Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bug with IdP Imports #479

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix bug with IdP Imports #479

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/api/ServiceApi.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,14 @@ export async function putServiceNextDescendent({
globalConfig?: boolean;
state: State;
}): Promise<ServiceNextDescendent> {
// If performing an update (not create), idp updates will throw an HTTP 500 error unless the redirectAfterFormPostURI attribute has a value.
// If no redirectAfterFormPostURI is provided, importing with an empty string as its value will perform the same function without the 500 error.
if (
serviceId === 'SocialIdentityProviders' &&
serviceNextDescendentData.redirectAfterFormPostURI === undefined
) {
serviceNextDescendentData.redirectAfterFormPostURI = '';
}
const urlString = util.format(
serviceURLNextDescendentTemplate,
state.getHost(),
Expand Down
39 changes: 32 additions & 7 deletions src/api/SocialIdentityProvidersApi.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,7 @@ import util from 'util';
import { State } from '../shared/State';
import { getCurrentRealmPath } from '../utils/ForgeRockUtils';
import { deleteDeepByKey } from '../utils/JsonUtils';
import {
type AmConfigEntityInterface,
type NoIdObjectSkeletonInterface,
type PagedResult,
} from './ApiTypes';
import { type AmConfigEntityInterface, type PagedResult } from './ApiTypes';
import { generateAmApi } from './BaseApi';

const getAllProviderTypesURLTemplate =
Expand All @@ -26,8 +22,32 @@ const getApiConfig = () => {
};

export type SocialIdpSkeleton = AmConfigEntityInterface & {
authenticationIdKey: string;
authorizationEndpoint: string;
clientAuthenticationMethod: string;
clientId: string;
clientSecret?: string | null;
clientSecretLabelIdentifier?: string;
enabled: boolean;
introspectEndpoint?: string;
issuerComparisonCheckType: string;
jwksUriEndpoint?: string;
jwtEncryptionAlgorithm: string;
jwtEncryptionMethod: string;
jwtSigningAlgorithm: string;
pkceMethod: string;
privateKeyJwtExpTime: number;
redirectAfterFormPostURI?: string;
redirectURI: string;
responseMode: string;
revocationCheckOptions: string[];
scopeDelimiter: string;
scopes: string[];
tokenEndpoint: string;
transform: string;
uiConfig: Record<string, string>;
useCustomTrustStore: boolean;
userInfoEndpoint?: string;
};

/**
Expand Down Expand Up @@ -142,7 +162,7 @@ export async function getProviderByTypeAndId({
* Get social identity provider by type and id
* @param {String} type social identity provider type
* @param {String} id social identity provider id/name
* @param {Object} providerData a social identity provider object
* @param {SocialIdpSkeleton} providerData a social identity provider object
* @returns {Promise} a promise that resolves to an object containing a social identity provider
*/
export async function putProviderByTypeAndId({
Expand All @@ -153,9 +173,14 @@ export async function putProviderByTypeAndId({
}: {
type: string;
id: string;
providerData: SocialIdpSkeleton | NoIdObjectSkeletonInterface;
providerData: SocialIdpSkeleton;
state: State;
}) {
// If performing an update (not create), idp updates will throw an HTTP 500 error unless the redirectAfterFormPostURI attribute has a value.
// If no redirectAfterFormPostURI is provided, importing with an empty string as its value will perform the same function without the 500 error.
if (providerData.redirectAfterFormPostURI === undefined) {
providerData.redirectAfterFormPostURI = '';
}
// until we figure out a way to use transport keys in Frodo,
// we'll have to drop those encrypted attributes.
const cleanData = deleteDeepByKey(providerData, '-encrypted');
Expand Down
5 changes: 2 additions & 3 deletions src/ops/IdpOps.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import { type NoIdObjectSkeletonInterface } from '../api/ApiTypes';
import { getScript, type ScriptSkeleton } from '../api/ScriptApi';
import {
deleteProviderByTypeAndId,
Expand Down Expand Up @@ -463,7 +462,7 @@ export async function createSocialIdentityProvider({
}: {
providerType: string;
providerId: string;
providerData: SocialIdpSkeleton | NoIdObjectSkeletonInterface;
providerData: SocialIdpSkeleton;
state: State;
}): Promise<SocialIdpSkeleton> {
debugMessage({
Expand Down Expand Up @@ -500,7 +499,7 @@ export async function updateSocialIdentityProvider({
}: {
providerType: string;
providerId: string;
providerData: SocialIdpSkeleton | NoIdObjectSkeletonInterface;
providerData: SocialIdpSkeleton;
state: State;
}): Promise<SocialIdpSkeleton> {
debugMessage({
Expand Down
122 changes: 77 additions & 45 deletions .../mock-recordings/IdpOps_3439825948/1-Import-all-social-providers_3947928337/recording.har
View file
Open in desktop

Large diffs are not rendered by default.

