEnabled()) { - logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); - } - } - - function isClaimValueValid (claimValue) { - if (typeof claimValue === 'undefined' || claimValue === null) { - return false; - } - - return true; - } - - // CLAIM PROCESSING - - /** - * Constructs and returns an object populated with the computed claim values - * and the requested scopes mapped to the claim names. - * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * @see RESULTS section for the use of this function. - */ - function getUserInfoClaims () { - return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); - } - - /** - * Creates a map of (requested) claim names populated with the computed claim values. - * @returns {java.util.LinkedHashMap} - * A map of the requested claim names and the corresponding claim values. - */ - function getComputedClaims () { - /** - * Creates a complete list of claim objects from: - * the claims derived from the scopes, - * the claims provided by the authorization server, - * and the claims requested by the client. - * @returns {java.util.ArrayList} - * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function getClaims() { - /** - * Returns a list of claim objects for the requested scopes. - * Uses the scopeClaimsMap configuration option to derive the claim names; - * no other properties of a claim derived from a scope are populated. - * @returns {java.util.ArrayList} - * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function convertScopeToClaims() { - var claims = new frJava.ArrayList(); - - scopes.toArray().forEach(function (scope) { - if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - claims.add(new frJava.Claim(claimName)); - }); - } - }); - - return claims; - } - - var claims = new frJava.ArrayList(); - - claims.addAll(convertScopeToClaims()); - claims.addAll(claimObjects); - claims.addAll(requestedTypedClaims); - - return claims; - } - - /** - * Computes and returns a claim value. - * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. - * @see claimResolvers - * If no resolver function is found, uses the default claim resolver function. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} Claim value. - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - * Rethrows this exception if a claim resolver throws it. - * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver - * if you want to terminate the claim processing. - */ - function computeClaim(claim) { - var resolveClaim; - var message; - - try { - resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; - - return resolveClaim(claim); - } catch (e) { - message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; - - if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { - throw e; - } - - if (logger.warningEnabled()) { - logger.warning(message); - } - } - } - - var computedClaims = new frJava.LinkedHashMap(); - - getClaims().toArray().forEach(function (claim) { - var claimValue = computeClaim(claim); - - if (isClaimValueValid(claimValue)) { - computedClaims.put(claim.getName(), claimValue); - } else { - /** - * If a claim has been processed, but appears in the list again, - * and its value cannot be computed under the new conditions, - * the claim is removed from the final result. - * - * For example, a claim could be mapped to a scope and found in the user profile, - * but also requested by the client with required values that don't match the computed one. - * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. - * for the relevant OIDC specification details. - */ - computedClaims.remove(claim.getName()); - } - }); - - return computedClaims; - } - - /** - * Creates a map of requested scopes and the corresponding claim names. - * @returns {java.util.LinkedHashMap} - */ - function getCompositeScopes () { - var compositeScopes = new frJava.LinkedHashMap(); - - scopes.toArray().forEach(function (scope) { - var scopeClaims = new frJava.ArrayList(); - - if (scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - scopeClaims.add(claimName); - }); - } - - if (scopeClaims.size()) { - compositeScopes.put(scope, scopeClaims); - } - }); - - return compositeScopes; - } - - // PUBLIC METHODS - - return { - setScopeClaimsMap: setScopeClaimsMap, - setClaimResolvers: setClaimResolvers, - getUserProfileClaimResolver: getUserProfileClaimResolver, - getAddressClaimResolver: getAddressClaimResolver, - getEssentialClaimResolver: getEssentialClaimResolver, - getUserInfoClaims: getUserInfoClaims - }; - } - - // RESULTS - - /** - * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class - * populated with the computed claim values and - * the requested scopes mapped to the claim names. