Merge branch 'main' of https://github.com/JanssenProject/jans into ja…

…ns-config-issues

docs/script-catalog/authorization_challenge/AgamaChallenge.java

@@ -178,6 +178,9 @@ public boolean authorize(Object scriptContext) {
             deviceSessionObjectAttrs.put("scope", servletRequest.getParameter("scope"));
 
             deviceSessionService.persist(deviceSessionObject);
+
+            authRequest.setAuthorizationChallengeSessionObject(deviceSessionObject);
+            authRequest.setAuthorizationChallengeSession(deviceSessionObject.getId());
 
         } else {
             sessionId = deviceSessionObject.getId();

docs/script-catalog/authorization_challenge/AuthorizationChallenge.java

@@ -130,6 +130,8 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter
         boolean newSave = authorizationChallengeSessionObject == null;
         if (newSave) {
             authorizationChallengeSessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession();
+            context.getAuthzRequest().setAuthorizationChallengeSessionObject(authorizationChallengeSessionObject);
+            context.getAuthzRequest().setAuthorizationChallengeSession(authorizationChallengeSessionObject.getId());
         }
 
         final String dpop = context.getHttpRequest().getHeader(DpopService.DPOP);

docs/script-catalog/authorization_challenge/multi_step/AuthorizationChallenge.java

@@ -130,6 +130,8 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter
         boolean newSave = sessionObject == null;
         if (newSave) {
             sessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession();
+            context.getAuthzRequest().setAuthorizationChallengeSessionObject(authorizationChallengeSessionObject);
+            context.getAuthzRequest().setAuthorizationChallengeSession(authorizationChallengeSessionObject.getId());
         }
 
         String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER);

jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java

@@ -114,20 +114,21 @@ public Response requestAuthorization(AuthzRequest authzRequest) {
     public void prepareAuthzRequest(AuthzRequest authzRequest) {
         authzRequest.setScope(ServerUtil.urlDecode(authzRequest.getScope()));
 
-        externalAuthorizationChallengeService.externalPrepareAuthzRequest(authzRequest);
-
+        log.trace("prepareAuthzRequest - authorization challenge session {}", authzRequest.getAuthorizationChallengeSession());
         if (StringUtils.isNotBlank(authzRequest.getAuthorizationChallengeSession())) {
             final AuthorizationChallengeSession session = authorizationChallengeSessionService.getAuthorizationChallengeSession(authzRequest.getAuthorizationChallengeSession());
 
             authorizationChallengeValidator.validateDpopJkt(session, authzRequest.getDpop());
 
             authzRequest.setAuthorizationChallengeSessionObject(session);
             if (session != null) {
+                log.trace("prepareAuthzRequest - sessionAttributes {}, id {}", session.getAttributes().getAttributes(), session.getId());
                 final Map<String, String> attributes = session.getAttributes().getAttributes();
 
                 final String clientId = attributes.get("client_id");
                 if (StringUtils.isNotBlank(clientId) && StringUtils.isBlank(authzRequest.getClientId())) {
                     authzRequest.setClientId(clientId);
+                    log.trace("prepareAuthzRequest - Set client_id {} from session", clientId);
                 }
 
                 String acrValues = session.getAttributes().getAcrValues();
@@ -136,9 +137,20 @@ public void prepareAuthzRequest(AuthzRequest authzRequest) {
                 }
                 if (StringUtils.isNotBlank(acrValues) && StringUtils.isBlank(authzRequest.getAcrValues())) {
                     authzRequest.setAcrValues(acrValues);
+                    log.trace("prepareAuthzRequest - Set acr_values {} from session", acrValues);
+                }
+
+                final String scope = attributes.get("scope");
+                if (StringUtils.isNotBlank(scope) && StringUtils.isBlank(authzRequest.getScope())) {
+                    authzRequest.setScope(scope);
+                    log.trace("prepareAuthzRequest - Set scope {} from session", scope);
                 }
+            } else {
+                log.debug("Unable to find authorization challenge session by id {}", authzRequest.getAuthorizationChallengeSession());
             }
         }
+
+        externalAuthorizationChallengeService.externalPrepareAuthzRequest(authzRequest);
     }
 