82 changes: 53 additions & 29 deletions ...cordings/IdpOps_3439825948/2-Import-all-social-providers-no-deps_2811074177/recording.har
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@
},
"entries": [
{
"_id": "edf84d02001baf38660f2486818d006a",
"_id": "aad41c04f2a52a2f2fb4850817fd821a",
"_order": 0,
"cache": {},
"request": {
"bodySize": 1585,
"bodySize": 1615,
"cookies": [],
"headers": [
{
Expand All @@ -25,11 +25,11 @@
},
{
"name": "user-agent",
"value": "@rockcarver/frodo-lib/2.0.0-55"
"value": "@rockcarver/frodo-lib/3.0.1-0"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "accept-api-version",
Expand All @@ -41,20 +41,24 @@
},
{
"name": "content-length",
"value": 1585
"value": "1615"
},
{
"name": "accept-encoding",
"value": "gzip, compress, deflate, br"
},
{
"name": "host",
"value": "openam-frodo-dev.forgeblocks.com"
}
],
"headersSize": 1662,
"headersSize": 2048,
"httpVersion": "HTTP/1.1",
"method": "PUT",
"postData": {
"mimeType": "application/json",
"params": [],
"text": "{\"clientId\":\"aa9a179e-cdba-4db8-8477-3d1069d5ec04\",\"pkceMethod\":\"S256\",\"wellKnownEndpoint\":\"https://adfs.mytestrun.com/adfs/.well-known/openid-configuration\",\"jwtEncryptionMethod\":\"NONE\",\"authorizationEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/authorize\",\"jwtEncryptionAlgorithm\":\"NONE\",\"issuerComparisonCheckType\":\"EXACT\",\"encryptJwtRequestParameter\":false,\"scopeDelimiter\":\" \",\"scopes\":[\"openid\",\"profile\",\"email\"],\"issuer\":\"https://adfs.mytestrun.com/adfs\",\"userInfoResponseType\":\"JSON\",\"acrValues\":[],\"jwksUriEndpoint\":\"https://adfs.mytestrun.com/adfs/discovery/keys\",\"encryptedIdTokens\":false,\"enabled\":true,\"jwtRequestParameterOption\":\"NONE\",\"authenticationIdKey\":\"sub\",\"uiConfig\":{\"buttonClass\":\"\",\"buttonCustomStyle\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonCustomStyleHover\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonDisplayName\":\"Microsoft ADFS\",\"buttonImage\":\"/login/images/microsoft-logo.png\",\"iconBackground\":\"#0078d7\",\"iconClass\":\"fa-windows\",\"iconFontColor\":\"white\"},\"privateKeyJwtExpTime\":600,\"revocationCheckOptions\":[],\"enableNativeNonce\":true,\"transform\":\"dbe0bf9a-72aa-49d5-8483-9db147985a47\",\"jwtSigningAlgorithm\":\"RS256\",\"redirectURI\":\"https://idc.scheuber.io/login\",\"clientAuthenticationMethod\":\"CLIENT_SECRET_POST\",\"responseMode\":\"DEFAULT\",\"useCustomTrustStore\":false,\"tokenEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/token\",\"_id\":\"FrodoTestIdp7\",\"_type\":{\"_id\":\"oidcConfig\",\"name\":\"Client configuration for providers that implement the OpenID Connect specification.\",\"collection\":true}}"
"text": "{\"clientId\":\"aa9a179e-cdba-4db8-8477-3d1069d5ec04\",\"pkceMethod\":\"S256\",\"wellKnownEndpoint\":\"https://adfs.mytestrun.com/adfs/.well-known/openid-configuration\",\"jwtEncryptionMethod\":\"NONE\",\"authorizationEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/authorize\",\"jwtEncryptionAlgorithm\":\"NONE\",\"issuerComparisonCheckType\":\"EXACT\",\"encryptJwtRequestParameter\":false,\"scopeDelimiter\":\" \",\"scopes\":[\"openid\",\"profile\",\"email\"],\"issuer\":\"https://adfs.mytestrun.com/adfs\",\"userInfoResponseType\":\"JSON\",\"acrValues\":[],\"jwksUriEndpoint\":\"https://adfs.mytestrun.com/adfs/discovery/keys\",\"encryptedIdTokens\":false,\"enabled\":true,\"jwtRequestParameterOption\":\"NONE\",\"authenticationIdKey\":\"sub\",\"uiConfig\":{\"buttonClass\":\"\",\"buttonCustomStyle\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonCustomStyleHover\":\"background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;\",\"buttonDisplayName\":\"Microsoft