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * - * Assigning it to a variable gives you an opportunity - * to log the content of the returned value during development. - */ - var userInfoClaims = utils.getUserInfoClaims(); - - /* - logger.error(scriptName + ' results:') - logger.error('Values: ' + userInfoClaims.getValues()) - logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) - */ - - return userInfoClaims; -}()); -" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 213`] = ` -{ - "meta": Any, - "script": { - "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { - "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Default global script for OIDC claims", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OIDC Claims Script", - "script": "file://OIDC-Claims-Script.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 214`] = ` -"/* OTP Invalid - * - * Author: volker.scheuber@forgerock.com - * - * Return TextOutputCallback indicating the provided OTP was invalid. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -outcome = "true"; -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback -) -if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - "INVALID" - ) - ).build() -} -else { - action = fr.Action.goTo(outcome).build(); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 215`] = ` -{ - "meta": Any, - "script": { - "89eff37a-2e1e-47c2-8d62-5f7417fbb6b4": { - "_id": "89eff37a-2e1e-47c2-8d62-5f7417fbb6b4", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Return TextOutputCallback indicating the provided OTP was invalid.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OTP Invalid", - "script": "file://OTP-Invalid.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 216`] = ` -"/* OTP Valid - * - * Author: volker.scheuber@forgerock.com - * - * Return TextOutputCallback indicating the provided OTP was valid. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -outcome = "true"; -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback -) -if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - "VALID" - ) - ).build() -} -else { - action = fr.Action.goTo(outcome).build(); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 217`] = ` -{ - "meta": Any, - "script": { - "5dbd53c6-67ff-4a43-84c3-90c5cf5da35a": { - "_id": "5dbd53c6-67ff-4a43-84c3-90c5cf5da35a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Return TextOutputCallback indicating the provided OTP was valid.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "OTP Valid", - "script": "file://OTP-Valid.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 218`] = ` -"/* Okta Passthru Authentication - * - * Authors: chico.demettroff@forgerock.com, volker.scheuber@forgerock.com - * - * Okta pass through authentication using Okta Authentication API. - * - * This script needs to be parametrized. It will not work properly as is. - * It requires the Platform Username and Platform Password collector nodes - * before it can operate. - * - * The Scripted Decision Node needs the following outcomes defined: - * - Success - * - Failure - * - Timeout - * - Error - */ -logger.message("Okta Passthru Authentication: start"); - -if (sharedState.get("username") && transientState.get("password")) { - /* - * BEGIN SCRIPT CONFIGURATION - * - * REPLACE WITH YOUR OWN OKTA TENANT SETTINGS - * - */ - var OKTA_API_URI = "https://dev-18030933.okta.com/api/v1/authn/"; - /* - * END SCRIPT CONFIGURATION - */ - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod('POST'); - request.setUri(OKTA_API_URI); - request.getHeaders().add("Content-Type", "application/json"); - //var body = "{\\"username\\":".concat(sharedState.get("username")).concat(",\\"password\\":").concat(transientState.get("password")).concat(",\\"options\\":{\\"multiOptionalFactorEnroll\\":true,\\"warnBeforePasswordExpired\\":true}}"); - var body = { - "username": sharedState.get("username"), - "password": transientState.get("password"), - "options": { - "multiOptionalFactorEnroll": true, - "warnBeforePasswordExpired": true - } - } - request.getEntity().setJson(body); - - var response = httpClient.send(request).get(); - var result = JSON.parse(response.getEntity().getString()); - logger.message("Okta Passthru Authentication: JSON result: " + JSON.stringify(result)); - - if (response.getStatus().getCode() === 200 && result.status === "SUCCESS") { - outcome = "Success" - transientState.put("oktaProfile", result._embedded.user.profile); - } else { - /* Outcomes: - * - Success - * - Failure - * - Timeout - * - Error - * - * Expected/known Error Codes: - * E0000004 - Authentication failed. - * E0000003 - The request body was not well-formed - */ - - /* -{ - "expiresAt": "2021-10-14T22:15:04.000Z", - "status": "SUCCESS", - "sessionToken": "20111FNVseT3WyCzBHFBi3dYtx980FHen46QKlWXRNTe1kRef3GQu1W", - "_embedded": { - "user": { - "id": "00u1xqw851dEqM1Y15d7", - "passwordChanged": "2021-09-21T18:26:25.000Z", - "profile": { - "login": "chico@crossfithighvoltage.com", - "firstName": "chico", - "lastName": "deme", - "locale": "en", - "timeZone": "America/Los_Angeles" - } - } - }, - "_links": { - "cancel": { - "href": "https://dev-18030933.okta.com/api/v1/authn/cancel", - "hints": { - "allow": [ - "POST" - ] - } - } - } -} -*/ - - /* - FAILED - { - "errorCode": "E0000004", - "errorSummary": "Authentication