     public Response authorize(AuthzRequest authzRequest) throws IOException, TokenBindingParseException {

jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthzRequest.java

@@ -109,6 +109,10 @@ public AuthorizationChallengeSession getAuthorizationChallengeSessionObject() {
         return authorizationChallengeSessionObject;
     }
 
+    public Map<String, String> getAuthorizationChallengeSessionAttributesSafely() {
+        return authorizationChallengeSessionObject != null ? authorizationChallengeSessionObject.getAttributes().getAttributes() : new HashMap<>();
+    }
+
     public void setAuthorizationChallengeSessionObject(AuthorizationChallengeSession authorizationChallengeSessionObject) {
         this.authorizationChallengeSessionObject = authorizationChallengeSessionObject;
     }

jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthorizationChallengeService.java

@@ -1,5 +1,6 @@
 package io.jans.as.server.service.external;
 
+import io.jans.as.common.model.session.AuthorizationChallengeSession;
 import io.jans.as.model.authorize.AuthorizeErrorResponseType;
 import io.jans.as.model.configuration.AppConfiguration;
 import io.jans.as.model.error.ErrorResponseFactory;
@@ -9,11 +10,13 @@
 import io.jans.model.custom.script.CustomScriptType;
 import io.jans.model.custom.script.conf.CustomScriptConfiguration;
 import io.jans.model.custom.script.type.authzchallenge.AuthorizationChallengeType;
+import io.jans.orm.PersistenceEntryManager;
 import io.jans.service.custom.script.ExternalScriptService;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.Response;
+import org.apache.commons.lang3.ArrayUtils;
 
 import java.util.HashMap;
 import java.util.List;
@@ -33,6 +36,9 @@ public class ExternalAuthorizationChallengeService extends ExternalScriptService
     @Inject
     private transient ErrorResponseFactory errorResponseFactory;
 
+    @Inject
+    private transient PersistenceEntryManager persistenceEntryManager;
+
     public ExternalAuthorizationChallengeService() {
         super(CustomScriptType.AUTHORIZATION_CHALLENGE);
     }
@@ -95,6 +101,7 @@ public boolean externalAuthorize(ExecutionContext executionContext) {
             AuthorizationChallengeType authorizationChallengeType = (AuthorizationChallengeType) script.getExternalType();
             final ExternalScriptContext scriptContext = new ExternalScriptContext(executionContext);
             result = authorizationChallengeType.authorize(scriptContext);
+            saveRequestParametersInSession(scriptContext);
 
             scriptContext.throwWebApplicationExceptionIfSet();
         } catch (WebApplicationException e) {
@@ -116,6 +123,35 @@ public boolean externalAuthorize(ExecutionContext executionContext) {
         return result;
     }
 
+    private void saveRequestParametersInSession(ExternalScriptContext scriptContext) {
+        final AuthzRequest authzRequest = scriptContext.getAuthzRequest();
+        final AuthorizationChallengeSession session = authzRequest.getAuthorizationChallengeSessionObject();
+        if (session == null) {
+            log.trace("Authorization challenge session is not found.");
+            return;
+        }
+
+        final Map<String, String> attributes = session.getAttributes().getAttributes();
+        final Map<String, String[]> parameterMap = scriptContext.getHttpRequest().getParameterMap();
+        if (parameterMap == null || parameterMap.isEmpty()) {
+            return;
+        }
+
+        for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
+            if (!attributes.containsKey(entry.getKey()) && ArrayUtils.isNotEmpty(entry.getValue())) {
+                final String value = entry.getValue()[0];
+                attributes.put(entry.getKey(), value);
+                log.trace("Put in session request parameter: {}, value: {}", entry.getKey(), value);
+            }
+        }
+
+        try {
+            persistenceEntryManager.merge(session);
+        } catch (Exception e) {
+            log.error("Failed to save authorization challenge session: " + session.getId(), e);
+        }
+    }
+
     public CustomScriptConfiguration identifyScript(List<String> acrValues) {
         log.trace("Identifying script, acr_values: {}", acrValues);
 