ADFS\",\"buttonImage\":\"/login/images/microsoft-logo.png\",\"iconBackground\":\"#0078d7\",\"iconClass\":\"fa-windows\",\"iconFontColor\":\"white\"},\"privateKeyJwtExpTime\":600,\"revocationCheckOptions\":[],\"enableNativeNonce\":true,\"transform\":\"dbe0bf9a-72aa-49d5-8483-9db147985a47\",\"jwtSigningAlgorithm\":\"RS256\",\"redirectURI\":\"https://idc.scheuber.io/login\",\"clientAuthenticationMethod\":\"CLIENT_SECRET_POST\",\"responseMode\":\"DEFAULT\",\"useCustomTrustStore\":false,\"tokenEndpoint\":\"https://adfs.mytestrun.com/adfs/oauth2/token\",\"_id\":\"FrodoTestIdp7\",\"_type\":{\"_id\":\"oidcConfig\",\"name\":\"Client configuration for providers that implement the OpenID Connect specification.\",\"collection\":true},\"redirectAfterFormPostURI\":\"\"}"
},
"queryString": [],
"url": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/oidcConfig/FrodoTestIdp7"
Expand Down Expand Up @@ -108,6 +112,10 @@
"name": "expires",
"value": "0"
},
{
"name": "location",
"value": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/oidcConfig/FrodoTestIdp7"
},
{
"name": "pragma",
"value": "no-cache"
Expand All @@ -122,16 +130,20 @@
},
{
"name": "date",
"value": "Thu, 21 Dec 2023 01:14:09 GMT"
"value": "Mon, 09 Dec 2024 20:58:01 GMT"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains; preload;"
},
{
"name": "x-robots-tag",
"value": "none"
},
{
"name": "via",
"value": "1.1 google"
Expand All @@ -141,22 +153,22 @@
"value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
}
],
"headersSize": 767,
"headersSize": 943,
"httpVersion": "HTTP/1.1",
"redirectURL": "",
"status": 200,
"statusText": "OK"
"redirectURL": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/oidcConfig/FrodoTestIdp7",
"status": 201,
"statusText": "Created"
},
"startedDateTime": "2023-12-21T01:14:09.858Z",
"time": 85,
"startedDateTime": "2024-12-09T20:58:00.873Z",
"time": 182,
"timings": {
"blocked": -1,
"connect": -1,
"dns": -1,
"receive": 0,
"send": 0,
"ssl": -1,
"wait": 85
"wait": 182
}
},
{
Expand All @@ -177,11 +189,11 @@
},
{
"name": "user-agent",
"value": "@rockcarver/frodo-lib/2.0.0-55"
"value": "@rockcarver/frodo-lib/3.0.1-0"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "accept-api-version",
Expand All @@ -193,14 +205,18 @@
},
{
"name": "content-length",
"value": 1604
"value": "1604"
},
{
"name": "accept-encoding",
"value": "gzip, compress, deflate, br"
},
{
"name": "host",
"value": "openam-frodo-dev.forgeblocks.com"
}
],
"headersSize": 1663,
"headersSize": 2049,
"httpVersion": "HTTP/1.1",
"method": "PUT",
"postData": {
Expand Down Expand Up @@ -260,6 +276,10 @@
"name": "expires",
"value": "0"
},
{
"name": "location",
"value": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/appleConfig/FrodoTestIdp8"
},
{
"name": "pragma",
"value": "no-cache"
Expand All @@ -274,16 +294,20 @@
},
{
"name": "date",
"value": "Thu, 21 Dec 2023 01:14:09 GMT"
"value": "Mon, 09 Dec 2024 20:58:01 GMT"
},
{
"name": "x-forgerock-transactionid",
"value": "frodo-c7fd8ff6-787b-4d74-a2f0-07cfdc3f4eee"
"value": "frodo-3c652ca1-3644-4b9d-9b3d-dceff417a01c"
},
{
"name": "strict-transport-security",
"value": "max-age=31536000; includeSubDomains; preload;"
},
{
"name": "x-robots-tag",
"value": "none"
},
{
"name": "via",
"value": "1.1 google"
Expand All @@ -293,22 +317,22 @@
"value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
}
],
"headersSize": 768,
"headersSize": 945,
"httpVersion": "HTTP/1.1",
"redirectURL": "",
"status": 200,
"statusText": "OK"
"redirectURL": "https://openam-frodo-dev.forgeblocks.com/am/json/realms/root/realms/alpha/realm-config/services/SocialIdentityProviders/appleConfig/FrodoTestIdp8",
"status": 201,
"statusText": "Created"
},
"startedDateTime": "2023-12-21T01:14:09.957Z",
"time": 88,
"startedDateTime": "2024-12-09T20:58:01.064Z",
"time": 176,
"timings": {
"blocked": -1,
"connect": -1,
"dns": -1,
"receive": 0,
"send": 0,
"ssl": -1,
"wait": 88
"wait": 176
}
}
],
Expand Down
Loading
Loading