failed", - "errorLink": "E0000004", - "errorId": "oae1Y3Kk_WvRAOBSDeG9qeyHQ", - "errorCauses": [] -} -*/ - transientState.put("oktaResult", result); - if (result.timed_out) { - outcome = "Timeout"; - } else if (result.errorCode === "E0000004") { - outcome = "Failure"; - } else { - outcome = "Error"; - } - logger.message("Okta Passthru Authentication: errorCode = ".concat(result.errorCode)); - logger.message("Okta Passthru Authentication: errorSummary = ".concat(result.errorSummary)); - logger.message("Okta Passthru Authentication: errorId = ".concat(result.errorId)); - } -} else { - outcome = "Error"; - logger.message("Okta Passthru Authentication: No user or password found in shared state! Use username and password collector nodes before this script to populate shared and transient states!'"); -} -logger.message("Okta Passthru Authentication: End (outcome=".concat(outcome).concat(")"));" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 219`] = ` -{ - "meta": Any, - "script": { - "2eb48a0c-24e0-4dac-acaf-02085c142ec5": { - "_id": "2eb48a0c-24e0-4dac-acaf-02085c142ec5", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Integration to Okta Authentication API okta_url/api/v1/authn", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Okta API AuthN", - "script": "file://Okta-API-AuthN.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 220`] = ` -"/* - * Copyright 2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -logger.warning("Okta rawProfile: "+rawProfile) - -return json(object( - field("id", rawProfile.id), - field("displayName", rawProfile.name), - field("givenName", rawProfile.first_name), - field("familyName", rawProfile.last_name), - field("photoUrl", rawProfile.picture.data.url), - field("email", rawProfile.email), - field("username", rawProfile.preferred_username)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 221`] = ` -{ - "meta": Any, - "script": { - "6325cf19-a49b-471e-8d26-7e4df76df0e2": { - "_id": "6325cf19-a49b-471e-8d26-7e4df76df0e2", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Normalizes raw profile data from GitHub", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Okta Profile Normalization", - "script": "file://Okta-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 222`] = ` -"logger.error("Onfido-CaptureEvidence: Start"); -/* - * !!! Extend your authentication session time so your identity proofing flows don't time out !!! - * - * Authentication > Settings > Trees > Max Duration (Minutes) - * - * Set to 15 minutes. - * - */ - -/* - * BEGIN SCRIPT CONFIGURATION - */ -var onfido_auth_token = String(sharedState.get("onfidoAuthToken")); -var onfido_dialog_title = "Join the Expanse family!"; -var onfido_dialog_msg1 = "To open an Expanse account, we will need to verify your identity."; -var onfido_dialog_msg2 = "It will only take a couple of minutes."; -var onfido_country_code = "US"; -/* - * END SCRIPT CONFIGURATION - */ - -var mobile = idRepository.getAttribute(sharedState.get("_id"), "telephoneNumber"); -var smsNumber = ""; -if (mobile && mobile.iterator().hasNext()) { - smsNumber = String(mobile.iterator().next().toString()); -} - -// Inject Onfido SDK into login page -onfidoScript = String("var body=document.body;\\n" + - "var script = document.createElement('script');\\n" + - "document.getElementById('callbacksPanel').style.display = 'none';\\n" + - "var onfido_div = document.createElement(\\"div\\");\\n" + - "onfido_div.id=\\"onfido-mount\\";\\n" + - "script.src = 'https://assets.onfido.com/web-sdk-releases/5.2.1/onfido.min.js';\\n" + - "var head = document.head; \\n " + - "var link = document.createElement(\\"link\\"); \\n" + - " link.type = \\"text/css\\"; \\n " + - " link.rel = \\"stylesheet\\"; \\n " + - " link.href = 'https://assets.onfido.com/web-sdk-releases/5.2.1/style.css'; \\n " + - " head.appendChild(link); \\n " + - ";\\n" + - "var onfido = {};\\n" + - "script.onload=function() {\\n" + - " onfido=Onfido.init({\\n" + - " token: '" + onfido_auth_token + "', \\n" + - " useModal: true, \\n" + - " isModalOpen: true, \\n" + - " smsNumberCountryCode: '" + onfido_country_code + "', \\n" + - " userDetails: { \\n" + - " smsNumber: '" + smsNumber + "' \\n" + - " }, \\n" + - " steps: [\\n" + - " {\\n" + - " type:'welcome',\\n" + - " options:{\\n" + - " title:'" + onfido_dialog_title + "',\\n" + - " descriptions:[\\n" + - " '" + onfido_dialog_msg1 + "',\\n" + - " '" + onfido_dialog_msg2 + "',\\n" + - " ]\\n" + - " }\\n" + - " },\\n" + - " 'document',\\n" + - " 'face',\\n" + - " 'complete',\\n" + - " ],\\n" + - " onComplete: function(data){ console.log('DONE'); onfido.setOptions({ isModalOpen:false }); document.getElementById('loginButton_0').click(); } \\n" + - " })\\n" + - "};\\n" + - "document.body.appendChild(script);\\n"); - -var fr = JavaImporter( - org.forgerock.openam.auth.node.api, - javax.security.auth.callback.NameCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback -); - -with (fr) { - if (callbacks.isEmpty()) { - logger.error("Onfido-CaptureEvidence: Sending callbacks"); - action = Action.send(new ScriptTextOutputCallback(onfidoScript)).build(); - } else { - logger.error("Onfido-CaptureEvidence: End (outcome=true)"); - action = Action.goTo("true").build(); - } -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 223`] = ` -{ - "meta": Any, - "script": { - "71545db5-ce01-46b1-b79f-d41af36bd548": { - "_id": "71545db5-ce01-46b1-b79f-d41af36bd548", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Capture Evidence", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Onfido-CaptureEvidence", - "script": "file://Onfido-CaptureEvidence.