@@ -148,8 +184,8 @@ public void externalPrepareAuthzRequest(AuthzRequest authzRequest) {
                     .build());
         }
 
-        log.trace("Executing python 'prepareAuthzRequest' method, script name: {}, clientId: {}, scope: {}, authorizationChallengeSession: {}",
-                script.getName(), authzRequest.getClientId(), authzRequest.getScope(), authzRequest.getAuthorizationChallengeSession());
+        log.trace("Executing python 'prepareAuthzRequest' method, script name: {}, clientId: {}, scope: {}, authorizationChallengeSession: {}, sessionAttributes: {}",
+                script.getName(), authzRequest.getClientId(), authzRequest.getScope(), authzRequest.getAuthorizationChallengeSessionAttributesSafely());
 
         ExecutionContext executionContext = ExecutionContext.of(authzRequest);
         executionContext.setScript(script);
@@ -174,6 +210,6 @@ public void externalPrepareAuthzRequest(AuthzRequest authzRequest) {
                     .build());
         }
 
-        log.trace("Finished 'prepareAuthzRequest' method, script name: {}, clientId: {}", script.getName(), executionContext.getAuthzRequest().getClientId());
+        log.trace("Finished 'prepareAuthzRequest' method, script name: {}, clientId: {}, sessionAttributes: {}", script.getName(), executionContext.getAuthzRequest().getClientId(), authzRequest.getAuthorizationChallengeSessionAttributesSafely());
     }
 }

jans-linux-setup/jans_setup/static/scripts/jans

@@ -10,21 +10,11 @@ from collections import OrderedDict
 
 JANS_JETTY_DIR = '/opt/jans/jetty'
 JANS_SERVICES = os.listdir(JANS_JETTY_DIR)
-ADMIN_UI_INSTALLED = os.path.exists(
-            os.path.join(
-                    JANS_JETTY_DIR,
-                    'jans-config-api/custom/libs/gluu-flex-admin-ui-plugin.jar'
-                    )
-            )
-
-if ADMIN_UI_INSTALLED and 'restart' in sys.argv:
-    JANS_SERVICES.append('admin-ui')
 
 if len(sys.argv) > 1 and sys.argv[1] == 'cli':
     cli_args = sys.argv[2:]
     sys.argv = sys.argv[:2]
 
-
 parser = argparse.ArgumentParser(description="A top-level wrapper script for Janssen")
 subparsers = parser.add_subparsers(dest='command')
 subparsers.add_parser('version', help="shows version of currently installed Janssen Server")
@@ -77,23 +67,6 @@ def logs():
         print(f"   {os.path.join(log_dir, log)}")
 
 def service_command(todo):
-    if argsp.service == 'admin-ui':
-        if todo != 'restart':
-            print("\033[93mOnly \033[1mrestart\033[0m \033[93mcommand is available for admin-ui\033[0m")
-        else:
-            httpd_name = None
-            for sname in ('httpd', 'apache2'):
-                if os.popen(f'systemctl show --no-pager {sname} | grep LoadState=loaded').read().strip():
-                    httpd_name = sname
-                    break
-            if not httpd_name:
-                print("\033[93mUnable to determine httpd server name\033[0m")
-                return
-            for sub_service in ('jans-config-api', httpd_name):
-                argsp.service = sub_service
-                service_command('restart')
-        return
-
     services = [argsp.service] if argsp.service else JANS_SERVICES
     if todo == 'stop':
         services = reversed(services)