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 224`] = ` -"logger.error("Onfido-CheckApplicant: Start"); - -/* - * !!! Extend your authentication session time so your identity proofing flows don't time out !!! - * - * Authentication > Settings > Trees > Max Duration (Minutes) - * - * Set to 15 minutes. - * - */ - -/* - * BEGIN SCRIPT CONFIGURATION - * - * REPLACE WITH YOUR OWN ONFIDO API TOKEN - */ -//var ONFIDO_API_TOKEN = "api_live.StUdfxdiCFb.YrzbadxB_R2-qG5lFUc3lWg6JAc3Cnq-" -var ONFIDO_API_TOKEN = "api_live.H5ysRusAomY.nbbkimoWc91cDZAWJZkJt0Tkqdjm1Rjr"; -/* - * END SCRIPT CONFIGURATION - */ - -var requestBodyJson = { - "applicant_id": String(sharedState.get("onfidoApplicantID")), - "report_names": ["document", "facial_similarity_photo"] -} -// var requestBodyJson = { -// "applicant_id": String(sharedState.get("onfidoApplicantID")), -// "report_names": ["document"] -// } - -var failure = true - -var fr = JavaImporter( - org.forgerock.http.protocol.Request -) - -var request = new fr.Request() -request.setUri("https://api.onfido.com/v3/checks") -request.setMethod("POST") -request.getHeaders().add("Content-Type", "application/json; charset=UTF-8") -request.getHeaders().add("Authorization", "Token token=" + ONFIDO_API_TOKEN) -request.getEntity().setString(JSON.stringify(requestBodyJson)) - -var response = httpClient.send(request).get() -logger.error("Onfido-CheckApplicant: Initiate checks response: ".concat(response.getEntity().getString())); - -if (response.getStatus().getCode() === 200) { - var id = JSON.parse(response.getEntity().getString()).id - failure = !id - if (!failure) sharedState.put("onfidoAuthToken", id); -} else { - failure = true -} - -outcome = failure ? "false" : "true"; -logger.error("Onfido-CheckApplicant: End (outcome=".concat(outcome).concat(")"));" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 225`] = ` -{ - "meta": Any, - "script": { - "d2a41d85-d33a-42d9-a7dd-50dfbc9fa7c0": { - "_id": "d2a41d85-d33a-42d9-a7dd-50dfbc9fa7c0", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check Applicant", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Onfido-CheckApplicant", - "script": "file://Onfido-CheckApplicant.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 226`] = ` -"/* Write HTML Meta Tags - * - * Author: volker.scheuber@forgerock.com - * - * This script writes meta tags to the header. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - - function createScript() { - return String("\\n\\ - Array.prototype.slice.call(\\n\\ - document.getElementsByTagName('head')\\n\\ - ).forEach(\\n\\ - function (e) {\\n\\ - var meta = document.createElement('meta'); \\n\\ - meta.name = \\"author\\"; \\n\\ - meta.content = \\"John Doe\\"; \\n\\ - document.getElementsByTagName('head')[0].appendChild(meta); \\n\\ - }\\n\\ - )"); - } - - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.ScriptTextOutputCallback(createScript()) - ).build() - } else { - action = fr.Action.goTo("true").build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 227`] = ` -{ - "meta": Any, - "script": { - "8a768bb3-01cd-46b8-881c-b77f5a26c283": { - "_id": "8a768bb3-01cd-46b8-881c-b77f5a26c283", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Write Onfido HTML Meta Tags", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Onfido-Meta-Tags", - "script": "file://Onfido-Meta-Tags.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 228`] = ` -"/* Phone Validator - Line Type - * - * Author: volker.scheuber@forgerock.com - * - * This script uses phonevalidator.com to determine the type of phone number stored in the user profile. - * Get your own API Key at https://www.phonevalidator.com - * - * This script needs to be parametrized. It will not work properly as is. - * It requires the Identify Existing User node before it is being called. - * - * The Scripted Decision Node needs the following outcomes defined: - * - CELL PHONE - * - LANDLINE - * - VOIP - * - TOLL-FREE - * - UNKNOWN - * - failed - */ -logger.warning("Phone Validator - Line Type: start"); - -if (getSharedObjectAttribute("telephoneNumber") || (sharedState.get("_id") && idRepository.getAttribute(sharedState.get("_id"), "telephoneNumber").iterator().hasNext())) { - - /* BEGIN SCRIPT CONFIGURATION - * - * REPLACE WITH YOUR OWN AZURE AD SETTINGS - * - * Phone Validator - Line Type API Configuration - * Get your own API Key at https://www.phonevalidator.com - */ - var PV_API_KEY = "849d564a-594d-4bde-b691-afe5ddadd547"; - /* - * END SCRIPT CONFIGURATION - */ - - var PV_API_TYPE = "basic"; - var PV_API_PHONE = getSharedObjectAttribute("telephoneNumber") || idRepository.getAttribute(sharedState.get("_id"), "telephoneNumber").iterator().next(); - var PV_API_URI = "https://www.phonevalidator.com/api/v2/phonesearch?apikey=".concat(PV_API_KEY).concat("&phone=").concat(PV_API_PHONE).concat("&type=").concat(PV_API_TYPE); - - var request = new org.forgerock.http.protocol.Request(); - request.setMethod('GET'); - request.setUri(PV_API_URI); - - var response = httpClient.send(request).get(); - var result = JSON.parse(response.getEntity().getString()); - - if (result["StatusCode"]=="200") { - outcome = result["PhoneBasic"]["LineType"]; - } else { - outcome = "failed"; - } - logger.error("Phone Validator - Line Type: StatusCode = ".concat(result["StatusCode"])); - logger.error("Phone Validator - Line Type: StatusMessage = ".concat(result["StatusMessage"])); - logger.error("Phone Validator - Line Type: outcome = ".concat(outcome)); -} else { - outcome = "failed"; - logger.error("Phone Validator - Line Type: No user or phone number found! Use 'Identify Existing User node before this script to populate the user's _id in shared state or put a valid cell phone number into sharedState.objectAttributes.telephoneNumber!'"); - logger.error("Phone Validator - Line Type: outcome = ".concat(outcome)); -} - -/* - * Read attributes in shared state for use with the Create/Patch Object nodes. - */ -function getSharedObjectAttribute(name) { - var storage = sharedState.get("objectAttributes"); - if (storage) { - if (storage.get) { - return sharedState.get("objectAttributes").get(name); - } - else { - return storage.name; - } - } - return null; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 229`] = ` -{ - "meta": Any, - "script": { - "b63981d8-cb73-4e47-8749-e58654dcaa31": { - "_id": "b63981d8-cb73-4e47-8749-e58654dcaa31", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "This script uses phonevalidator.com to determine the type of phone number stored in the user profile.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Phone Validator - Line Type", - "script": "file://Phone-Validator-Line-Type.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 230`] = ` -"outcome = "true"; - -sharedState.put("username", getSharedObjectAttribute("mail")) -setSharedObjectAttribute("userName", getSharedObjectAttribute("mail")) - -/* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ -function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } -} - -/* - * Read attributes in shared state for use with the Create/Patch Object nodes. - */ -function getSharedObjectAttribute(name) { - var storage = sharedState.get("objectAttributes"); - if (storage) { - if (storage.get) { - return sharedState.get("objectAttributes").get(name); - } - else { - return storage.name; - } - } - return null; -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 231`] = ` -{ - "meta": Any, - "script": { - "4855aac0-1efd-49c0-a153-3b9aadc911a6": { - "_id": "4855aac0-1efd-49c0-a153-3b9aadc911a6", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Populate Username From Email", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Populate Username From Email", - "script": "file://Populate-Username-From-Email.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 232`] = ` -"/* Ready Response - * - * Author: volker.scheuber@forgerock.com - * - * Return READY in a TextOutputCallback indicating that the journey layer is operational. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -outcome = "true"; -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback -) -if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - "READY" - ) - ).build() -} -else { - action = fr.Action.goTo(outcome).build(); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 233`] = ` -{ - "meta": Any, - "script": { - "1acc5535-13e2-4ed8-83e1-f4fefd86d243": { - "_id": "1acc5535-13e2-4ed8-83e1-f4fefd86d243", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Readiness probe response", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Ready Response", - "script": "file://Ready-Response.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 234`] = ` -"/* MFA Status - * - * Author: volker.scheuber@forgerock.com - * - * Record that MFA has been performed for this journey and no longer needs - * to be performed. This allows journeys and inner journeys to check that - * flag before performing MFA multiple times. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -outcome = "true"; -sharedState.put("mfaPerformed", "true");" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 235`] = ` -{ - "meta": Any, - "script": { - "a873fcd8-8f17-4675-9dd6-54ab1c11e2df": { - "_id": "a873fcd8-8f17-4675-9dd6-54ab1c11e2df", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Record that MFA has been performed for this journey and no longer needs to be performed. This allows journeys and inner journeys to check that flag before performing MFA multiple times.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Record MFA", - "script": "file://Record-MFA.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 236`] = ` -"/* Remove Button - * - * Author: volker.scheuber@forgerock.com - * - * Hide buttons on the journey page. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - var script = "Array.prototype.slice.call(document.getElementsByTagName('button')).forEach(function (e) {e.style.display = 'none'})" - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - var message = " " - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - message - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 237`] = ` -{ - "meta": Any, - "script": { - "3814d347-a2f2-4be9-a810-ab41a1e374bd": { - "_id": "3814d347-a2f2-4be9-a810-ab41a1e374bd", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Hide buttons on the journey page.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Remove Button - imported (1)", - "script": "file://Remove-Button-imported-(1).script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 238`] = ` -"/* Remove Button - * - * Author: volker.scheuber@forgerock.com - * - * Hide buttons on the journey page. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - var script = "Array.prototype.slice.call(document.getElementsByTagName('button')).forEach(function (e) {e.style.display = 'none'})" - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - var message = " " - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - message - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 239`] = ` -{ - "meta": Any, - "script": { - "9535446c-0ff6-4a76-8576-616599119d64": { - "_id": "9535446c-0ff6-4a76-8576-616599119d64", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Remove button from page.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Remove Button", - "script": "file://Remove-Button.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 240`] = ` -"/* CResend OTP Option - * - * Author: jon.knight@forgerock.com, volker.scheuber@forgerock.com - * - * Collect OTP and validate the collected OTP. Also offer a resend option. - * Return "true" if collected OTP is valid, "false" if collected OTP is invalid, - * and resend if the user selected the resend button. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - * - resend - */ -(function () { - // how long until the "resend" button becomes enabled. - DELAY=20; - - // how long (in seconds) should the OTP be accepted as valid - OTP_TTL = 30; - - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.NameCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - - function createScript() { - return String(" \\n\\ - var COUNT = " + DELAY + "; \\n\\ - function go(obs) { \\n\\ - const p = document.querySelectorAll('input[data-vv-as=\\"One Time Passcode\\"]')[0]; \\n\\ - if (p) { \\n\\ - var b = document.createElement('button'); \\n\\ - b.id = 'resendButton'; \\n\\ - b.classList.add(\\"btn\\", \\"mt-3\\", \\"btn-secondary\\", \\"btn-sm\\"); \\n\\ - b.onclick = function() { p.value='___RESEND___'; p.dispatchEvent(new Event('input')); }; \\n\\ - b.innerHTML = 'Resend Code ... ' + COUNT + 's'; \\n\\ - b.disabled = true; \\n\\ - p.parentNode.insertBefore(b, p.nextSibling); \\n\\ - var t = setInterval(function() { \\n\\ - if (COUNT == 1) { \\n\\ - clearInterval(t); \\n\\ - b.disabled = false; \\n\\ - b.innerHTML = 'Resend Code'; \\n\\ - } else { \\n\\ - COUNT--; \\n\\ - b.innerHTML = 'Resend Code ... ' + COUNT + 's'; \\n\\ - } \\n\\ - }, 1000 ); \\n\\ - if (obs) obs.disconnect(); \\n\\ - return; \\n\\ - } \\n\\ - } \\n\\ - if (document.querySelectorAll('input[data-vv-as=\\"One Time Passcode\\"]')[0]) go(); \\n\\ - else { \\n\\ - const observer = new MutationObserver((mutations, obs) => { go(obs); }); \\n\\ - observer.observe(document, { childList: true, subtree: true }); \\n\\ - } \\n\\ - "); - } - - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.ScriptTextOutputCallback(createScript()), - new fr.NameCallback("One Time Passcode") - ).build() - } else { - var otpTimestamp = Math.floor(new java.util.Date().getTime() / 1000); - var otp = callbacks.get(1).getName(); - if (otp === "___RESEND___") { - action = fr.Action.goTo("resend").build(); - } else { - var sentOtp = sharedState.get("oneTimePassword"); - var sentOtpTimestamp = sharedState.get("oneTimePasswordTimestamp"); - if (sentOtp == otp && otpTimestamp - OTP_TTL >= sentOtpTimestamp) { - action = fr.Action.goTo("true").build(); - } - else { - action = fr.Action.goTo("false").build(); - } - } - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 241`] = ` -{ - "meta": Any, - "script": { - "4ee5b182-1b09-45cc-97a9-0e609f0a2915": { - "_id": "4ee5b182-1b09-45cc-97a9-0e609f0a2915", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Resend OTP Option", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Resend OTP Option", - "script": "file://Resend-OTP-Option.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 242`] = ` -"/* Reset Theme - * - * Reset theme to what's preserved in shared state variable "themeId" or to default theme. - * - * This script needs to be parametrized! - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - /* Begin Script Configuration */ - var defaultTheme = "Expanse"; - /* End Script Configuration */ - - outcome = "true"; - - var theme = defaultTheme; - if (sharedState.get("themeId") && ""+sharedState.get("themeId") !== "") { - theme = sharedState.get("themeId"); - } - - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - org.forgerock.openam.authentication.callbacks.PollingWaitCallback - ) - if (callbacks.isEmpty()) { - var stage = "themeId="+theme; - action = fr.Action.send( - new fr.PollingWaitCallback("100", "Please wait ...") - ).withStage(stage).build(); - } else { - action = fr.Action.goTo(outcome).build(); - } -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 243`] = ` -{ - "meta": Any, - "script": { - "199405e4-050e-4f2a-87d1-d9125f74a8df": { - "_id": "199405e4-050e-4f2a-87d1-d9125f74a8df", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Reset theme to what's preserved in shared state variable "theme-id" or to default theme.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Reset Theme", - "script": "file://Reset-Theme.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 244`] = ` -"/* ResetPasswordReplayCredentials - * - * Author: volker.scheuber@forgerock.com - * - * Reset the attributes holding replay credentials for the IG replay use case. - * - * This script needs to be parametrized for your env. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = "true"; - var REPLAY_USERNAME_IDM_ATTR = "frUnindexedString1"; - var REPLAY_PASSWORD_IDM_ATTR = "frUnindexedString2"; - - sharedState.get("objectAttributes").put(REPLAY_USERNAME_IDM_ATTR, null); - sharedState.get("objectAttributes").put(REPLAY_PASSWORD_IDM_ATTR, null); -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 245`] = ` -{ - "meta": Any, - "script": { - "a8f10e93-3f6c-4d6c-b6a3-a8453e3d6b3a": { - "_id": "a8f10e93-3f6c-4d6c-b6a3-a8453e3d6b3a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Reset the attributes holding replay credentials for the IG replay use case.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "ResetPasswordReplayCredentials", - "script": "file://ResetPasswordReplayCredentials.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 246`] = ` -"/* Return OTP - * - * Author: volker.scheuber@forgerock.com - * - * Return the generated OTP using a TextOutputCallback. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -outcome = "true"; -var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback -) -if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - nodeState.get("oneTimePassword").asString() - ) - ).build() -} -else { - action = fr.Action.goTo(outcome).build(); -}" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 247`] = ` -{ - "meta": Any, - "script": { - "d3405f9c-d338-4dc2-b00d-7aacf77b731d": { - "_id": "d3405f9c-d338-4dc2-b00d-7aacf77b731d", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Return the generated OTP using a TextOutputCallback", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Return OTP", - "script": "file://Return-OTP.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 248`] = ` -"/* Routed IDP Persist Decision - * - * Branch based on the IDP setting. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - * - * Author: volker.scheuber@forgerock.com - */ -(function () { - logger.message("Routed IDP Persist Decision: Start"); - outcome = "false"; - var routedIDP = sharedState.get("routedIDPs").get(0); - if (routedIDP) { - outcome = "".concat(routedIDP.get("idpPersist")); - } - logger.message("Routed IDP Persist Decision: Done [outcome={}]", outcome); -}());" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 249`] = ` -{ - "meta": Any, - "script": { - "5b553f58-16bd-42b7-a782-4a981a66dbd4": { - "_id": "5b553f58-16bd-42b7-a782-4a981a66dbd4", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Branch based on the IDP setting.", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Routed IDP Persist Decision", - "script": "file://Routed-IDP-Persist-Decision.script.js", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 250`] = ` -"/* - * Copyright 2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock. Not for production use. - * Modified by Stephen Payne - */ -/* Social Identity Provider Profile Transformation script for Healthcare ID Cloud */ -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -logger.error("ST_healthcare-idc-social-transformation Healthcare ID Cloud Identity Provider Profile Transformation script: Start"); - -logger.error("ST_healthcare-idc-social-transformation Profile Transformation script: Start"); -logger.error("ST_healthcare-idc-social-transformationy: givenName " + rawProfile.givenName); -logger.error("ST_healthcare-idc-social-transformation: sn: " +rawProfile.familyName); -logger.error("ST_healthcare-idc-social-transformation: id: " +rawProfile.id); -logger.error("ST_healthcare-idc-social-transformation: mail: " + rawProfile.email); -logger.error("ST_healthcare-idc-social-transformation: cn: " + rawProfile.displayName); -logger.error("ST_healthcare-idc-social-transformation: userName: " + rawProfile.username); -logger.error("ST_healthcare-idc-social-transformation: id: " + rawProfile.id.asString()); -//logger.error("ST_healthcare-idc-social-transformation: iplanet-am-user-alias-list: " + selectedIdp + '-' + rawProfile.id.asString() ); -//logger.error("ST_healthcare-idc-social-transformation: selectedIdp: " + selectedIdp); -if (rawProfile.fhirUser.isNotNull()) logger.error("ST_healthcare-idc-social-transformation: fhirUser: " + rawProfile.fhirUser); -if (rawProfile.IAL.isNotNull()) logger.error("ST_healthcare-idc-social-transformatio: IAL: " + rawProfile.IAL); - - - - -return json(object( - field("id", rawProfile.sub), - field("displayName", rawProfile.name), - field("givenName", rawProfile.given_name), - field("familyName", rawProfile.family_name), - field("email", rawProfile.email), - field("username", rawProfile.email), - field("IAL", rawProfile.IAL), - field("telephoneNumber", rawProfile.phone_number), - field("fhirUser", rawProfile.fhirUser), - field("userType", rawProfile.userType), - ) -)" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 251`] = ` -{ - "meta": Any, - "script": { - "d2cf4f18-651a-4a3c-9b04-ee4fc896d0c3": { - "_id": "d2cf4f18-651a-4a3c-9b04-ee4fc896d0c3", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Social Identity Provider Profile Transformation for ForgeRock OIDC Providers", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "ST_healthcare-idc-social-transformation", - "script": "file://ST_healthcare-idc-social-transformation.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 252`] = ` -"/* - * Copyright 2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -import static org.forgerock.json.JsonValue.field -import static org.forgerock.json.JsonValue.json -import static org.forgerock.json.JsonValue.object - -return json(object( - field("id", rawProfile.user_id), - field("displayName", rawProfile.name), - field("givenName", rawProfile.given_name), - field("familyName", rawProfile.family_name), - field("photoUrl", rawProfile.picture), - field("email", rawProfile.email), - field("username", rawProfile.email), - field("locale", rawProfile.zoneInfo)))" -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 253`] = ` -{ - "meta": Any, - "script": { - "312e951f-70c5-49d2-a9ae-93aef909d5df": { - "_id": "312e951f-70c5-49d2-a9ae-93aef909d5df", - "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "createdBy": "null", - "creationDate": 0, - "default": true, - "description": "Normalizes raw profile data from Salesforce", - "language": "GROOVY", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Salesforce Profile Normalization", - "script": "file://Salesforce-Profile-Normalization.script.groovy", - }, - }, -} -`; - -exports[`frodo script export "frodo script export --all-separate --extract": should export all extracted scripts to separate files 254`] = ` -"/* - * Copyright 2021-2022 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * The script has these top level functions that could be executed during a SAML2 flow. - * - preSingleSignOn - * - preAuthentication - * - preSendResponse - * - preSignResponse - * - preSendFailureResponse - * - * Please see the javadoc for the interface definition and more information about these methods. - * https://backstage.forgerock.com/docs/am/7.2/apidocs/com/sun/identity/saml2/plugins/SAML2IdentityProviderAdapter.html - * Note that the initialize method is not supported in the scripts. - * - * Defined variables. Check the documentation on the respective functions for the variables available to it. - * - * hostedEntityId - String - * Entity ID for the hosted IDP - * realm - String - * Realm of the hosted IDP - * idpAdapterScriptHelper - IdpAdapterScriptHelper (1) - * An instance of IdpAdapterScriptHelper containing helper methods. See Javadoc for more details. - * request - HttpServletRequest (2) - * Servlet request object - * response - HttpServletResponse (3) - * Servlet response object - * authnRequest - AuthnRequest (4) - * The original authentication request sent from SP - * reqId - String - * The id to use for continuation of processing if the adapter redirects - * res - Response (5) - * The SAML Response - * session - SSOToken (6) - * The single sign-on session. The reference type of this is Object and would need to be casted to SSOToken. - * relayState - String - * The relayState that will be used in the redirect - * faultCode - String - * the fault code that will be returned in the SAML response - * faultDetail - String - * the fault detail that will be returned in the SAML response - * logger - Logger instance - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding log files will be prefixed with: scripts.